PDA

View Full Version : Empire Arms Owner ....


duckhunterflyfisher
11-01-2010, 2:21 PM
Is a nut job...Get this...he only does business by having customers send him credit card info by email. I am in IT and specifically security. You should NEVER send personal information in emails, even breaking it up unless its encrypted. Those boys in Eastern Europe just love people and businesses that do things like that. Its just not safe. I expressed to him I couldnt do the transaction because of security concerns. I pointed this out to him in a friendly way and asked if he wanted one of the security guys that worked with me show him how easy it is to hack. Just to help him out and secure up his transactions with customers. I told him he would have to pay for this service, we dont work for free. I dont know the guy and I am not big on charity. He responded to my suggestion with a nasty email and the follow "Get a life, and if you hacked me I will whack you!" He is a frigging nut job...stay away dont do business with that kind of duchebag...Whack Me..cause I wanted to help him ensure his customers have safe internet transactions. The ATF really does hand out FFLs to anybody...dont do business with this guy, he is terrible at customer service and I dont like threats...he should be careful who he treatens too...insomuch as frequently work with a high level law enforcement agency that doesnt like threats...i forwared his email on to them...I am sure he will get a call from an agent soon...

Interloper
11-01-2010, 2:30 PM
Actually...Dennis Kroh is a pretty neat guy.
I didn't realize his billing practices were so arcane. You do realize though that you not only suggested you could hack his payment system...but then you demanded he pay you for the privilege? Sounds a little like blackmail.

duckhunterflyfisher
11-01-2010, 2:40 PM
I was only suggesting that i could show him it could be done, because he was so adminent that his payment practice was safe and secure. Email is neither safe nor secure and if you send personal info with it, buckle up cause it will get hacked. I offered to show him how it was unsafe, it was not blackmail or a treat. He was just pissed I didnt want to do it his way and the threat of Whacking me...nothing neat about that . He is a nut job and I will never buy a gun from him..never...He was rude and pissy from the very start..there are plenty of other gun dealers out there he is nothing special.

duckhunterflyfisher
11-01-2010, 2:41 PM
And i dont see security work as a privilage..why would I do a privilage for this guy, I dont know him.

Mssr. Eleganté
11-01-2010, 2:48 PM
Actually...Dennis Kroh is a pretty neat guy...

Dennis is a really great guy, until you piss him off.

bigmike82
11-01-2010, 2:52 PM
Sorry dude. I gotta agree that you approached it the wrong way.

"I can hack your stuff, but I'll fix it if you give me money"?

*shakes head*

You could just get a one-time use CC number and use that. It'd be an easy way for you to get what you want without compromising your security.

Just sayin'.

Howie44
11-01-2010, 3:09 PM
Dennis is one of the greats in the C&R dealer community. His inventory is usually very high grade, and in better condition than he describes. Get a prepaid Wahlmart Visa, pay the $3 service charge, and quit your sniveling, Nancy.

Interloper
11-01-2010, 3:17 PM
Maybe he takes GPal?
:rofl2:

Recession
11-01-2010, 3:24 PM
If I was in the dealer's shoe, I would see your email as a trolling method to solicit security service. I understand your concern with his method of doing business but in my opinion I believe you approached it all wrong.

Ed_in_Sac
11-01-2010, 4:15 PM
^Yep, good intentions gone awry...it happens...cheer up;)

SVT-40
11-01-2010, 4:31 PM
Empire Arms is a good location to find some nice military weapons. Dennis is a great guy.

Regardless of your intent. Most business owners don't appreciate being told how to run their businesses.

cmaher55
11-01-2010, 4:34 PM
Actually I like the way he does business and find him to be a very honest seller of great rifles and he has a sense of humor...! Never a problem buying anything from him and I would not hesitate to buy again from him. Probably one of the best in the business in my opinion. Regards

Rogerbutthead
11-01-2010, 4:35 PM
Dennis Kroh +1 - never had any problems with the stuff I bought off of him.

Spiggy
11-01-2010, 4:39 PM
^ seems like a cool guy, I've bought stuff from his website before.

Try a temporary CC or a PO-MO.

hk91666
11-01-2010, 5:33 PM
Dennis is one of the greats in the C&R dealer community. His inventory is usually very high grade, and in better condition than he describes. Get a prepaid Wahlmart Visa, pay the $3 service charge, and quit your sniveling, Nancy.

Dennis is a great guy OP item is very strange.

duckhunterflyfisher
11-01-2010, 5:45 PM
Hang on a second there campers. I offered to have one of the security people I work with hack him (with his permission of course, and only with his permission, we are not some black market eastern European shop). Nothing is free in life, so why should we do this free for this guy. There was no blackmail nothing of the kind, I was interested in one of his pistols and was going to talk to my FFL and have the paperwork sent over. Then I read the guys site and all the rules and payment nonsense he has on it, I couldn’t believe the payment options. I inquired to confirm the payment options and he confirmed the only email credit card baloney..

Then I emailed him declining to purchase the gun because of the questionably safe email payment option. I am sure it pissed him off and he must hear it a lot. Then there were a couple email exchanges where he told me I didn’t know what I was talking about after I told him I was in technology and had a master in computer science (then reason I did feel safe with the email option). That would have been good enough for most people. He is ignorant on the email thing so I wanted to help him, mostly because I don’t want some poor customer of his to get ripped off. However the guy is a blow hard, he clearly is one of those people that can tell you why the sky is blue, grass is green, etc. But what he cant do is be understanding when a potential customer has concerns about sending person/confidential information in an email. A reasonable shop owner would have said give me a ring, lets do it over the phone. Not this guy, nope…The icing on the cake was the threat…bottomline you don’t do that period. Initially I offered some advice free of charge but he was so unreasonable and a blow hard I though why should I help this guy…I don’t care who he is, there are plenty of guns out there and he is not the only dealer in the world…He needs to learn customer skills and modernize giving customers a safe secure vehicle for transactions. If he thinks email is it he will have a rude awakening someday…Its absolutely not safe nor is FAX for that matter. Don’t take my word for it go google it… And never threaten someones life, what a loser…

hk91666
11-01-2010, 6:34 PM
For everyone here is his policy I haven't used it but sounds very reasonable:

We came up with a SECURE method for those who are worried about sending sensitive information such as credit-card numbers through e-mail to do it safely. It's really quite easy and obvious...
E-mail us your order and include your name, address, and the first half of your card number to kroh@empirearms.com (kroh@empirearms.com)
Send another e-mail to me personally at kroh@mindspring.com (kroh@mindspring.com) with the order information, but include only the last half of the card numbers as well as the expiration date and your phone number. This second email address goes directly to an encrypted computer in a room that only I have access to (no one else is allowed in that room at all).
That way I, personally, will be the only person who can put the entire credit-card number together and utilize it, and your risk is eliminated. We will e-mail a confirmation that the numbers were received and your order will go out on the next possible shipping-day.
If you wish us to utilize that same credit card for your next order(s), please add the words "please keep this number on-file" and this will be securely accomplished (so this process will be eliminated for subsequent orders)

jmlivingston
11-01-2010, 6:54 PM
For everyone here is his policy I haven't used it but sounds very reasonable:


It's not, for several reasons. First off is that the emails travel a common path in clear text several times: 1st through the customers mail server and 2nd across his local ISP. Then those messages are probably kept/stored/read on the same PC, again in clear text. Any of those three spots are easily compromised.

While I do think he's one of the greatest resources out there for C&R collectors his sense of computer security is extremely outdated. I'm actually surprised he hasn't lost his merchant account due to PCI issues.

John

duckhunterflyfisher
11-01-2010, 6:59 PM
Ok here is where this dual email deal doesn’t work. The card information you send them is now on his personal PC (not encrypted in anyway, so what does he do when he upgrades PCs or gets hacked, you CC info is out there for everyone)not to mention the servers of whatever IPS he is using. The severs at the ISP are never that secure, plus the info is not encrypted. I can go on and on about why this is extremely bad way of sending personal information eg credit card data but Dennis will threaten to kill me again right Dennis..That how you deal with people when they offer to help you...Dennis emailing personal information is not good practice period, anyone in IT will tell that, unless encrypted the data is NOT secure…Don’t take my word for it, oh wait you know everything already…I forgot..and you like to threaten people…that want to help you…I forgot that too…

duckhunterflyfisher
11-01-2010, 7:03 PM
Dennis, you pissed me off today..You had no right to threaten me my life. I just wanted to help you help your customers, thats all, if I came off quick or ****ty I am sorry for that, but again "whacked" come on man the firearm community should not be that way...Do the right thing here and get some sort of secure online payment deal. There are several secure cheap options...Check it out...please...Email is NOT secure..talk to some IT people..dont take my word for it.

Toyman321
11-01-2010, 7:12 PM
I'll put it another way. You have a random person you don't know from a hole in the ground ring your door bell, tell you your home isn't secure becuase you don't have an alarm and they will hook you up with one if you only let them in your front door so they can tell you more about the system.... but you'll have to pay them.

