• Watch Out for Scammers!

    We've now added a color code for all accounts. Orange accounts are new members, Blue are full members, and Green are Supporters. If you get a message about a sale from an orange account, make sure you pay attention before sending any money!

  • The site has been updated!

    If you notice any issues, please let us know below!

    VIEW THREAD

Don't shop at MileHighShooting.com - no HTTPS/SSL

300snipe

300snipe

Sergeant
Full Member
Minuteman
Jan 22, 2009
175
1
Northern Nevada, NV
Was just about to buy some goods at their online store and I got to the payment screen where you put in the credit card info and noticed that their site isn't using HTTPS / SSL encryption. This means that all of your billing info goes across the internet without encryption and thus very vulnerable to interception and identify theft. Until they get encryption on their payment page DO NOT SHOP THERE!
 
Re: Don't shop at MileHighShooting.com - no HTTPS/SSL

I'm using Chrome on OSX - problem is that their site doesn't default to https so unless someone specifically knows about https and tries it then they're insecure.
 
Re: Don't shop at MileHighShooting.com - no HTTPS/SSL

In addition, even when appending https to the main url, it has some issues.

cnhN6.png
 
Re: Don't shop at MileHighShooting.com - no HTTPS/SSL

It pulls up as https for me on Firefox. Could it be a Chrome issue?

Edit: Tried it on Chrome, wouldn't pull up as https. Just use Firefox and roll with it. Maybe one of the tech savvy members here will chime in with a suggestion.
 
Re: Don't shop at MileHighShooting.com - no HTTPS/SSL

<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: gixxerpilot750</div><div class="ubbcode-body">Phoning in an order would seem to resolve the problem no? </div></div>

Mile High is a standup outfit. Instead of calling for a boycott, a simple warning about not using Chrome and their site will do just fine. Even better, why don't you give them a phone call and explain the situation so they can fix the problem. There are a number of ways to skin this cat that aren't reactionary.
 
Re: Don't shop at MileHighShooting.com - no HTTPS/SSL

The "other resources" warning has to do with banners, ads, etc. which are not loaded via the ssl connection.
This is quite common and usually harmless.
Browsers like IE and Firefox give you the option to show only the secure content, thus negating any concerns for security.

Bottom line, the post title is misleading and ill-conceived.
ID TEN T error.

I recommend the thread be removed and the OP's aptitude status be re-assigned to "novice".
 
Re: Don't shop at MileHighShooting.com - no HTTPS/SSL

Works fine for me. Poor MileHighShooting.com, they are going to see a bunch of abandoned carts with everyone adding product and bailing.
 
Re: Don't shop at MileHighShooting.com - no HTTPS/SSL

Which is why this thread should be deleted.
"FIRE" in a crowded theater.
 
Re: Don't shop at MileHighShooting.com - no HTTPS/SSL

The issue is not Chrome specific - look at the warnings on the certificate itself. That is not browser specific. Calling in an order would work fine.

Here are the solutions - I do work in internet operations as a Sr. Engineer so I know what I'm talking about, I deal with multi-million dollar ecommerce sites every day for work.

The certificate info that I pasted an image from specifically says "these resources can be viewed by others while in transit, and can be modified by an attacker to change the behavior of the page." - That is very insecure. The images and banners might not be secure (as one person said) but if you want to trust a certificate that isn't signed by known authorities... go ahead. Trusted authorities are a critical part of a secure infrastructure.

Plenty of online stores can get this stuff right - it's not rocket science. If you can't secure your site with a trusted certificate provider and secure the images and banners on your order page then your infrastructure is poorly designed and doesn't get my money. I'm not trying to hurt their business - this is easy to fix and if they do fix it I'll give them plenty of my money. That's what I was trying to do today but I'm not sending card details over the network if it's not 100% trusted.

