New! Dark mode!

Browsing Pinside at night? Getting tired of all the white? Switch to dark mode using the button in the top right (or CTRL-B)!

(Topic ID: 269133)

TNT Amusements Best Offer Sale:Safe to Register?


By pintim80

5 months ago



Topic Stats

  • 97 posts
  • 34 Pinsiders participating
  • Latest reply 4 months ago by PinballBuzz
  • Topic is favorited by 11 Pinsiders

You

Linked Games

No games have been linked to this topic.

    Topic Gallery

    There have been 4 images uploaded to this topic. (View topic image gallery).

    Screenshot_20200606_124859 (resized).jpg
    The Rise and Fall of an Arcade Empire Cover - FRONT (resized).jpg
    sleepyheadTodd (resized).JPG
    BestOffer4 (resized).jpg

    There are 97 posts in this topic. You are on page 1 of 2.
    -3
    #1 5 months ago

    Has anyone on Pinside, registered on TNT Amusements Best Offer Sale in order to bid on items? If so have you had any problems with registering or buying? The reason I ask is because a friend of mine who is in IT looked over TNT registration site http://sale.tntamusements.com/ and gave me his opinion. He said first of all the site is not secure and because of that he would never enter all the private information needed to register. His concern is the site could easily be hacked and more importantly would want to know what TNT was doing to secure every one's personal information? Other concerns were who designed the site because in his opinion it looked like an 8th grader designed it. So it all revolves around security of personal information and the site is lacking that. I registered on the site and have not received any acknowledgement and now that's concerning. So I would have to agree with my friend about security of personal information. At TNT the who, what and where about security of personal information. Any comments?
    ..

    Added 160 days ago:

    Thankyou everyone for your comments to my question. I didn't expect so many responses. I see that Todd Tuckey from TNT also made a comment. First I would like to say I'm a huge fan of Todd Tuckey and both my sons and I watch his videos and have donated to him in the past. With that being said I'm disappointed in his comment of accusing me of being a TROLL. Lets start from the beginning. I wanted to be able to possibly buy from his sale so I registered on the site. Now against my friends recommendations not to register because the site wasn't secure. I did register then went back to sign in. I couldn't sign in it gave me this message "We were not able to login with your EMailAddress and password, please try again." Then I was concerned because my thoughts were did someone now have my information etc. So with that I did reach out to pinsiders to see what others had to say about there experience with registering on the TNT sale site. In no way did I attack or Troll Todd Tuckey after all he is the King of Pinball to us. It seems Todd Tuckey is deflecting from the main question "Is Your Site Secure for Entering Personal Information". And from what I have read the answer is NO the site is not secure. Everyone who has registered is at risk for there information to be stolen and possibly a victim of identity theft. This is a serious concern and now I'm glad I posted this because Todd Tuckey doesn't seem concerned about security of his fans personal information. As we have seen in the past businesses like Target, Home depot, Macy's and even Equifax have been hacked. And as a result major lawsuits have been filed against these companies for security breaches. TNT Amusements is no different because they are a business taking personal information and are required to secure it. But from what I've read TNT didn't secure the personal information. Look at ForceFlow (pinside moderator) explaination. He is in agreement the site isn't secure and gives recommediations on how to secure your personal information. Thankyou ForceFlow for your professional input. Also there was a comment by Princess

    Jillian the web developer who stated the web site was a prototype. A PROTOTYPE ! So everyones personal information is at risk for the web site in progress. Also Jilliian jokes about the security issue by referring to Todd Giant Roledex, once again its all a joke to them. It seems to me like the 3 stooges Todd Tuckey doesn't take the issue seriously from the comment he left. And maybe phil-lee comment is true is TNT going out of business and they just don't care. Also someone made a comment that TNT was making money from sale while the store was closed. From watching the videos its crystal clear that TNT is open for business. You see people are picking up games and Todd states you can stop in and shop around. And not to mention all employees can be
    seen working but he states there furloughed, doesn't make sense if there furloughed they shouldn't be there. But I looked into this and found out that in
    PA, TNT Amusements is a non-essential business and according to the governor of PA is suppose to closed. According to TNT Amusements youtube videos
    its open for business. Also todd to answer your comment about my user name all I can say is pintim80, yes my name is tim I love pinball and I was born in 1980. Now I learned a lesson on security and should have a better secured user name. Im disappointed in TNT about how they handled there response and most of all my sons will also be disappointed. Eye poke won't get you out of the issue of security. Thankyou everyone for reading this. pintim80 out.

    Added 160 days ago:

    Sadly my sons and I agreed that it's best to move on from this. So we decided to unsubscribe from your you tube channel and look else where. There are a lot of other talented pinball people out there and they are the future of pinball. They will be here long after your gone and forgotten about. I do wish you much success in your TNT Amusements Best Offer Sale. And I hope your remaining fans will support you. But these 3 fans are disappointed in there pinball idol and can no longer support him especially for the twipy award in 2021. That's 3 thumbs down. Sincerely, pintim80

    Added 159 days ago:

    Thankyou Princess Jillian for correcting the security concerns I had for the TNT Amusements Best Offer Sale. I know understand that your under a time constraint but still think your doing a great job. And yes Todd needs to update the TNT Amusements 1980's AOL dial up web site to the year 2020. Just think if Todd handled this issue from the beginning more professionally than pinball as a whole would be better off. It seems Todd always has to get the last eye poke in at any expense. What about TNT Amusements being a non-essential business that should be closed at this time according to Governor Wolf of PA. I'm sure all the businesses in PA that are closed because they are following the law to slow the spread of COVID19 would have something to say to Todd Tuckey. Just watch TNT Amusements You Tube Videos and you can be the judge. Or maybe there needs to be a real judge. Eye poke….I know, eye pokes will never be the same.

    Added 159 days ago:

    Wow, like other posts on pinside this could go on and on and on. So I'm going to be the better man and put an end to this. Just think this all started over a concern about the security of information on the TNT Amusements Best Offer Sale. As I stated in the beginning of my post I registered on the TNT Best Offer Sale web site and when I went to log on I couldn't. I emailed TNT and received no response so I reached out on pinside to get others opinions. I did receive a comment from Todd Tuckey owner of TNT Amusements accusing me of being a TROLL. In the end I was right about the security concern. Princess Jillian explained and apologized that she didn't implement the security protocol. I will say that she did act on it immediately and now TNT Best Offer Sale web site is secured. Since I'm the one who brought this issue to Todds attention you would think that Todd would thank me, didn't happen. The person who was the most professional about this was Princess Jillian and she didn't have to since she was doing this as a favor for Todd. This here shows her character and work ethic. Thank you Princess Jillian. I believe this all started over an error which I will explain but could of been handled in a much better manor by Todd Tuckey. When Todd posted my personal information on post #28 which was removed by the pinside moderator because it's against the pinside rules. I noticed the email section you enter your address was missing the @designation. So the email was correct but missing the ending. I believe this is maybe why my original email to TNT was not answered. So in post #54 Todd wants me to email him so he can remove my information. He believes I'm a TROLL and now when I email him with my name and email that will match his Best Offer Sale registration and he will fell like a heel. Hopefully that will be the last of Todd Tuckey's comments. And of course he will never admit he was wrong. I will admit that this has been a good lesson in life for my sons: the person you look up to can be an asshole. Thank you pinside pintim80

    Added 158 days ago:

    This post is heading in a direction that I hadn't intended it to. I was simply looking for others suggestions to my question.
    I'm ending my comments because in my opinion this is not what pinside is about.
    Todd Tuckey is still KING in the pinball hobby to my boys and me. And yes I've resubscribed to the TNT You Tube Channel.

    Added 153 days ago:

    Hey Todd Tuckey, Someone notified me that you made some additional comments. I've moved on from this but curiosity brought me back.
    Why are you wasting your time on this when you should be focusing on the latest release from STERN. Let me bring you up to speed TMNT,
    I'll spell that out for you (Teenage Mutant Ninja Turtles). In my opinion and others the pin of 2020 and perhaps 2021. Why aren't you mentioning
    this or at least providing links for the TNT fans. I looked but found nothing from you. I was discussing this with several friends and one summoned it all
    up. Todd Tuckey isn't the guy for latest information concerning pinball. He was right on and to answer why would take several long pages. I'll sum it up in pinball terms. Stern Pinball Jurassic Park "dinosaur". But you are the KING for all old pinball content and 3 stooges format and nobody can take that from you.

    Here are a couple links you can pass onto to TNT Fans for STERNS TNMT and you will notice all are secured sites.

    https://sternpinball.com/game/tmnt/

    https://www.twitch.tv/videos/633845712

    https://www.twitch.tv/deadflip/

    Also I read your having the TNT BEST OFFER SALE #4 on May 30th 4pm TNT Amusements. I'm looking forward to this especially
    since I'm now a registered bidder on your now secured web site. There are a few items that have my interest and I will be bidding on.
    And I recommend all to register and join in or at the least to watch.

    Thanks for the offer but the last time I checked in my garage I had enough JUNK T-SHIRTS that I use to wipe the oil off the
    dipstick when checking my cars oil. eye poke

    Please no more comments I'm moving on and will probably remove my TROLL account.

    Added 153 days ago:

    STERN PINBALL Teenage Mutant Ninja Turtles

    https://sternpinball.com/game/tmnt/

    https://www.twitch.tv/videos/633845712

    https://www.twitch.tv/videos/634871806

    Added 123 days ago:

    Has this finally come to an end?
    BEST OFFER SALE #6 Looking forward to bidding on many junk items along with the other trolls.

    #2 5 months ago

    I would simply call or email him...

    #3 5 months ago

    Yeah, just email Todd directly and make an offer; he's super responsive

    13
    #4 5 months ago

    You and your friend sound like a blast. The next time you’re in the Asbury Park area let me know.

    #5 5 months ago
    Quoted from pintim80:

    Has anyone on Pinside, registered on TNT Amusements Best Offer Sale in order to bid on items? If so have you had any problems with registering or buying? The reason I ask is because a friend of mine who is in IT looked over TNT registration site http://sale.tntamusements.com/ and gave me his opinion. He said first of all the site is not secure and because of that he would never enter all the private information needed to register. His concern is the site could easily be hacked and more importantly would want to know what TNT was doing to secure every one's personal information? Other concerns were who designed the site because in his opinion it looked like an 8th grader designed it. So it all revolves around security of personal information and the site is lacking that. I registered on the site and have not received any acknowledgement and now that's concerning. So I would have to agree with my friend about security of personal information. At TNT the who, what and where about security of personal information. Any comments?
    ..

    I bought things at his last sales and just picked them up last Monday. It was a great time! Todd is truly legendary! He’s added some hurtles to register because he had a surprising amount of people make offers and jack up the prices and then when they won they said they didn’t have any money and didn’t actually plan on buying anything.

    29
    #6 5 months ago
    Quoted from pintim80:

    He said first of all the site is not secure and because of that he would never enter all the private information needed to register. His concern is the site could easily be hacked and more importantly would want to know what TNT was doing to secure every one's personal information?

    Since your post received some downvotes, I'd like to point out that your friend is correct in that there is no SSL certificate on that site. So, any information you enter will be sent in the clear and readable by anyone. Name, address, username, password--none of that is being encrypted in transit from your browser and over the internet to whatever server the site is hosted on. So basically, if you were standing in a crowded room, you would be shouting your username and password for anyone to hear.

    SSL certificates are fairly inexpensive. You can get one for as little as $20-$30 for 1 year.

    Personally, I would not submit any personal information to a site without a secure connection.