It's the exact same thing, I have a blanket policy, as Im sure most everyone else here does aswell: "If you ring my door bell and try to sell me something unsolicited, go away, if I want a service I'll find you."

Im sure you had good intentions, but look at it from his perspective, a random person he doesn't know emails him, tells him that someone could hack him, but you can prevent it, for a price. Doesn't sound too far off from "Hello, I am a Nigerian Prince....."

Noobert
11-01-2010, 7:14 PM
Something tells me that his system is still more secure than Model1Sale's

Lucky Scott
11-01-2010, 7:19 PM
"You do realize though that you not only suggested you could hack his payment system...but then you demanded he pay you for the privilege? Sounds a little like blackmail."

You may be very knowledgeable in security and computer skills, but your people skills are weak. If you were a doctor, you would be accused of having a bad "bedside manner" regardless of how good a doctor your are.

Just saying, you could have handled it in a better way. But I am going to bet you will disagree with me.

duckhunterflyfisher
11-01-2010, 7:29 PM
Hey is this guy 12? I deal with people all day long that don’t like what I have to say about security. None of them threaten to have me Whacked. Secondly I was his potential customer with security concerns about his so called “secure” method of payment. He addressed my concerns poorly. He was unpleasant in his email correspondence so why should I do a security check for him for free. None of you guys would work for free so stop saying I was out of line to say any services rendered would require payment.

He did not dig what I had to say today about his payment setup, boo hoo, I am sure he doesn’t like anyone telling him anything because as I stated before he knows it all. When he doesn’t have the correct answers he personalizes and threatens. That’s why hes a small shop guy and will stay that way. He is asking people to execute payments in a manner that is flat out not safe and he is irresponsible for it. Ask you CC company what they think about his payment plan…they will tell you the same thing I am saying…I guess he will have them Whacked too…I am done with this…Send your CC info via email at your own peril. Broken up in parts or not, its NOT secure…ask any IT people you know. Don’t trust me or listen to me I don’t care. I didn’t like this guys threat today and if he is coming at me he better be prepared…

duckhunterflyfisher
11-01-2010, 7:32 PM
I did not blackmail him, I said with "your permission" i could have one of the guys hack your stuff to show you how easy it is...ONLY with his PERMISSION..to help him see what he thinks is a good deal is not...I WOULD NEVER BLACKMAIL..or threaten...period. Most shop owner work to correct risk when someone tells them theres a problem...If he had been pleasent today I would have built him a secure payment portal for the price of the cheap pistol I was looking at..But he threatened me and I am not cool with that!

mauser98k
11-01-2010, 7:41 PM
Dennis is a great guy and the guns he sells are outstanding and exactly as described.

i've done business with him a few times and have never had a problem or complaint.

Toyman321
11-01-2010, 7:41 PM
You really don't get it do you? I'll reiterate my previous post.... heck I'll even expand on it.

You don't know me. I knock on your door, you don't know who I am. I say: "Your house looks easy to break into, with your permission I will break in. Then you can pay me to prevent it from happening again."

What would you do? How would you react?

If it happened to me, I'd react about the same as he did... just sayin.

Fjold
11-01-2010, 7:53 PM
Hey is this guy 12? I deal with people all day long that don’t like what I have to say about security. None of them threaten to have me Whacked. Secondly I was his potential customer with security concerns about his so called “secure” method of payment. He addressed my concerns poorly. He was unpleasant in his email correspondence so why should I do a security check for him for free. None of you guys would work for free so stop saying I was out of line to say any services rendered would require payment.

He did not dig what I had to say today about his payment setup, boo hoo, I am sure he doesn’t like anyone telling him anything because as I stated before he knows it all. When he doesn’t have the correct answers he personalizes and threatens. That’s why hes a small shop guy and will stay that way. He is asking people to execute payments in a manner that is flat out not safe and he is irresponsible for it. Ask you CC company what they think about his payment plan…they will tell you the same thing I am saying…I guess he will have them Whacked too…I am done with this…Send your CC info via email at your own peril. Broken up in parts or not, its NOT secure…ask any IT people you know. Don’t trust me or listen to me I don’t care. I didn’t like this guys threat today and if he is coming at me he better be prepared…

You don't seem to understand what half the people here are saying.

Dennis did not ask you to any service for him. He nor anyone else, owes you any explanation for why you should do any work for free.

Fot
11-01-2010, 8:02 PM
Sounds like the op was hoping for a free gun.. Pay me to show you how bad your system is, pay me to show you how to fix it.. rather rinse and repeat..

a1c
11-01-2010, 8:23 PM
He really needs to upgrade his system. It's not as secure as he thinks it is. And I'm not sure what an "encrypted computer" is.

Rule .308
11-01-2010, 8:28 PM
WOW, are you really that thick, you just don't get it. Dennis Kroh is a very well respected individual and asset in the vintage firearm community and you come on here with a whole 49 posts to your name, insulting the guy, soliciting people to not use his services, stating that you have reported him to some kind of law enforcement agency to have him checked out? You really need to take a step back and seriously reconsider your actions. You think you are getting a piss poor reception here, why don't you take this line of reasoning on over to Gunboards, Parallax Bills, or Surplusrifle, yeah buddy you'll get a really warm reception from those guys by trying to drag Dennis threw the mud. Not too smart man.

v/dBrink
11-01-2010, 8:46 PM
Dennis didn't ask for your help did he?

He's a Vietnam combat veteran. He doesn't need anything from you. Best thing you could do is mind your own business... which does not include how you can hack his business.

Kroh - I'll let you know if there's anything needing your attention here. :)

emcon5
11-01-2010, 9:56 PM
I don't have a dog in this fight, and while I have never dealt with Empire arms, their reputation is excellent, and by all accounts, Dennis is a great guy. I do not know, and have never had any dealings with the OP.

I am, however an IT security professional.

What everyone seems to be missing is how great a guy Dennis may be is not in any way relevant to the enormous security problems with sending a credit card number in unencrypted email. That is roughly equivalent to writing it on a postcard and dropping it off in a random mailbox.

The idea that breaking it in to two different emails would somehow make it more secure is wishful thinking.

The PC encrypted at the other end is nice, but that is not the weak point, it is the transfer medium between when the buyer clicks send and Dennis opens his email at the other end. Frankly, the faith in email as a secure system gives me concerns about security awareness in general, and makes me wonder how secure the systems at Empire really are (patch currency, anti-virus, some sort of host intrusion detection, etc)

Sadly, I think it is not a matter of "if" someone's CC data will be compromised, it is a matter of "when", and the only question is how bad will the damage be.

And for the record, I am not interested in doing any security consulting for Dennis (or anyone else for that matter).

Seriously, relying on SMTP for security is like installing a screen door on a submarine.

Interloper
11-01-2010, 10:30 PM
^^^
I don't think anyone is arguing differently.

empirearms
11-02-2010, 10:52 AM
Of course one of our customers alerted me to this thread so I feel that I must respond.

Did I threaten to KILL this guy?

No. . . the response in question was "You need to get a life . . . I'm glad I'm not selling you a gun. Do not contact me again, and if you have me hacked I will have you whacked."

I used that term only because it rhymed with "cracked" and meant it as in "whacked up side the head" not personally terminate your life.

Essentially this guy comes out of nowhere and wants to order a $125 pistol through a dealer. I'm guessing he figured out that the dealer's fees, sales tax, and UPS air would about double his cost and decided to back out of the transaction using our supposed lack of secure payment as an excuse.

We have had over 164,000 transactions over the past two decades without a SINGLE incident of anyone getting their credit card info compromised. This fella is the *VERY FIRST* to go ballistic about our methods in nearly two decades of doing this (processing anywhere from three to twenty orders per day).

As for being rude and having a bad attitude, lets look at the emails themselves, shall we?

================================================== =============

From: XXX
To: kroh@empirearms.com
Sent: Saturday, October 30, 2010 10:36 PM
Subject: HUNGARIAN Model AP 7,65

Do you still have this?

Yes, our website is kept completely up to date in "real time", so everything listed there (that is NOT marked SOLD) is indeed available at this very moment.


From: XXX
To: 'Dennis Kroh (Empire Arms)'
Sent: Saturday, October 30, 2010 11:21 PM
Subject: RE: HUNGARIAN Model AP 7,65

Ok I am very interested in this. How do I pay you, eg what forms of payment do you take?

As stated in our "Terms of Sale" page (at http://www.empirearms.com/terms.htm ) we prefer credit cards for payment (we do not charge extra for using them).

My local FFL is closed on Sundays so it would be Monday at the earliest I could roll over and have them fax/email their details to you.

That will be fine. . . we may possibly even have them on-file already.

I will mark it SOLD for you until Tuesday.



From: XXX
To: 'Dennis Kroh (Empire Arms)'
Sent: Monday, November 01, 2010 1:31 PM
Subject: RE: HUNGARIAN Model AP 7,65

Hello Dennis,

I am going to pass on this. I am an IT guy (masters of science in computer science) and will absolutely under no circumstances put partial or full CC information in an email. Email is simple to hack and it would be a easy task to grab all CC information provided.

