USTA Membership Site Security Issues

Discussion in 'Adult League & Tournament Talk' started by SwankPeRFection, Feb 1, 2013.

  1. SwankPeRFection

    SwankPeRFection Hall of Fame

    Joined:
    Apr 30, 2012
    Messages:
    1,509
    Has anyone else noticed how on the USTA site when you log in and pull up your account summary pages it has a proper SSL encryption for the site, but the minute you click on renew membership or try to buy something it takes you to a checkout page that's no longer SSL encrypted? :shock:

    WTF USTA?!
     
    #1
  2. darrinbaker00

    darrinbaker00 Professional

    Joined:
    May 24, 2005
    Messages:
    984
    Location:
    Berkeley, CA
    You decided to start a thread on a message board instead of asking the USTA about it because.....?
     
    #2
  3. SwankPeRFection

    SwankPeRFection Hall of Fame

    Joined:
    Apr 30, 2012
    Messages:
    1,509
    Don't quit your day job because making assumptions is not your forte.

    Think of this thread as a public service announcement. ;)
     
    Last edited: Feb 1, 2013
    #3
  4. beernutz

    beernutz Hall of Fame

    Joined:
    Aug 16, 2005
    Messages:
    4,400
    Location:
    expanding my Ignore List
    #4
  5. fleabitten

    fleabitten Semi-Pro

    Joined:
    Mar 26, 2005
    Messages:
    697
    Location:
    surfing through tennisopolis.com
    Well said, and plus, asking the USTA to fix their website is like yelling underwater, nobody hears you. The USTA site is so clumsy and horrible as far as navigation goes, this just adds to it.
     
    #5
  6. SwankPeRFection

    SwankPeRFection Hall of Fame

    Joined:
    Apr 30, 2012
    Messages:
    1,509
    #6
  7. beernutz

    beernutz Hall of Fame

    Joined:
    Aug 16, 2005
    Messages:
    4,400
    Location:
    expanding my Ignore List
    My point is that the important parts of that page like your credit card information are encrypted. Only some google remarketing components are unencrypted which is why your browser is giving you a warning. If you look at the page properties you'll likely see something like this:

    [​IMG]
     
    #7
  8. SwankPeRFection

    SwankPeRFection Hall of Fame

    Joined:
    Apr 30, 2012
    Messages:
    1,509
    Doesn't matter. If the normal account info page has full encryption for ALL frames and content, then the renewal and checkout page should be the same way. Anything else and it leaves the page vulnerable to redirects, etc. That's bad page writing. There's no reason why there should be anything else on that page other than your own checkout info. What moron writes other crap into a page that's meant to be secure!? They just have idiots write code for them, both for their webpage and for their mobile apps, which are utter crap and need to be seriously rewritten. I'm just tired of their crap IT standards!!!
     
    #8
  9. beernutz

    beernutz Hall of Fame

    Joined:
    Aug 16, 2005
    Messages:
    4,400
    Location:
    expanding my Ignore List
    Lol. You have a lot of professional web coding experience?
     
    #9
  10. darrinbaker00

    darrinbaker00 Professional

    Joined:
    May 24, 2005
    Messages:
    984
    Location:
    Berkeley, CA
    In that case, why don't you submit your resume to the USTA? They could obviously use someone with your expertise.
     
    #10
  11. mikeler

    mikeler G.O.A.T.

    Joined:
    Sep 26, 2008
    Messages:
    19,554
    Location:
    Central Florida
    The OP is right. Once you go into SSL mode, it is generally not advisable to come out of it.
     
    #11
  12. SwankPeRFection

    SwankPeRFection Hall of Fame

    Joined:
    Apr 30, 2012
    Messages:
    1,509
    (After further testing.) Seems the mobile site can maintain the SSL encryption throughout the entire checkout/payment session, just the full website cannot.
     
    #12
  13. Adles

    Adles Rookie

    Joined:
    Jan 23, 2013
    Messages:
    164
    Location:
    NH
    I got a "Malware Alert" from my browser (Chrome) today on the USTA site, saying that there was known malware from cmi.netseer.com on the mixed doubles team page I was trying to look at.

    Perhaps I should stay away from mixed doubles?

    Has anyone else gotten this message? A big red screen from Google Chrome, saying to stay away.
     
    #13

Share This Page