http://www.ttm2u.com/ AVOID

Status
Not open for further replies.
Jewbacca said:
It's a shame they don't offer supplemental medical insurance in case you step on your junk on the way to the mailbox.

Sorry, every time I see your user name, well, you know, LOL!
Click to expand...
I'm not that familiar with wookies, but is it common for all wookies or just you, that you have to be careful, so you

don't step on your JUNK.  Not that I would be looking, just curious.

 
Swill369 said:
The data is still encrypted(at least that's what I'm seeing on my end) the ssl error is basically saying "hey this might not be who you think it is"
Click to expand...
But without a good SSL, things may look encrypted to you (not sure what exactly you are looking at to determine this) but no lock, no guarantee of encryption correct?

 
10ec said:
I'm not that familiar with wookies, but is it common for all wookies or just you, that you have to be careful, so you

don't step on your JUNK.  Not that I would be looking, just curious.
Click to expand...
Well, yeah, being 7' 3" and all, there is the "proportional factor" to consider. Hey, just trying to stay modest, ya know?! /default_biggrin.png

 
DGSB0708 said:
But without a good SSL, things may look encrypted to you (not sure what exactly you are looking at to determine this) but no lock, no guarantee of encryption correct?
Click to expand...
The link below is to a brief, but simple and enlightening, discussion of the two uses of SSL certificates. Verification and encryption. It is entirely possible, maybe even likely in this case, that the data sent via through an unverified SSL connection is still encrypted. If your browser is indicating that it is, complete with the "lock" indicator, then it probably is. However, that's only half of the story. The other half is the "verification" component, which is discussed at some length in the previous link that I posted. To accept "card not present" credit card transactions online, a company must pass certain verification safe guards via the SSL certificate issuance process, including verification of the ownership of the domain, verification that their WHOIS data is complete and accurate per ICANN standards (which is another story in this industry space), verification that the person applying for the certificate is authorized to do so on behalf of the business, etc. This full menu of verification steps is called "extended validation", and results in issuance of the most highly vetted of the 3 types of SSL certificates. This most rigorously verified SSL certificate is also the industry standard among credit card providers, and as Denise had alluded too, many credit card providers will not authorize online purchases conducted on websites with invalid SSL certificates. Some will, but many won't, but that's not really the point. The point is, there are no assurances that the end recipient of your credit card data is actually the owner / operator of the website, As I'd mentioned before, in all likelihood, they've just moved their certificate over to the new domain and server to be able to take orders for the time being. The possibility does exist, however, at least in theory, that someone could have hacked TTM's old web host server and created a new lookalike site, inclusive of their old SSL certificate. I am NOT suggesting this is the case, but it also cannot be 100% ruled out either, nor can other potential scenarios, until a new, valid certificate is obtained. Also, once again, the financial risk is enhanced in these situations because many financial institutions waive their fraud protections to cardholders who complete transactions via invalid SSL sites. Not all, but some. As a result, customers should check with their card issuer and understand exactly what their exposure is financially.

http://tech.slashdot.org/story/10/06/28/2340237/22-million-ssl-certificates-in-use-are-invalid

