Talk Tennis

Talk Tennis (http://tt.tennis-warehouse.com/index.php)
-   Adult League & Tournament Talk (http://tt.tennis-warehouse.com/forumdisplay.php?f=35)
-   -   USTA Membership Site Security Issues (http://tt.tennis-warehouse.com/showthread.php?t=453416)

SwankPeRFection 02-01-2013 07:21 PM

USTA Membership Site Security Issues
 
Has anyone else noticed how on the USTA site when you log in and pull up your account summary pages it has a proper SSL encryption for the site, but the minute you click on renew membership or try to buy something it takes you to a checkout page that's no longer SSL encrypted? :shock:

WTF USTA?!

darrinbaker00 02-01-2013 08:15 PM

You decided to start a thread on a message board instead of asking the USTA about it because.....?

SwankPeRFection 02-01-2013 08:25 PM

Quote:

Originally Posted by darrinbaker00 (Post 7185823)
You decided to start a thread on a message board instead of asking the USTA about it because.....?

Don't quit your day job because making assumptions is not your forte.

Think of this thread as a public service announcement. ;)

beernutz 02-01-2013 11:13 PM

https://secure.ustashop.com/checkout.php

fleabitten 02-02-2013 08:05 AM

Quote:

Originally Posted by SwankPeRFection (Post 7185845)
Think of this thread as a public service announcement. ;)

Well said, and plus, asking the USTA to fix their website is like yelling underwater, nobody hears you. The USTA site is so clumsy and horrible as far as navigation goes, this just adds to it.

SwankPeRFection 02-02-2013 08:50 AM

Quote:

Originally Posted by beernutz (Post 7186056)

What's your point?


Go here once you're logged in... https://membership.usta.com/checkout/checkout.jsp#init and you'll see how the browser bar at the last second once it's done loading switches to a non-SSL site. (i.e. the lock isn't there anymore to indicate the connection to the webpage is still encrypted.

beernutz 02-02-2013 11:57 AM

My point is that the important parts of that page like your credit card information are encrypted. Only some google remarketing components are unencrypted which is why your browser is giving you a warning. If you look at the page properties you'll likely see something like this:


SwankPeRFection 02-02-2013 01:25 PM

Doesn't matter. If the normal account info page has full encryption for ALL frames and content, then the renewal and checkout page should be the same way. Anything else and it leaves the page vulnerable to redirects, etc. That's bad page writing. There's no reason why there should be anything else on that page other than your own checkout info. What moron writes other crap into a page that's meant to be secure!? They just have idiots write code for them, both for their webpage and for their mobile apps, which are utter crap and need to be seriously rewritten. I'm just tired of their crap IT standards!!!

beernutz 02-02-2013 06:34 PM

Quote:

Originally Posted by SwankPeRFection (Post 7187163)
Doesn't matter. If the normal account info page has full encryption for ALL frames and content, then the renewal and checkout page should be the same way. Anything else and it leaves the page vulnerable to redirects, etc. That's bad page writing. There's no reason why there should be anything else on that page other than your own checkout info. What moron writes other crap into a page that's meant to be secure!? They just have idiots write code for them, both for their webpage and for their mobile apps, which are utter crap and need to be seriously rewritten. I'm just tired of their crap IT standards!!!

Lol. You have a lot of professional web coding experience?

darrinbaker00 02-02-2013 06:41 PM

Quote:

Originally Posted by SwankPeRFection (Post 7187163)
Doesn't matter. If the normal account info page has full encryption for ALL frames and content, then the renewal and checkout page should be the same way. Anything else and it leaves the page vulnerable to redirects, etc. That's bad page writing. There's no reason why there should be anything else on that page other than your own checkout info. What moron writes other crap into a page that's meant to be secure!? They just have idiots write code for them, both for their webpage and for their mobile apps, which are utter crap and need to be seriously rewritten. I'm just tired of their crap IT standards!!!

In that case, why don't you submit your resume to the USTA? They could obviously use someone with your expertise.

mikeler 02-02-2013 07:06 PM

The OP is right. Once you go into SSL mode, it is generally not advisable to come out of it.

SwankPeRFection 02-03-2013 07:39 AM

(After further testing.) Seems the mobile site can maintain the SSL encryption throughout the entire checkout/payment session, just the full website cannot.

Adles 02-04-2013 05:59 AM

I got a "Malware Alert" from my browser (Chrome) today on the USTA site, saying that there was known malware from cmi.netseer.com on the mixed doubles team page I was trying to look at.

Perhaps I should stay away from mixed doubles?

Has anyone else gotten this message? A big red screen from Google Chrome, saying to stay away.


All times are GMT -8. The time now is 08:00 PM.

Powered by vBulletin® Version 3.6.9
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006 - Tennis Warehouse