    Would it be a target for hackers? Eh, *probably* not. At least, not initially. Hackers tend to go for slightly bigger targets, not custom niche websites. But it doesn't take too long before a site gets crawled by bots and search engines, and ends up on a target list somewhere meeting some initial criteria (ie, unsecured website with a submission form that matches some keywords like "name" and "address" and "password").

    So, an SSL certificate protects data while its being transmitted--but what about the database on the server? Normally, passwords are "salted and hashed" and then saved as an unreadable jumble of characters using a specific algorithm. This is a repeatable process that happens in only one direction. When a password is "salted and hashed", it means that a specific string of text is added onto the password, and then the whole thing is converted into a jumbled string of characters so that it is not a plain text password readable by humans. So in theory, that jumbled string of characters would be useless for anyone who might manage to hack into the server and/or read the database. It's very difficult to reverse a hash to spit out the original password.

    So whenever you send your password to the server, it then adds that known "salt" to the password, then "hashes" it, and compares the two hashes. If they match, the server logs you in.

    Then, on top of that, some databases or database fields are also encrypted as an additional security measure to protect the data.

    Some website database breaches that have occurred in the past either stored passwords in the clear without being salted, hashed or encrypted; or, have used a very weak and easily crackable hash algorithm (such as MD5).

    Once your username and password are out in the open (or are crackable having been hashed insecurely), hackers try using those on a variety of common/major websites to see if you used the same username and password anywhere else. Unfortunately, a lot of people do, so inevitably, login information extracted from a less secure website can be used to gain access to accounts in other more secure websites that have good security measures in place (such as a banking website, DMV, insurance websites). After that, they can steal your account and take over your identity, drain your funds, apply for credit cards or loans, issue driver's licenses, etc.

    In summary--yes, the site is insecure to some degree. Since the back end is not freely accessible, it's not clear how secure or insecure it is.

    Would I submit personal information to this site like this in its current state? No.

    If I absolutely had to use an insecure website, this would be what I would do:
    1) Get a PO box, and submit that as the address information.
    2) Use a completely new and unique email address that you have not used *anywhere* else.
    3) Use a completely new and unique username that you have not used *anywhere* else.
    4) And finally, a completely new and unique password that you have not used *anywhere* else.
    5) Then, never ever use that email, username, or password on any other websites anywhere.

    So, if the website is compromised, and someone else gains access to that information, the information would be largely inactionable since you did not use it anywhere else. And also, since you are using a PO box rather than your home address, your home address wouldn't be published for the world to see.

    If you think that if your home address getting out in the open doesn't matter much, keep in mind that hackers are also sometimes pranksters. They could send glitter bombs, dog poop, order a pizza for delivery, or even go as far as to swat the address. If you don't know what swatting is, that means someone calls in a fake emergency to the police. People have died as a result of this with police arriving at the address thinking it's a life-or-death situation based on the information given in the fake 911 call.

    So yeah--an insecure website containing personal information can be quite a serious matter these days.

    [edit]: If you would like to check if your email address has been listed within a known data breach, this is a legitimate website to check with: https://haveibeenpwned.com/

    [edit 2]: The site now has an SSL certificate in place.

    #7 5 months ago

    I've been watching all of these best offer sales (the long versions). Is Mr.Tuckey going out of Business?
    Been worried about him, he looks tired.

    #8 5 months ago

    Although I don't really think it helps the situation, the server is hosting a secure version of the site at https://perfectionsgroup.com (presumably the site developer?) with a certificate from Let's Encrypt (nobody should be paying for https these days without a good reason).
    It's apparent that the certificate was either not issued correctly and/or the webserver is not serving the correct one.

    #9 5 months ago
    Quoted from phil-lee:

    I've been watching all of these best offer sales (the long versions). Is Mr.Tuckey going out of Business?
    Been worried about him, he looks tired.

    I was under the assumption he was doing what he could to earn some income while his store was closed due to covid.

    #10 5 months ago
    Quoted from pure_penalty:

    Although I don't really think it helps the situation, the server is hosting a secure version of the site at https://perfectionsgroup.com (presumably the site developer?) with a certificate from Let's Encrypt (nobody should be paying for https these days without a good reason).
    It's apparent that the certificate was either not issued correctly and/or the webserver is not serving the correct one.

    I think this is the guy Todd paired up with to facilitate this sale in the first place. Someone can try contacting him and asking. TNT’s personal website seems a bit old and antiquated so maybe with some concerned folks asking, Todd will get it modernized.

    #11 5 months ago

    North Korean hackers after Todd Tuckey confirmed. Got it...

    #12 5 months ago

    pure_penalty - You are correct the site https://perfectionsgroup.com is the site that has the SSL cert, if people are concerned you can make offers and update information on that URL as you can on sale.tntamusements.com. Thanks for putting this out there. The reason that sale.tntamusements.com does not have a cert at the moment is because Todd did not a wildcard cert for the domain and we will be getting one soon.

    #13 5 months ago

    pintim80 - I am the developer of the site for Todd. As you can guess this was a prototype that we are trying out. After the first sale was very hard for him and his family to manage I built something that "functioned" to show him we could have better automation. Todd said lets use it and the 2nd sale happened. As I have MANY hobbies and a full time job I am doing this to help a friend in our community. The 8th grade layout, is thanks to his outdated www.tntamusements.com site and I did it to match his "brand". I am a coder not a designer, if someone here wants to help my ears are open! I have been making changes every few days trying to make things better.

    As for you not getting the confirmation email from us, you did not enter a valid email address. I can help you update that, PM me here.

    #14 5 months ago

    forceflow - You bring up a ton of great points, I think I addressed a few of them already. One I want to say is that I am NOT MD5ing the passwords they are salt/hashed. I work in the industry full time and, as I said, I am doing this for fun, I am using my tech abilities to protect us all. I really do not want to be in the "profile storage" business but not everyone has a google/facebook/other account that I can easily universally map to. As a result, we are where we are.

