http://www.ttm2u.com/ AVOID

Status
Not open for further replies.
Jewbacca said:
It's a shame they don't offer supplemental medical insurance in case you step on your junk on the way to the mailbox.

Sorry, every time I see your user name, well, you know, LOL!
Click to expand...
I'm not that familiar with wookies, but is it common for all wookies or just you, that you have to be careful, so you

don't step on your JUNK.  Not that I would be looking, just curious.

 
Swill369 said:
The data is still encrypted(at least that's what I'm seeing on my end) the ssl error is basically saying "hey this might not be who you think it is"
Click to expand...
But without a good SSL, things may look encrypted to you (not sure what exactly you are looking at to determine this) but no lock, no guarantee of encryption correct?

 
10ec said:
I'm not that familiar with wookies, but is it common for all wookies or just you, that you have to be careful, so you

don't step on your JUNK.  Not that I would be looking, just curious.
Click to expand...
Well, yeah, being 7' 3" and all, there is the "proportional factor" to consider. Hey, just trying to stay modest, ya know?! /default_biggrin.png

 
DGSB0708 said:
But without a good SSL, things may look encrypted to you (not sure what exactly you are looking at to determine this) but no lock, no guarantee of encryption correct?
Click to expand...
The link below is to a brief, but simple and enlightening, discussion of the two uses of SSL certificates. Verification and encryption. It is entirely possible, maybe even likely in this case, that the data sent via through an unverified SSL connection is still encrypted. If your browser is indicating that it is, complete with the "lock" indicator, then it probably is. However, that's only half of the story. The other half is the "verification" component, which is discussed at some length in the previous link that I posted. To accept "card not present" credit card transactions online, a company must pass certain verification safe guards via the SSL certificate issuance process, including verification of the ownership of the domain, verification that their WHOIS data is complete and accurate per ICANN standards (which is another story in this industry space), verification that the person applying for the certificate is authorized to do so on behalf of the business, etc. This full menu of verification steps is called "extended validation", and results in issuance of the most highly vetted of the 3 types of SSL certificates. This most rigorously verified SSL certificate is also the industry standard among credit card providers, and as Denise had alluded too, many credit card providers will not authorize online purchases conducted on websites with invalid SSL certificates. Some will, but many won't, but that's not really the point. The point is, there are no assurances that the end recipient of your credit card data is actually the owner / operator of the website, As I'd mentioned before, in all likelihood, they've just moved their certificate over to the new domain and server to be able to take orders for the time being. The possibility does exist, however, at least in theory, that someone could have hacked TTM's old web host server and created a new lookalike site, inclusive of their old SSL certificate. I am NOT suggesting this is the case, but it also cannot be 100% ruled out either, nor can other potential scenarios, until a new, valid certificate is obtained. Also, once again, the financial risk is enhanced in these situations because many financial institutions waive their fraud protections to cardholders who complete transactions via invalid SSL sites. Not all, but some. As a result, customers should check with their card issuer and understand exactly what their exposure is financially.

http://tech.slashdot.org/story/10/06/28/2340237/22-million-ssl-certificates-in-use-are-invalid

 
Jewbacca said:
The link below is to a brief, but simple and enlightening, discussion of the two uses of SSL certificates. Verification and encryption. It is entirely possible, maybe even likely in this case, that the data sent via through an unverified SSL connection is still encrypted. If your browser is indicating that it is, complete with the "lock" indicator, then it probably is. However, that's only half of the story. The other half is the "verification" component, which is discussed at some length in the previous link that I posted. To accept "card not present" credit card transactions online, a company must pass certain verification safe guards via the SSL certificate issuance process, including verification of the ownership of the domain, verification that their WHOIS data is complete and accurate per ICANN standards (which is another story in this industry space), verification that the person applying for the certificate is authorized to do so on behalf of the business, etc. This full menu of verification steps is called "extended validation", and results in issuance of the most highly vetted of the 3 types of SSL certificates. This most rigorously verified SSL certificate is also the industry standard among credit card providers, and as Denise had alluded too, many credit card providers will not authorize online purchases conducted on websites with invalid SSL certificates. Some will, but many won't, but that's not really the point. The point is, there are no assurances that the end recipient of your credit card data is actually the owner / operator of the website, As I'd mentioned before, in all likelihood, they've just moved their certificate over to the new domain and server to be able to take orders for the time being. The possibility does exist, however, at least in theory, that someone could have hacked TTM's old web host server and created a new lookalike site, inclusive of their old SSL certificate. I am NOT suggesting this is the case, but it also cannot be 100% ruled out either, nor can other potential scenarios, until a new, valid certificate is obtained. Also, once again, the financial risk is enhanced in these situations because many financial institutions waive their fraud protections to cardholders who complete transactions via invalid SSL sites. Not all, but some. As a result, customers should check with their card issuer and understand exactly what their exposure is financially.

http://tech.slashdot.org/story/10/06/28/2340237/22-million-ssl-certificates-in-use-are-invalid
Click to expand...
Much more eloquently stated that what I tried to state in a single sentence! 

