Slot Car Corner Website NOT affected by Heartbleed Vulnerabi

[SlotCarCorner]

Our Slot Car Corner website and online store is hosted by an eCommerce provider called CoreCommerce. As you can imagine, many of the website owners who use CoreCommerce (including us) contacted them about the Heartbleed vulnerability. Per CoreCommerce:

"CoreCommerce is using a version of OpenSSL that is NOT affected. We use the OpenSSL 1.0.0 branch which is well documented as NOT affected according to heartbleed.com"

We have also verified this independently using a third-party tool that checks for heartbleed vulnerability (http://filippo.io/Heartbleed/)

We appreciate your business and support!

:)

[HomeRacingWorld]

Thanks for the info and taking the time to let people know.

[ElSecundo]

Fantastic, thanks for checking into it, Steve. :)

[cgingras]

Even if Slot Car Corner Canada uses a different e-commerce provider than Slot Car Corner, we also were unaffected by this vulnerability. All customer information has been and is still safe and secure.

Happy shopping in black and yellow! :text-thankyouyellow:

[Ember]

Good to hear. Let's go shopping...

[Jesla]

Hold on....This does not mean that the 300 million plus servers have been patched yet.
Unless you have a direct connection to their server you are still vulnerable. Be aware that
every hop your data makes between you and them are still not secure.

[Jesla]

Remember 2/3rds of all servers are affected any one of with your data may pass
through on it's way to it's destination. We are likely to get a percentage of repaired
servers for weeks to come.....it's still not safe....even electronically filed US tax
returns are affected as well. Canada shut their tax return servers down yesterday
so the same could happen here as well.

[Ember]

One can not function in a state of permanent paranoia.

Keep a constant watch on your accounts. Reconcile your bank statements properly. Query anything you see as an anomaly. And live your life!

[SlotCarCorner]

[Jesla]

[SlotCarCorner]

That's not how OpenSSL encryption works. The encryption/decryption takes place at the "end points" - for example, a PC (browser) and a remote host server. Once the data is encrypted, intermediate servers cannot decrypt the data. The encrypted data is merely "passed along" in packets (think of envelopes) to it's ultimate destination where it gets decrypted. Heartbleed "potentially" lets a hacker fake the remote host server out by making believe it is the remote client. Hackers are not exploiting the intermediate servers - they are (potentially) exploiting the actual host server.

:)

[Jesla]

I'm not going to argue, but you are taking on an awful lot of liability over something you really can't control.
Information about HBB should be treated as would your heath.....get a second or even third opinion.

[SlotCarCorner]

While we appreciate your concern, we want to reassure you and our Customers we are NOT taking Heartbleed lightly. We have proactively contacted our eCommerce provider and have been assured the servers our online store is hosted on are NOT susceptible to Heartbleed. Further, we have tested this independently using two (2) different tests specifically designed to detect Heartbleed (and will run additional tests as we become aware of them). We have also researched this with colleagues at work who provide cyber services to many of the U.S. Government agencies and Fortune 500 companies. Unless some new information about Heartbleed surfaces that indicates some previously unreported exposure, we are confident our website is not at risk.

:)

[ElSecundo]

Endpoints are the most vulnerable areas, true. However, there are reports coming in about people going to other unpatched sites, where man-in-the-middle attacks are used to steal personal information from the originator's cookies. Things are far from safe out there right now, and financial transactions at a patched site can actually open you up to attacks at other sites. This isn't a passive thing -- hackers can use the access they gain for virtually unlimited mischief, and they can steal a lot of what they need from an unpatched site to find what they want on your own machine, including information that you sent to patched sites. In the cyber security world, it's essentially the equivalent of suddenly discovering that the army, navy, air force and marines had all been accidentally given leave at the same time, and the only way you can tell the servicemen to get back to base is to track them down on foot -- and nobody is keeping a master list of who has and hasn't returned to base.

This will improve on a daily basis as more and more servers and firewalls are patched. Basically, the sooner you resume online transactions, the more risk you take. Hell, even the FBI's website got hit.

It's being described by security experts as a catastrophe -- it ain't over when the flood waters have subsided in your house. Personally, I'm not expecting to do any web transactions for a month, and I normally do a lot of web transactions.

The long and short of it -- make no assumptions about your security. Call SlotCarCorner, they're nice guys. :)

[SlotCarCorner]

We respect other's opinions such as Jesla's and Kurt's; however, our position remains unchanged. Our website host was never running a version of OpenSSL that was vulnerable to Heartbleed. Keep in mind your payment information is NOT stored on our website servers. If you are still concerned your account may have been compromised, you can also change your personal password as a further precaution.

As Kurt suggests, if you are still uncomfortable, please call us to place your order - we will gladly accept a check or money order.

:)