That has never happened and will never happen. Each half of the information goes to two separate computers, one located in a room only I am allowed in, thus I am the only person that can put the full card number togather.

I think we have a deal breaker here insomuch as your site states you don’t do business any other way.

You could send us the number via FAX (machine located in the same room only I am allowed in).

You really should find a safe means for your customers to provide payment information. Sooner or later a hacker will get your customers CC information. Only a matter of time.

Nope. . . will never happen. Been doing this for several decades (5-20 transactions per day), and have NEVER had a single case of credit card fraud.

There are many simple and secure ways to setup for CC payment on your website…many with low to no fees involved.

You are needlessly paranoid, dude. Thieves are only thieves because they are not smart enough to gain legal employment.

I will remove the SOLD tag from that pistol, at your request.


----- Original Message -----
From: XXX
To: 'Dennis Kroh (Empire Arms)'
Sent: Monday, November 01, 2010 2:03 PM
Subject: RE: HUNGARIAN Model AP 7,65

I have a master of computer science in know what I am talking about, if you are interested I can have one of my guys hack you and send you all those emails with credit card info in them. I would charge you of course for my techs time. Just to show you how unsafe it is..Not paranoid just know the facts, hate to see one of your customer get taken. It is unsafe and sooner or later one of you customers will get taken..just a matter of time.

You need to get a life . . . I'm glad I'm not selling you a gun.

Do not contact me again, and if you have me hacked I will have you whacked.

and finally:

----- Original Message -----
From: XXX
To: 'Dennis Kroh (Empire Arms)'
Sent: Monday, November 01, 2010 5:00 PM
Subject: RE: HUNGARIAN Model AP 7,65

Man, I was simply trying to help you so some dickheaded doesn’t hack you or mess with your customers. I would never hack you, I am on the good guy side. You really don’t have the best customer service and I am mutually happy I didn’t buy a gun from you. Nice that you threaten people wonder what the ATF will think of that when I send him your email to me…good day sir.

================================================== =======

Bottom line is NOBODY has ever "been taken" paying us in this fashion. The fact that the split emails go via separate conduits to us and are not stored on the same computer (which are not even networked together) is somehow lost on this loudmouth.

The analogy of it being as unsafe as writing the number on a postcard is also false, as if it was split up between TWO postcards addressed to two different mailing addresses and mailed on successive days nobody (including the postal workers) could put the entire usable number together except for me when I collected my mail from two separate addresses.

Anyway, this "IT masters degree" guy is apparently out to badmouth me and cost me business and apparently has no sense of humor and thinks I threatened to kill him.

We do not take orders over the phone because we use cordless phones and anyone with a scanner within a mile can listen in on conversations (including credit card numbers) given over the phone, and, this being a NASCAR town, lots of people have scanners and listen in on phone conversations just for fun.

Well, enough defending myself. . . I have got to go out and VOTE (I hope everyone reading this has done so already).

Beetle Bailey
11-02-2010, 11:10 AM
Payment issues aside, that was a poor choice of words by Mr. Kroh. But now that he's explained himself he gets a pass in my book. In the past I've purchased two RC Mauser 98K's from him and both were in great shape and packed very well. No problems at all and if I were looking for a C&R rifle, his site is one of the first places I'd look. Fast and friendly service is what I got.

Recession
11-02-2010, 11:16 AM
Dennis I'm sure you're a stand-up guy but you do have to realize that your perception of "secure" is prehistoric at it's best. Emails are stored on an email server, not on YOUR computer. You can have 5 computers put into 5 separate rooms with 5 separate keys but you miss the point, emails are not physical objects that can be stored away in a vault, they are data. People don't have to be at YOUR computer to get that information. Anyone with an internet connection can hack into the email server and retrieve that information.

For example. If I throw you a football, a player from the opposing team can intercept it. They don't have to wait until you catch it to take it out of your hands.

You seem to understand the concept of people being able to tap into wireless phone conversations with a scanner, why can't you understand the concept that the entire WORLD can tap into data streams being sent from one computer to the other over the internet?

Corporate MONSTERS such as Citibank and Bank of America have been hacked in the past, and these companies pay Millions upon Millions for I.T. security. How much more secure do you believe that your split emails between two computers method is in comparison?

The reason why you haven't been hacked yet is because hackers were unaware of your business' existence. Now that everyone on the internet knows that you conduct credit card transactions via email (5-20 transactions per day) and had 164,000 other credit card numbers that have passed through your email servers, I would be VERY worried.

Milsurp Collector
11-02-2010, 11:30 AM
I wonder how many guys who are worried about their credit card numbers being hacked out of an email server will hand their credit card (or even worse, their debit card) to a waiter/waitress/server in a restaurant to take up to the register so they can print out a slip to sign. It would be very easy for a dishonest restaurant employee to copy dozens or hundreds of names, credit card numbers, and card security codes and then sell them, no computer hacking skills required.

It's a rhetorical question, I don't expect anyone who does that to admit it here. :p

bigmike82
11-02-2010, 11:32 AM
Duckhunterflyfisher:

Please stop for a second and think about what people here are telling you. No one is saying you're wrong from a technical standpoint. You're nnot. There are huge issues with the way payments are processed.

That said...your approach was very bad.

"I have a master of computer science in know what I am talking about, if you are interested I can have one of my guys hack you and send you all those emails with credit card info in them. I would charge you of course for my techs time."

You gotta understand how that sounds from another perspective than yours. This was a very bad way of handling the issue.

EmpireArms...sir, though you do have an oustanding reputation, your IT security mechanism is weak at best, and in violation of PCI. I would be happy to discuss this with you further (at no charge). What the individual above said (poorly) is actually accurate. Though you haven't had an issue yet, that doesn't mean you won't have one in the future.

jaq
11-02-2010, 11:35 AM
Mr. Kroh,

I have enjoyed window shopping your site many times and hope to purchase from you someday.

Please don't take anything I say as personal criticism. And I am not defending the OP. His social skills could stand some improvement - a common trait in the IT community. And who among us is without fault?

But please allow me to reinforce what the other IT professionals are saying because, I - like them - make my living as an IT professional. Your understanding of the security issues could, ahem, stand an upgrade. Just because no one has reported their cc compromised due to using your method in two decades doesn't mean it didn't happen. In fact, it almost certainly has happened more times than can easily be counted. It is just that the responsibility wasn't laid at your doorstep because the info was hacked well before it got to you. It would be beneficial to you personally to at least be aware of the truth and not be exposed as something repugnant to the younger collectors who are IT savvy. They will not see you in a favorable light: saying the least to be polite.

bigmike82
11-02-2010, 11:36 AM
One final point on CCs.

Paying with a credit card is the safest thing you can do, regardless of the merchant's policies. You're only liable for what, fifty dollars if the card is used fraudulently?

Beats the hell out of writing a check/paying cash.

FS00008
11-02-2010, 11:37 AM
Dennis,

I know you're a standup guy and have done business with you in the past, but until you figure out a smarter way to do transactions I'm going to stick with one time Visas to buy stuff from you. I'd be VERY careful about letting your merchant terminal provider see how you do business online. You ARE violating PCI compliance regs and they will pull your account.


I agree OP was a jackwagon about how he went about it, but at the same time you do need to invest into a new system. Especially considering that you just described the route in detail for private information.

bandook
11-02-2010, 2:26 PM
... I told him I was in technology and had a master in computer science (then reason I did feel safe with the email option). That would have been good enough for most people. ...

Therein lies your problem (see highlighted text above).

You are of course right in the possibility of the cc number being compromised en route. (Theory)

The problem is that unless Empire arms is specifically targeted, the chances of that happening are remote at best. (Practice)

I'm not saying its not easy to do - just that it has to be a targeted attack and if one is going to risk jail time for such activity, Empire Arms, with its relatively low volume, is probably not the best target - especially as people like me ALWAYS use single use Credit Card numbers with small merchants.

That way, by the time a thief gets the card number, there's less than 10 dollars left on it (if I haven't closed it out already).

Check with your credit card to see if they provide this service. (it is available on at least the old MBNA - now Bank of America credit cards).

bandook
11-02-2010, 2:34 PM
Sounds like the op was hoping for a free gun...

Lets not get carried away with this.

I think this all started with good intentions from the OP. Somewhere along the line one misunderstood the other (poor choice of words) and things went downhill from there.

bandook
11-02-2010, 2:35 PM
One final point on CCs.

Paying with a credit card is the safest thing you can do, regardless of the merchant's policies. You're only liable for what, fifty dollars if the card is used fraudulently?

Beats the hell out of writing a check/paying cash.

Most cards will waive even the $50.

bandook
11-02-2010, 2:45 PM
I wonder how many guys who are worried about their credit card numbers being hacked out of an email server will hand their credit card (or even worse, their debit card) to a waiter/waitress/server in a restaurant to take up to the register so they can print out a slip to sign. It would be very easy for a dishonest restaurant employee to copy dozens or hundreds of names, credit card numbers, and card security codes and then sell them, no computer hacking skills required.

