Jump to content
cclarry

JRR Shop

Recommended Posts

I communicated with him on kvr last night. I ordered MPS upgrade Friday evening and got the serial number fine. He always has provided great customer service.  Hopefully they move the whole site to another platform.  

  • Like 2

Share this post


Link to post
Share on other sites
11 hours ago, Grem said:

  Quote
Update 1: Uncle E has said they store no personal information for billing. All transactions with credit cards go directly through the credit cards company portals so the website doesn't even obtain that data. Same with PayPal.

This is his solution to the issue? Not acceptable for me.

He was just calming people's nerves and letting them know none of their information was stolen as they don't store it. A lot of people were concerned that credit card information could have been exposed.

Share this post


Link to post
Share on other sites
3 hours ago, abacab said:

However on page 1 it seems he was saying that back in July...

He's been saying it was gonna get fixed for how long now? Nope. Ain't buying that. Just something we can't put our finger on is going on over there. And he's not being candid about it. 

 

1 minute ago, Batwaffel said:

He was just calming people's nerves and letting them know none of their information was stolen as they don't store it. A lot of people were concerned that credit card information could have been exposed.

I understood that. Still not acceptable for me. I'm out.

Just way too many options out there.

  • Like 1

Share this post


Link to post
Share on other sites
3 hours ago, abacab said:

This thread over at KVR has a response from Uncle E that says he should have a new site up next month.

JRR shop is still down?

https://www.kvraudio.com/forum/viewtopic.php?f=1&t=549392&start=150

Uncle E's post about the new site at the bottom of page 11.

However on page 1 it seems he was saying that back in July...

 

If I had to guess, I'd say they wanted to make sure the current site was still working while they got the new one ready and hit delays. I will say, them launching a new site in November is very stupid. They tried moving servers two years ago in November and it was a disaster. They pretty much missed the entire month and a half of sales because their site was never up.

  • Like 1

Share this post


Link to post
Share on other sites
Just now, Grem said:

I understood that. Still not acceptable for me. I'm out.

Just way too many options out there.

Yah, I'm not going to be posting them for the foreseeable future, either. As much as I like Eric, the issues with their site have plagued them for far too long without any long term solutions. This is unacceptable for a company like theirs who have been around for a long time. He needs to step it up with a professional website company who can handle the site because whoever he has doing it now is doing a piss poor job.

  • Like 2

Share this post


Link to post
Share on other sites

I’m standing by the uncle, for better or worse. He was always helpful so I guess I’ll hang in there a bit longer. 

  • Like 4

Share this post


Link to post
Share on other sites

They might not store credit card numbers, but they store order histories and invoices which will contain addresses etc.; to say everything is safe because they don't handle payment transactions is only half an assurance.

Personally, I don't care if the site is down because it's a botched migration, they forgot to pay bills, or because a trainee destroyed the whole site trying to deploy to production for the first time: the site is down, and it would be nice if they gave a transparent (even if simplified/redacted) explanation and estimated time frame of if/when it will be restored.

  • Like 2
  • Great Idea 1

Share this post


Link to post
Share on other sites
36 minutes ago, Fleer said:

I’m standing by the uncle, for better or worse. He was always helpful so I guess I’ll hang in there a bit longer. 

Yep, true, he deserved by his kindness our support and second chance when problems are solved...

But on the other side I understand people who started to distrust the site.

The harsh true is such long problems with site being down (not the first place) show some serious problems.

Maybe to be able to provide low prices for us they decided so save and not to hire skilled IT guy? but do everything by themselves and it turned to it is too complicated things?

I have seen in my IT work history some bad migration or service rescues. But never like that.   Where backup plan, where recovery plan? :(

But anyway, they must feel terrible about it so I don't want to shoot to them now. Crossing fingers for happy end and for learning their lesson at last. Site can break, but they should be prepared for such opportunities, backup restore cannot be longer than few hours (for huge DB and many obstacles) and if they are trying to mess around code they should do it in professional fashion.  Cannot connect to DB error message should never be seen by anybody shopping... Etc...

But I had in the past good experience with them so I give them another chance... Of course if I am putting myself into a risk...

 

Share this post


Link to post
Share on other sites

I have got stuff from JRR and I'll wait till the dust settles before I order anything else from them. I hope they sort it out.

Share this post


Link to post
Share on other sites

Everything I got from JRR I could have got from another dealer. For not much more than what JRR charges. I kept going with JRR because he is such a nice and helpful guy. And I hope he gets it sorted out. Good luck Uncle E. Like I already said, luv ya man!!

 

However...

4 hours ago, Piotr said:

The harsh true is such long problems with site being down (not the first place) show some serious problems.

