Hot Deal, for credit card reward points (Ameri-fags Only)
- Thread starter fly
- Start date
Mean Mr. Mustard
Always shouts out something obscene
Syrup Beaver
pants log
Shhh, dont tell them.You know they were doing this BEFORE Obama was president, right?
You know they were doing this BEFORE Obama was president, right?
You shut your dirty mouth. Right this minute.
Dharma1521
Soooo do I look as young as I look?
You know they were doing this BEFORE Obama was president, right?
No idiot, it was in the stim. package.
http://coins.about.com/b/2009/02/17/us-mint-web-site-security-breach.htm
U.S. Mint Web Site Security Breach
Tuesday February 17, 2009
Most coin collectors are aware by now that it is not "business as usual" on the U.S. Mint Web site these days. Problems began in early January when the Mint changed eCommerce fulfillment contractors (again. You might remember the last time the Mint changed contractors in Jan. 2008; the Mint Web site suffered an 8-day outage!)
One of the biggest problems the Mint is dealing with right now has actually been around for at least two years. I first reported it to them in late 2006, and reports from readers confirm that the recent events are far from the first of this type that the Mint Web site has seen. Here's what happened:
When the 2009 Ultra-High Relief Saint-Gaudens Double Eagle (what the hobby seems to be calling the UHRDE now, formerly called the UHR) went on sale, the Mint's Web site suffered its usual first-hour-of-sales lock-down. Buyers repeatedly refreshed the pages over and over, trying to place their orders early in the cycle so they could get their coins first and avoid potential delays due to high demand. This was pretty much Business As Usual for the U.S. Mint.
The first inkling of problems came when most UHRDE buyers were sent a U.S. Mint email a couple of days after the on-sale date, informing them that their coins were back-ordered until Feb. 6th. This was in contrast to the ship date of Jan. 28 given on the Web site when they placed their orders. A couple of days later, most buyers got another email moving the ship date to Feb. 11. Then came the email moving the date to Feb. 18, followed by another email rescinding all of the above and returning the date to the 6th! And it didn't end here; some buyers got further emails with dates as late as mid-March.
Naturally, this engendered a lot of confusion and speculation among the online collecting community. People began comparing notes, posting their UHRDE order numbers and the times they placed their order that first day, in an effort to see if everyone was being treated fairly in the sequence in which they placed their coin order. Some people who post in online forums and in blog comment threads do so under their real names, or their real names are widely known because they're dealers or journalists or other more or less public figures in coin collecting.
The U.S. Mint Web site's security problem was that it had an unsecured order-checking-and-cancellation process, where anybody who knew the name and order number could enter this information and retrieve the order records for the person involved, without knowing anything else about them or logging into the U.S. Mint eCommerce system.
Some ill-intentioned idiot put together the names and order numbers for several collectors who were sharing information online, and he used the Mint's Web site to cancel their UHRDE orders. This created a dual hardship for the victims: not only had the price of the UHRDE gone up by $100 in the two weeks or so between when the orders were placed and when they were canceled, the victim lost his place in line for this highly sought-after coin. The Mint customer service reps and their supervisors said they couldn't reinstate the canceled orders.
Although I know of three confirmed victims, only one has gone public. A user named Tom on the CoinNetwork.com social networking site openly shared his experience with having his UHRDE order canceled.
Michael Zielinksi, the Webmaster of CoinNetwork.com, sent an email about the breach to his contact in the U.S. Mint's Public Affairs Office, and also notified me about it. I was aware of the situation, since word travels fast online, and had coincidentally spoken to my contact in the Public Affairs Office about it earlier that day. To their credit, the Mint acted quickly and decisively. My contact asked me to document what I knew in writing so he could forward it to the Mint's marketing department for action. With reports now from two of the major numismatic Webmasters, the Mint responded by removing the Track Orders feature from their Web site the morning of Feb. 12.
People who have been wondering why the Track Orders feature is disabled now have their answer. Although I am generally not of a mind to suppress security problems, I did feel that it was appropriate to give the Mint some time to address the problem before warning people about it, a decision that Michael concurred with, so I'm happy to report that we don't have to warn people at all, just tell them why things are not functioning normally when it comes to tracking orders. However, Michael did write up some tips for protecting your privacy online, which I think are well worth reading.
The order cancellation matter isn't the only security problem the Mint is having right now. There have been dozens of reports around the Web of people who have had their U.S. Mint coins dumped on their doorsteps by UPS without anybody knocking on the door or asking for a signature. One report I heard was of a $357,000 bullion coin order in 8 boxes that was dumped on a doorstep at 10:30 am, where it sat unprotected until the recipient got home at 6:00 pm. Numerous people have reported gold coins being left unattended and unsigned for.
According to an article in the March 2 Coin World, the problem seems to be some kind of disconnect between the Mint and their new fulfillment contractor, Pitney-Bowes Government Solutions. The Mint hasn't provided any information or explanation, despite significant pestering on my part.
My contact there says he hopes to be able to release a statement tomorrow (Wed.) If they send me a statement, I'll post it on my home page.
Have you been a victim of the U.S. Mint's security problems? Please share your experience in the comments below for possible follow-up.
U.S. Mint Web Site Security Breach
Tuesday February 17, 2009
Most coin collectors are aware by now that it is not "business as usual" on the U.S. Mint Web site these days. Problems began in early January when the Mint changed eCommerce fulfillment contractors (again. You might remember the last time the Mint changed contractors in Jan. 2008; the Mint Web site suffered an 8-day outage!)
One of the biggest problems the Mint is dealing with right now has actually been around for at least two years. I first reported it to them in late 2006, and reports from readers confirm that the recent events are far from the first of this type that the Mint Web site has seen. Here's what happened:
When the 2009 Ultra-High Relief Saint-Gaudens Double Eagle (what the hobby seems to be calling the UHRDE now, formerly called the UHR) went on sale, the Mint's Web site suffered its usual first-hour-of-sales lock-down. Buyers repeatedly refreshed the pages over and over, trying to place their orders early in the cycle so they could get their coins first and avoid potential delays due to high demand. This was pretty much Business As Usual for the U.S. Mint.
The first inkling of problems came when most UHRDE buyers were sent a U.S. Mint email a couple of days after the on-sale date, informing them that their coins were back-ordered until Feb. 6th. This was in contrast to the ship date of Jan. 28 given on the Web site when they placed their orders. A couple of days later, most buyers got another email moving the ship date to Feb. 11. Then came the email moving the date to Feb. 18, followed by another email rescinding all of the above and returning the date to the 6th! And it didn't end here; some buyers got further emails with dates as late as mid-March.
Naturally, this engendered a lot of confusion and speculation among the online collecting community. People began comparing notes, posting their UHRDE order numbers and the times they placed their order that first day, in an effort to see if everyone was being treated fairly in the sequence in which they placed their coin order. Some people who post in online forums and in blog comment threads do so under their real names, or their real names are widely known because they're dealers or journalists or other more or less public figures in coin collecting.
The U.S. Mint Web site's security problem was that it had an unsecured order-checking-and-cancellation process, where anybody who knew the name and order number could enter this information and retrieve the order records for the person involved, without knowing anything else about them or logging into the U.S. Mint eCommerce system.
Some ill-intentioned idiot put together the names and order numbers for several collectors who were sharing information online, and he used the Mint's Web site to cancel their UHRDE orders. This created a dual hardship for the victims: not only had the price of the UHRDE gone up by $100 in the two weeks or so between when the orders were placed and when they were canceled, the victim lost his place in line for this highly sought-after coin. The Mint customer service reps and their supervisors said they couldn't reinstate the canceled orders.
Although I know of three confirmed victims, only one has gone public. A user named Tom on the CoinNetwork.com social networking site openly shared his experience with having his UHRDE order canceled.
Michael Zielinksi, the Webmaster of CoinNetwork.com, sent an email about the breach to his contact in the U.S. Mint's Public Affairs Office, and also notified me about it. I was aware of the situation, since word travels fast online, and had coincidentally spoken to my contact in the Public Affairs Office about it earlier that day. To their credit, the Mint acted quickly and decisively. My contact asked me to document what I knew in writing so he could forward it to the Mint's marketing department for action. With reports now from two of the major numismatic Webmasters, the Mint responded by removing the Track Orders feature from their Web site the morning of Feb. 12.
People who have been wondering why the Track Orders feature is disabled now have their answer. Although I am generally not of a mind to suppress security problems, I did feel that it was appropriate to give the Mint some time to address the problem before warning people about it, a decision that Michael concurred with, so I'm happy to report that we don't have to warn people at all, just tell them why things are not functioning normally when it comes to tracking orders. However, Michael did write up some tips for protecting your privacy online, which I think are well worth reading.
The order cancellation matter isn't the only security problem the Mint is having right now. There have been dozens of reports around the Web of people who have had their U.S. Mint coins dumped on their doorsteps by UPS without anybody knocking on the door or asking for a signature. One report I heard was of a $357,000 bullion coin order in 8 boxes that was dumped on a doorstep at 10:30 am, where it sat unprotected until the recipient got home at 6:00 pm. Numerous people have reported gold coins being left unattended and unsigned for.
According to an article in the March 2 Coin World, the problem seems to be some kind of disconnect between the Mint and their new fulfillment contractor, Pitney-Bowes Government Solutions. The Mint hasn't provided any information or explanation, despite significant pestering on my part.
My contact there says he hopes to be able to release a statement tomorrow (Wed.) If they send me a statement, I'll post it on my home page.Have you been a victim of the U.S. Mint's security problems? Please share your experience in the comments below for possible follow-up.
For a while, they actually had orders tha showed up as zero dollars in your cart. Sadly, they canceled my order.
Cause the limit on the card I used is 7500 and I didnt want to go above 50% utilization, as it hurts your FICO.
Because FICO has become corrupted by the interests of financial companies.
Case in point, experian, one of the big three, won't report to it anymore, because they feel they are losing income on people wanting to know their credit scores buying the myfico product and not their own.
Case in point, experian, one of the big three, won't report to it anymore, because they feel they are losing income on people wanting to know their credit scores buying the myfico product and not their own.
Well when you are pulling down 800 million a year just to make people look bad.
The one month that they report, it would def hurt my fico. I don't know how long the recovery period is tho.