It's a rhetorical question, I don't expect anyone who does that to admit it here. :p

Hardly rhetorical, I've had this happen to me a few times, usually overseas. (France is the worst)

Fate
11-02-2010, 3:05 PM
In my book, Dennis Kroh > duckhunterflyfisher and it's not even close.

gunboat
11-02-2010, 4:30 PM
Ain't America great! Mr Kroh can do business as he likes and folks can choose to buy or not as they like -- Can't beat that!

a1c
11-02-2010, 4:35 PM
Most cards will waive even the $50.

Yes, but it can take a while for things to clear. I have been there several times. Lots of paperwork and time wasted over the phone. I'm certainly not taking that chance with that kind of payment system. It's not even antiquated, it's just half-assed. It doesn't make sense to me that he wouldn't invest the few hundreds needed to make it secure. He would probably see a boost in business.

blakdawg
11-02-2010, 6:33 PM
Empire Arms, fix your system. "Two different e-mail addresses" is the computer security equivalent of my unnamed family member who hides a key to her front door under a rock next to the front door. The fact that you think it's effective illustrates that you are an honest person who isn't good at thinking of ways to steal from others. That's a good thing. But you have a serious vulnerability that may inconvenience a lot of people and embarass you badly someday if it's not fixed.

Duckhunterflyfisher, your message to the effect of "your security sucks, I know someone who can hack you, pay us and we will keep you from getting hacked" is the marketing/business/social equivalent, if not worse, of the "two different e-mails" security strategy. The fact that you can't see this means you're one of the honest geeks who doesn't want to sugarcoat things like tricky lying salespeople/MBA's. That's a good thing. However, you need to either work on your soft "social" skills or just STFU when dealing with non-geeks because messages like the one that you wrote alienate people unnecessarily. The world is full of security problems - pointing them out without being asked is likely to land you in jail and/or cost you your job.

IrishPat
11-02-2010, 7:43 PM
How about this? Don't tell the man how to do his business.

At a minimum, pay him the respect that he deserves for serving two tours in country in Vietnam. Maybe after that, you can address him as a man; both on your part, and on his. If you were so concerned about his system, why did you air it out in public?

You let the Genie out of the bottle son, have fun getting it back in and salvaging your reputation among those who stand up to pee.

FS00008
11-02-2010, 8:38 PM
IrishPat,

I have the utmost respect for his service. I don't respect or agree with how he does business.

Mezcalfud
11-02-2010, 8:45 PM
Hey- great to see Dennis here! Sorry for the circumstances. I have purchased several items from Dennis and they were better than described and the transactions were great.

OP is like the homeless guys that wash your window in traffic without asking, stand there awaiting payment and then spit on your car when you don't give them money.

empirearms
11-02-2010, 10:21 PM
Okay. . . the bottom-line is that Mr. BM (Big Mouth) never properly identified himself as a California resident when ordering a non-C&R pistol (which is *NOT* on the CA "approved" listing) from us. Pease read the verbatim emails we exchanged if in any doubt.

I should have never accepted his order (seeing as he only identified himself by name, if that *IS* his name) and he never let on where he was located. That is *MY* fault, and it will not happen again (everybody be sure to *THANK* Mr. BM for making you expend more effort to identify yourself and where you are from from now on).

Unfortunately Mr. BM could *NOT* order this item from us (even if he wanted to) due to the California-specific limitations, it not being on "the list" of approved handguns.

Whether or not Mr. BM decided to RENEGE on his agreement to purchase this item I cannot say, but RENEGE he *DID* and based his "reasons" on our lack of security regarding his credit card number (never mind he could have FAXED it to us or even mailed it in a letter, like many of you do for common bills, etcetera). Mr. BM also stated in his first post that I threatened to kill him, which was untrue (it was a rhymeing joke, dude).

This ENTIRE PRETEXT for this assault on EMPIRE ARMS is dumb. . . everybody knows (or should know) that one can contact their CC provider and obtain a "one-time use" CC# for little to zero cost (I do know American Express encourages this, and CHARGES NOTHING to do so). If you have ANY doubts whatsoever about our operation or security we HIGHLY recommend that you avail yourself of this option.

Mr. BM states that he was surprised that we do not allow CC#'s to be yakked to us over the phone. HOW is this more secure than my time-tested "method"? Besides, the possibility of a number being transposed or incorrectly read (by you or us) is greatly increased utilizing this lazy method.

Our (dinosaur) method of CC handling is 100% paper-free (we NEVER print out or write down the number or expiration-date for another to acquire), and NOT ONE of our customers has ever had an incident that they could point to us, and likely never will!

DOES THAT MEAN NOTHING TO YOU PEOPLE???

99.5% of all credit card fraud is a result of handing your credit card to a server in a restaurant. . . it has happened to me a couple times (and several people got fired and one spent some time in jail due to their stupid greed).

As for "emails being stored on servers" they ARE NOT in our case! Our servers are PURGED at least once a day! The two email addresses are on two totally SEPARATE conduits and the numbers CANNOT be reassembled except for yours truly. How is THAT not secure?

As an aside, EMPIRE ARMS has *ALWAYS* supported the rights of the California firearms community. MANY dealers and individuals will (for quite a few years) *NOT* ship a firearm to California, but EMPIRE ARMS has ALWAYS supported you and ALWAYS will go through the extra steps if need be! I STILL consider MYSELF to be a Californian (if only by birth and living half my life, so far, in your state). I may be located n Florida now, but if you call me you will DEFINITELY hear the California boy come out.

We even have a website http://www.empirearms.com/cal-ffl.htm that is dedicated to those California residents detailing what they can and CAN NOT legally do as C&R licensees! I don't see any of our competitors with a page like that!!! Do you?

If ths does not PROVE To you that we are *ON YOUR SIDE* and have no neferious purpose other than to deliver exceptional quality and service, then I do not know what more I can say.

DISCLAIMER: ths above is *NOT* an advertisement for Empire Arms in this forum (for which we ARE NOT official sponsors). I am only defending myself against baseless (and clueless) posters in this particular thread. I pledge that I will not make myself a nuisance in ths or any of your forums.

cmaher55
11-02-2010, 10:32 PM
Go Dennis, go....! Don't waste any more time on "Mr. I got a masters in computer science" and "I'll only charge you a little to hack you".... Go back and keep updating your website and selling great arms to us at very good prices...! I still love that beautiful Finnish M39 you sold me several years ago and you would not believe the people at the range who come over to drool on it....! And thanks for going out of your way to sell to those of us stuck in California by birth...! Regards, Chris

Interloper
11-02-2010, 10:49 PM
Dennis,
The first thing I did upon receiving my C&R was to sign copies and mail them out to every retailer and C&R dealer out there. I included a letter with my email address, phone number, etc.
I received exactly two confirmations that my C&R had been received. One from Midway and one from you.
I've used the link you just posted on California C&R laws to change the minds of several Gunbroker sellers who refused to deal with a Californian.
I've even followed your rock band antics on Gunboards.

Stay cool, Dennis.....
...Oh, and how's about a few free M39's for your buddies at Calguns? ;)
No? Well...stay cool anyway.

mosinnagantm9130
11-02-2010, 11:11 PM
I've never ordered from Empire, but I've heard nothing but good things. I'm siding with Mr. Kroh on this one.

knucklehead0202
11-02-2010, 11:17 PM
you both sound like a-holes to me. never dealt with enterprise but all i've heard is about 50/50. i understand the op's point, at the same time, i can understand how it might come off a bit wrong, but his intentions seem honest, while perhaps poorly executed. and the guy DID essentially threaten him, which is chickensh** if you ask me, and makes all gun people look bad. the idea I/we try to promote is responsible ownership without childish displays of power such as that. i know plenty of vietnam vets that would call you a ***** for such a statement. at the same time, i'm no computer nerd but i have ordered many things over the internet and that system sounds archaic and ridiculous and there's no damn way i'd put that info in 1,2, or 10 emails. the fact that "nothing's ever happened" according to the owner, doesn't exactly give me a warm fuzzy feeling. according to commercials, Jerry Brown never screwed the taxpayers, but anyone with a brain knows better. well that's all i got, you both sound like wankers. have a good night!

finloq
11-02-2010, 11:20 PM
"I have a master of computer science in know what I am talking about, if you are interested I can have one of my guys hack you and send you all those emails with credit card info in them. I would charge you of course for my techs time. Just to show you how unsafe it is..Not paranoid just know the facts, hate to see one of your customer get taken. It is unsafe and sooner or later one of you customers will get taken..just a matter of time."

I wonder how the powers that be in the company that you work for; would take you offering to use their associates and their assets as IT Mercenaries? Profit is just a secondary agenda. In actuality, you are just trying to do a good deed.

Do, I believe that this was your intention? No. You are probably a good guy, who was simply trying to point out a (possible) error. You must see though, how it could be interpreted.