 
Jewbacca said:
The link below is to a brief, but simple and enlightening, discussion of the two uses of SSL certificates. Verification and encryption. It is entirely possible, maybe even likely in this case, that the data sent via through an unverified SSL connection is still encrypted. If your browser is indicating that it is, complete with the "lock" indicator, then it probably is. However, that's only half of the story. The other half is the "verification" component, which is discussed at some length in the previous link that I posted. To accept "card not present" credit card transactions online, a company must pass certain verification safe guards via the SSL certificate issuance process, including verification of the ownership of the domain, verification that their WHOIS data is complete and accurate per ICANN standards (which is another story in this industry space), verification that the person applying for the certificate is authorized to do so on behalf of the business, etc. This full menu of verification steps is called "extended validation", and results in issuance of the most highly vetted of the 3 types of SSL certificates. This most rigorously verified SSL certificate is also the industry standard among credit card providers, and as Denise had alluded too, many credit card providers will not authorize online purchases conducted on websites with invalid SSL certificates. Some will, but many won't, but that's not really the point. The point is, there are no assurances that the end recipient of your credit card data is actually the owner / operator of the website, As I'd mentioned before, in all likelihood, they've just moved their certificate over to the new domain and server to be able to take orders for the time being. The possibility does exist, however, at least in theory, that someone could have hacked TTM's old web host server and created a new lookalike site, inclusive of their old SSL certificate. I am NOT suggesting this is the case, but it also cannot be 100% ruled out either, nor can other potential scenarios, until a new, valid certificate is obtained. Also, once again, the financial risk is enhanced in these situations because many financial institutions waive their fraud protections to cardholders who complete transactions via invalid SSL sites. Not all, but some. As a result, customers should check with their card issuer and understand exactly what their exposure is financially.

http://tech.slashdot.org/story/10/06/28/2340237/22-million-ssl-certificates-in-use-are-invalid
Click to expand...
Much more eloquently stated that what I tried to state in a single sentence! 

 
I know this is a terrible situation, but I am learning so much about a variety of topics - from SSL certifications, encryption, the inner workings of retail sites.

It's very interesting.  Probably info we should all know a bit about - at least basic processes.

BIG Thanks to all who have contributed to compiling this knowledge here (esp Jewy)

Does anyone here (maybe Admin?) ever have actual contact with someone at TT who might give insight into their plans or progress and could contact them now that site is back up?

 
Last edited by a moderator:
DGSB0708 said:
But without a good SSL, things may look encrypted to you (not sure what exactly you are looking at to determine this) but no lock, no guarantee of encryption correct?
Click to expand...
If you look back up a few posts you will see the image I attached showing 256 bit encryption.
Although as I mentioned in another post this would be on port 80, not on port 443 like you would get with the proper ssl(https)

 
Last edited by a moderator:
Swill369 said:
If you look back up a few posts you will see the image I attached showing 256 bit encryption.

Although as I mentioned in another post this would be on port 80, not on port 443 like you would get with the proper ssl(https)
Click to expand...
Thank you for pointing me to the image, I appreciate it.  But port 80 in and of itself is not truly a secure port correct?  It's vulnerable to an intrusion attack at least as far as I know in my limited knowledge of this... -

 
Denise said:
If just mailed 7/11, it's been 2 wks as of today.  TT says not to worry until after 3 wks...... up to 4

Doesn't disclaimer on TT  (or old TT) say basically they don't guarantee individual orders, but if multiple orders (or everybody) on same mailing doesn't receive...site said they'd would work with you in that type scenario (where all shipments for particular day didn't arrive - cuz then they know not it's a seizure, not scammer)

Has ANYONE received package from that shipment day?  If not, I believe if ALL of you report to TT not receiving from same ship day - TT will work with you. But everyone (or most) from that shipping date needs to notify them they never received it. Least that's what old TT used to say about refunds or reshipments.

I'd wait the 3 wks first, since they are busy enough as it is - probably will work over weekend to try completing all interfaces, connections, functions, etc
Click to expand...
Thanks for the insight denise.  Has ANYONE received or heard of someone receving a package shipped on the 11th?

 
Posted earlier I had sent email to tt2 customer service about lack of SSL protection during transactions with credit card.  Told you I'd post response and here it is:

Re: Message from Top10MedsOnline

FROM support@ttm2u.com TO You

Show Details
From
To
Hi Denise,

Regrettably, forums tend to follow a 'herd mentality' and it only 
takes one ill informed person to start a stampede.

The only thing that has changed is the URL used to reach Top10. If you 
go to www.ttm2u.com you will see that it comes up in your browser as 
https://www.ttm2u.com/shop

 
https donates that it is SSL encrypted. If it were not it would come 
up as http.

Regards,

T**

-----------------------------

One or more of you computer smart guys please analyze and tell us if this is all true or what we should believe, please.

