test content
Logo
What is the Arc Client?
Install Arc
IN-secure.crypticstudios.com
wirehead1
Member Posts: 0 Arc User
I found I was unable to access the Cryptic Subscription website the other day when I wanted to sign up at the 6 month rate:
https://secure.crypticstudios.com/default/subscriptions/list
"Secure Connection Failed
The connection to secure.crypticstudios.com was interrupted while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem."
This turned out to be a problem with their SSL Certificate. Firefox no longer accepts old certificates that use SHA1 encryption. Cryptic needs to have their certificate re-keyed using SHA256 or better. (They use GoDaddy, so I know this is free to do). The current certificate expires on July 9, 2015, so they will be forced to get a new certificate soon anyway.
Looking closer at their website, I would not want to enter my credit card information on it. There are a number of PCI Compliance violations here. See the results at [url]www.ssllabs.com:[/url]
https://www.ssllabs.com/ssltest/analyze.html?d=secure.crypticstudios.com&hideResults=on
I'll be paying through one of the payment processors such as PayPal or Google Wallet when I get back onto this site. That way my card number never touches their servers.
https://secure.crypticstudios.com/default/subscriptions/list
"Secure Connection Failed
The connection to secure.crypticstudios.com was interrupted while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem."
This turned out to be a problem with their SSL Certificate. Firefox no longer accepts old certificates that use SHA1 encryption. Cryptic needs to have their certificate re-keyed using SHA256 or better. (They use GoDaddy, so I know this is free to do). The current certificate expires on July 9, 2015, so they will be forced to get a new certificate soon anyway.
Looking closer at their website, I would not want to enter my credit card information on it. There are a number of PCI Compliance violations here. See the results at [url]www.ssllabs.com:[/url]
https://www.ssllabs.com/ssltest/analyze.html?d=secure.crypticstudios.com&hideResults=on
I'll be paying through one of the payment processors such as PayPal or Google Wallet when I get back onto this site. That way my card number never touches their servers.
Post edited by wirehead1 on
0
Comments
I had the same problem today. I wanted to cancel my subscription, but there was no way to access the site via Firefox (same notification you mentioned).
I managed to get there via *shivers* Internet Explorer, using the *shivers* PWE/Arc sign-in and the 'Manage subscriptions' section. Had to lower security standards for the Explorer to accept all cookies to make it work.
I'm not touching that site anytime soon again, that's for sure. Doesn't exactly build customer trust, all this argy-bargy, to say the least...
considering you know when their license for this runs up, its safe to assume they are working on redoing it using that method already and dont store your cc info in the first place if they are storing it without asking you its not legal and they wont store your security code anyway if someone sits there trying to guess it it will flag your card, and which of your neighbors knows how to mine data being sent through the air ? doubtful any of mine do