|
TITN Security Concerns
As anyone who uses This is the Nuts is undoubtedly aware, they updated their website recently. It certainly looks a lot better. However, I have some serious concerns regarding security on the new site. I have sent them an email covering my concerns but received no response, so I feel it is appropriate to post here in hopes of generating discussion, and hopefully, change.
The old TITN site looked horrible, but the site was accessible using HTTPS instead of HTTP. The site had a valid SSL certificate signed by a root certificate authority. This means that if you accessed the site via HTTPS during the login process, your username and password was sent across the Internet in an encrypted channel. The new TITN site lacks this security. When I emailed TITN shortly after they redesigned their site, they did not have HTTPS at all on the site. Now, if you browse to https://www.thisisthenuts.com, you will notice a few things: 1. They are using a self-signed SSL certificate, which is impossible to verify. 2. Your browser is redirected to this page: https://dw43.dns77.com/admin/login/L...2fDefault.aspx Which appears to be an administrative login for their service provider. Without proper SSL protection on their website, TITN is potentially exposing their customers to hackers on the Internet. It would be fairly trivial for an attacker to harvest usernames and passwords from the site during the login process using a number of methods. The attacker could use the information for any number of reasons. The information about your rakeback account at TITN should be something TITN considers confidential, much as an online banking account or your account at your favorite poker site. Please, TITN, correct your site so it uses a valid SSL certificate, so your customers can feel secure knowing their account information is protected. We're all poker players, but this isn't a case where any of us should be willing to gamble. |
Re: TITN Security Concerns
Quester,
Thank you for bringing the certificate to our attention. Seems that it expired during the change. The new certificate has been purchased and installed on ThisIsTheNuts now. We take security and the privacy of our customers very seriously and we appreciate any and all comments/suggestions/complaints about the site so we can continue to improve the site for everyone. We especially enjoy comments about our the new design [img]/images/graemlins/smile.gif[/img] Quester, please PM me with your TITN username, I'll have a little "finder's fee" added to your account for helping us out. Regards, Webmaster ThisIsTheNuts.com |
Re: TITN Security Concerns
Awesome, I appreciate you taking care of this and am sure everyone else does as well. I'll certainly refer you whenever I can.
|
Re: TITN Security Concerns
Sorry to derail.
Why does TITN now want my home address? |
Re: TITN Security Concerns
Perfect response.
|
Re: TITN Security Concerns
We would like to have as much information from customers as possible; this will help us verify who the customer is changes are made on the profile or even when approving the cash out request. We take security very seriously and we know that as there are honest people, there are dishonest ones too. Thank you
|
| All times are GMT -4. The time now is 08:20 AM. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.