For the record, I will stand up for Dennis. I have done business with him and have received unsolicited (yet, very appreciated) assistance from him during a pet project. If Dennis were to wear a t-shirt with an identificational (it's a word, look it up Gents) adjective statement upon it, it would read:
Personal Integrity.
Dennis, please don't read this as an attempt to see your under clothes. :)

Mofo-Kang
11-02-2010, 11:26 PM
I wonder how many guys who are worried about their credit card numbers being hacked out of an email server will hand their credit card (or even worse, their debit card) to a waiter/waitress/server in a restaurant to take up to the register so they can print out a slip to sign.

Incidentally, debit cards have the same protections credits cards do these days. They didn't used to, but that's changed.

Mofo-Kang
11-02-2010, 11:36 PM
If ths does not PROVE To you that we are *ON YOUR SIDE* and have no neferious purpose other than to deliver exceptional quality and service, then I do not know what more I can say.

You've got nothing to prove to me, Mr. Kroh. Every interaction I've had with you has been polite and professional, and your site's always been great. I appreciate the work you do and the consideration you extend to CA customers.

empirearms
11-02-2010, 11:55 PM
you both sound like a-holes to me. never dealt with enterprise

Our name is EMPIRE ARMS, not enterprise. . . .

but all i've heard is about 50/50

Really. . . our feedback over the nearly twenty years of business has been average 98+% for and -2% against (some folks wishing we would sell stuff for less than we paid for it, wanting hundreds of photos for a single gun, wanting us to violate the law to sell them something, etcetra)

i understand the op's point, at the same time, i can understand how it might come off a bit wrong, but his intentions seem honest, while perhaps poorly executed. and the guy DID essentially threaten him, which is chickensh**

No actal THREAT was tendered, if you bothered to real the actual email exchange. If I tell you "better bring my daughter home before 2AM or I will have you whacked" do you *REALLY* run to the cops and swear that I threatened your life or do you just bring her home before 2AM?

if you ask me, and makes all gun people look bad. the idea I/we try to promote is responsible ownership without childish displays of power such as that. i know plenty of vietnam vets that would call you a ***** for such a statement.

and you will find a large number of vets who will insist no statement was made, or that it was made in jest. You will also find a large number that would not be here if it wasn't for my combat medic skills in the field, and would have SERIOUS problems with anyone impugning my integrity.

at the same time, i'm no computer nerd but i have ordered many things over the internet and that system sounds archaic and ridiculous and there's no damn way i'd put that info in 1,2, or 10 emails. the fact that "nothing's ever happened" according to the owner, doesn't exactly give me a warm fuzzy feeling. according to commercials, Jerry Brown never screwed the taxpayers, but anyone with a brain knows better. well that's all i got, you both sound like wankers. have a good night![/QUOTE]

I plan on having a VERY good night, thank you. And, please, continue NOT to order anything from us, OK?

By the way, do you ACTUALLY know the definition of "wanker"?

Rogerbutthead
11-03-2010, 12:07 AM
I am sorry about the circumstances of your visit to this forum Mr. Kroh, but as long as you are looking at this thread, any current news on G/K43's from the ex-commie countries?

I am also wondering what they want/what you would sell G/K43 mounts/ZF4 scope rigs for in the hopefully near future?

Operator
11-03-2010, 12:47 AM
Empire Arms, fix your system. "Two different e-mail addresses" is the computer security equivalent of my unnamed family member who hides a key to her front door under a rock next to the front door. The fact that you think it's effective illustrates that you are an honest person who isn't good at thinking of ways to steal from others. That's a good thing. But you have a serious vulnerability that may inconvenience a lot of people and embarass you badly someday if it's not fixed.

Duckhunterflyfisher, your message to the effect of "your security sucks, I know someone who can hack you, pay us and we will keep you from getting hacked" is the marketing/business/social equivalent, if not worse, of the "two different e-mails" security strategy. The fact that you can't see this means you're one of the honest geeks who doesn't want to sugarcoat things like tricky lying salespeople/MBA's. That's a good thing. However, you need to either work on your soft "social" skills or just STFU when dealing with non-geeks because messages like the one that you wrote alienate people unnecessarily. The world is full of security problems - pointing them out without being asked is likely to land you in jail and/or cost you your job.

I think This is the best assesment so far...



Whether or not Mr. BM decided to RENEGE on his agreement to purchase this item I cannot say, but RENEGE he *DID* and based his "reasons" on our lack of security regarding his credit card number (never mind he could have FAXED it to us or even mailed it in a letter, like many of you do for common bills, etcetera). Mr. BM also stated in his first post that I threatened to kill him, which was untrue (it was a rhymeing joke, dude).

OK well your Rhymeing Joke has the equivilant tact of the OP's suggestion to upgrade security. Reagardless of how funny you think it was, it was a poor choice. And if you can't own up to that, I got no respect for ya.

This ENTIRE PRETEXT for this assault on EMPIRE ARMS is dumb. . . everybody knows (or should know) that one can contact their CC provider and obtain a "one-time use" CC# for little to zero cost (I do know American Express encourages this, and CHARGES NOTHING to do so). If you have ANY doubts whatsoever about our operation or security we HIGHLY recommend that you avail yourself of this option.

Mr. BM states that he was surprised that we do not allow CC#'s to be yakked to us over the phone. HOW is this more secure than my time-tested "method"? Besides, the possibility of a number being transposed or incorrectly read (by you or us) is greatly increased utilizing this lazy method.

Our (dinosaur) method of CC handling is 100% paper-free (we NEVER print out or write down the number or expiration-date for another to acquire), and NOT ONE of our customers has ever had an incident that they could point to us, and likely never will!

DOES THAT MEAN NOTHING TO YOU PEOPLE???

Well what is surprising to me is this; I would imagine you know more about all kinds of gun than I do. And were I to speak with you I would respect your knowledge over my own. But when several I.T. professionals relate information that may help you, you can not even offer the slightest amount of respect. Another loss of respect.


99.5% of all credit card fraud is a result of handing your credit card to a server in a restaurant. . .

It's happend to me too, but 99.5% I think you might need a footnote and some refrence there. Shoveling FUD now?

it has happened to me a couple times (and several people got fired and one spent some time in jail due to their stupid greed).

As for "emails being stored on servers" they ARE NOT in our case! Our servers are PURGED at least once a day! The two email addresses are on two totally SEPARATE conduits and the numbers CANNOT be reassembled except for yours truly. How is THAT not secure?

You are still missing the point, if they haven't already, they will intercept the emails in transit sometime, and the fact that you don't care, says something.

As an aside, EMPIRE ARMS has *ALWAYS* supported the rights of the California firearms community. MANY dealers and individuals will (for quite a few years) *NOT* ship a firearm to California, but EMPIRE ARMS has ALWAYS supported you and ALWAYS will go through the extra steps if need be! I STILL consider MYSELF to be a Californian (if only by birth and living half my life, so far, in your state). I may be located n Florida now, but if you call me you will DEFINITELY hear the California boy come out.

We even have a website http://www.empirearms.com/cal-ffl.htm that is dedicated to those California residents detailing what they can and CAN NOT legally do as C&R licensees! I don't see any of our competitors with a page like that!!! Do you?

If ths does not PROVE To you that we are *ON YOUR SIDE* and have no neferious purpose other than to deliver exceptional quality and service, then I do not know what more I can say.

DISCLAIMER: ths above is *NOT* an advertisement for Empire Arms in this forum (for which we ARE NOT official sponsors). I am only defending myself against baseless (and clueless) posters in this particular thread. I pledge that I will not make myself a nuisance in ths or any of your forums.

In the End, I thought the OP was jacked up for handling the situation they way he did, but after reading the store owners responses neither of you are without fault. Man up. Own up. Move on.

Dennis, I would buy from you. Your reputation is great, and reputations like that are not easy to come by. I wish we had a dealer in my town with a following like you have. Oh well.

Yes I voted...for all the good it did....

joefrank64k
11-03-2010, 6:29 AM
Dennis is the man...great guy, great inventory, and so what if my CC# is compromised?

All my CC issuers have $0 liability for fraudulent charges...the few times in my life my CC has been misused, I get a call from the issuer that goes something like:

CC - "Hi, did you charge so-and-so amount at so-and-so store today?"

Me - "No,"

CC - "OK, we're canceling the card and mailing you a replacement, you should have it within 48 hours."

Me - "Thanks!"

And what other milsurp dealer out there will buy back the firearm he sold you for at least 80% of the original cost?

jaq
11-03-2010, 10:39 AM
Okay. . .SNIP ...

This ENTIRE PRETEXT for this assault on EMPIRE ARMS is dumb. . . everybody knows (or should know) that one can contact their CC provider and obtain a "one-time use" CC# for little to zero cost (I do know American Express encourages this, and CHARGES NOTHING to do so). If you have ANY doubts whatsoever about our operation or security we HIGHLY recommend that you avail yourself of this option.

...Snip more...
Our (dinosaur) method of CC handling is 100% paper-free (we NEVER print out or write down the number or expiration-date for another to acquire), and NOT ONE of our customers has ever had an incident that they could point to us, and likely never will!

