Honors Login Update
#301
Join Date: Jan 2015
Programs: HHonors Gold, Delta Skymiles, Amtrak Guest Rewards
Posts: 34
I don't get a password change notifications when I login on a desktop browser, only on the mobile app. Does that mean I should only change it on the app to get the 1000 points. Either way, for some reason when I try to set my username/password info on the mobile app, it throws me an error.
#303
Join Date: Apr 2013
Location: Lehigh Valley, Pennsylvania
Programs: Milege+, SkyMiles, AAdvantage, HHonors Diamond, Marriott Gold
Posts: 1,685
I don't get a password change notifications when I login on a desktop browser, only on the mobile app. Does that mean I should only change it on the app to get the 1000 points. Either way, for some reason when I try to set my username/password info on the mobile app, it throws me an error.
#305
FlyerTalk Evangelist
Join Date: Nov 2003
Location: South Florida
Programs: AA LTG (EXP), Hilton Silver (Dia), Marriott LTP (PP), SPG LTG (P) > MPG LTPP
Posts: 11,329
I'm not expecting points until the promo is over and they do a sweep. I don't see them doing it at transaction time and if they did, there would probably be a glitch that would post after each attempt and not limit it to only once. We are talking HH IT after all.
#306
Join Date: Feb 2013
Location: Somewhere In The Five Eyes
Posts: 230
Yet another MAJOR hilton.com and hhonors.com login flaw.
https://krebsonsecurity.com/2015/03/...ts/#more-30433
Dear Hilton,
Please hire I/T professionals and security professionals.
https://krebsonsecurity.com/2015/03/...ts/#more-30433
Dear Hilton,
Please hire I/T professionals and security professionals.
#307
Join Date: Jul 2007
Location: Berlin
Programs: BA Gold; Accor Plat; IHG Diamond-Amb; Meliá & HH & Marriott Gold
Posts: 5,450
Yet another MAJOR hilton.com and hhonors.com login flaw.
https://krebsonsecurity.com/2015/03/...ts/#more-30433
https://krebsonsecurity.com/2015/03/...ts/#more-30433
Dear, dear, Hilton.
#308
Join Date: Feb 2013
Location: Somewhere In The Five Eyes
Posts: 230
... and over the past several months, Hilton has been unable to fix multiple SSL/TLS encryption defects of their various portals. According to Qualys (ssllabs.com):
hhonors.com -> 159.127.184.216: F
hhonors.com -> 159.127.184.218: F
www.hilton.com -> 23.61.194.250: F (invalid security certificate)
www.hilton.com -> 23.61.194.49: F (invalid security certificate)
hilton.com -> ftcbco.hilton.com -> 167.187.200.23: F
We need a letter grade lower than F.
hhonors.com -> 159.127.184.216: F
hhonors.com -> 159.127.184.218: F
www.hilton.com -> 23.61.194.250: F (invalid security certificate)
www.hilton.com -> 23.61.194.49: F (invalid security certificate)
hilton.com -> ftcbco.hilton.com -> 167.187.200.23: F
We need a letter grade lower than F.
#309
Join Date: May 2001
Programs: AA PLT 2MM, LH SEN *, HH Gold
Posts: 3,075
#311
was jgoggan
Join Date: Jan 2012
Location: Michigan, USA
Programs: WN 650k+CP; BA 200k; AA 200k; HHonors 450k; IHG 300k Plat; Bonvoy 250k; Rad 225k
Posts: 203
Just tried to change my password and something is messed up still...
I went to the password change page, it accepted my new password, but when I submitted it to "continue" it took me right back to the password change page as if I hadn't done it.
I put it in again and tried to submit, and got:
"We experienced a temporary technical difficulty. Please try again."
They are really having some issues. This should not be that complex...
- John...
I went to the password change page, it accepted my new password, but when I submitted it to "continue" it took me right back to the password change page as if I hadn't done it.
I put it in again and tried to submit, and got:
"We experienced a temporary technical difficulty. Please try again."
They are really having some issues. This should not be that complex...
- John...
#312
Join Date: Feb 2013
Location: Somewhere In The Five Eyes
Posts: 230
> This should not be that complex ...
Proper web & I/T security is complex. It's soooo easy to get something slightly wrong ... that can be exploited into something big(ger). But Hilton is not getting things "slightly wrong." The web/IT and security mistakes that we know about ... reveal that things are "seriously wrong" in a number of areas.
Sadly; Hilton execs apparently hire & tolerate mediocrity. Or; Hilton execs are unwilling to pay the going rate for web professionals and I/T security professionals. (Very different skills) Example: Sony
There are so many obvious problems. Some of us have been trying to find someone at Hilton that will listen. I've had no success engaging intelligent life. Given Hilton's I/T history; I have zero.zero confidence that Hilton execs appreciate their situation.
The problems are now simply blood in the water. The crimeware industry is almost certainly dissecting Hilton's web properties. I expect that the exploits will get considerably worse in the short-term.
When their insurance company tires of writing checks to cover the inevitable losses ... perhaps then, Hilton execs will hire the necessary skilled professionals.
Proper web & I/T security is complex. It's soooo easy to get something slightly wrong ... that can be exploited into something big(ger). But Hilton is not getting things "slightly wrong." The web/IT and security mistakes that we know about ... reveal that things are "seriously wrong" in a number of areas.
Sadly; Hilton execs apparently hire & tolerate mediocrity. Or; Hilton execs are unwilling to pay the going rate for web professionals and I/T security professionals. (Very different skills) Example: Sony
There are so many obvious problems. Some of us have been trying to find someone at Hilton that will listen. I've had no success engaging intelligent life. Given Hilton's I/T history; I have zero.zero confidence that Hilton execs appreciate their situation.
The problems are now simply blood in the water. The crimeware industry is almost certainly dissecting Hilton's web properties. I expect that the exploits will get considerably worse in the short-term.
When their insurance company tires of writing checks to cover the inevitable losses ... perhaps then, Hilton execs will hire the necessary skilled professionals.
Last edited by gqZJzU4vusf0Z2,$d7; Mar 24, 2015 at 5:15 pm
#314
Join Date: Feb 2003
Location: Brisbane (BNE), Australia, QF/VA Forums Meeting Organiser
Programs: VA Plat, QF Gold (97.4% LTG), QP Life, AA (66% LTG). HH Diamond. Amex Plat, Visa Plat
Posts: 6,519
> This should not be that complex ...
Proper web & I/T security is complex. It's soooo easy to get something slightly wrong ... that can be exploited into something big(ger). But Hilton is not getting things "slightly wrong." The web/IT and security mistakes that we know about ... reveal that things are "seriously wrong" in a number of areas.
Sadly; Hilton execs apparently hire & tolerate mediocrity. Or; Hilton execs are unwilling to pay the going rate for web professionals and I/T security professionals. (Very different skills) Example: Sony
There are so many obvious problems. Some of us have been trying to find someone at Hilton that will listen. I've had no success engaging intelligent life. Given Hilton's I/T history; I have zero.zero confidence that Hilton execs appreciate their situation.
The problems are now simply blood in the water. The crimeware industry is almost certainly dissecting Hilton's web properties. I expect that the exploits will get considerably worse in the short-term.
When their insurance company tires of writing checks to cover the inevitable losses ... perhaps then, Hilton execs will hire the necessary skilled professionals.
Proper web & I/T security is complex. It's soooo easy to get something slightly wrong ... that can be exploited into something big(ger). But Hilton is not getting things "slightly wrong." The web/IT and security mistakes that we know about ... reveal that things are "seriously wrong" in a number of areas.
Sadly; Hilton execs apparently hire & tolerate mediocrity. Or; Hilton execs are unwilling to pay the going rate for web professionals and I/T security professionals. (Very different skills) Example: Sony
There are so many obvious problems. Some of us have been trying to find someone at Hilton that will listen. I've had no success engaging intelligent life. Given Hilton's I/T history; I have zero.zero confidence that Hilton execs appreciate their situation.
The problems are now simply blood in the water. The crimeware industry is almost certainly dissecting Hilton's web properties. I expect that the exploits will get considerably worse in the short-term.
When their insurance company tires of writing checks to cover the inevitable losses ... perhaps then, Hilton execs will hire the necessary skilled professionals.
#315
Join Date: Nov 2010
Posts: 646
I've never gotten a mini IQ test 'which pic is soup' before, which came instead of CAPTCHA on the HHonors log-in. it's true that I hate capthcha however it's spelled, but I'm not sure that my ability to log on to Hilton's site should be based on my culinary know-how.