Online ticket sales - friends and family

All advertisments are hidden for logged in members, why not log in/register?

Rodders said:
Fully signed-up remmer checking in. I know it's a massive security risk etc etc..... but I just can't be fucking arsed remembering a password for every single aspect of my life. Cue Highbury_Blade giving me a bollocking but seriously, life's too short!
"Ohhh, and you can't write them down either" - maybe good advice in the 1980's but seriously, you "need" an account for every single website going now, purely so they can spam your email box and no other reason. Who the fuck can remember 8546156465164 different passwords these days?
Click to expand...

Use a password manager....
 



nowtfancy said:
This is a problem that I don't understand, and should surely be rectifiable.
When i asked why I was told 'We do not sell tickets for the family stand online. This is to stop groups of adults buying tickets on there as we are trying to keep the family atmosphere.'
But I'm not quite sure of the difference between buying an adult and a child's ticket over the phone, and buying an adult and a child's ticket online, especially now the premium rate phone line has (at last) gone!

Bring back the friendly turnstile operators I say - when i was 6/7/8 it was "how much for the young 'un?' from my dad (knowing full well it was 10 bob) round as many turnstiles it took until he found one of the ones that would say 'nowt, squeeze him through with you' !
Click to expand...
The good old days, when the lane was packed with "12,000" there. :)

UTB
 
WincobankBlade said:
ah that was it, just mentioned this in another post (didn';t read the thread properly)
Click to expand...

Actually it could be right that the login is sent unencrypted too. I didn't check. Assumed no-one who runs a site that stores personal data would be that fucking stupid...
 
S5Blade said:
Surely all somebody can nick is your loyalty card number? email address and postcode?
Click to expand...
think the point is, if they haven't got that very basic thing with the password encryption right, how do you know what else might not be right? They take card payments don't they? How do you know they haven't stored your card details somewhere that's not encrypted?
 
The site used to be secured via https as the link I've got stored in my password manager is https, but the link that the club have on the main site takes you to a non-secure version.

This really is absolutely terrible. Going to do some more investigations tonight.
 
Highbury_Blade said:
Actually it could be right that the login is sent unencrypted too. I didn't check. Assumed no-one who runs a site that stores personal data would be that fucking stupid...
Click to expand...
just been and logged on and it's definitely not https so must be sent in plain text. Not going to order a ticket just to test it further but from what I recall the payment bit is https - if it wasn't they would not e PCI compliant and could not take card payments. Hmm.

edit: pretty sure it was you who told me about the login thing a while ago.
 
Highbury_Blade said:
Use a password manager....
Click to expand...

I invested in a password manager last year. It works well but folk need to brace themselves to spend a weekend (and I mean that), changing passwords on all the sites they have an account with. When you actually stop to count them it's a scary number.

It only takes one dodgy bugger with access to the SUFC ticket system and you're in all sorts of bother. I make the judgement that that's infinitely more likely than some other dodgy bugger getting at them via my LastPass account.
 
WincobankBlade said:
just been and logged on and it's definitely not https so must be sent in plain text. Not going to order a ticket just to test it further but from what I recall the payment bit is https - if it wasn't they would not e PCI compliant and could not take card payments. Hmm.
Click to expand...

The card payments are taken to a PCI Compliant iframe that sits away from the actual main box office.
 
JohnDenver said:
I invested in a password manager last year. It works well but folk need to brace themselves to spend a weekend (and I mean that), changing passwords on all the sites they have an account with. When you actually stop to count them it's a scary number.

It only takes one dodgy bugger with access to the SUFC ticket system and you're in all sorts of bother. I make the judgement that that's infinitely more likely than some other dodgy bugger getting at them via my LastPass account.
Click to expand...


I have my passwords stored encrypted in Dropbox, which itself is secured with two factor auth. I use 1Password.

I'' assuming you have two factor auth set up on your lastpass account? :)
 
S5Blade said:
The card payments are taken to a PCI Compliant iframe that sits away from the actual main box office.
Click to expand...


If the main site isn't secured via https then there's nothing to stop an attacker doing a man in the middle attack that spoofs the card providers site, and you woudn't know jack shit about it.
 
Rodders said:
Fully signed-up remmer checking in. I know it's a massive security risk etc etc..... but I just can't be fucking arsed remembering a password for every single aspect of my life. Cue Highbury_Blade giving me a bollocking but seriously, life's too short!
"Ohhh, and you can't write them down either" - maybe good advice in the 1980's but seriously, you "need" an account for every single website going now, purely so they can spam your email box and no other reason. Who the fuck can remember 8546156465164 different passwords these days?
Click to expand...

Simple way around this, Rodders.

Pick a word and a number of your choice. Rest the word in the middle of the website name into which you're logging in, and the number at the end.

