Home Racing World

See this important message: viewtopic.php?f=21&t=6470

What does it mean? If you make any purchase online and their server isn't properly patched, your CC data can be easily stolen. If they patch the server and fail to reissue certificates, your CC data can be easily stolen -- even encrypted information is an easy target. A hacker doesn't need to break ANY security to get access to do this.

Check with all online vendors before you make your next purchase with them, and verify that their servers have been patched for this particular bug (the Heart Bleed bug). If they tell you "we have all the latest security updates", but can't tell you specifically that this bug has been patched, do not use your credit card there.

That little critter is the center of attention up here in Canada as it has forced the Canada Revenue Agency (our IRS) to close down it's website at the moment.

Randy

Thank goodness for PayPal.
I have started using it at retail stores here in Naptown.

So is it safe to buy off of EBAY?

It depends on whether eBay's servers and firewalls have been patched.

For example, where I work, we use a Watchguard Firebox as a firewall. It's a great piece of equipment, a very powerful firewall from a strong company -- but as of today, Watchguard didn't have a patch prepared for the operating system on our firebox, and all traffic in and out of our building could be read by a hacker. If eBay is using Watchguard fireboxes and all their servers are behind them, it doesn't matter if they patch their servers or not, all traffic in and out can be intercepted. Watchguard won't have their patch until tomorrow.

Anything that interfaces with the internet is potentially vulnerable, including millions of Android phones.

Internet traffic rarely goes from your home computer straight to the intended website. Every 'hop' along the way is a server or device that could be compromised. For example, it currently takes me more than 10 hops to get to www.ebay.com. In order to have a secure connection, all of those hops have to be properly patched, and 2/3 of all servers have this vulnerability. The odds of this communication being perfectly safe are very slim, so no, I would not want to perform ANY online transactions for a while.

okay guys,thanks,guess I`ll stop all transactions until this clears up,again Thanks!

I got nailed this week but caught it and canceled my CC.

Our Slot Car Corner website and online store is hosted by an eCommerce provider called CoreCommerce. As you can imagine, many of the website owners who use CoreCommerce (including us) contacted them about the Heartbleed vulnerability. Per CoreCommerce:

"CoreCommerce is using a version of OpenSSL that is NOT affected. We use the OpenSSL 1.0.0 branch which is well documented as NOT affected according to heartbleed.com"

We have also verified this independently using a third-party tool that checks for heartbleed vulnerability (http://filippo.io/Heartbleed/)

We appreciate your business and support!

:-)