    If someone is concerned about the storage of their personal information in the database, I am sure that Todd can store it offline in his GIANT ROLODEX and
    I can delete it from the database once confirmed. The point of this is NOT to store the information it is to prevent people that are attempting to troll the sale by inflating offers.

    #15 5 months ago
    Quoted from ForceFlow:

    SSL certificates are fairly inexpensive.

    They are free. Let's Encrypt provides them and that's what Todd's dev uses at the secure site: https://perfectionsgroup.com/

    #16 5 months ago

    PrincessJillian FYI, it's worth noting that Let's Encrypt supports wildcard as well with a dns verification method. It's also an option to have a single certificate specify multiple host names - so perfectionsgroup.com and sale.tntamusements.com could be on the same one.

    That being said, you can also have individual certificates for each name, and does not matter if the top level domain does not have a matching one or wildcard.

    #17 5 months ago

    pure_penalty - Thanks for the info, I am hoping that I have time to get this all done before the next sale. Again, this was a project that I did as a prototype to make life better. I am spending the time that I can to make it all happen but as you all know, things are strange in the world at the moment.

    #18 5 months ago
    Quoted from pintim80:

    Has anyone on Pinside, registered on TNT Amusements Best Offer Sale in order to bid on items? If so have you had any problems with registering or buying? The reason I ask is because a friend of mine who is in IT looked over TNT registration site http://sale.tntamusements.com/ and gave me his opinion. He said first of all the site is not secure and because of that he would never enter all the private information needed to register. His concern is the site could easily be hacked and more importantly would want to know what TNT was doing to secure every one's personal information? Other concerns were who designed the site because in his opinion it looked like an 8th grader designed it. So it all revolves around security of personal information and the site is lacking that. I registered on the site and have not received any acknowledgement and now that's concerning. So I would have to agree with my friend about security of personal information. At TNT the who, what and where about security of personal information. Any comments?
    ..

    Welcome aboard "PinTim80"! I see you joined just 16 hours ago and we now have been blessed with your first post! You certainly went to alot of trouble to register--why not have "Your Friend" post your findings? At least he would have the backing of some kind of background on this forum! I also noticed your "name" is awfully close to one of our Twins--Tim--email name which is grimtim1980@ .... hmmmmm ......ummmmm.....and the town you live in is Abingdon, the town right NEXT to Tim's town in Maryland! Ahhhhh.... Ohhhhhh.... Could this be a NEW Troll or and OLD Troll? Hmmmmm....
    Anyway, we will look forward to MORE of your helpful posts!
    We also noticed someone in Maryland with same "name" tried to register on our site about the same time you "Joined" the forum and we denied it--very suspicious information. And please get back to your "friend" (you have one??) and tell him how great you are! Todd Tuckey

    #19 5 months ago
    Quoted from toddtuckey:

    Welcome aboard "PinTim80"! I see you joined just 16 hours ago and we now have been blessed with your first post! You certainly went to alot of trouble to register--why not have "Your Friend" post your findings? At least he would have the backing of some kind of background on this forum! I also noticed your "name" is awfully close to one of our Twins--Tim--email name which is grimtim1980@ .... hmmmmm ......ummmmm.....and the town you live in is Abingdon, the town right NEXT to Tim's town in Maryland! Ahhhhh.... Ohhhhhh.... Could this be a NEW Troll or and OLD Troll? Hmmmmm....
    Anyway, we will look forward to MORE of your helpful posts!
    We also noticed someone in Maryland with same "name" tried to register on our site about the same time you "Joined" the forum and we denied it--very suspicious information. And please get back to your "friend" (you have one??) and tell him how great you are! Todd Tuckey

    I'm not going to do a deep assessment or anything, but I assume his friend is figuring you all are sending credentials in plaintext since you aren't using SSL on the login page (or anywhere else on the site that I can see). Since you aren't using SSL I'd hope you're performing client-side encryption before transmitting any creds. Ideally you'd also be encrypting at rest too.

    Most browsers will do a very basic check for sites not using HTTPS and warn about signing up for those sites. Even if you are doing client-side encryption I'd recommend updating the site as it would alleviate some of the concerns around that.

    Edit: Looks like people already addressed this earlier in the thread anyway. My bad.

    18
    #20 5 months ago
    Quoted from toddtuckey:

    I also noticed your "name" is awfully close to one of our Twins--Tim--email name which is grimtim1980@ .... hmmmmm ......ummmmm.....and the town you live in is Abingdon, the town right NEXT to Tim's town in Maryland! Ahhhhh.... Ohhhhhh.... Could this be a NEW Troll or and OLD Troll? Hmmmmm....

    Troll or not, he's right... you should secure your customer information form.

    #21 5 months ago
    Quoted from Mike_J:

    You and your friend sound like a blast. The next time you’re in the Asbury Park area let me know.

    Yeah, they probably even wear Covid masks out in public too. Bastards.

    #22 5 months ago

    metallik - Please read all of my replies above to peoples concerns. We are protecting customers information! It is encrypted in the database so that we do not have access to it and prevents hackers from ever being able to access it.

    Not having an SSL certificate on a website does not mean it is not secure, what it means is if someone was listening to the connection between you and our server when you send us data they may be able to impersonate your login and get the information you sent before it is encrypted. The SSL encrypts the connection preventing that rare case. As I mentioned, this was an oversight for one domain name not the entire site. If you use the https://perfectionsgroup.com rather than http://sale.tntamusements.com there is no issue.

    #23 5 months ago
    Quoted from YeOldPinPlayer:

    They are free. Let's Encrypt provides them and that's what Todd's dev uses at the secure site: https://perfectionsgroup.com/

    I kind of forgot about the free ones. The last time I looked into them, they weren't easy to set up (the paid certs were much simpler), documentation was poor/complicated, and encryption wasn't as strong as the paid certs. I can see most of that has been improved upon now.

    #24 5 months ago
    Quoted from PrincessJillian:

    Not having an SSL certificate on a website does not mean it is not secure, what it means is if someone was listening to the connection between you and our server when you send us data they may be able to impersonate your login and get the information you sent before it is encrypted

    That is pretty much a prime example of something that is insecure...

    #25 5 months ago
    Quoted from pintim80:

    Has anyone on Pinside, registered on TNT Amusements Best Offer Sale in order to bid on items? If so have you had any problems with registering or buying? The reason I ask is because a friend of mine who is in IT looked over TNT registration site http://sale.tntamusements.com/ and gave me his opinion. He said first of all the site is not secure and because of that he would never enter all the private information needed to register. His concern is the site could easily be hacked and more importantly would want to know what TNT was doing to secure every one's personal information? Other concerns were who designed the site because in his opinion it looked like an 8th grader designed it. So it all revolves around security of personal information and the site is lacking that. I registered on the site and have not received any acknowledgement and now that's concerning. So I would have to agree with my friend about security of personal information. At TNT the who, what and where about security of personal information. Any comments?
    ..

    you don’t need to use private info, all you need is a name and an email. All payments are made after the sale is over

    #26 5 months ago
    Quoted from PrincessJillian:

    pintim80 - I am the developer of the site for Todd. As you can guess this was a prototype that we are trying out. After the first sale was very hard for him and his family to manage I built something that "functioned" to show him we could have better automation. Todd said lets use it and the 2nd sale happened. As I have MANY hobbies and a full time job I am doing this to help a friend in our community. The 8th grade layout, is thanks to his outdated www.tntamusements.com site and I did it to match his "brand". I am a coder not a designer, if someone here wants to help my ears are open! I have been making changes every few days trying to make things better.
    As for you not getting the confirmation email from us, you did not enter a valid email address. I can help you update that, PM me here.

    Jillian, congrats for your attitude.
    And Todd, you are a legend in our hobby!! Just keep going with TNT (business and videos) for the next 50 years, please!!

    #27 5 months ago
    Quoted from PStudart:

    Jillian, congrats for your attitude.
    And Todd, you are a legend in our hobby!! Just keep going with TNT (business and videos) for the next 50 years, please!!

    Thank you!

    -6
    #28 5 months ago
    Quoted from pintim80:

    Has anyone on Pinside, registered on TNT Amusements Best Offer Sale in order to bid on items? If so have you had any problems with registering or buying? The reason I ask is because a friend of mine who is in IT looked over TNT registration site http://sale.tntamusements.com/ and gave me his opinion. He said first of all the site is not secure and because of that he would never enter all the private information needed to register. His concern is the site could easily be hacked and more importantly would want to know what TNT was doing to secure every one's personal information? Other concerns were who designed the site because in his opinion it looked like an 8th grader designed it. So it all revolves around security of personal information and the site is lacking that. I registered on the site and have not received any acknowledgement and now that's concerning. So I would have to agree with my friend about security of personal information. At TNT the who, what and where about security of personal information. Any comments?
    ..

    Added today: Thankyou everyone for your comments to my question. I didn't expect so many responses. I see that Todd Tuckey from TNT also made a comment. First I would like to say I'm a huge fan of Todd Tuckey and both my sons and I watch his videos and have donated to him in the past. With that being said I'm disappointed in his comment of accusing me of being a TROLL. Lets start from the beginning. I wanted to be able to possibly buy from his sale so I registered on the site. Now against my friends recommendations not to register because the site wasn't secure. I did register then went back to sign in. I couldn't sign in it gave me this message "We were not able to login with your EMailAddress and password, please try again." Then I was concerned because my thoughts were did someone now have my information etc. So with that I did reach out to pinsiders to see what others had to say about there experience with registering on the TNT sale site. In no way did I attack or Troll Todd Tuckey after all he is the King of Pinball to us. It seems Todd Tuckey is deflecting from the main question "Is Your Site Secure for Entering Personal Information". And from what I have read the answer is NO the site is not secure. Everyone who has registered is at risk for there information to be stolen and possibly a victim of identity theft. This is a serious concern and now I'm glad I posted this because Todd Tuckey doesn't seem concerned about security of his fans personal information. As we have seen in the past businesses like Target, Home depot, Macy's and even Equifax have been hacked. And as a result major lawsuits have been filed against these companies for security breaches. TNT Amusements is no different because they are a business taking personal information and are required to secure it. But from what I've read TNT didn't secure the personal information. Look at ForceFlow (pinside moderator) explaination. He is in agreement the site isn't secure and gives recommediations on how to secure your personal information. Thankyou ForceFlow for your professional input. Also there was a comment by Princess
    Jillian the web developer who stated the web site was a prototype. A PROTOTYPE ! So everyones personal information is at risk for the web site in progress. Also Jilliian jokes about the security issue by referring to Todd Giant Roledex, once again its all a joke to them. It seems to me like the 3 stooges Todd Tuckey doesn't take the issue seriously from the comment he left. And maybe phil-lee comment is true is TNT going out of business and they just don't care. Also someone made a comment that TNT was making money from sale while the store was closed. From watching the videos its crystal clear that TNT is open for business. You see people are picking up games and Todd states you can stop in and shop around. And not to mention all employees can be
    seen working but he states there furloughed, doesn't make sense if there furloughed they shouldn't be there. But I looked into this and found out that in
    PA, TNT Amusements is a non-essential business and according to the governor of PA is suppose to closed. According to TNT Amusements youtube videos
    its open for business. Also todd to answer your comment about my user name all I can say is pintim80, yes my name is tim I love pinball and I was born in 1980. Now I learned a lesson on security and should have a better secured user name. Im disappointed in TNT about how they handled there response and most of all my sons will also be disappointed. Eye poke won't get you out of the issue of security. Thankyou everyone for reading this. pintim80 out.

    Hi Tim! Let's show the readers the "information" you tried to register today! Hmmmm...no email address...what a great address....and just look at that phone number! Perhaps, is this why we did not validate you? Is there a reason you filled this out this way? Todd

    [screenshot with personal info removed by moderator]

    #29 5 months ago
    Quoted from ForceFlow:

    If you think that if your home address getting out in the open doesn't matter much, keep in mind that hackers are also sometimes pranksters. They could send glitter bombs, dog poop, order a pizza for delivery, or even go as far as to swat the address. If you don't know what swatting is, that means someone calls in a fake emergency to the police. People have died as a result of this with police arriving at the address thinking it's a life-or-death situation based on the information given in the fake 911 call.
    So yeah--an insecure website containing personal information can be quite a serious matter these days.
    [edit]: If you would like to check if your email address has been listed within a known data breach, this is a legitimate website to check with: https://haveibeenpwned.com/

    I realize the risks, given my many years in Law Enforcement, but I would add that about anyone with any kind of keyboard competency can obtain address info pretty easily, along with a ton of other stuff that you would never think of. There are all kinds of public databases out there....you just need to look in the right place. Ever hand someone a written check? I know they are less and less common these days.....but you realize you just handed them your bank account and routing number, along with your name and often times your address and phone number. Doesn't make it right...and I am not saying you should not protect the info....what I am saying is not to have a false sense of security because you only frequent so-called "secure" sites. And the guy that "died" because someone swatted his address.....that address wasn't even correct. It was a fake address one person gave to the other as his own when they were arguing....the problem was, he pulled it out of thin air. That could happen to anyone at any time. In the KS case, the guy that got shot was completely innocent, and having his address published somewhere had absolutely nothing to do with the case...he just had the mis-fortune of living at the address the guy made up.

    #30 5 months ago
    Quoted from pintim80:

    But I looked into this and found out that in PA, TNT Amusements is a non-essential business and according to the governor of PA is suppose to closed. According to TNT Amusements youtube videos
    its open for business.

    Good lord...has it really come to this?

    #31 5 months ago

    I have personally have two addresses that I use, and will share with you:

    1600 Pennsylvania Ave. and 123 Fake St.

    #32 5 months ago
    Quoted from toddtuckey:

    Is there a reason you filled this out this way? Todd

    Because it's an insecure website and he would prefer to provide as little information as possible to a potential attacker?

    Your developer has this handled. Don't shoot the messenger.

    #33 5 months ago

    Personally, this is my favorite

    29
    #34 5 months ago

    OK, I have some things to say here. Please understand what I am saying and why I am saying it.

    I am 43 years old, I was an Executive Director for WBGames and ran the PCI (credit card storage environment for monthly billing) for all of WBs monthly billing. I was directly responsible for the team created and operated the environment that securely store profiles, credit card information, etc for their systems, this included all of Mortal Kombat, Injustice, Batman Arkham, Game of Thrones: Conquest, as well as nearly 20 other titles. My name is in the credits! I am not some 20 year old developer that is hacking on a keyboard.

    I say all of this as I want to be clear that I am talking from experience. I have gone to training at Mastercard as well as other, I know SSL, encryption as well as many other technologies. The data in the database is encrypted at rest! If someone hacks the site to get to the database it is all safe.

    "I" made a mistake when launching the site for Todd. "I" saw the opportunity to help someone who is a friend, I put something together and showed it to him. He liked what he saw and found it useful, asked me if he could use it for sale #2! This was less than a week before sale #2. I made a few changes for him and put it online for him. If anyone knows how Agile Software Development works it is exactly what I was doing, making a proof of concept, getting feedback, and making it better one change at a time.

    ONE of those changes, after we launched on httpS://perfectionsgroup.com was to make the name easier for the users to get to. Todd asked is there a way we can use the TNTAmusements.com site in conjunction with this. I told him to have his web guy add a DNS entry to point sale.tntamusements.com to my server. This game him an easier name to use, one that he did not have to spell, when he talked about the site on youtube.

    "I" am the one that did not think to get a cert for that site, it was not the top of my mind as it was setup in 'https'. "I" am the one that made that mistake! Due to my time constraints and doing this "on the side" that this happened. I have admitted that and am doing so more clearly now. "I" Jillian take responsibility for that.

    I feel HORRIBLE that my mistake is causing the TNT brand to be attacked. I am sorry that my mistake made some of you lose trust in TNT. As you can see above it was not intended to treat anyone's information without care, I would not do that. In fact I did take precautions but missed one that I wish I would not have.

    Again, I am sorry. I did the best I could under the time constraints. I will be getting an SSL cert for the "sale" site once I am done with my full time job today and perhaps will be installed before many people even read this message.

    Please know that your data is encrypted at rest and in the backups, know that there is no indication that the site has been hacked and that if you are a concern about your data to use the https://perfectionsgroup.com address rather than sale.tntamusements.com address until I am able to resolve that issue.

    #35 5 months ago

    Jillian, Todd, it's just business. Remember you can't please all the people all the time.
    People are like ass holes, no one pays much attention until one says something shitty!

    #36 5 months ago

    I don’t believe that site takes payment info. Just follow Rule #1, use different passwords for different sites.

    #37 5 months ago

    Jillian, you're honesty is so refreshing.

    Thank you for all that you do for Todd, he needs someone like you in his corner looking out for him on his online best offer sales.
    The last sale was such an improvement and so much fun.
    Thank you for your hard work. The sales are a fantastic diversion.
    We can't wait for the next one!

    Paul and Chrissi

    PS.. Todd is a creep for not giving you the pinball/slot machine topper.

    #38 5 months ago

    And think about this... WHY would PinTim80 even TRY to register if he thought it WAS insecure? WHY BOTHER? And you STILL have not told us who you are...you are still an invisible "collector" that NO ONE knows. We were only getting name, address, phone and email info and no Social Security number, or ANY payment information. Jillian is in process of fixing this. Todd

    #39 5 months ago
    Quoted from Manimal:

    I realize the risks, given my many years in Law Enforcement, but I would add that about anyone with any kind of keyboard competency can obtain address info pretty easily, along with a ton of other stuff that you would never think of. There are all kinds of public databases out there....you just need to look in the right place. Ever hand someone a written check? I know they are less and less common these days.....but you realize you just handed them your bank account and routing number, along with your name and often times your address and phone number. Doesn't make it right...and I am not saying you should not protect the info....what I am saying is not to have a false sense of security because you only frequent so-called "secure" sites.

    Sure, given enough effort, you can dig up info on pretty much anyone. The point is to make that as difficult as possible for malicious actors. Chances are, they'll go after easier low-hanging fruit.

    For me personally, I've taken steps to scrub as much as my personal info from public databases as possible to make it a bit harder for someone to steal my personal info.

    If any of you have ever searched for your own name online, you may have noticed various websites holding bits of data about you that is publicly accessible. What you might not know is that with a little bit of effort, most of that can be removed from open public view. Just google the name of the site that it appears on and something along the lines of "how to remove" or "removal instructions" or "removal request", and you can usually find info on how to request a take-down of your personal info.

    Quoted from Manimal:

    And the guy that "died" because someone swatted his address.....that address wasn't even correct. It was a fake address one person gave to the other as his own when they were arguing....the problem was, he pulled it out of thin air. That could happen to anyone at any time. In the KS case, the guy that got shot was completely innocent, and having his address published somewhere had absolutely nothing to do with the case...he just had the mis-fortune of living at the address the guy made up.

    I admit that I'm a bit fuzzy on the details of that specific case since it's been so long, but the point still stands--swatting can make a situation unnecessarily dangerous for everyone involved. And being on the receiving end of a hacker's pranking/trolling activities is also not a fun position to be in.

    https://en.wikipedia.org/wiki/Swatting#Injuries_or_deaths_due_to_swatting

    #40 5 months ago
    Quoted from toddtuckey:

    And think about this... WHY would PinTim80 even TRY to register if he thought it WAS insecure? WHY BOTHER? And you STILL have not told us who you are...you are still an invisible "collector" that NO ONE knows. We were only getting name, address, phone and email info and no Social Security number, or ANY payment information. Jillian is in process of fixing this. Todd

    I'm Not impressed with my namesake's responses, I have to say. I think your defensiveness is contrasted by Jillian's very professional and apologetic response.
    I would think someone with your years of experience could take a punch better......you should practice a conciliatory tone....even if you aren't to blame it goes a long way in the service industry.

    With that said, I'm sure you are much better in real life. Sometimes these forums have a way of infecting us with a cynicism we wouldn't have otherwise.

    Todd

    #41 5 months ago
    Quoted from jibmums:

    Yeah, they probably even wear Covid masks out in public too. Bastards.

    Possibly, but more likely, just a jackass who has no intention of buying from TNT and trying to give him a hard time.

    #42 5 months ago
    Quoted from PrincessJillian:

    metallik - Please read all of my replies above to peoples concerns. We are protecting customers information! It is encrypted in the database so that we do not have access to it and prevents hackers from ever being able to access it.
    Not having an SSL certificate on a website does not mean it is not secure, what it means is if someone was listening to the connection between you and our server when you send us data they may be able to impersonate your login and get the information you sent before it is encrypted. The SSL encrypts the connection preventing that rare case. As I mentioned, this was an oversight for one domain name not the entire site. If you use the https://perfectionsgroup.com rather than http://sale.tntamusements.com there is no issue.

    They are free. Just do it for every domain.

    16
    #43 5 months ago

    Feel Free to register on our secured website! sale.tntamusements.com Our next Best Offer Sale is Saturday May 30th, 2020 at 4pm Eastern Time. We already have 35 items listed that we will be featuring and will have sixty total, listed by this weekend!
    Registration is fast and easy. You must register a complete address, phone number and email address, which we will then verify. We do not ask for any payment information until after sale ends. (Regular auction sites will not accept bids unless you register a credit card!) Anyone that bids in this new auction will also get a chance to win a couple door prizes--you do not have to win anything!
    You can watch the sale right from this site on the YouTube window so you can see the current offers, etc. However, you are welcome to just watch and chat on the YouTube channel too! We have lots of fun and there are plenty of jokes too! It is family friendly too.
    Thanks to all our fans for their continued support!

    BestOffer4 (resized).jpg
    #44 5 months ago

    Hey Todd, here’s a bump. But I have a request. You have so many great videos and animations and photos, how’s about putting an Avatar photo or TNT logo for your Pinside name?

    #45 5 months ago
    Quoted from ForceFlow:

    What you might not know is that with a little bit of effort, most of that can be removed from open public view. Just google the name of the site that it appears on and something along the lines of "how to remove" or "removal instructions" or "removal request", and you can usually find info on how to request a take-down of your personal info.

    Trust me, after all these years in law enforcement, I work hard to keep the personal info scrubbed as much as possible, but I have quite a few cases that I was involved in which were public view, so I am out there quite a bit. I once had an inmate give every prisoner getting paroled my phone number and address he got in the early days of internet. I got all kinds of phone calls and letters threatening myself and my family. It went on for months, so I know the dangers. But today, all you need to do is search your local county or state property tax databases, and you can get a ton of info. Most of those sites are mandated public by law. Court records, and other public sites are also open by design. I can probably even find pics of the inside of your house if it was listed to one of the realtor databases.

    My point is, it's a digital world, and we should never give up protecting our personal info and privacy. But just because you follow all of the best practices, doesn't mean you aren't out there for the world to see. I wasn't arguing...merely pointing out how insecure we all are. I think we agree on that point...lol

    #46 5 months ago
    Quoted from Manimal:

    Trust me, after all these years in law enforcement, I work hard to keep the personal info scrubbed as much as possible, but I have quite a few cases that I was involved in which were public view, so I am out there quite a bit. I once had an inmate give every prisoner getting paroled my phone number and address he got in the early days of internet. I got all kinds of phone calls and letters threatening myself and my family. It went on for months, so I know the dangers. But today, all you need to do is search your local county or state property tax databases, and you can get a ton of info. Most of those sites are mandated public by law. Court records, and other public sites are also open by design. I can probably even find pics of the inside of your house if it was listed to one of the realtor databases.
    My point is, it's a digital world, and we should never give up protecting our personal info and privacy. But just because you follow all of the best practices, doesn't mean you aren't out there for the world to see. I wasn't arguing...merely pointing out how insecure we all are. I think we agree on that point...lol

    A lot of the armchair lawyers and experts confuse the wisdom of experience for the arrogance of the ignorant.

    It’s been an eye opener to work with people in the industry and see how different things are in the real world.
    It’s a bit unbelievable that people would rag all over a professional that most certainly has been held to much higher standards and dealt with more money than all but maybe 3 people in this thread have ever handled in their lifetimes.

    And personally, to the cyber security folks who I know are in this thread, please be realistic. We all know the dangers but be serious for a moment. If someone is really sniffing your internet traffic, either you’re doing really sketchy things to get the feds on your ass, or you’ve got a really insecure connection and I recommend getting a VPN or DSL anyway.

    #47 5 months ago

    Well, good news--the SSL certificate is now in place on the auction registration site.

    #48 5 months ago
    Quoted from toddsolus:

    I'm Not impressed with my namesake's responses, I have to say. I think your defensiveness is contrasted by Jillian's very professional and apologetic response.
    I would think someone with your years of experience could take a punch better......you should practice a conciliatory tone....even if you aren't to blame it goes a long way in the service industry.
    With that said, I'm sure you are much better in real life. Sometimes these forums have a way of infecting us with a cynicism we wouldn't have otherwise.
    Todd

    I'm not impressed that you bring such shame to the name. I would think someone with your years of experience being a couch critic could understand the basic logic behind a highly suspicious internet post. You should practice a mute tone, especially when your inside voice is scratching at the door. With that said, I'm sure you're much better in real life.

    #49 5 months ago
    Quoted from pintim80:

    Sadly my sons and I agreed that it's best to move on from this. So we decided to unsubscribe from your you tube channel and look else where. There are a lot of other talented pinball people out there and they are the future of pinball. They will be here long after your gone and forgotten about. I do wish you much success in your TNT Amusements Best Offer Sale. And I hope your remaining fans will support you. But these 3 fans are disappointed in there pinball idol and can no longer support him especially for the twipy award in 2021. That's 3 thumbs down. Sincerely, pintim80

    Hey, I'm sure Todd is just searching the warehouse for that little violin he received in a trade about the same time he bought that fireworks art piece. He'll be back soon to play it for you while the fireworks raise to the heavens in the background.

    But what of the children..? Those poor, poor children!

    Lol. First post sob story.

    #50 5 months ago

    Wow I no there is nothing to talk about here but jeez, if your that concerned just don’t use it or use a burner email. You think your data is any safer with the big boys? Loads of massive companies get hacked every day and huge emailing lists and UNENCRYPTED passwords uploaded to torrents all the time (look at linked in for example) your data is probably far safer here then most other places lol. Tbh I’d be more worried about stepping outside right now then your email/password on a little site

    Promoted items from the Pinside Marketplace
    $ 79.99
    Cabinet - Armor And Blades
    PinGraffix Pinside Shop
    $ 40.99
    Lighting - Interactive
    Lee's Parts
    $ 79.99
    Cabinet - Armor And Blades
    PinGraffix Pinside Shop
    $ 54.99
    Cabinet - Shooter Rods
    Lighted Pinball Mods
    $ 10.50
    Playfield - Protection
    The MOD Couple
    $ 259.99
    Cabinet - Toppers
    Lighted Pinball Mods
    $ 24.99
    Lighting - Led
    Lee's Parts
    $ 39.00
    Gameroom - Decorations
    Concealed Art
    $ 15.00
    Playfield - Decals
    Metal-Mods
    $ 89.00
    Boards
    Pappy's Pinball Palace
    $ 139.00
    Playfield - Toys/Add-ons
    Sparky Pinball
    $ 20.00
    Playfield - Toys/Add-ons
    Habos Arcade
    $ 22.00
    Playfield - Toys/Add-ons
    ModFather Pinball Mods
    $ 11.95
    Playfield - Toys/Add-ons
    ULEKstore
    From: $ 9.99
    Eproms
    Matt's Basement Arcade
    $ 48.00
    Cabinet - Other
    ModFather Pinball Mods
    $ 15.00
    Playfield - Toys/Add-ons
    BK Pinball
    $ 194.99
    Lighting - Led
    PinballBulbs
    $ 4.49
    Electronics
    Yorktown Arcade Supply
    $ 209.99
    Lighting - Led
    PinballBulbs
    $ 999.00
    Pinball Machine
    Mircoplayfields
    $ 10.00
    Tools
    Granby Games
    $ 189.99
    $ 79.99
    Cabinet - Armor And Blades
    PinGraffix Pinside Shop
    $ 209.99
    $ 79.99
    Cabinet - Armor And Blades
    PinGraffix Pinside Shop
    From: $ 14.95
    Playfield - Toys/Add-ons
    ULEKstore
    $ 65.00
    Cabinet - Armor And Blades
    Texas Pinball
    $ 86.00
    Playfield - Toys/Add-ons
    The MOD Couple
    There are 97 posts in this topic. You are on page 1 of 2.

    Hey there! Got a moment?

    Great to see you're enjoying Pinside! Did you know Pinside is able to run thanks to donations from our visitors? Please donate to Pinside, support the site and get anext to your username to show for it! Donate to Pinside