http://www.ttm2u.com/ AVOID

[10ec]

It's a shame they don't offer supplemental medical insurance in case you step on your junk on the way to the mailbox.

Sorry, every time I see your user name, well, you know, LOL!

I'm not that familiar with wookies, but is it common for all wookies or just you, that you have to be careful, so you

don't step on your JUNK.  Not that I would be looking, just curious.

 

[DGSB0708]

The data is still encrypted(at least that's what I'm seeing on my end) the ssl error is basically saying "hey this might not be who you think it is"

But without a good SSL, things may look encrypted to you (not sure what exactly you are looking at to determine this) but no lock, no guarantee of encryption correct?

 

[Jewbacca]

I'm not that familiar with wookies, but is it common for all wookies or just you, that you have to be careful, so you

don't step on your JUNK.  Not that I would be looking, just curious.

Well, yeah, being 7' 3" and all, there is the "proportional factor" to consider. Hey, just trying to stay modest, ya know?! /default_biggrin.png

 

[Jewbacca]

But without a good SSL, things may look encrypted to you (not sure what exactly you are looking at to determine this) but no lock, no guarantee of encryption correct?

The link below is to a brief, but simple and enlightening, discussion of the two uses of SSL certificates. Verification and encryption. It is entirely possible, maybe even likely in this case, that the data sent via through an unverified SSL connection is still encrypted. If your browser is indicating that it is, complete with the "lock" indicator, then it probably is. However, that's only half of the story. The other half is the "verification" component, which is discussed at some length in the previous link that I posted. To accept "card not present" credit card transactions online, a company must pass certain verification safe guards via the SSL certificate issuance process, including verification of the ownership of the domain, verification that their WHOIS data is complete and accurate per ICANN standards (which is another story in this industry space), verification that the person applying for the certificate is authorized to do so on behalf of the business, etc. This full menu of verification steps is called "extended validation", and results in issuance of the most highly vetted of the 3 types of SSL certificates. This most rigorously verified SSL certificate is also the industry standard among credit card providers, and as Denise had alluded too, many credit card providers will not authorize online purchases conducted on websites with invalid SSL certificates. Some will, but many won't, but that's not really the point. The point is, there are no assurances that the end recipient of your credit card data is actually the owner / operator of the website, As I'd mentioned before, in all likelihood, they've just moved their certificate over to the new domain and server to be able to take orders for the time being. The possibility does exist, however, at least in theory, that someone could have hacked TTM's old web host server and created a new lookalike site, inclusive of their old SSL certificate. I am NOT suggesting this is the case, but it also cannot be 100% ruled out either, nor can other potential scenarios, until a new, valid certificate is obtained. Also, once again, the financial risk is enhanced in these situations because many financial institutions waive their fraud protections to cardholders who complete transactions via invalid SSL sites. Not all, but some. As a result, customers should check with their card issuer and understand exactly what their exposure is financially.

http://tech.slashdot.org/story/10/06/28/2340237/22-million-ssl-certificates-in-use-are-invalid

 

[DGSB0708]

The link below is to a brief, but simple and enlightening, discussion of the two uses of SSL certificates. Verification and encryption. It is entirely possible, maybe even likely in this case, that the data sent via through an unverified SSL connection is still encrypted. If your browser is indicating that it is, complete with the "lock" indicator, then it probably is. However, that's only half of the story. The other half is the "verification" component, which is discussed at some length in the previous link that I posted. To accept "card not present" credit card transactions online, a company must pass certain verification safe guards via the SSL certificate issuance process, including verification of the ownership of the domain, verification that their WHOIS data is complete and accurate per ICANN standards (which is another story in this industry space), verification that the person applying for the certificate is authorized to do so on behalf of the business, etc. This full menu of verification steps is called "extended validation", and results in issuance of the most highly vetted of the 3 types of SSL certificates. This most rigorously verified SSL certificate is also the industry standard among credit card providers, and as Denise had alluded too, many credit card providers will not authorize online purchases conducted on websites with invalid SSL certificates. Some will, but many won't, but that's not really the point. The point is, there are no assurances that the end recipient of your credit card data is actually the owner / operator of the website, As I'd mentioned before, in all likelihood, they've just moved their certificate over to the new domain and server to be able to take orders for the time being. The possibility does exist, however, at least in theory, that someone could have hacked TTM's old web host server and created a new lookalike site, inclusive of their old SSL certificate. I am NOT suggesting this is the case, but it also cannot be 100% ruled out either, nor can other potential scenarios, until a new, valid certificate is obtained. Also, once again, the financial risk is enhanced in these situations because many financial institutions waive their fraud protections to cardholders who complete transactions via invalid SSL sites. Not all, but some. As a result, customers should check with their card issuer and understand exactly what their exposure is financially.

http://tech.slashdot.org/story/10/06/28/2340237/22-million-ssl-certificates-in-use-are-invalid

Much more eloquently stated that what I tried to state in a single sentence! 

 

[Jewbacca]

Much more eloquently stated that what I tried to state in a single sentence!

Well, thank you, but it probably came at the expense of blowing up admin's data storage quota, LOL!

 

[Denise]

I know this is a terrible situation, but I am learning so much about a variety of topics - from SSL certifications, encryption, the inner workings of retail sites.

It's very interesting.  Probably info we should all know a bit about - at least basic processes.

BIG Thanks to all who have contributed to compiling this knowledge here (esp Jewy)

Does anyone here (maybe Admin?) ever have actual contact with someone at TT who might give insight into their plans or progress and could contact them now that site is back up?

 

[Swill369]

But without a good SSL, things may look encrypted to you (not sure what exactly you are looking at to determine this) but no lock, no guarantee of encryption correct?

If you look back up a few posts you will see the image I attached showing 256 bit encryption.
Although as I mentioned in another post this would be on port 80, not on port 443 like you would get with the proper ssl(https)

 

[DGSB0708]

If you look back up a few posts you will see the image I attached showing 256 bit encryption.

Although as I mentioned in another post this would be on port 80, not on port 443 like you would get with the proper ssl(https)

Thank you for pointing me to the image, I appreciate it.  But port 80 in and of itself is not truly a secure port correct?  It's vulnerable to an intrusion attack at least as far as I know in my limited knowledge of this... -

 

[Nixon08]

If just mailed 7/11, it's been 2 wks as of today.  TT says not to worry until after 3 wks...... up to 4

Doesn't disclaimer on TT  (or old TT) say basically they don't guarantee individual orders, but if multiple orders (or everybody) on same mailing doesn't receive...site said they'd would work with you in that type scenario (where all shipments for particular day didn't arrive - cuz then they know not it's a seizure, not scammer)

Has ANYONE received package from that shipment day?  If not, I believe if ALL of you report to TT not receiving from same ship day - TT will work with you. But everyone (or most) from that shipping date needs to notify them they never received it. Least that's what old TT used to say about refunds or reshipments.

I'd wait the 3 wks first, since they are busy enough as it is - probably will work over weekend to try completing all interfaces, connections, functions, etc

Thanks for the insight denise.  Has ANYONE received or heard of someone receving a package shipped on the 11th?

 

[Gator]

Just chill everyone the 11th was only two weeks ago

 

[Denise]

Well, thank you, but it probably came at the expense of blowing up admin's data storage quota, LOL!

Does that mean you have to be quiet the rest of the day?   LOL

 

[Jewbacca]

Does that mean you have to be quiet the rest of the day? LOL

Yeah, good luck shutting the Wookie up! LOL

 

[Denise]

Posted earlier I had sent email to tt2 customer service about lack of SSL protection during transactions with credit card.  Told you I'd post response and here it is:

Re: Message from Top10MedsOnline

FROM support@ttm2u.com TO You

Show Details
From

• support@ttm2u.com  
  
•  

To

• Denise
  

Hi Denise,

Regrettably, forums tend to follow a 'herd mentality' and it only 
takes one ill informed person to start a stampede.

The only thing that has changed is the URL used to reach Top10. If you 
go to www.ttm2u.com you will see that it comes up in your browser as 
https://www.ttm2u.com/shop

 
https donates that it is SSL encrypted. If it were not it would come 
up as http.

Regards,

T**

-----------------------------

One or more of you computer smart guys please analyze and tell us if this is all true or what we should believe, please.

 

[Guest]

Hi,

I must admit, ignorance can sometimes be bliss...  I had not touched base here in awhile and missed all the "goings on" with TTM over the last couple of weeks.  So, unaware of the issues, I ordered 7/14 (a Sunday, so fulfilled and shipped 7/15, Monday), received 7/20, all in order, no problems and really fast.  Yesterday I checked my safe-mail acct. (again, don't always check-in there). I saw email from TTM.  It was the email from TTM regarding site change that not everyone got (so I learned when I checked in here and read yesterday's,7/24, posts.  Based on confirmation that the site had indeed moved, I logged on (got the mismatch warning when went to order...but was able to log-in and all my old info was present) so I placed a small order last night, received all confirmations, shipped out today 7/25.  Will update when (hopefully) received. 

 

[DGSB0708]

Posted earlier I had sent email to tt2 customer service about lack of SSL protection during transactions with credit card.  Told you I'd post response and here it is:

Re: Message from Top10MedsOnline


FROM support@ttm2u.com TO You

Show Details
From

• support@ttm2u.com  
  
•  

To

• Denise
  

Hi Denise,

Regrettably, forums tend to follow a 'herd mentality' and it only 

takes one ill informed person to start a stampede.

The only thing that has changed is the URL used to reach Top10. If you 

go to www.ttm2u.com you will see that it comes up in your browser as 

https://www.ttm2u.com/shop

 
https donates that it is SSL encrypted. If it were not it would come 

up as http.

Regards,

T**

-----------------------------

One or more of you computer smart guys please analyze and tell us if this is all true or what we should believe, please.

Just IMHO, but that is total 100% bullshit.  We are not lemmings marching off the cliff in a panic, merely trying to determine if they are secure.  Sure as shit you can have an https://xxx and have it NOT be a secure site.  Again, just my opinion but would really love to see the undeniable and irrefutable rebuttal that says I am wrong here. S-

PS>  will happily eat my words and sincerely and profusely apologize if proven wrong... not claiming to be the expert but I have seen https NOT be secure in the past.

 

[Denise]

Yeah, good luck shutting the Wookie up! LOL

Fine, then what's your opinion of the email tt2 sent me in response to my inquiry about the SSL & security of transactions?

 

[Dirk Diggler]

Since we are talking about ordering though. Has anyone that ordered from the new site received a email after order or anything yet?

Yes. Ordered 7/24, charged and mailed 7/25

 

[rommel_nyc]

ordered: 7/15

shipped 7/16

received 7/25

A+ as always..

props DBG....

 

[Gator]

ordered: 7/15

shipped 7/16

received 7/25

A+ as always..

props DBG....

x2   /default_smile.png