Jump to content
ensconced

***NOT A DEAL 'JRR Shop news' NOT A DEAL***

Recommended Posts

2 hours ago, Grem said:

I use LastPass for quite a few years now. They keep the software updated and add new features fairly often. It is also has an Android app that seamlessly lets me use it on my S10. It stays sync'd across all my PC's and cell phone. It also has a family feature that allows a family to use the same software with different profiles and passwords. I really like it. 

I use it too, for about a year.

But if they get breached, I'm totally owned... ūü§™

Share this post


Link to post
Share on other sites
On 8/4/2020 at 12:33 PM, husker said:

I know this - as an IT guy, I've seen enough red flags for me to avoid JRRShop now.

I agree that JRR could run a much tighter ship and invest on a robust e-commerce solution, particularly since this is not the first time their site disappears. 

On the other hand, what is the risk for us, the users? That they steal our JRR credentials? 

I'm asking an honest question. 

The other risk, which seems less likely, is that the site is hijacked and PayPal payments are redirected to a third party. I don't know how likely that scenario is and whether PayPal would reimburse us in that scenario. If that's a concern, one could PM Uncle E directly to request a PayPal invoice. One double checks that it's coming from JRR and if the transaction is not honored, I'm pretty sure PayPal would reimburse us in that case. 

I'm not trying to shill for JRR and it's a personal decision to transact with them or not, but I think the e-commerce world has evolved through trial and error so that the risk for the consumer is lowered. The end goal of our capitalist overlords is to keep the engine greased and going and ***** they've been doing their part.

EDIT: LOL, a very mild word was censured. You know what? **** that *** you **** ****. LOL!!!

Edited by Monomox

Share this post


Link to post
Share on other sites
44 minutes ago, Monomox said:

I agree that JRR could run a much tighter ship and invest on a robust e-commerce solution, particularly since this is not the first time their site disappears. 

On the other hand, what is the risk for us, the users? That they steal our JRR credentials? 

I'm asking an honest question. 

The other risk, which seems less likely, is that the site is hijacked and PayPal payments are redirected to a third party. I don't know how likely that scenario is and whether PayPal would reimburse us in that scenario. If that's a concern, one could PM Uncle E directly to request a PayPal invoice. One double checks that it's coming from JRR and if the transaction is not honored, I'm pretty sure PayPal would reimburse us in that case. 

I'm not trying to shill for JRR and it's a personal decision to transact with them or not, but I think the e-commerce world has evolved through trial and error so that the risk for the consumer is lowered. The end goal of our capitalist overlords is to keep the engine greased and going and ***** they've been doing their part.

EDIT: LOL, a very mild word was censured. You know what? **** that *** you **** ****. LOL!!!

Or you could just turn on 2-factor with pay-pal. The scenario is anyway unlikely if not impossible as each transaction has to be authorized and Jeff doesn‚Äôt have your PayPal credentials. I‚Äôve been in It-security for 25 years actually and have been a cso for several banks so for one I may actually now what I‚Äôm talking about ūüôā

worst thing that could happen is that any potential hackers would be able to access your other accounts if you shared your password, and possibly use your license keys in a fraudulent manner (like trying to sell them etc).  Never heard of anything like the latter though, they usually go for credit card data.

 

 

 

 

  • Like 1

Share this post


Link to post
Share on other sites
6 hours ago, abacab said:

I use it too, for about a year.

But if they get breached, I'm totally owned... ūü§™

I do not store my bank info anywhere. And I use Paypal for all transactions. And I have to admit, my password for my bank account is really really good!!

  • Like 1

Share this post


Link to post
Share on other sites
37 minutes ago, Grem said:

my password for my bank account is really really good!!

I'll be danged, that's the same as mine, WTF!!!

I liked it cause it's easy to remember, first 2 words are the same and have double letters, and the third word has double letters as well. I felt safe until I seen that someone else uses the same password. Gonna have to find a new one, and that's really really hard . . . hey wait a minute . . .

