B
Premium,MVM
join:2000-10-28
| Eddie Bauer
Some minor carps and observations about Eddie Bauer Outlet and security.
They have a sale today - $8 pants.
1. The SSL certificate for »https://www.eddiebaueroutlet.com/ expired on August 10, 2005. What's up with that?
2. They don't require "name as it appears on credit card" as most do. What's up with that?
3. They don't ask for "CV" code, or whatever the secondary card ID number is called.
4. They don't require registration. This is a great thing, thank goodness, except that it leaves you with no way to verify your order when the web site craps out (as it did to me).
5. You can't back up to view prior ordering process pages. (This is quite common, but still annoying.)
6. They require phone number and e-mail address, and re-set the opt-out spam field after every refresh or error, but I'm pretty used to that by now.
No, I really don't think there's anything untoward happening (phishing, etc.).
-- B
--
In a realm outside causality and function |
|
MattUK
Premium
join:2003-03-23
UK
| Wow. Maybe it's time for the missing-pieces you have found in that website are made mandatory by law. Outdated cert? That should be at the top of a webmaster's list if their dealing with an online store.
--
»forum.gladiator-antivirus.com /// Gladiator Security Forum Admin // »www.kleendesigns.co.uk/blog |
|
B
Premium,MVM
join:2000-10-28
2 edits | reply to MattUK
Eddie's In The Space Time Continuum |
I also note that their main site's cert was renewed 2 months ago. Must be short on cash over there, buying 1 year certs and all.
Edit: Oh -- they've gone bankrupt -- »www.bizjournals.com/seattle/stor···ly2.html
Also, there's a CURRENT link from FatWallet and another from another site pointing to a "Home Business Closing, 80% Off Sale", expiring 8/31/05 and 12/05 respectively, but the link merely takes one to
We're sorry, but we're unable to service your request. The problem seems to be:
* You selected an invalid category 824.
So even their current promotions don't make sense. I hope I get my pants. 
-- B
--
In a realm outside causality and function |
|
R2
R Not
Premium,MVM
join:2000-09-18
Long Beach, CA
clubs:
2 edits | FYI - the number of expired certificates or certificates issued to incorrect sites is 'surprising'.
My credit union used a certificate issued to a different entity for many months. I sent them e-mail notifying them of this "problem", and I essentially got back a "huh?" response. They had no idea what I was talking about and could not refer to anyone who knew what a certificate was.
Another site that I use for email did the same thing after it was bought out another company. It took months for them to correct the certificate.
Also, the "revocation information" (Check for server certificate revocation) is frequently not identifiable, and I get warnings about this all the time. That same email site generates the above message each time I access it.
This is another one of the reasons that I don't always trust "certificate security". Grant it, it has it good points, but the players have to agree to play along... and sometimes they just don't. |
|
B
Premium,MVM
join:2000-10-28 | I don't think Mozilla or IE even check for CRLs by default yet... (why?) so you're, like, the only one noticing.
-- B
--
In a realm outside causality and function |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
 ·Callcentric
 ·RoadRunner Cable
·AT&T CallVantage
1 edit | reply to B
Looks like they updated the Certificate. maybe enough people complained that they checked and fixed the expired cert. |
|
Cousin Dave
Trendsetter
Premium
join:2002-10-29
NN,VA | reply to B
What do want for $8 pants?
Fort Knox.:p |
|
MattUK
Premium
join:2003-03-23
UK
| said by Cousin Dave  :What do want for $8 pants? Fort Knox.:p I would, if I was putting my details (CC Info) into the website.
--
»forum.gladiator-antivirus.com /// Gladiator Security Forum Admin // »www.kleendesigns.co.uk/blog |
|
R2
R Not
Premium,MVM
join:2000-09-18
Long Beach, CA
clubs: | reply to B
Yeah, I know! But one might think that a revoked certificate is one that you like shouldn't be trusting!  |
|
Blue2
Premium
join:2004-04-14
France | reply to B
Well B, think of it this way: In twenty four hours you got the site to renew its certicate and you sold out all the $8 pants. Bill them a consulting fee. |
|
B
Premium,MVM
join:2000-10-28 | Well, this is peculiar; no "Accepted Answer" option.
-- B
--
In a realm outside causality and function |
|
youngerberry
Raccoon catch and relocate - 25 to date
Premium,MVM
join:2001-08-13
Shreveport, LA
clubs:
 ·AT&T Southeast
| said by B :Well, this is peculiar; no "Accepted Answer" option. -- B Check here for the thread on Accepted Answer.
»Accept button
--
I do not think -- therefore I am not.
Join Team Discovery! |
|
B
Premium,MVM
join:2000-10-28
| Thank you, youngerberry . What a silly thing to worry about (on the site's part, and mine) and to have taken the trouble to remove.
-- B
--
In a realm outside causality and function |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
·Callcentric
·RoadRunner Cable
·AT&T CallVantage
|  reply to B
They lost their shirt - hope they don't lose your pants 
I got the above at Peebles for $10 - They're not 5.11s, but microfiber, well sewn, light and comfy nonetheless..
--
Every Good Electrical Engineer Zeroes Each Register |
|
B
Premium,MVM
join:2000-10-28
| And I think we all can agree that at this point we've seen far more of the Geezer's pants than we really needed to.
Besides, mine were jeans.
-- B
--
In a realm outside causality and function |
|
B
Premium,MVM
join:2000-10-28 | Hey, they're here, and they almost fit.
-- B
--
In a realm outside causality and function |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
·RoadRunner Cable
 ·Clearwire Wireless
| Judging from her style of dress my daughter would say jeans that "almost" fit are sized just right. If you are going to deploy this new hardware you will need to schedule regular perimeter checks at the critical seams to protect the middleware from any unintended exposure. |
|