 
I know this is a terrible situation, but I am learning so much about a variety of topics - from SSL certifications, encryption, the inner workings of retail sites.

It's very interesting.  Probably info we should all know a bit about - at least basic processes.

BIG Thanks to all who have contributed to compiling this knowledge here (esp Jewy)

Does anyone here (maybe Admin?) ever have actual contact with someone at TT who might give insight into their plans or progress and could contact them now that site is back up?

 
Last edited by a moderator:
DGSB0708 said:
But without a good SSL, things may look encrypted to you (not sure what exactly you are looking at to determine this) but no lock, no guarantee of encryption correct?
Click to expand...
If you look back up a few posts you will see the image I attached showing 256 bit encryption.
Although as I mentioned in another post this would be on port 80, not on port 443 like you would get with the proper ssl(https)

 
Last edited by a moderator:
Swill369 said:
If you look back up a few posts you will see the image I attached showing 256 bit encryption.

Although as I mentioned in another post this would be on port 80, not on port 443 like you would get with the proper ssl(https)
Click to expand...
Thank you for pointing me to the image, I appreciate it.  But port 80 in and of itself is not truly a secure port correct?  It's vulnerable to an intrusion attack at least as far as I know in my limited knowledge of this... -

 
Denise said:
If just mailed 7/11, it's been 2 wks as of today.  TT says not to worry until after 3 wks...... up to 4

Doesn't disclaimer on TT  (or old TT) say basically they don't guarantee individual orders, but if multiple orders (or everybody) on same mailing doesn't receive...site said they'd would work with you in that type scenario (where all shipments for particular day didn't arrive - cuz then they know not it's a seizure, not scammer)

Has ANYONE received package from that shipment day?  If not, I believe if ALL of you report to TT not receiving from same ship day - TT will work with you. But everyone (or most) from that shipping date needs to notify them they never received it. Least that's what old TT used to say about refunds or reshipments.

I'd wait the 3 wks first, since they are busy enough as it is - probably will work over weekend to try completing all interfaces, connections, functions, etc
Click to expand...
Thanks for the insight denise.  Has ANYONE received or heard of someone receving a package shipped on the 11th?

 
Posted earlier I had sent email to tt2 customer service about lack of SSL protection during transactions with credit card.  Told you I'd post response and here it is:

Re: Message from Top10MedsOnline

FROM support@ttm2u.com TO You

Show Details
From
To
Hi Denise,

Regrettably, forums tend to follow a 'herd mentality' and it only 
takes one ill informed person to start a stampede.

The only thing that has changed is the URL used to reach Top10. If you 
go to www.ttm2u.com you will see that it comes up in your browser as 
https://www.ttm2u.com/shop

 
https donates that it is SSL encrypted. If it were not it would come 
up as http.

Regards,

T**

-----------------------------

One or more of you computer smart guys please analyze and tell us if this is all true or what we should believe, please.

 
Last edited by a moderator:
Hi,

I must admit, ignorance can sometimes be bliss...  I had not touched base here in awhile and missed all the "goings on" with TTM over the last couple of weeks.  So, unaware of the issues, I ordered 7/14 (a Sunday, so fulfilled and shipped 7/15, Monday), received 7/20, all in order, no problems and really fast.  Yesterday I checked my safe-mail acct. (again, don't always check-in there). I saw email from TTM.  It was the email from TTM regarding site change that not everyone got (so I learned when I checked in here and read yesterday's,7/24, posts.  Based on confirmation that the site had indeed moved, I logged on (got the mismatch warning when went to order...but was able to log-in and all my old info was present) so I placed a small order last night, received all confirmations, shipped out today 7/25.  Will update when (hopefully) received. 

