http://www.ttm2u.com/ AVOID

Status
Not open for further replies.
Jewbacca said:
It's a shame they don't offer supplemental medical insurance in case you step on your junk on the way to the mailbox.

Sorry, every time I see your user name, well, you know, LOL!
Click to expand...
I'm not that familiar with wookies, but is it common for all wookies or just you, that you have to be careful, so you

don't step on your JUNK.  Not that I would be looking, just curious.

 
Swill369 said:
The data is still encrypted(at least that's what I'm seeing on my end) the ssl error is basically saying "hey this might not be who you think it is"
Click to expand...
But without a good SSL, things may look encrypted to you (not sure what exactly you are looking at to determine this) but no lock, no guarantee of encryption correct?

 
10ec said:
I'm not that familiar with wookies, but is it common for all wookies or just you, that you have to be careful, so you

don't step on your JUNK.  Not that I would be looking, just curious.
Click to expand...
Well, yeah, being 7' 3" and all, there is the "proportional factor" to consider. Hey, just trying to stay modest, ya know?! /default_biggrin.png

 
DGSB0708 said:
But without a good SSL, things may look encrypted to you (not sure what exactly you are looking at to determine this) but no lock, no guarantee of encryption correct?
Click to expand...
The link below is to a brief, but simple and enlightening, discussion of the two uses of SSL certificates. Verification and encryption. It is entirely possible, maybe even likely in this case, that the data sent via through an unverified SSL connection is still encrypted. If your browser is indicating that it is, complete with the "lock" indicator, then it probably is. However, that's only half of the story. The other half is the "verification" component, which is discussed at some length in the previous link that I posted. To accept "card not present" credit card transactions online, a company must pass certain verification safe guards via the SSL certificate issuance process, including verification of the ownership of the domain, verification that their WHOIS data is complete and accurate per ICANN standards (which is another story in this industry space), verification that the person applying for the certificate is authorized to do so on behalf of the business, etc. This full menu of verification steps is called "extended validation", and results in issuance of the most highly vetted of the 3 types of SSL certificates. This most rigorously verified SSL certificate is also the industry standard among credit card providers, and as Denise had alluded too, many credit card providers will not authorize online purchases conducted on websites with invalid SSL certificates. Some will, but many won't, but that's not really the point. The point is, there are no assurances that the end recipient of your credit card data is actually the owner / operator of the website, As I'd mentioned before, in all likelihood, they've just moved their certificate over to the new domain and server to be able to take orders for the time being. The possibility does exist, however, at least in theory, that someone could have hacked TTM's old web host server and created a new lookalike site, inclusive of their old SSL certificate. I am NOT suggesting this is the case, but it also cannot be 100% ruled out either, nor can other potential scenarios, until a new, valid certificate is obtained. Also, once again, the financial risk is enhanced in these situations because many financial institutions waive their fraud protections to cardholders who complete transactions via invalid SSL sites. Not all, but some. As a result, customers should check with their card issuer and understand exactly what their exposure is financially.

http://tech.slashdot.org/story/10/06/28/2340237/22-million-ssl-certificates-in-use-are-invalid

 
Jewbacca said:
The link below is to a brief, but simple and enlightening, discussion of the two uses of SSL certificates. Verification and encryption. It is entirely possible, maybe even likely in this case, that the data sent via through an unverified SSL connection is still encrypted. If your browser is indicating that it is, complete with the "lock" indicator, then it probably is. However, that's only half of the story. The other half is the "verification" component, which is discussed at some length in the previous link that I posted. To accept "card not present" credit card transactions online, a company must pass certain verification safe guards via the SSL certificate issuance process, including verification of the ownership of the domain, verification that their WHOIS data is complete and accurate per ICANN standards (which is another story in this industry space), verification that the person applying for the certificate is authorized to do so on behalf of the business, etc. This full menu of verification steps is called "extended validation", and results in issuance of the most highly vetted of the 3 types of SSL certificates. This most rigorously verified SSL certificate is also the industry standard among credit card providers, and as Denise had alluded too, many credit card providers will not authorize online purchases conducted on websites with invalid SSL certificates. Some will, but many won't, but that's not really the point. The point is, there are no assurances that the end recipient of your credit card data is actually the owner / operator of the website, As I'd mentioned before, in all likelihood, they've just moved their certificate over to the new domain and server to be able to take orders for the time being. The possibility does exist, however, at least in theory, that someone could have hacked TTM's old web host server and created a new lookalike site, inclusive of their old SSL certificate. I am NOT suggesting this is the case, but it also cannot be 100% ruled out either, nor can other potential scenarios, until a new, valid certificate is obtained. Also, once again, the financial risk is enhanced in these situations because many financial institutions waive their fraud protections to cardholders who complete transactions via invalid SSL sites. Not all, but some. As a result, customers should check with their card issuer and understand exactly what their exposure is financially.

http://tech.slashdot.org/story/10/06/28/2340237/22-million-ssl-certificates-in-use-are-invalid
Click to expand...
Much more eloquently stated that what I tried to state in a single sentence! 