  • Haha 2

Share this post


Link to post
Share on other sites

+1 LastPass or any password manager. There was some hesitation from users when they were acquired by LogMeIn but so far it's been a neutral or even positive change... for example device limits were removed IIRC. If you use the same sync platform everywhere (Chrome, Firefox, Apple iCloud, Edge, ...) there's a chance the default password integration is all you need for most sites. There are also plenty of options for people who want to manage their own, like KeePass 

If anyone's curious about how websites should store passwords, so a breach on one site can't be used to get access to another site even for users who reused passwords, this article seems to walk through it conversationally: https://auth0.com/blog/adding-salt-to-hashing-a-better-way-to-store-passwords/ 

 

Share this post


Link to post
Share on other sites

JRRShop issued a statement with details (more or less what has already been said) and is offering a 20% discount on one product through the end of the month

I started a new thread here, since this one says "NOT A DEAL" and I figure discussion there will be on what qualifies for the 20%, but anyone please feel free to merge them if it's redundant.

 

Edited by mister_tea
inserted link to other thread
  • Like 2

Share this post


Link to post
Share on other sites
17 hours ago, Monomox said:

I agree that JRR could run a much tighter ship and invest on a robust e-commerce solution, particularly since this is not the first time their site disappears. 

On the other hand, what is the risk for us, the users? That they steal our JRR credentials? 

I'm asking an honest question. 

The other risk, which seems less likely, is that the site is hijacked and PayPal payments are redirected to a third party. I don't know how likely that scenario is and whether PayPal would reimburse us in that scenario. If that's a concern, one could PM Uncle E directly to request a PayPal invoice. One double checks that it's coming from JRR and if the transaction is not honored, I'm pretty sure PayPal would reimburse us in that case. 

I'm not trying to shill for JRR and it's a personal decision to transact with them or not, but I think the e-commerce world has evolved through trial and error so that the risk for the consumer is lowered. The end goal of our capitalist overlords is to keep the engine greased and going and ***** they've been doing their part.

EDIT: LOL, a very mild word was censured. You know what? **** that *** you **** ****. LOL!!!

Fair question.  I don't have many concerns about credit card information or data breaches, but I do have concerns about their infrastructure.  If you are an ECommerce vendor, having a running website and good recent backups is IT 101.   JRRShop struggles with these basic functions.  With so many other resellers, I think I will choose to not use JRRShop in the future.  

Edited by husker
  • Like 1

Share this post


Link to post
Share on other sites

monolog makes great points. I shop online now without (almost) a second thought.

9 minutes ago, husker said:

recent backups is IT 101.   JRRShop struggles with these basic functions.  With so many other resellers, I think I will choose to not use JRRShop in the fugure.  

This is also my concern. Because of the struggles, a hacker will figure out how to capitalize on this situation eventually. Hope not. But the threat is real.

Share this post


Link to post
Share on other sites

I'm not too worried, in that I always use Paypal and I use an email address that I don't regularly use anymore.  But I think I will change my password once this is cleared up.  Eric has always been really great with the customer service and has been very active over at KVR.  I tend to believe they probably had an issue with their system.  Most of these guys set up an easy storefront with one of those companies that advertise everywhere and are fine while they stay small.  But it won't support a larger business.  And in the last few years, I think they have grown more than their storefront can handle. 

As an accountant, you see it happen a lot.  Small businesses start doing better, get popular, and start to grow.  But there's this point in between being small and being large where a lot of businesses fail.  The cost to go large is more than they can afford (hiring more people, spending more on a solid website, etc...), but if they don't, they can't support the growth.  Add a pandemic in that is making you question how much you should invest, especially if your brick and mortar store is shut down, and problems ensue.

And maybe it is time to get a password manager program.  And more email addresses....   Though I worry my password manager will go out of business or get hacked.  And I will be stuck.  I do use 2FA on a lot of things now, especially bank and credit cards.  

 

 

Share this post


Link to post
Share on other sites
2 hours ago, husker said:

Fair question.  I don't have many concerns about credit card information or data breaches, but I do have concerns about their infrastructure.  If you are an ECommerce vendor, having a running website and good recent backups is IT 101.   JRRShop struggles with these basic functions.  With so many other resellers, I think I will choose to not use JRRShop in the future.  

Seems like the web server is running on an old Pentium 3 in the back of the garage... right next to the email server... ūü§£

  • Haha 3

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

√ó
√ó
  • Create New...