stevea1210
Well-Known Member
****update 2/9/09*****
The issue with the site has been corrected. Please see this post for more info.
thanks,
Steve
I have discovered a security issue with a website that I'm sure many of us have bought items from. I am not at this time going to mention the name. The issue doesn't expose credit card info or social security numbers, but does provide enough information for a social engineering attack.
I have contacted the owner, and he seemed surprised and somewhat sincere in his concern. He doesn't run the website, and said he was going to contact the people who do to take care of the issue. It has been a couple weeks since I heard from him, and the site hasn't been fixed.
I don't want to cost this guy business, because he does have a good reputation on this site. I had a fine experience with him as a customer. However I also feel an obligation to my HBT bretheren. I don't want anyone to fall victim to someone due to this security issue.
I think I will contact him again to see where this stands. I don't want to threaten him with outing him on HBT, but I don't want to hang you guys out to dry either. The issue is serious enough that I won't order from this site again until it is fixed.
I would like some opinions on what course of action you would recommend. At what point do you think I should out the guy? I have given him seveal weeks and nothing has happened.
Flyangler and MoRoToRiUm, i know you guys know the place from our conversation at the homebrew meeting, but please don't mention the stores name at this point if you post in this thread.
The issue with the site has been corrected. Please see this post for more info.
thanks,
Steve
I have discovered a security issue with a website that I'm sure many of us have bought items from. I am not at this time going to mention the name. The issue doesn't expose credit card info or social security numbers, but does provide enough information for a social engineering attack.
I have contacted the owner, and he seemed surprised and somewhat sincere in his concern. He doesn't run the website, and said he was going to contact the people who do to take care of the issue. It has been a couple weeks since I heard from him, and the site hasn't been fixed.
I don't want to cost this guy business, because he does have a good reputation on this site. I had a fine experience with him as a customer. However I also feel an obligation to my HBT bretheren. I don't want anyone to fall victim to someone due to this security issue.
I think I will contact him again to see where this stands. I don't want to threaten him with outing him on HBT, but I don't want to hang you guys out to dry either. The issue is serious enough that I won't order from this site again until it is fixed.
I would like some opinions on what course of action you would recommend. At what point do you think I should out the guy? I have given him seveal weeks and nothing has happened.
Flyangler and MoRoToRiUm, i know you guys know the place from our conversation at the homebrew meeting, but please don't mention the stores name at this point if you post in this thread.