 
I know this is a terrible situation, but I am learning so much about a variety of topics - from SSL certifications, encryption, the inner workings of retail sites.

It's very interesting.  Probably info we should all know a bit about - at least basic processes.

BIG Thanks to all who have contributed to compiling this knowledge here (esp Jewy)

Does anyone here (maybe Admin?) ever have actual contact with someone at TT who might give insight into their plans or progress and could contact them now that site is back up?

 
Last edited by a moderator:
DGSB0708 said:
But without a good SSL, things may look encrypted to you (not sure what exactly you are looking at to determine this) but no lock, no guarantee of encryption correct?
Click to expand...
If you look back up a few posts you will see the image I attached showing 256 bit encryption.
Although as I mentioned in another post this would be on port 80, not on port 443 like you would get with the proper ssl(https)

 
Last edited by a moderator:
Swill369 said:
If you look back up a few posts you will see the image I attached showing 256 bit encryption.

Although as I mentioned in another post this would be on port 80, not on port 443 like you would get with the proper ssl(https)
Click to expand...
Thank you for pointing me to the image, I appreciate it.  But port 80 in and of itself is not truly a secure port correct?  It's vulnerable to an intrusion attack at least as far as I know in my limited knowledge of this... -

 
Denise said:
If just mailed 7/11, it's been 2 wks as of today.  TT says not to worry until after 3 wks...... up to 4

Doesn't disclaimer on TT  (or old TT) say basically they don't guarantee individual orders, but if multiple orders (or everybody) on same mailing doesn't receive...site said they'd would work with you in that type scenario (where all shipments for particular day didn't arrive - cuz then they know not it's a seizure, not scammer)

Has ANYONE received package from that shipment day?  If not, I believe if ALL of you report to TT not receiving from same ship day - TT will work with you. But everyone (or most) from that shipping date needs to notify them they never received it. Least that's what old TT used to say about refunds or reshipments.

I'd wait the 3 wks first, since they are busy enough as it is - probably will work over weekend to try completing all interfaces, connections, functions, etc
Click to expand...
Thanks for the insight denise.  Has ANYONE received or heard of someone receving a package shipped on the 11th?

 
Posted earlier I had sent email to tt2 customer service about lack of SSL protection during transactions with credit card.  Told you I'd post response and here it is:

Re: Message from Top10MedsOnline

FROM support@ttm2u.com TO You

Show Details
From
To
Hi Denise,

Regrettably, forums tend to follow a 'herd mentality' and it only 
takes one ill informed person to start a stampede.

The only thing that has changed is the URL used to reach Top10. If you 
go to www.ttm2u.com you will see that it comes up in your browser as 
https://www.ttm2u.com/shop

 
https donates that it is SSL encrypted. If it were not it would come 
up as http.

Regards,

T**

-----------------------------

One or more of you computer smart guys please analyze and tell us if this is all true or what we should believe, please.

 
Last edited by a moderator:
Hi,

I must admit, ignorance can sometimes be bliss...  I had not touched base here in awhile and missed all the "goings on" with TTM over the last couple of weeks.  So, unaware of the issues, I ordered 7/14 (a Sunday, so fulfilled and shipped 7/15, Monday), received 7/20, all in order, no problems and really fast.  Yesterday I checked my safe-mail acct. (again, don't always check-in there). I saw email from TTM.  It was the email from TTM regarding site change that not everyone got (so I learned when I checked in here and read yesterday's,7/24, posts.  Based on confirmation that the site had indeed moved, I logged on (got the mismatch warning when went to order...but was able to log-in and all my old info was present) so I placed a small order last night, received all confirmations, shipped out today 7/25.  Will update when (hopefully) received. 