DOES THAT MEAN NOTHING TO YOU PEOPLE???

99.5% of all credit card fraud is a result of handing your credit card to a server in a restaurant. . . it has happened to me a couple times (and several people got fired and one spent some time in jail due to their stupid greed).

As for "emails being stored on servers" they ARE NOT in our case! Our servers are PURGED at least once a day! The two email addresses are on two totally SEPARATE conduits and the numbers CANNOT be reassembled except for yours truly. How is THAT not secure?

...[/B][/COLOR]

CENSORED. CENSORED.

Wow. Well, at the least, you had respect from people once.

empirearms
11-03-2010, 11:21 AM
I am sorry about the circumstances of your visit to this forum Mr. Kroh, but as long as you are looking at this thread, any current news on G/K43's from the ex-commie countries?


They still have them, and are stll asking 800 Euros apiece in lots of 2,000 pieces (as of this Spring at least). :(

While 1,600,000 Euros (currently US$2,250,351.62) per 2000-piece lot is FAR too much for us to pay (actually getting them here will cost on the end double that and take 6-8 months) the ex-Soviets have been selling a few of those lots over the years. I know a company in Germany that has purchased several thousand, but they have to be deactivated (bolt lugs removed, bolt welded, holes drilled in borrom of receiver and barrel) and sold as "wall-hangers". Their asking price after having been so brutalized is still 1250-1500 Euros apiece, so I doubt you will see any deactivated ones over here (they are still considered a firearm by U.S. regulations).

Having said that we just purchased a decent Russian-captured K43 (ac45) that will appear on our nexr "New Stuff" list. It was a Century import from the late 1980's (likely from Czechoslovakia or somewhere via Canada). This is the first one I have encountered over here in many years.

I am also wondering what they want/what you would sell G/K43 mounts/ZF4 scope rigs for in the hopefully near future?

Scopes and mounts for the G/K43 were not retained, nearly all were damaged and therefore scrapped and those that remained were sold off decades ago.

Rogerbutthead
11-03-2010, 12:31 PM
Thank you for the quick response.

Barbarossa
11-03-2010, 12:44 PM
Just went through some issues with our C.C. processor at my work. They stopped processing until we could update our software, to comply with the below.

I know there are other issues, but though this may be relevant and of interest.

Under the PCI DSS set of requirements, all businesses that accept, store, or transmit credit card information must maintain a secure environment to protect consumers and their cardholder data from fraud or theft. The PCI DSS outline best security practices to protect businesses against credit card breaches. Any organization, regardless of size, that accepts credit or debit cards as a form of payment in person, by phone, or online must be PCI compliant by 7/1/10.

In addition, Visa has mandated that all financial institutions and card processors ensure their merchant customers use PA DSS compliant software beginning July 1, 2010. The PA DSS is a global set of security requirements for software vendors who develop payment applications. PA DSS compliant applications do not store prohibited data such as track data, sensitive authentication data, or PIN data, helping merchants who use them mitigate compromises and support overall compliance with the Payment Card Industry Data Security Standard (PCI DSS).

Recession
11-03-2010, 4:14 PM
Just went through some issues with our C.C. processor at my work. They stopped processing until we could update our software, to comply with the below.

I know there are other issues, but though this may be relevant and of interest.

Uh oh. Looks like someone is in violation of PCI. Doesn't look like splitting credit card information into two emails falls into any of those "security requirements".

jaq
11-03-2010, 4:24 PM
Uh oh. Looks like someone is in violation of PCI. Doesn't look like splitting credit card information into two emails falls into any of those "security requirements".

Nah. I'm sure that Mr. Kroh knows all about the PCI DSS. In fact, I'll bet that his "time-tested" method IS THE #1 METHOD RECOMMENDED BY THE PCI!11!!

After all, he certainly told off those clueless, idiotic IT professionals in this thread - bunch of idiots that need to be whacked! Geez!

//endif sarcasm

sirnonz
11-03-2010, 4:40 PM
i use discovers online generated credit card numbers for all my online purchases, and i can set the max amount of money that number can be used for.

Recession
11-03-2010, 5:14 PM
Nah. I'm sure that Mr. Kroh knows all about the PCI DSS. In fact, I'll bet that his "time-tested" method IS THE #1 METHOD RECOMMENDED BY THE PCI!11!!

After all, he certainly told off those clueless, idiotic IT professionals in this thread - bunch of idiots that need to be whacked! Geez!

//endif sarcasm

#1 METHOD?!?! :shock:

I better call up Midway and Brownell and tell them they are doing it all wrong! They will probably throw in a 3rd computer for that extra measure of security!

Lucky Scott
11-03-2010, 6:52 PM
I dont know about anybody else, but I for one like the fact that Dennis came on here to defend his position. He comes off like a guy that cares about his reputation.

Now I have never met or ordered from him, but I hear good things about him and look at his site often. Unfortunetely, the economy has been bad for my business and buying more guns is not possible at this time. But I love to look at his Mosins for sale anyway.

Whether his security is up to date or not, I like a guy that stands up for whats right and I respect him for standing up for himself.

Barbarossa
11-03-2010, 7:23 PM
I dont know about anybody else, but I for one like the fact that Dennis came on here to defend his position. He comes off like a guy that cares about his reputation.


I agree.

BTW I think I've sen your car up at sear point.

mievil
11-03-2010, 7:52 PM
Mr. Kroh rocks. Never had a problem buying from him and he is ALWAYS courteous and straightforward.

Plain and simple, if you don't like the rules that are clearly put forth, then don't play. If I got an email from someone stating that he would have his coworkers hack my site, I'd get ruffled as well.

Try calling the government and telling them you can hack their website and charge them for showing them their faults and let me know how that works for you. I bet you'll get more than a tart email in response. ;)

mievil
11-03-2010, 8:00 PM
BTW, it is completely awesome that Dennis fully supports sales of legal firearms to California. He took the time to actually know the laws, and put it up as an awesome reference on his site for everyone to read.

If you want to see real douchebags, just take a look at any of 5,000 (+/-3.14159) listings on gunbroker for people that won't sell to CA "because Pelosi is in office", or "if you don't like me not wanting to sell you this rifle, move", etc, etc. And those come from business owners as well.

negolien
11-03-2010, 8:07 PM
Never been one to really come on a forum to beat on someone. Usually doesn't turn out the way one expects.You had a bad experience and it sucks /shrug. Move on...

run8
11-03-2010, 8:33 PM
I've dealt with Empire Arms, and the transaction was easy, trouble free and the product was just as described and illustrated in the photos, I would have no hesitation dealing with Empire Arms in the near future.

Some people just want their hands held for everything in life, well ain't going to happen here, LOL.

knucklehead0202
11-05-2010, 1:24 AM
experiences vary with everything. every chevrolet i've ever dealt with was a piece of crap, while some good friends of mine have enjoyed theirs. i'm a Ford man and will stand by them, there are always detractors. the fact that this guy not only refuses to "get with the times", which i'll admit is not something i'm big on, but i appreciate security, he also is an arrogant, insulting person without scruples. he's a veteran, which i respect more than anyone will ever know, but there's only so far that goes. i deal with veterans on a daily basis; my brother for instance, nevermind my friends and customers that run from WWII on up, and none of them come off with such an attitude. "Empire Arms", i did slip up on after working an extremely long day yesterday without being paid gov't or union wage. just an honest tradesman who believes that taking care of customers IS business. i've dealt with plenty of people whose business i'd gladly pass up, but generally not people who make intelligent points. hard to argue with that, unless you're an arrogant jerk. that's what i've heard and now i've seen it firsthand, having been directly insulted without any kind of direct communication. kinda like high-school kids really. i wish you the best of luck with your business, but you'll have none of mine.

hk91666
11-05-2010, 3:56 PM
BTW, it is completely awesome that Dennis fully supports sales of legal firearms to California. He took the time to actually know the laws, and put it up as an awesome reference on his site for everyone to read.

If you want to see real douchebags, just take a look at any of 5,000 (+/-3.14159) listings on gunbroker for people that won't sell to CA "because Pelosi is in office", or "if you don't like me not wanting to sell you this rifle, move", etc, etc. And those come from business owners as well.

That is because he is from California.

mauser98k
11-05-2010, 4:06 PM
That is because he is from California.

still an awesome guy with a great site and selection

hk91666
11-05-2010, 4:25 PM
still an awesome guy with a great site and selection

What I meant was he understands what we have to deal with, he is a great guy.