 

And...

4 hours ago, antler said:

They might not store credit card numbers, but they store order histories and invoices which will contain addresses etc.; to say everything is safe because they don't handle payment transactions is only half an assurance.

This^^^^^

 

5 hours ago, Batwaffel said:

As much as I like Eric, the issues with their site have plagued them for far too long without any long term solutions. This is unacceptable for a company like theirs who have been around for a long time.

 

Agreed. And this is all I have been saying for the last couple of months. I mean I hung in there for the last two years with the website troubles. But when I saw the redirection.... come on!! Duh!

All that said, if he gets his site going again, and it stays that way for a reasonable period of time, I may be back. I won't rule out never buying from him again. But certainly not right now.

Good luck again Uncle E.

  • Like 2

Share this post


Link to post
Share on other sites

from KVR:

Someone was able to modify our main web page and insert a small piece of code that redirected the users to the other site. They accessed the web page through Magento Connect, which is the extension downloader for Magento (our eCommerce platform), and did not have access to our server or database. Our checkout page was not modified at all and there is no evidence that they gained access to anyone's personal information, and the vulnerability that allowed them to gain that access has been closed. In addition, I had disabled our servers as soon as I found out about the issue, after which point there was no data available for them to access.
 

  • Like 1
  • Sad 3

Share this post


Link to post
Share on other sites
8 hours ago, Joakim said:

from KVR:

Someone was able to modify our main web page and insert a small piece of code that redirected the users to the other site. They accessed the web page through Magento Connect, which is the extension downloader for Magento (our eCommerce platform), and did not have access to our server or database. Our checkout page was not modified at all and there is no evidence that they gained access to anyone's personal information, and the vulnerability that allowed them to gain that access has been closed. In addition, I had disabled our servers as soon as I found out about the issue, after which point there was no data available for them to access.
 

Here is a good reason to beware of site redirects that were maliciously modified by a hacker. This is exactly how an attacker could lure victims to his exploit kit.

Here is just ONE recent example of a vulnerability in MS Edge  that was patched for Windows 10 in August 2020. > https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1555
 

Quote

 

CVE-2020-1555 | Scripting Engine Memory Corruption Vulnerability

Security Vulnerability

Published: 08/11/2020
MITRE CVE-2020-1555

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

 

Be careful out there!

  • Like 1

Share this post


Link to post
Share on other sites
3 hours ago, abacab said:

Here is a good reason to beware of site redirects that were maliciously modified by a hacker. This is exactly how an attacker could lure victims to his exploit kit.

Here is just ONE recent example of a vulnerability in MS Edge  that was patched for Windows 10 in August 2020. > https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1555
 

Be careful out there!

Sorry, but I find that hard to believe..........

 

People actually use MS Edge ?????

 

Not having that.

Share this post


Link to post
Share on other sites
43 minutes ago, paulo said:

People actually use MS Edge ?????

I have to use it for several online Business to Business websites. Believe it or not Firefox and Chrome don't render the page right.

But I get your point. I try not to use it unless I have to 😏

Share this post


Link to post
Share on other sites
18 minutes ago, InstrEd said:

Believe it or not Firefox and Chrome don't render the page right.

I believe it. Never used Chrome but that was exactly the reason I stopped using FF a few years ago.

Share this post


Link to post
Share on other sites
8 minutes ago, paulo said:

I believe it. Never used Chrome but that was exactly the reason I stopped using FF a few years ago.

I keep telling my wife you have to use the one that works for the site you are on. She always wants to argue with me. Hey I didn't create the webpage.

Just yesterday I was going to set-up her laptop for virtual video conferencing with both my daughters teachers and Firefox worked but chrome and Edge would not.  I wish using a computer wasn't so difficult 😆

Share this post


Link to post
Share on other sites

This Edge info was not intended to just be a warning about a particular browser. It was just selected as an example to illustrate how hackers can exploit your system by using a specially crafted web page.

There have been other exploits that are possible if you are even just using Windows, regardless of the browser. There have  been a series of vulnerabilities deep in the Windows kernel, and the Windows graphics sub-system that can be used to remotely attack and compromise a user's system. It's more common to be tricked into opening a file or running a program, but the web itself can be risky when surfing with Windows. The best defense is to keep up to date with patches, because once the vulnerabilities get published they end up in exploit scripts being sold on the dark web that anybody with bad intentions can use.

Be careful out there!

  • Like 2

Share this post


Link to post
Share on other sites
Posted (edited)

Abacab is right. If you leave the door open, someone will eventually come in.

Just that simple.

 

I use the new Edge. It's better than Chrome. 

Edited by Grem
  • Like 1

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

×
×
  • Create New...