Heartbleed SSL bug.

Onagoth said:
lol....its been vulnerable for years dude...and you have 1 post.
Click to expand...

That's true, I'm new here. I wasn't interested in joining before but felt I need to hoping my request to Marstar will be accommodated. I usually clear my personal info after I receive each and every order for security reasons. I emailed them to find a way to remove the same personal info from the PastOrders database but their webmaster declined. I understand they are required by law to record transactions involving restricted firearms BUT I think PastOrders should be kept for internal purposes and not available on the internet. Their system bothers me especially now knowing the present situation. Thank you.
 
karambit_rocks said:
That's true, I'm new here. I wasn't interested in joining before but felt I need to hoping my request to Marstar will be accommodated. I usually clear my personal info after I receive each and every order for security reasons. I emailed them to find a way to remove the same personal info from the PastOrders database but their webmaster declined. I understand they are required by law to record transactions involving restricted firearms BUT I think PastOrders should be kept for internal purposes and not available on the internet. Their system bothers me especially now knowing the present situation. Thank you.
Click to expand...

You do realize they do orders by phone right? Or do you forget that there are other types of communication besides internet and cellular phones (wireless). Yeah a 10 year old website isn't going to be super secure. Its a shame things have gotten so far away from common sense and face to face business. If you don't have credit get a certified bank order/cashier check/whatever you want as only you and that person can accept it and its a hard copy for records no paper trail to worry about on the net or outside of business records. As well everything you do is recorded and shared anyways on a much larger scale so its not like there is really anything to complain about with Marstar especially since you are "smart" enough to recognize this. Unless there is a public page that everyone can go to with your personal info your point is mute. Internet security in general is a mute point.
 
It's not up to them to fix it. You know that, right? Their service provider is on it, I'm sure.
 
@nathank
Sir, Google provides a plug-in to its Chrome browser to alert the user. It is the same concept as any internet security software installed in our PCs so I don't see any concern for that matter.
 
A lot of misinformation here. That tool that shows you if a website is, frankly, retarded.

I pointed it at a couple of my internet facing servers that I know for a fact are not affected and it told me "the ssl certificate is minted blah blah and vulnerable" and "Uses Apache / OpenSSL" (cough, bull####, cough).

Heartbleed affects OpenSSL 1.0.1 ONLY. The other MAJOR deployed version is OpenSSL 0.9.8

Most serious sysadmins don't go randomly upgrading to the latest and greatest unless there is something that is actually needed in that version. Every single one of my 14 linux servers uses a variant of OpenSSL 0.9.8 (g through to z). Pointing that tool at an OpenSSL 0.9.8 server still says it is affected. Never needed to upgrade out of the stable and stil lin development 0.9.8

So.... just because that stupid website says a site is affected means nothing.

Mass media hysteria.

I must be grumpy. I'm going for coffee.
 
doczong said:
A lot of misinformation here. That tool that shows you if a website is, frankly, retarded.

I pointed it at a couple of my internet facing servers that I know for a fact are not affected and it told me "the ssl certificate is minted blah blah and vulnerable" and "Uses Apache / OpenSSL" (cough, bull####, cough).

Heartbleed affects OpenSSL 1.0.1 ONLY. The other MAJOR deployed version is OpenSSL 0.9.8

Most serious sysadmins don't go randomly upgrading to the latest and greatest unless there is something that is actually needed in that version. Every single one of my 14 linux servers uses a variant of OpenSSL 0.9.8 (g through to z). Pointing that tool at an OpenSSL 0.9.8 server still says it is affected. Never needed to upgrade out of the stable and stil lin development 0.9.8

So.... just because that stupid website says a site is affected means nothing.

Mass media hysteria.

I must be grumpy. I'm going for coffee.
Click to expand...


Thank you. This thread was lame until you posted.
 
BigGameHunter said:
You do realize they do orders by phone right? Or do you forget that there are other types of communication besides internet and cellular phones (wireless). Yeah a 10 year old website isn't going to be super secure. Its a shame things have gotten so far away from common sense and face to face business. If you don't have credit get a certified bank order/cashier check/whatever you want as only you and that person can accept it and its a hard copy for records no paper trail to worry about on the net or outside of business records. As well everything you do is recorded and shared anyways on a much larger scale so its not like there is really anything to complain about with Marstar especially since you are "smart" enough to recognize this. Unless there is a public page that everyone can go to with your personal info your point is mute. Internet security in general is a mute point.
Click to expand...

What if someone hijacks your profile and able to see your past orders with all those personal info. Would it not put you in danger? Please forgive me if I sound too paranoid.
 
Yeah, I'm tired of heartbleed and its hysteria too. In this case marstar.ca is vulnerable, I've confirmed it, and Marstar should be looking to patch openssl.
doczong said:
A lot of misinformation here. That tool that shows you if a website is, frankly, retarded.

I pointed it at a couple of my internet facing servers that I know for a fact are not affected and it told me "the ssl certificate is minted blah blah and vulnerable" and "Uses Apache / OpenSSL" (cough, bull####, cough).

Heartbleed affects OpenSSL 1.0.1 ONLY. The other MAJOR deployed version is OpenSSL 0.9.8

Most serious sysadmins don't go randomly upgrading to the latest and greatest unless there is something that is actually needed in that version. Every single one of my 14 linux servers uses a variant of OpenSSL 0.9.8 (g through to z). Pointing that tool at an OpenSSL 0.9.8 server still says it is affected. Never needed to upgrade out of the stable and stil lin development 0.9.8

So.... just because that stupid website says a site is affected means nothing.

Mass media hysteria.

I must be grumpy. I'm going for coffee.
Click to expand...
 
doczong said:
A lot of misinformation here. That tool that shows you if a website is, frankly, retarded.

I pointed it at a couple of my internet facing servers that I know for a fact are not affected and it told me "the ssl certificate is minted blah blah and vulnerable" and "Uses Apache / OpenSSL" (cough, bull####, cough).

Heartbleed affects OpenSSL 1.0.1 ONLY. The other MAJOR deployed version is OpenSSL 0.9.8

Most serious sysadmins don't go randomly upgrading to the latest and greatest unless there is something that is actually needed in that version. Every single one of my 14 linux servers uses a variant of OpenSSL 0.9.8 (g through to z). Pointing that tool at an OpenSSL 0.9.8 server still says it is affected. Never needed to upgrade out of the stable and stil lin development 0.9.8

So.... just because that stupid website says a site is affected means nothing.

Mass media hysteria.

I must be grumpy. I'm going for coffee.
Click to expand...

For people like me who are not as technical as you do this is a concern. I only learned about this after installing the Google Chrome Heartbleed plug-in. Thanks for the info.
 
awndray said:
It's not up to them to fix it. You know that, right? Their service provider is on it, I'm sure.
Click to expand...

Yeah, it needs a push. Most people use Google Chrome nowadays and with the Hearthbleed plug-in installed it will make them think twice of making another transaction. I'm sure Marstar is already aware of this issue and it is to their advantage if this gets fixed sooner.
 
You must log in or register to reply here.
Back
Top Bottom