Two Plus Two Newer Archives  

Go Back   Two Plus Two Newer Archives > Internet Gambling > Affiliates/RakeBack

Reply
 
Thread Tools Display Modes
  #1  
Old 11-16-2007, 03:18 PM
Quester Quester is offline
Senior Member
 
Join Date: Jun 2006
Location: Stuck in the middle
Posts: 688
Default TITN Security Concerns

As anyone who uses This is the Nuts is undoubtedly aware, they updated their website recently. It certainly looks a lot better. However, I have some serious concerns regarding security on the new site. I have sent them an email covering my concerns but received no response, so I feel it is appropriate to post here in hopes of generating discussion, and hopefully, change.

The old TITN site looked horrible, but the site was accessible using HTTPS instead of HTTP. The site had a valid SSL certificate signed by a root certificate authority. This means that if you accessed the site via HTTPS during the login process, your username and password was sent across the Internet in an encrypted channel.

The new TITN site lacks this security. When I emailed TITN shortly after they redesigned their site, they did not have HTTPS at all on the site. Now, if you browse to https://www.thisisthenuts.com, you will notice a few things:

1. They are using a self-signed SSL certificate, which is impossible to verify.
2. Your browser is redirected to this page: https://dw43.dns77.com/admin/login/L...2fDefault.aspx
Which appears to be an administrative login for their service provider.

Without proper SSL protection on their website, TITN is potentially exposing their customers to hackers on the Internet. It would be fairly trivial for an attacker to harvest usernames and passwords from the site during the login process using a number of methods. The attacker could use the information for any number of reasons.

The information about your rakeback account at TITN should be something TITN considers confidential, much as an online banking account or your account at your favorite poker site.

Please, TITN, correct your site so it uses a valid SSL certificate, so your customers can feel secure knowing their account information is protected.

We're all poker players, but this isn't a case where any of us should be willing to gamble.
Reply With Quote
  #2  
Old 11-16-2007, 07:05 PM
ThisIsTheNuts ThisIsTheNuts is offline
Senior Member
 
Join Date: Jan 2006
Location: Sweden and Latvia
Posts: 147
Default Re: TITN Security Concerns

Quester,

Thank you for bringing the certificate to our attention. Seems that it expired during the change. The new certificate has been purchased and installed on ThisIsTheNuts now.

We take security and the privacy of our customers very seriously and we appreciate any and all comments/suggestions/complaints about the site so we can continue to improve the site for everyone. We especially enjoy comments about our the new design [img]/images/graemlins/smile.gif[/img]

Quester, please PM me with your TITN username, I'll have a little "finder's fee" added to your account for helping us out.

Regards,
Webmaster
ThisIsTheNuts.com
Reply With Quote
  #3  
Old 11-16-2007, 11:59 PM
Quester Quester is offline
Senior Member
 
Join Date: Jun 2006
Location: Stuck in the middle
Posts: 688
Default Re: TITN Security Concerns

Awesome, I appreciate you taking care of this and am sure everyone else does as well. I'll certainly refer you whenever I can.
Reply With Quote
  #4  
Old 11-17-2007, 04:50 AM
galmost galmost is offline
Senior Member
 
Join Date: Sep 2006
Posts: 142
Default Re: TITN Security Concerns

Sorry to derail.

Why does TITN now want my home address?
Reply With Quote
  #5  
Old 11-17-2007, 11:42 PM
AssFrister AssFrister is offline
Senior Member
 
Join Date: Oct 2006
Posts: 158
Default Re: TITN Security Concerns

Perfect response.
Reply With Quote
  #6  
Old 11-19-2007, 01:36 PM
ThisIsTheNuts ThisIsTheNuts is offline
Senior Member
 
Join Date: Jan 2006
Location: Sweden and Latvia
Posts: 147
Default Re: TITN Security Concerns

We would like to have as much information from customers as possible; this will help us verify who the customer is changes are made on the profile or even when approving the cash out request. We take security very seriously and we know that as there are honest people, there are dishonest ones too. Thank you
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 04:10 PM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.