 
Last edited:
Denise said:
Posted earlier I had sent email to tt2 customer service about lack of SSL protection during transactions with credit card.  Told you I'd post response and here it is:

Re: Message from Top10MedsOnline


FROM support@ttm2u.com TO You

Show Details
From
To
Hi Denise,

Regrettably, forums tend to follow a 'herd mentality' and it only 

takes one ill informed person to start a stampede.

The only thing that has changed is the URL used to reach Top10. If you 

go to www.ttm2u.com you will see that it comes up in your browser as 

https://www.ttm2u.com/shop

 
https donates that it is SSL encrypted. If it were not it would come 

up as http.

Regards,

T**

-----------------------------

One or more of you computer smart guys please analyze and tell us if this is all true or what we should believe, please.
Click to expand...
Just IMHO, but that is total 100% bullshit.  We are not lemmings marching off the cliff in a panic, merely trying to determine if they are secure.  Sure as shit you can have an https://xxx and have it NOT be a secure site.  Again, just my opinion but would really love to see the undeniable and irrefutable rebuttal that says I am wrong here. S-

PS>  will happily eat my words and sincerely and profusely apologize if proven wrong... not claiming to be the expert but I have seen https NOT be secure in the past.

 
Last edited:
Status
Not open for further replies.
Drugbuyersguide Shoutbox
  1. S @ soupson: What happened to chem genie?
  2. D @ drdrizzy13: LSU is trash and has always been trash but a night game in death valley is unlike anything I've experienced. Except the first game back to the superdome reopened after Katrina destroyed it. Everybody was crying and drunk as shit lol. All time favorite in person sports moment ever.
  3. M @ meepmoopmeep: Kiffin is a traitor and he and LSU deserve each other since they’re both complete trash
  4. D @ drdrizzy13: yea he's a joke lol. Can't stand him.
  5. L @ Layne_Cobain: You know who rly sucks…lane kiffin 😂 dude is all that’s wrong with college sports or at least a big chunk of it…and he lied about being told he could still coach ole miss in the playoffs
  6. D @ drdrizzy13: Hey at least Ole Miss got in. I can't stand LSU. They really sucked this year.
  7. M @ meepmoopmeep: as an A&M fan I’m content with us missing the SECCG for that reason. Georgia about to fuck Alabama up
  8. D @ drdrizzy13: Yeah I agree if bama loses I think they are out. That would be 3 losses. I don't see a 3 loss team getting in this year.
  9. L @ Layne_Cobain: Yeah that’s why sark was pleading his case about that Texas shouldn’t be punished for scheduling a non conference game against the best team and losing if they hadn’t done that they’d probably be in but oh well way it goes there’s always gonna be a few teams who get robbed or feel they got robbed even with a 12 team playofff…if bama loses to Georgia I’d think they’d be out but who knows
  10. D @ drdrizzy13: Alabama also lost to Florida State pretty bad. Whom Florida beat. I just think if they didn't decide to play ohio state the first game. They would be in with 2 losses instead of Alabama.
  11. M @ meepmoopmeep: @drdrizzy13 Texas lost to Florida of all teams, they weren’t heading for the playoffs anyways imo. At least not this year
  12. D @ drdrizzy13: Texas is offically out of the playoffs they didn't make the top 12. I do wish they were in it. They showed up against Texas AM. But there fatal flaw was scheduling Ohio State for their opening. Which would have been great if they won but they are a 3 loss team now.
  13. L @ Layne_Cobain: Yeah idk about arch I could see him staying with Sark for another year but if he plays rly well in the playoff who knows that is if they get in
  14. D @ drdrizzy13: Man a lot of Saints fan want Arch but I think he said he is playing another year. I would take him probably. But if Texas AM QB comes out or Ohio State's I think you gotta take one if your picking top 2.
  15. L @ Layne_Cobain: Is the qb class supposed to be stacked or thin for draft in April I follow college ball but I can’t think right now I think there’s def at least a few high potential qb declaring
  16. D @ drdrizzy13: Right now I believe we pick 2nd. ATM.
  17. D @ drdrizzy13: At first I figured he might be able to do something but our position players suck. We are playing a rookie QB. O-line sucks. It needs to be blown up. I hope we tank for the first pick
  18. L @ Layne_Cobain: Hopefully you guys maybe find a solid qb option in the draft you should end up with a very good pick
  19. L @ Layne_Cobain: Yeah dude Moore def does not seem like the guy for yall need to clean house
  20. D @ drdrizzy13: I should say our receivers suck
Back
Top