 
Last edited:
Denise said:
Posted earlier I had sent email to tt2 customer service about lack of SSL protection during transactions with credit card.  Told you I'd post response and here it is:

Re: Message from Top10MedsOnline


FROM support@ttm2u.com TO You

Show Details
From
To
Hi Denise,

Regrettably, forums tend to follow a 'herd mentality' and it only 

takes one ill informed person to start a stampede.

The only thing that has changed is the URL used to reach Top10. If you 

go to www.ttm2u.com you will see that it comes up in your browser as 

https://www.ttm2u.com/shop

 
https donates that it is SSL encrypted. If it were not it would come 

up as http.

Regards,

T**

-----------------------------

One or more of you computer smart guys please analyze and tell us if this is all true or what we should believe, please.
Click to expand...
Just IMHO, but that is total 100% bullshit.  We are not lemmings marching off the cliff in a panic, merely trying to determine if they are secure.  Sure as shit you can have an https://xxx and have it NOT be a secure site.  Again, just my opinion but would really love to see the undeniable and irrefutable rebuttal that says I am wrong here. S-

PS>  will happily eat my words and sincerely and profusely apologize if proven wrong... not claiming to be the expert but I have seen https NOT be secure in the past.

 
Last edited:
Status
Not open for further replies.
Drugbuyersguide Shoutbox
  1. ontovzik @ ontovzik: When I had long term shingles, lasting two months. All he could give me was a 10 day supply of dilaudid. He looked at the ground while we were talking about it. I could tell he was ashamed but it was the legislature and the governor that tied his hands. He was very upset that non-medical political people, the media, and the scared public were controlling how he treated his patients. Someday those people will need meds and a hospital bed and they will be gone.
  2. ontovzik @ ontovzik: I had a great doctor, he had the true gift of a healer and he stayed on top of all the science. He straight up told me that for many people opiods work for managing short and long term pain.
  3. ontovzik @ ontovzik: He peed it in the snow in my backyard.
  4. WTF7218 @ WTF7218: @xenxra 😆😂. Yes, but only a few brave souls will ever find the number. You must first order a Dirty Shirley from the bartender. Then you must discreetly take the cocktail napkin from under your drink and unfold it. There you will find the map to the location of the phone number, and clues to decipher the code that it is written in.
  5. xenxra @ xenxra: he left his phone number scribbled in a stall at the pub three blocks down
  6. aBBazaBBa123 @ aBBazaBBa123: @rockychoc How do I contact you?
  7. N @ NYStateofMind: @Alkazar I would try one of those easy online ones .. reddit gives useful info about that
  8. Alkazar @ Alkazar: @NYStateofMind I dont really have a history of abusing things, my docotr is just really stingy. I am thinking of switching.
  9. C @ Cheesus: Thanks xenxra
  10. xenxra @ xenxra: @Cheesus yeah, use snote
  11. P @ psychedpsych: Trump is cracking down….
  12. P @ psychedpsych: Hackers are the scum of the earth
  13. N @ NYStateofMind: so it was easy bc of my history
  14. N @ NYStateofMind: I didnt really tell him but he knew I needed a new script since my dr went to jail
  15. N @ NYStateofMind: @xenxra I was on Adderall since 15 years ago so my dr prescribed that w no problems and then when I lost my best friend my doctor rxed the valiums but
  16. C @ Cheesus: Temp.pm down for anyone else?
  17. xenxra @ xenxra: @NYStateofMind my doctor's have always been pretty open minded if i can actually come in and explain the pharmacological action of the drugs im seeking instead of just telling them why i think i should be prescribed. the only time it didn't work out for me is when i was trying pharmaceuticals for depression ten years ago and suggested they let me try testosterone instead (turns out i was hypogonadal so they made a mistake denying my request at face value)
  18. T @ Testisthebest: Even down here in Florida when the pill mill docs all switched over to Suboxone and/or retired you can still find some pretty liberal docs but you gotta know what to look for. Mine does "pain management, detox, anxiety,etc. And no insurance. My doc writes me 60 5mg Valium, 14 2mg Xanax and asked if I had ever tried adderal to get more focus at work as I told him I run my own business.
  19. N @ NYStateofMind: @Alkazar do they know your history? Like I dont tell my doctor anything about myself except what they need to know,...I was able to get my dr to rx the highest dose of adderall along with valiums ..... if they dont know your history or there is no history I would just come out and ask what is the reason for their mistreatment.... they have no problem billing your insurance or taking a payment for the visit
  20. T @ Turbo259: @Layne_Cobain Thank you fam
Back
Top