So say your word was 'wanker' and your number was 182 -

Facebook login = Facewankerbook182
Twitter login = Twitwankerter182
S24SU login = S2wanker4SU182

Obviously if you can remember a different word to dump in the middle for each site it's much stronger, but odds are you'll be needing a fair few password resets!
 
TomJonesBlade said:
Simple way around this, Rodders.

Pick a word and a number of your choice. Rest the word in the middle of the website name into which you're logging in, and the number at the end.

So say your word was 'wanker' and your number was 182 -

Facebook login = Facewankerbook182
Twitter login = Twitwankerter182
S24SU login = S2wanker4SU182

Obviously if you can remember a different word to dump in the middle for each site it's much stronger, but odds are you'll be needing a fair few password resets!
Click to expand...


Or you could just be a sensible person and use a password manager.
 
Highbury_Blade said:
If the main site isn't secured via https then there's nothing to stop an attacker doing a man in the middle attack that spoofs the card providers site, and you woudn't know jack shit about it.
Click to expand...
if they have PCI compliance I am hoping this has all been audited. I know that you can isolate parts of the server infrastructure like that to get the compliance, cos we did that where I used to work, but the end to end transaction has to be checked so that the scenario you describe can't happen. I'm very surprised they got away with the initial login being unencrypted.
 



It's OK, all our credit card numbers are already stored on a secure server (in Brussels)
 
Antonb said:
To be honest I used it for the Derby game , said online it had all gone through but never received tickets through the post so ended up going down to the box office anyway for them to reprint. Didn't get my pound back!
Click to expand...
Anton, if you get a membership for £25 you get a cat B free after paying for 5 games and the card is activated so you don't need tickets. Other small advantages too.
 
Highbury_Blade said:
If the main site isn't secured via https then there's nothing to stop an attacker doing a man in the middle attack that spoofs the card providers site, and you woudn't know jack shit about it.
Click to expand...
screen shot taken while I was logged in ...
sufcssl.png
 
WincobankBlade said:
OK. Did you already have a dialog going with the club about this?
Click to expand...

That was during the Brannigan era. Spent an hour on the phone with him, and he said the password reset issue would be resolved by Q2 2016, according to the suppliers. I'll dig his mail out and start the dialogue again.
 
Highbury_Blade said:
That was during the Brannigan era. Spent an hour on the phone with him, and he said the password reset issue would be resolved by Q2 2016, according to the suppliers. I'll dig his mail out and start the dialogue again.
Click to expand...
Is Jim now advising the Democrats on Internet security?
 
blackydog said:
Anton, if you get a membership for £25 you get a cat B free after paying for 5 games and the card is activated so you don't need tickets. Other small advantages too.
Click to expand...
What do you mean? I have to pay another 25 quid for what? Extra cup games. If you pay online you just want you tickets in the post so you don't have to come down. Simple as. I have a season ticket. Don't want to pay anymore!
 
Rodders said:
Fully signed-up remmer checking in. I know it's a massive security risk etc etc..... but I just can't be fucking arsed remembering a password for every single aspect of my life. Cue Highbury_Blade giving me a bollocking but seriously, life's too short!
"Ohhh, and you can't write them down either" - maybe good advice in the 1980's but seriously, you "need" an account for every single website going now, purely so they can spam your email box and no other reason. Who the fuck can remember 8546156465164 different passwords these days?
Click to expand...

Good job you don't work with me, we have a password to log in, 2 for the systems, one for our phone - one for our HR site and 3 to get to your payslip :-)
 
Antonb said:
What do you mean? I have to pay another 25 quid for what? Extra cup games. If you pay online you just want you tickets in the post so you don't have to come down. Simple as. I have a season ticket. Don't want to pay anymore!
Click to expand...
Didn't realise you had a season ticket. For the home cup games aren't they able to add that match onto your season ticket? I can't do season tickets due to shiftwork but thought i had had my membership card activated for cup, could be wrong though.
 



Highbury_Blade said:
Use a password manager..
Click to expand...
I use Norton security and it keeps asking if I want to start up its password manager, always a bit sceptical but if you think they are a good idea then I might just give it a go
 
You must log in or register to reply here.

Similar threads

Silent Blade
1970-71 (55 years ago today) match reports and photos
6 7 8
Replies
212
Views
14K
Silent Blade
Silent Blade
GreasyChipBeattie
Many factors are involved in a team becoming successful. Not least, time.
Replies
14
Views
945
Brian Deane
B
BladeByChoice
Safe Standing and Atmosphere
15 16 17
Replies
480
Views
36K
nopigfansintown
nopigfansintown
Birdwell Blade
The players, management and staff
Replies
16
Views
2K
s20Blade
s20Blade
C
View from the Loftus Road Upper tier
Replies
25
Views
6K
Camden Blade
C

All advertisments are hidden for logged in members, why not log in/register?

All advertisments are hidden for logged in members, why not log in/register?

Back
Top Bottom