1. They need a new certificate that supports TLS renegotiation
2. They need to fix their default port redirect when loading the credit card authorization page - it defaults to port 80 instead of 443.
3. They specifically need a certificate that is signed by a known authority (like Thawte or Verisign) as seen in the following dialog when running "certificate details":

ENtAO.png


I'm sure the company is a great bunch of people and stand up place to shop when you call them - but I'll never shop on their online store until this is fixed. If you want your card details leaked / logged by unauthorized people watching the network traffic then by all means shop at their online store, but it's asking for trouble.

It's the internet equivalent of going to a store in town and handing them your card, and instead of them running it through a machine from VISA they run it through a home made card reader and promising that everything is ok. It's not ok and it's not secure. You either get this stuff 100% correct or you fail at designing an ecommerce solution.

Feel free to disagree or say I'm a novice but these are facts of internet transaction processing and they're doing it wrong.
 
Re: Don't shop at MileHighShooting.com - no HTTPS/SSL

What is the point of you making this thread? Works fine for me and I have never had an issue. If you have such an issue with the website get off your ass and pick up the phone. Don't attempt to smear mud here. Your burning tires around a small issue that is non existent on most peoples browsers.
 
Re: Don't shop at MileHighShooting.com - no HTTPS/SSL

I spoke to Diann this past week and I know they are moving to a new website and system and I turned them on to a few options that should take care of any issues.

Call them, they are first class and will take it care of while they go through the transition.
 
Re: Don't shop at MileHighShooting.com - no HTTPS/SSL

I just purchased an AIAW from MHSS - they are a class act and will go out of their way to make the customer happy. Just pick up the phone.


Good luck
 
Re: Don't shop at MileHighShooting.com - no HTTPS/SSL

It just ran as https:// for me. I think this thread should disappear, as it could negatively affect a good sponsor's reputation and business.
 
Re: Don't shop at MileHighShooting.com - no HTTPS/SSL

<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: sobrbiker883</div><div class="ubbcode-body">It just ran as https:// for me. I think this thread should disappear, as it could negatively affect a good sponsor's reputation and business.

</div></div>


Agree. Randy and everyone over there are GTG in my book. When in doubt, you can always order it via phone. I am sure that they are working on the security issue as I am sure they don't want to put their customers at risks for identity thefts.
 
Re: Don't shop at MileHighShooting.com - no HTTPS/SSL

Randy and Diann are great people to deal with. I had ordered a aics stock from them and the cheekpiece was broken. I contacted Randy and he sent a new one out to me the very next day at their expense.
Instead of posting "dont shop at MileHighshooting.com " you should have called them with your vast knowledge and explained to them the problem. Then maybe you could have used your brains to suggest to Randy to post something on his site and forums he advertises on to not order online due to a problem with the online shopping instead of posting this potentially harmfull dribble.
You might know what your talking about with regards to secure online shopping but you have shit for brains when it comes to maybe ruining someones company. lay off the keyboard dude and think before you type.
 
Re: Don't shop at MileHighShooting.com - no HTTPS/SSL

<div class="ubbcode-block"><div class="ubbcode-header">Originally Posted By: sobrbiker883</div><div class="ubbcode-body">It just ran as https:// for me. I think this thread should disappear, as it could negatively affect a good sponsor's reputation and business.

</div></div>

I'm amazed it's still here.
 
Re: Don't shop at MileHighShooting.com - no HTTPS/SSL

Lowlight: thanks for speaking to them and clearing this up. I'm all for supporting the site vendors when transactions are secure.
 
You must log in or register to reply here.

Similar threads

mike4eva
I went looking for scam gun websites on purpose - I found 635 of them
Replies
48
Views
13K
gunsnjeeps
gunsnjeeps
pineoak
Chinese military balloon explained
Replies
28
Views
2K
highbclowgr
highbclowgr
Blue Sky Country
🚨New Jersey 2A ALERT: Murphy launches gun ban onslaught. Mandatory re-education and forced labor for "gun law violators". SB-3757
Replies
48
Views
3K
acudaowner
acudaowner
Maggot
The criminality of Ebay
Replies
20
Views
3K
Charmingmander
Charmingmander
jinxx4ever
The Pork in the Wuhan Virus Bill
Replies
31
Views
1K
Dunraven
D
Top Bottom
Back