 
Last edited by a moderator:
Hi,

I must admit, ignorance can sometimes be bliss...  I had not touched base here in awhile and missed all the "goings on" with TTM over the last couple of weeks.  So, unaware of the issues, I ordered 7/14 (a Sunday, so fulfilled and shipped 7/15, Monday), received 7/20, all in order, no problems and really fast.  Yesterday I checked my safe-mail acct. (again, don't always check-in there). I saw email from TTM.  It was the email from TTM regarding site change that not everyone got (so I learned when I checked in here and read yesterday's,7/24, posts.  Based on confirmation that the site had indeed moved, I logged on (got the mismatch warning when went to order...but was able to log-in and all my old info was present) so I placed a small order last night, received all confirmations, shipped out today 7/25.  Will update when (hopefully) received. 

 
Last edited:
Denise said:
Posted earlier I had sent email to tt2 customer service about lack of SSL protection during transactions with credit card.  Told you I'd post response and here it is:

Re: Message from Top10MedsOnline


FROM support@ttm2u.com TO You

Show Details
From
To
Hi Denise,

Regrettably, forums tend to follow a 'herd mentality' and it only 

takes one ill informed person to start a stampede.

The only thing that has changed is the URL used to reach Top10. If you 

go to www.ttm2u.com you will see that it comes up in your browser as 

https://www.ttm2u.com/shop

 
https donates that it is SSL encrypted. If it were not it would come 

up as http.

Regards,

T**

-----------------------------

One or more of you computer smart guys please analyze and tell us if this is all true or what we should believe, please.
Click to expand...
Just IMHO, but that is total 100% bullshit.  We are not lemmings marching off the cliff in a panic, merely trying to determine if they are secure.  Sure as shit you can have an https://xxx and have it NOT be a secure site.  Again, just my opinion but would really love to see the undeniable and irrefutable rebuttal that says I am wrong here. S-

PS>  will happily eat my words and sincerely and profusely apologize if proven wrong... not claiming to be the expert but I have seen https NOT be secure in the past.

 
Last edited:
Status
Not open for further replies.
Drugbuyersguide Shoutbox
  1. LatsDoodis @ LatsDoodis: @SeaDonkey I think everyone deserves a second chance. I worked all night so eclipsing my life away… I do love stargazing and a telescope is high on my list of things to do when I’m high!
  2. iamgroot @ iamgroot: replied you already
  3. iamgroot @ iamgroot: are you talking about me? lol
  4. Diz-E @ Diz-E: @ I am Groot--I emailed ya bro, Diz-E
  5. SeaDonkey @ SeaDonkey: @LatsDoodis by tonight I meant like 16 hours from now, so you still have a chance!
  6. LatsDoodis @ LatsDoodis: @SeaDonkey ooh, I just got home, too, but Iit was raining here all of a sudden! How was it?
  7. SeaDonkey @ SeaDonkey: Anyone else gonna watch the lunar eclipse tonight
  8. S @ scarred14: @RussianRambo who did?
  9. xenxra @ xenxra: what the fudge
  10. R @ RussianRambo: he set up a controlled delivery on 2 people
  11. R @ RussianRambo: Slaughter AKA Slaughterhouse is no good anymore
  12. R @ RussianRambo: coolchems no good
  13. hiTillidie @ hiTillidie: Just yankin your lobe jason...once paid you should have privleges.
  14. hiTillidie @ hiTillidie: You gotta buy vendor coupons first...
  15. J @ jason1974: How do i access approved vendors now that i am a member?
  16. xenxra @ xenxra: @jason1974 every single time someone pops up with that handle, they're a scammer. my browser gives me a security warning for their site.
  17. hiTillidie @ hiTillidie: Coolchems is no good
  18. hiTillidie @ hiTillidie: Xenxra yeah fir sure.pigpredictable
  19. J @ jason1974: Can anybody vouch for Coolchems.com?
  20. J @ jason1974: Can anybody vouch for Coolchems.com?
Back
Top