Jarhead
11-05-2010, 9:22 PM
+1 on Dennis, you should shop else where .................but I'm sure he already told you that :) I have purchased half a dozen rifles from Dennis always very satisfied.

duckhunterflyfisher
11-05-2010, 10:02 PM
Hey I poorly worded my email to Dennis and approached it the wrong way, I just wanted to provide Dennis with an example of how unsafe his payment method is. I can admit that and apologize for it. Dennis I am sorry for all this, I meant you know harm, just wanted to pick up a pistol from you and help you out on the secure customer purchase front. I was not thinking about the small business owner side of it, and for that I am sorry too. If you read the whole chain you can see I kindly offered info on cheap ways to provide secure payment solutions to customers. But Dennis’s responses were that of someone who thinks he knows it all. It kind of upset me, hence my putting the masters of computer science in there. Most people at that point would stop and listen. Not Dennis. I didn’t renig on anything that is a load of ****. He did not have a safe secure payment method and its my right as a customer to pass on the purchase. And sorry for my ignorance on showing interest in a C&R that was not legal in California. It had an 8 round mag so I thought I would be. I am just getting into the whole C&R side of collecting and to be honest this whole deal put a bad taste in my mouth . Dennis did threaten me and in all his nonsense responses he never admits any wrong doing in any of this…Shows me the type of guy he is. He approach it the wrong way too and he cant admit it. I think he is pigheaded and I am glad I didn’t do business with him.

Bottom line my intentions were good, my delivery was bad. I am sorry dennis that whole deal happened. Clearly you have a lot of people that think you are a good guy. So that is why I am posting this to you. Please do look into some of those online CC card payment options. They are cheap and it would be better than the email. Don’t take my word for it, ask around.

Now if the rest of you want to waste more time beating me up over this have at it…but you are pretty lame for doing so and you know it.

G17GUY
11-06-2010, 9:24 AM
Hey I poorly worded my email to Dennis and approached it the wrong way, I just wanted to provide Dennis with an example of how unsafe his payment method is. I can admit that and apologize for it. Dennis I am sorry for all this, I meant you know harm, just wanted to pick up a pistol from you and help you out on the secure customer purchase front. I was not thinking about the small business owner side of it, and for that I am sorry too. If you read the whole chain you can see I kindly offered info on cheap ways to provide secure payment solutions to customers. But Dennis’s responses were that of someone who thinks he knows it all. It kind of upset me, hence my putting the masters of computer science in there. Most people at that point would stop and listen. Not Dennis. I didn’t renig on anything that is a load of ****. He did not have a safe secure payment method and its my right as a customer to pass on the purchase. And sorry for my ignorance on showing interest in a C&R that was not legal in California. It had an 8 round mag so I thought I would be. I am just getting into the whole C&R side of collecting and to be honest this whole deal put a bad taste in my mouth . Dennis did threaten me and in all his nonsense responses he never admits any wrong doing in any of this…Shows me the type of guy he is. He approach it the wrong way too and he cant admit it. I think he is pigheaded and I am glad I didn’t do business with him.

Bottom line my intentions were good, my delivery was bad. I am sorry dennis that whole deal happened. Clearly you have a lot of people that think you are a good guy. So that is why I am posting this to you. Please do look into some of those online CC card payment options. They are cheap and it would be better than the email. Don’t take my word for it, ask around.

Now if the rest of you want to waste more time beating me up over this have at it…but you are pretty lame for doing so and you know it.

Now you can add masters in bad sales techniques to your resume. And masters in getting your panties in a bunch, so add that to eh?

:p

mauser98k
11-06-2010, 11:16 AM
Now if the rest of you want to waste more time beating me up over this have at it…but you are pretty lame for doing so and you know it.

there are those people skills hard at work again.

duckhunterflyfisher
11-06-2010, 1:04 PM
Yep and Dennis did nothing wrong right..you guys wow...amazing...

trautert
11-06-2010, 1:41 PM
What you are not seeing here is that Dennis Kroh has a good reputation among firearms collectors.

You, well, not so much. And the initial tirade didn't help.

Back up, let things cool down, and try again.

Tom

finloq
11-06-2010, 1:52 PM
If you expected to walk in here and speak ill of someone that is well respected in the community and not draw some criticism, you were naive.

Try telling the average Brit that Winston Churchill didn't know his business or an American that George Washington had a bad attitude towards his country and see what kind of reaction you get? I doubt very seriously, that everyone will just fall in line with: "Oh, I agree; horrible, horrible men! I wonder why I never saw how truly horrible they were before you came along and enlightened me?"

Don't get a swelled head Dennis.;)

hk91666
11-06-2010, 3:26 PM
Don't get a swelled head Dennis.;)

He might but may be justified.......

ca1903
11-06-2010, 3:44 PM
I bought C&R from Dennis before, and am very happy with the quality of the firearm and the service.

I just came back from a long biz trip and read this long thread. I hope it resolves quickly as every one means well.

It does remind me of my first job in a big defense company in the east coast. The senior technician is a USMC Korean veteran. His first grill on me (after learning that I did my ROTC and got a Piss Him Down degree) was: who is in charge, 2nd leutenant or master sergeant? He took me under his wing after I gave the right answer and I learned tons from him! (thank you Jerry)

And we can all see the same straight-shooter style in Dennis; who deserves the highest respect from the community.

And we all wish Dennis a prosperous business - which benifits all of us too.

And of course, I believe soon Dennis will have a more secure payment system which is beneficial to everyone as well!

And many more great C&R firearms from Empire Arms!

foxtrotuniformlima
11-06-2010, 3:48 PM
I don't think that the OP thought for a minute that everyone on CalGuns was going jump on his bandwagon. He was probably hoping that someone else had a bad experience as well and he could commiserate with them. That did not happen so let it go.

Why so many people feel the need to run to the defense of someone they only know through a business transaction is very odd to me. I can see where you might say "that wasn't my experience" but to absolutely hammer the OP like a child molester is way out of line.

Rogerbutthead
11-06-2010, 4:32 PM
Dennis Kroh posts sometimes on Gunboards, he is a wealth of information.

I do not think that every supporter of Kroh hammered the OP, he probably has a valid point.

I was defending Kroh as a good guy who should not be hammered on this forum.

pullnshoot25
11-06-2010, 5:20 PM
Hey Dennis, do you have any "cats and dog" Mosins for me from that collection you cleaned out? ;)

empirearms
11-06-2010, 6:33 PM
Dennis Kroh posts sometimes on Gunboards, he is a wealth of information.

I used to post here as well (5 years ago or so), but we got literally run off by those who thought I was advertising our services without paying for sponsorship (though that was not our intent). Nobody has ever approached me to sponsor this forum (we may have been interested at one time). We have been Gunboards sponsors from nearly day-one.

We have no agenda, don't care who you buy your milsurp firearms from, we only want to be YOUR FAVORITE DEALER and we are willing and able to deal with the archaic California regulations without any added cost to you.

We have over 9,600 customers, MANY of whom have put us in their will so their loved-ones will not be victimized when the inevitable occurs.

We also do have an EXCLUSIVE BUYBACK policy where we guarantee to repurchase anything bought from us for 80% or MORE deending on market values (for instance, we will pay TRIPLE for any of the over 10,000 Swedish Mausers we sold from 1992-1995 and will pay 125% of what you paid us for any of the more than 10,000 Russian-captured 98k's we sold from 2002-2008). NOBODY else offers anything close!

By the way, our "system" is, in fact, PCI-compliant and NOBODY has lost or had their CC info comprimised when dealing with EMPIRE ARMS. This isn't a challenge for anyone to try to defeat our system. . . I'm just saying it has worked PERFECTLY for several decades.

smeg
11-06-2010, 8:02 PM
I was defending Kroh as a good guy who should not be hammered on this forum.

i'm not quite sure who is actually doing the hammering.

Jarhead
11-06-2010, 10:44 PM
its funny though, makes for interesting reading

bigmike82
11-07-2010, 12:44 AM
"By the way, our "system" is, in fact, PCI-compliant and NOBODY has lost or had their CC info comprimised when dealing with EMPIRE ARMS. This isn't a challenge for anyone to try to defeat our system. . . I'm just saying it has worked PERFECTLY for several decades. "
Dennis, I promise you, as will anyone who knows the PCI regs, you are very much out of compliance.

Specifically, you're in violation of section 3.4 ( Render PAN unreadable anywhere it is stored (including on portable digital media, backup media, and in logs) by using any of the following approaches...) and 4.1 (Use strong cryptography and security protocols (for example, SSL/TLS, IPSEC, SSH, etc.) to safeguard sensitive cardholder data during transmission over open, public networks.)

If I were an auditor, I'd fail you.

Certainly, it's your business, and you can do what you wish. If you think you've sufficiently compensated for the risk in your transaction model, great. That said, it may be prudent to have a chat with your merchant account provider on what they'd recommend you do to process online CC payments. They should be happy to do this free of charge.

You obviously have a very high (and well deserved, by all indications) reputation. That's not in question at all. But what I (and a few others) are suggesting is that it would be a good idea to look into an alternate way of accepting CCs.

jaq
11-07-2010, 7:56 AM
"By the way, our "system" is, in fact, PCI-compliant and NOBODY has lost or had their CC info comprimised when dealing with EMPIRE ARMS. This isn't a challenge for anyone to try to defeat our system. . . I'm just saying it has worked PERFECTLY for several decades. "
Dennis, I promise you, as will anyone who knows the PCI regs, you are very much out of compliance. ...
If I were an auditor, I'd fail you.
...
You obviously have a very high (and well deserved, by all indications) reputation. That's not in question at all. But what I (and a few others) are suggesting is that it would be a good idea to look into an alternate way of accepting CCs.

