USTA Membership Site Security Issues

SwankPeRFection · 02-01-2013, 07:21 PM

Has anyone else noticed how on the USTA site when you log in and pull up your account summary pages it has a proper SSL encryption for the site, but the minute you click on renew membership or try to buy something it takes you to a checkout page that's no longer SSL encrypted?

WTF USTA?!

darrinbaker00 · 02-01-2013, 08:15 PM

You decided to start a thread on a message board instead of asking the USTA about it because.....?

SwankPeRFection · 02-01-2013, 08:25 PM

Quote:

Originally Posted by darrinbaker00

You decided to start a thread on a message board instead of asking the USTA about it because.....?

Don't quit your day job because making assumptions is not your forte.

Think of this thread as a public service announcement.

beernutz · 02-01-2013, 11:13 PM

https://secure.ustashop.com/checkout.php

fleabitten · 02-02-2013, 08:05 AM

Quote:

Originally Posted by SwankPeRFection

Think of this thread as a public service announcement.

Well said, and plus, asking the USTA to fix their website is like yelling underwater, nobody hears you. The USTA site is so clumsy and horrible as far as navigation goes, this just adds to it.

SwankPeRFection · 02-02-2013, 08:50 AM

Quote:

Originally Posted by beernutz

https://secure.ustashop.com/checkout.php

What's your point?

Go here once you're logged in... https://membership.usta.com/checkout/checkout.jsp#init and you'll see how the browser bar at the last second once it's done loading switches to a non-SSL site. (i.e. the lock isn't there anymore to indicate the connection to the webpage is still encrypted.

beernutz · 02-02-2013, 11:57 AM

My point is that the important parts of that page like your credit card information are encrypted. Only some google remarketing components are unencrypted which is why your browser is giving you a warning. If you look at the page properties you'll likely see something like this:

SwankPeRFection · 02-02-2013, 01:25 PM

Doesn't matter. If the normal account info page has full encryption for ALL frames and content, then the renewal and checkout page should be the same way. Anything else and it leaves the page vulnerable to redirects, etc. That's bad page writing. There's no reason why there should be anything else on that page other than your own checkout info. What moron writes other crap into a page that's meant to be secure!? They just have idiots write code for them, both for their webpage and for their mobile apps, which are utter crap and need to be seriously rewritten. I'm just tired of their crap IT standards!!!

beernutz · 02-02-2013, 06:34 PM

Quote:

Originally Posted by SwankPeRFection

Doesn't matter. If the normal account info page has full encryption for ALL frames and content, then the renewal and checkout page should be the same way. Anything else and it leaves the page vulnerable to redirects, etc. That's bad page writing. There's no reason why there should be anything else on that page other than your own checkout info. What moron writes other crap into a page that's meant to be secure!? They just have idiots write code for them, both for their webpage and for their mobile apps, which are utter crap and need to be seriously rewritten. I'm just tired of their crap IT standards!!!

Lol. You have a lot of professional web coding experience?

darrinbaker00 · 02-02-2013, 06:41 PM

Quote:

Originally Posted by SwankPeRFection

Doesn't matter. If the normal account info page has full encryption for ALL frames and content, then the renewal and checkout page should be the same way. Anything else and it leaves the page vulnerable to redirects, etc. That's bad page writing. There's no reason why there should be anything else on that page other than your own checkout info. What moron writes other crap into a page that's meant to be secure!? They just have idiots write code for them, both for their webpage and for their mobile apps, which are utter crap and need to be seriously rewritten. I'm just tired of their crap IT standards!!!

In that case, why don't you submit your resume to the USTA? They could obviously use someone with your expertise.

mikeler · 02-02-2013, 07:06 PM

The OP is right. Once you go into SSL mode, it is generally not advisable to come out of it.

SwankPeRFection · 02-03-2013, 07:39 AM

(After further testing.) Seems the mobile site can maintain the SSL encryption throughout the entire checkout/payment session, just the full website cannot.

Adles · 02-04-2013, 05:59 AM

I got a "Malware Alert" from my browser (Chrome) today on the USTA site, saying that there was known malware from cmi.netseer.com on the mixed doubles team page I was trying to look at.

Perhaps I should stay away from mixed doubles?

Has anyone else gotten this message? A big red screen from Google Chrome, saying to stay away.

02-01-2013, 07:21 PM	#1
SwankPeRFection Professional Join Date: Apr 2012 Posts: 1,029	USTA Membership Site Security Issues Has anyone else noticed how on the USTA site when you log in and pull up your account summary pages it has a proper SSL encryption for the site, but the minute you click on renew membership or try to buy something it takes you to a checkout page that's no longer SSL encrypted? WTF USTA?!

02-01-2013, 11:13 PM	#4
beernutz Hall Of Fame Join Date: Aug 2005 Location: expanding my Ignore List Posts: 3,334	https://secure.ustashop.com/checkout.php __________________ I have come to the conclusion that people who respond to forum posts with "tl;dnr" should really be writing "add;dnr".

02-02-2013, 11:57 AM	#7
beernutz Hall Of Fame Join Date: Aug 2005 Location: expanding my Ignore List Posts: 3,334	My point is that the important parts of that page like your credit card information are encrypted. Only some google remarketing components are unencrypted which is why your browser is giving you a warning. If you look at the page properties you'll likely see something like this: __________________ I have come to the conclusion that people who respond to forum posts with "tl;dnr" should really be writing "add;dnr".

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode