It is currently Mon Mar 16, 2020 8:51 am

All times are UTC - 7 hours



Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 8 posts ] 
Author Message
Post subject: New Mustang owner cannot get onto fuse site
Posted: Mon Apr 18, 2016 6:36 pm
Offline
Hobbyist
Hobbyist

Joined: Mon Apr 18, 2016 6:28 pm
Posts: 5
Hello , just got a shony new Mustang 2 v2, but every time I go to fuse.fender.com, i get a warning page telling me to back out because the site is compromised and unsafe. I have tried it with two browsers with the same result over a 3 day period multiple times.

It is like Fender has a bogus SSL certificate, but I would have thought a few days was enough time for them to figure it out and fix it.

Does anyone know what is going on? I would really like to get experimenting with the new rig!


Top
Profile
Fender Play Winter Sale 2020
Post subject: Re: New Mustang owner cannot get onto fuse site
Posted: Tue Apr 19, 2016 5:41 am
Offline
Roadie
Roadie

Joined: Thu Jun 19, 2014 6:22 am
Posts: 220
I just got into the web site with out any problems. Could it be something in your firewall security settings?


Top
Profile
Post subject: Re: New Mustang owner cannot get onto fuse site
Posted: Tue Apr 19, 2016 7:58 am
Offline
Hobbyist
Hobbyist

Joined: Mon Apr 18, 2016 6:28 pm
Posts: 5
Thanks for checking. It could be something on my tablet, however I am always cruising sites and this is the only one I seem to have an issue with and it was with two different browsers. Samsung and Chrome.

I will try it from a desktop to see if there is a difference.


Top
Profile
Post subject: Re: New Mustang owner cannot get onto fuse site
Posted: Tue Apr 19, 2016 1:13 pm
Offline
Hobbyist
Hobbyist

Joined: Mon Apr 18, 2016 6:28 pm
Posts: 5
So I think I found the problem. Their certificate is a SHA 1 cert which is depricated and google warned some time ago that they were going to start punishing sites if they didn't switch to SHA-2 certs. Paypal won't even accept them anymore due to security reasons.

According the google security blog, they are going to start blocking all sites with the old certificates so if you are using chrome, you will likely see the problem I saw sooner rather than later.

If you are interested, you can see their policy here:

https://security.googleblog.com/2015/12 ... es-in.html

My guess is more people will start to see what I am seeing. I did find a way to bypass the security warning for now.

Thanks for your help.


Top
Profile
Post subject: Re: New Mustang owner cannot get onto fuse site
Posted: Thu Apr 21, 2016 1:08 pm
Offline
Rock Star
Rock Star
User avatar

Joined: Sun Sep 08, 2013 8:50 pm
Posts: 4602
Location: ˚ɷ˚
Indeed. This is rather bad.

See https://www.ssllabs.com/ssltest/analyze ... fender.com for more details.

I guess they'll update security when they update FUSE...


Top
Profile
Post subject: Re: New Mustang owner cannot get onto fuse site
Posted: Thu Apr 21, 2016 5:26 pm
Offline
Hobbyist
Hobbyist

Joined: Mon Apr 18, 2016 6:28 pm
Posts: 5
After my last post, I sent off an email to their customer support to give them a heads up. I never got an acknowledgment back.
Not sure I understand, it is a fix that takes about 5 minutes to implement and costs basically nothing.
I suppose it isn't very high on their priority list.


Top
Profile
Post subject: Re: New Mustang owner cannot get onto fuse site
Posted: Thu Apr 21, 2016 8:20 pm
Offline
Rock Star
Rock Star
User avatar

Joined: Sun Sep 08, 2013 8:50 pm
Posts: 4602
Location: ˚ɷ˚
Jackbat wrote:
Not sure I understand, it is a fix that takes about 5 minutes to implement and costs basically nothing.

No, it implies getting a new server certificate. If continuing with Thawte as the certificate authority, that means at least $199 for one year, and one business day delivery time.

And it quite likely means upgrading their web server software too.

Fender isn't exactly quick about upgrading, nor are they very up-to-date on security for their web stuff. As an example, the last time I saw an error message for this forum a few weeks ago, it showed that it ran on MySQL 4, which went off support back in 2009 (giving them the benefit of doubt that it was actually 4.1.25 and not an earlier version), and has plenty of known security vulnerabilities.
That they present back-end error messages to the browser so visitors can see these details is, of course, another security blunder.

In my opinion, Fender needs a sysadmin. The going rate in the Phoenix area would be around $100k/year for someone competent but not great, which is well worth it. A single hack with customer or supplier data pastebinned could cost them a lot more in reputation loss alone, not even considering liabilities.


Top
Profile
Post subject: Re: New Mustang owner cannot get onto fuse site
Posted: Thu Apr 21, 2016 9:18 pm
Offline
Hobbyist
Hobbyist

Joined: Mon Apr 18, 2016 6:28 pm
Posts: 5
I suppose it depends on the circumstance. When we got the notification from our CC processors that we had 3 months to migrate to SHA-2, we made a call to the certificate supplier, they said they were happy to swap it out at no cost to us and it was done in a matter of minutes. Called Paypal, they looked at it and gave us the green light. It was litterally that simple.

Whether it is 5 minutes or 24 hours, free or $200 bucks, it is rather irrelivant. Its Fender for petes sake, get it done.

Last year I saw a problem on Guitar Center site. Shot them an email, they answered right away, thanked me and got it fixed in a day, and it was nowhere as serious as what Fender has going on.


Top
Profile
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 8 posts ] 

All times are UTC - 7 hours

Fender Play Winter Sale 2020

Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to: