Blockbuster Online's security is suspect
I signed up for Blockbuster Online a little over a week ago. Nearly a year ago, I had tried Netflix for a few months and really liked it. I had even tried the now-defunct Wal-Mart DVD rental service for comparison. But it was all getting to the point where I had seen all I wanted to see. My queue was starting to get empty and stay empty. So I took a break.
But after the last ten months or so of going back and forth to stores and the hassle of due dates and whatnot, I decided it was time to give Blockbuster a try. They’d made such big deal of “no more late fees” and started pushing their online service as an affordable alternative, I figured they’d at least match Netflix’ quality of service, if not selection and responsiveness.
However, in setting up my account, I immediately encountered a problem. When logging in to their site, I received an notification that the security certificate could not be verified. If you’ve done any sort of transaction online, you can probably guess that you’re already at risk of exposing your information while it’s in transit, but this sort of message just throws up a red flag.
Usually this happens when a browser hasn’t had it’s certificate validation components updated. I’ve only seen this a few times, mostly with using old browsers, but I’m using Firefox 1.0.4 [I’ve just updated to 1.0.6], so this shouldn’t be the case.
My immediate thought was that this was a one-time thing, a glitch or something. But it happened again…and again. It happens everytime I log in, yet Blockbuster doesn’t address it as an issue, and I’ve only found a couple of instances of it being discussed on the web. Both at (of all places) HackingNetflix, here and here. I figured it was only right to contact Blockbuster and let them know about it, seeing as how there could be potential for a real security issue.
My original message:
Whenever I log in to view my account or queue, I get a security certificate error telling me that the origin of the certificate cannot be verified or something to that effect. I’m using Firefox 1.0.4 on Mac OS X 10.3.9, but don’t think it’s just my computer. This problem has also been noted on HackingNetflix.com (http://www.hackingnetflix.com/netflix/2005/08/more_blockbuste.html). Is there anything that can be done to fix this, and am I risking any of my personal information?
Blockbuster Online’s response:
Dear Robert,
Thank you for contacting BLOCKBUSTER Online Customer Service.
We sincerely apologize for the inconvenience. Please ensure that you are using Internet Explorer to browse our web site. Alternative browsers such as netscape, mozilla/firefox, etc. may not be supported and may cause unexpected errors.
Your Friends at BLOCKBUSTER Online
The idea that Blockbuster would create a site that only functions properly in Internet Explorer speaks volumes, as if that would be the end-all solution. But I wanted to see if it fixed the problem, so I gave it a try. Of course, it did not. It only got worse.
My response:
Hello,
I receive the same error message (“The identity certificate is invalid.” ) when using Internet Explorer 5.2.3 (the most recent version). What’s worse is that I can’t even log in—at least I can bypass the error in Firefox. Surely, you must know that Microsoft is no longer developing or supporting IE for the Macintosh platform, and since security certificate recognition is reliant on software updates, this error will continue to occur, even using Internet Explorer. You should also know that any currently sold Macintosh ships with Safari (an alternative browser) by default, and does not ship with Internet Explorer installed.
I have attached screenshots of the errors I’ve received (using Firefox) in order to help you find the cause of the problem.
Blockbuster Online:
Dear Robert,
Thank you for contacting BLOCKBUSTER Online Customer Service.
Please verify the date and time on your computer. If the date and time is correct, please contact us at 866-692-2789 Monday-Friday from 8:00 a.m. - 7:00 p.m. CST.
Your Friends at BLOCKBUSTER Online
What?! So now I’ve gone from an error message to switching browsers to checking my computer’s time and date (which are properly set, thank you) to now picking up the phone? For what? Isn’t this supposed to be convenient? On second thought, what was that phone number again…
0 TrackBacks
Listed below are links to blogs that reference this entry: Blockbuster Online's security is suspect.
TrackBack URL for this entry: http://tinylittlesparks.com/mt/mt-tb.cgi/1
This happnes wiht any number of online vendors if your time/date is not correct.
Blockbuster's site is actually more secure than Netflix as it uses a more advanced certificate system.
This type of cert rejection occurs and if you look at any number of technical forums (not hackingnetflix site where netflix investors are constantly making up fake problems with blockbuster) you will find indeed the issue is your time clock setting.
Does this combination sound like you:
a) your pc is a year old or more meaning the lithium battery used for the time clock is probably shot; and
b) is your time date update set to more than eight our update; or do you use zone alarm or another firewall that may be blockign your automatic time update?
Again, the cert rejection you are seeing is not a problem with blockbuster, or indeed blockbuster and firefox. you will see the exact same thing on quite a few ecommerce sites -- ironically the most secure ones.
Yeah, there might be some truth to that, but this actually only happens with Blockbuster for me. No other secure sites give me this error, and since I've tried this on different computers, I can guarantee you it's not my time/date settings.
"not hackingnetflix site where netflix investors are constantly making up fake problems with blockbuster"
What? I know that Mike at HackingNetflix is just as much a supporter of Blockbuster's service as Netflix'. I think the ultimate goal of his site is to make sure that customers are getting a fair shake from both services (as well as others).
Heheh. I've had the same problem for ages and it happened again last night.
Turns out you can duplicate it if you log into http://blockbuster.com instead of www.blockbuster.com.
I was able to duplicate it on Mac and Windows browsers.
- Mike
www.HackingNetflix.com
P.S. I think Netflix needs a Blockbuster to keep them honest and innovating. I started HackingNetflix long before there was a Blockbuster Online, so that's part of the reason for the name. I'm not responsible for the comments - but I let anyone post so you have to use your judgement when reading them.