General Consultant Discussion

 View Only
Back to discussions
Expand all | Collapse all

Tomorrow is the end of the Summit fire sale for en

  • 1.  Tomorrow is the end of the Summit fire sale for en

    Posted 01-14-2014 14:14
      |   view attached
    Tomorrow is the end of the Summit fire sale for end users. I sent a blast out to my customers and have had decent success in getting them to sign up. One came back with a note wondering if the page for the CC # is secure or not. http://na.sage.com/sage-summit/2014promo It doesn't go to a https site nor does a lock icon appear. Can someone more knowledgeable with secured web sites take a look and post back?


  • 2.  RE: Tomorrow is the end of the Summit fire sale for en

    Posted 01-14-2014 14:36
    It's not secure. What a bunch of amateurs!


  • 3.  RE: Tomorrow is the end of the Summit fire sale for en

    Posted 01-14-2014 15:03
    That's interesting. I'm scratching my head assuming I must be missing something but that sure as hell doesn't look secure, let alone PCI-DSS compliant


  • 4.  RE: Tomorrow is the end of the Summit fire sale for en

    Posted 01-14-2014 15:16
    I don't see a way to get to the payment page without making up a bunch of fake info


  • 5.  RE: Tomorrow is the end of the Summit fire sale for en

    Posted 01-14-2014 15:17
    I posted some fake information to get to the CC payment page...


  • 6.  RE: Tomorrow is the end of the Summit fire sale for en

    Posted 01-14-2014 15:25
    I'm pretty sure that it's secure. I believe they're using frames to hide the fact that there's a third party site managing enrollment. This seems like it might be the first page - then you probably progress through others hosted by this site but the URL on the Sage domain probably does not change at all. https://www.cvent.com/events/sage-summit-2014/registration-16ebf364355246fbb8aa2c71a094a888.aspx


  • 7.  RE: Tomorrow is the end of the Summit fire sale for en

    Posted 01-14-2014 15:47
    I could be wrong but I think if you wrap a secure page around an insecure page its possible to inject code into the insecure page that could scrape up the content.


  • 8.  RE: Tomorrow is the end of the Summit fire sale for en

    Posted 01-14-2014 15:48
    I mean wrap an insecure page around a Secure Frame


  • 9.  RE: Tomorrow is the end of the Summit fire sale for en

    Posted 01-14-2014 15:49
    https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/


  • 10.  RE: Tomorrow is the end of the Summit fire sale for en

    Posted 01-14-2014 18:38
    Interesting info


  • 11.  RE: Tomorrow is the end of the Summit fire sale for en

    Posted 01-15-2014 05:33
    Comment from the client Well, I saw nothing that stated it was a secure page. There was also a bug with picking the card type. One of the other screen changes after pressing next sent me to what appeared to be a completely blank screen unless you scrolled back up to where the data was. Overall, not really impressive Doubt if anything gets fixed (this is Sage) but I certainly hope there is something that gives reassurance that the site is secure when I have to pony up my credit card information.


  • 12.  RE: Tomorrow is the end of the Summit fire sale for en

    Posted 01-15-2014 05:57
    Don't worry, I heard they hired a bunch of guys from Target's IT department to set this up.


  • 13.  RE: Tomorrow is the end of the Summit fire sale for en

    Posted 01-15-2014 07:36
    in defense of Sage - this is all outsourced (as are most large events like this). Sage would have very little to do with the registrations.


  • 14.  RE: Tomorrow is the end of the Summit fire sale for en

    Posted 01-15-2014 07:55
    @WayneSchulz - You are going soft. Yes, Sage outsources this, but it is their name on the page. They really should be taking ownership.....


Related Content