Key word = FAIL

I beg to differ vis-a-vis his well-deserved high reputation. Perhaps he is knowledgeable about C&Rs. But the proof of his communications and attitude lead me to doubt his knowledge and integrity about ANYTHING. And the butt-kissing and brown-nosing among his followers is sickening. Are you all hoping he will cut you a special deal from his special collection for the flattery you heap upon him?

empirearms
11-07-2010, 8:42 AM
Hey Dennis, do you have any "cats and dog" Mosins for me from that collection you cleaned out? ;)

There were actually three different collections that we purchased (either entirely or partially), I made generous offers on every item but there were some things each collector decided not to sell at that moment (usually it had nothing to do with price).

If they did not make an appearance on our various "New Stuff" lists they were likely sold directly to those who have utilized our want-list service at http://www.empirearms.com/wantlist.htm (we always sell 40-50% or more of our recent acquisitions to customers directly who utilize this service, and thus those items are never offered to the public).

I will be travelling to TULSA next weekend to purchase more items. . . maybe there will be something you cannot live without in that grouping.

duckhunterflyfisher
11-07-2010, 8:48 AM
Jag and Bigmike82 thanks for the support. I dont think I was 100% right in all this but sure dont think Dennis is a peach nor a lot of the guys on this forum. I think they have fun hiding behind this forum. I saw a real problem where customers could get screwed notified the owner that was the case and got a lot BS back from the guy. So i warned all of you not to put your personal info in emails or FAXs for that matter. If you read the email chain I only idenfied my masters degree after he so kindly told me I didnt know what I was talking about. Anyway like I said the guy maybe some big boy in the C&R world but he doesnt know $%^& about technology or the potential risk his little email deal poses to customers. What caps me is he would rather beat me to show off to his followers on this form vs addressing the real issue here. His payment process.

Datamancer
11-07-2010, 10:46 AM
Hey I poorly worded my email to Dennis and approached it the wrong way, I just wanted to provide Dennis with an example of how unsafe his payment method is. I can admit that and apologize for it. Dennis I am sorry for all this, I meant you know harm, just wanted to pick up a pistol from you and help you out on the secure customer purchase front. I was not thinking about the small business owner side of it, and for that I am sorry too. If you read the whole chain you can see I kindly offered info on cheap ways to provide secure payment solutions to customers. But Dennis’s responses were that of someone who thinks he knows it all. It kind of upset me, hence my putting the masters of computer science in there. Most people at that point would stop and listen. Not Dennis. I didn’t renig on anything that is a load of ****. He did not have a safe secure payment method and its my right as a customer to pass on the purchase. And sorry for my ignorance on showing interest in a C&R that was not legal in California. It had an 8 round mag so I thought I would be. I am just getting into the whole C&R side of collecting and to be honest this whole deal put a bad taste in my mouth . Dennis did threaten me and in all his nonsense responses he never admits any wrong doing in any of this…Shows me the type of guy he is. He approach it the wrong way too and he cant admit it. I think he is pigheaded and I am glad I didn’t do business with him.

Bottom line my intentions were good, my delivery was bad. I am sorry dennis that whole deal happened. Clearly you have a lot of people that think you are a good guy. So that is why I am posting this to you. Please do look into some of those online CC card payment options. They are cheap and it would be better than the email. Don’t take my word for it, ask around.

Now if the rest of you want to waste more time beating me up over this have at it…but you are pretty lame for doing so and you know it.


I think another thing you should consider when dealing with non-tech people and especially people of older generations, is that not many of them understand difference between the whole "white hat/black hat" hacker thing. Most non-tech people just know "hacking" the way the media has painted it, so when you say to Dennis, "I'll hack your servers for you", he probably understands it as something like, "hey, I'm gonna do you a favor and steal your car".

I only have one brief dealing with Dennis where I wrote and asked if he had any barreled Mosin actions laying around and he was polite and said he didn't, but frankly I was surprised that he bothered to write me back at all, considering it could have only been about a $60 transaction at best. More than I can say for some other Mosin dealers, like one we'll just call "RiflesNBullets". It took me literally 7 emails spread over 2 weeks just to get a price!

-~D~-

duckhunterflyfisher
11-07-2010, 11:21 AM
Agreed I mishandled the thing but so did Dennis. Funny how so many of you wont even address that. I am sure he is a great guy to deal with if you dont piss him off(I did and I am sorry for that), just didnt like how he approached the whole thing. I am new to the C&R deal, saw that pistol and that it was 8 rounds. Had no idea it was on a banned list, and being a techie didnt trust his payment process cause I know its "not" safe. There are several other people in the post telling Dennis the same thing, but for him we are all wrong and he is all right. That is just who this guy is period, so if you want to do business with him and have an issue with him he wont address it clearly. He will just stand his ground until he is blue in the face, clearly he cant admit any faults. He will tell you that you dont know what you are talking about. I felt like he had heard others express the same concern about the email payment nonsense (clearly I was not the first) and blasted me with, "you dont know what your talking about dude." Well sir, I really do know what i am talking about with over 20 years in my field and a masters from a really good school and should "NOT" be told I am needlessly paranoid..His customer service skills were lacking way before we had a beef, and those skills of his led to the majority fo the issue. It would have been better for him to just say, I understand your concerns and I am sorry to lose your business. That would have been enough but the guy is a blowhard and has to tell his customers he knows more than they do. Shoot all those rules on his site, god that was a big warning if there ever was one about the personality of this guy. He still hasnt manned up to his end of all this, tells you alot about the guy....i am a reasonable honest person, had no intentions of doing anything other than to help the guy help his customers. Jag has it right...the hammering by some of these people is just BS.

Rule .308
11-07-2010, 11:55 AM
Jag and Bigmike82 thanks for the support. I dont think I was 100% right in all this but sure dont think Dennis is a peach nor a lot of the guys on this forum. I think they have fun hiding behind this forum. I saw a real problem where customers could get screwed notified the owner that was the case and got a lot BS back from the guy. So i warned all of you not to put your personal info in emails or FAXs for that matter. If you read the email chain I only idenfied my masters degree after he so kindly told me I didnt know what I was talking about. Anyway like I said the guy maybe some big boy in the C&R world but he doesnt know $%^& about technology or the potential risk his little email deal poses to customers. What caps me is he would rather beat me to show off to his followers on this form vs addressing the real issue here. His payment process.

You are so far gone it is not even funny, you continuously try to spin this one so that you do not come off like a jack hole but it is not working.

If you read his e-mail chain you will in fact see that you pull the so called "master's degree" card in your 4th e-mail to him right after he responded to you with

"That will be fine. . . we may possibly even have them on-file already.

I will mark it SOLD for you until Tuesday.'

Furthermore, you go on to state that all you were warning other people not to give up their information via e-mail to him. Really? In your opening post about all of this you were telling people to not do business with him and that you had reported him to your friends in Law Enforcement

You just do not get it, you started this crap, no matter how good intentioned it was, you started it and Dennis responded. Liken unto starting a brawl, you swung first, and someone respondend in kind and stomped your butt and now you want to cry fowl play, "he was mean to me". Be a man, take your whipping and go home, quit crying like a spoiled child, quit trying to spin the facts, quit it with your outright lying. You say you have 20 years in you field, that would imply that you are in the area of 40+ years old, you might want to try acting it.

hk91666
11-07-2010, 12:12 PM
Somebody kill this thread it appears it will never stop.............................................. .................................................. ...........JMHO

rebelmachine2000
12-01-2010, 8:47 PM
Member since '06 and a mere 77 posts. This is why.

Jarhead
12-02-2010, 8:16 PM
so Duck season is over?

empirearms
12-02-2010, 9:20 PM
I sure HOPE so! ;)

By the way, we will be at this weekend's PHOENIX Crossroads of the West / Small Arms Review show.

EMPIRE ARMS has a table this year in the WHITE building, exactly halfway down on the right side, right in front of the door that leads to the GREEN building that we have usually been in. It is pretty obvious with maroon table-covers and bright orange signs (one of which has my personal cell-phone on it, which I will not publish here).

We are attending this show in a BUYING capacity, so if you have any nice-ish items you wish to offload and are attending this show, give me first-shot!

Looking forward to seeing old friends again and meeting some new ones.

cmaher55
12-02-2010, 9:24 PM
Yep, kill this thread please...! As it can be read here Dennis is a great guy, great American, and a very cool businessman who does it his way....! What's more American than that...! If you have a beef with him then by all means do not patronize his business as there are more than enough of us who can not believe the quality and variety of rifles that we have received from him at more than a great price....! Dealing with this guy is more like dealing with a friend or an Uncle than a vendor..... As for IT guys I have my own opinions and I'll keep them to myself other than I think they are way overpaid and the chips on their shoulders seem much bigger than most other proffessions other than basketball players, football players, and liberal democrat US Senators........ Regards