Stamp Community Family of Web Sites
Thousands of stamps, consistently graded, competitively priced and hundreds of in-depth blog posts to read
Stamp Community Forum
 
Username:
Password:
Save Password
Forgot your Password?

Welcome Guest! Need help? Got a question? Inherit some stamps?
Our stamp forum is completely free! Register Now!

Cloudflare Having Issues Today?

 
To participate in the forum you must log in or register.
Author Previous TopicReplies: 15 / Views: 782Next Topic  
Valued Member
Canada
315 Posts
Posted 10/01/2021   12:19 pm  Show Profile Bookmark this topic Add Casey Magoo to your friends list Get a Link to this Message
I am not a computer guy, but it looks like here in Canada at least, there in no access to the Hibid auction platform. All of my links give me the same error. Scary when they run auctions all the time...
Send note to Staff
my best friend has four legs
and a soft pillow

Forum Dad
USA
1723 Posts
Posted 10/01/2021   2:27 pm  Show Profile Bookmark this reply Add bobby131313 to your friends list  Get a Link to this Reply
What's the error?
Send note to Staff  Go to Top of Page
Pillar Of The Community
United States
1525 Posts
Posted 10/01/2021   2:44 pm  Show Profile Bookmark this reply Add cjpalermo1964 to your friends list  Get a Link to this Reply
Also, my browser says that the SCF security certificate has expired. It started yesterday but I figured you would be on top of it so I didn't want to raise an alarm. Could it be related?
Send note to Staff  Go to Top of Page
Forum Dad
USA
1723 Posts
Posted 10/01/2021   3:18 pm  Show Profile Bookmark this reply Add bobby131313 to your friends list  Get a Link to this Reply
It's this...

https://www.zdnet.com/article/forti...ypt-expires/

Firefox has it's own cert store and can look it up, some versions of Chrome and older cell systems cannot. Everything is still encrypted.

An SSL cert is not even needed for this site, but some browsers make you think the site will steal your children if you don't, it's ridiculous.
Send note to Staff  Go to Top of Page
Forum Dad
USA
1723 Posts
Posted 10/01/2021   4:29 pm  Show Profile Bookmark this reply Add bobby131313 to your friends list  Get a Link to this Reply
I think it's fixed.
Send note to Staff  Go to Top of Page
Pillar Of The Community
Learn More...
577 Posts
Posted 10/01/2021   4:32 pm  Show Profile Bookmark this reply Add rismoney to your friends list  Get a Link to this Reply
Sites that are purely content driven (ie blogs, static content, etc.) I totally agree with you bobby131313. Certs on these only slow things down for the unnecessary encryption and decryption of content in transit.

All sites with logons should have encryption as the credentials used for authentication can easily be eavesdropped on and used inappropriately (spam posts, hijacked accounts postings, emailing users, etc). The browsers took this stance to raise the bar across all sites, which has helped overall internet security. Also with sites that have logons, people improperly don't use super strong passwords and a unique password for every site they login to, so password reuse is huge, and a compromise of user passwords on a forum site, could reveal emails and passwords, that might work on other sites. So I think it's great that this site does indeed use them and feel comfortable with the lock on the urlbar.




Send note to Staff  Go to Top of Page
Moderator
Learn More...
9902 Posts
Posted 10/01/2021   4:47 pm  Show Profile Check 51studebaker's eBay Listings Bookmark this reply Add 51studebaker to your friends list  Get a Link to this Reply
In my opinion HTTPS is purely a marketing scheme and profit center.

Only a small percentage of security issue rise from someone sniffing for network packets, filtering and capturing the relevant ones, and then reassembling them. Far and away the most common internet and website security breaches are physical; it is many times easier to just go get a job at an internet/hosting provider and walk out with a thumb drive then it is to hack your way into something.

Does anyone think that their house is really secure because you encrypted the phone line coming into your house. No locks on the doors or windows, no security system, no big dogs, no fences; but hey, the website has https so you are safe to send your credit card number and PIN.

If you want to know about a website's security, call them up and ask them if they vet and bond their employees.
Don
Send note to Staff  Go to Top of Page
Valued Member
Canada
315 Posts
Posted 10/01/2021   4:47 pm  Show Profile Bookmark this reply Add Casey Magoo to your friends list  Get a Link to this Reply



I am going to restart my computer to see if it helps. All day long I've had this from any and all Hibid auctions, US or Canada.
Send note to Staff  Go to Top of Page
my best friend has four legs
and a soft pillow
Moderator
Learn More...
9902 Posts
Posted 10/01/2021   4:50 pm  Show Profile Check 51studebaker's eBay Listings Bookmark this reply Add 51studebaker to your friends list  Get a Link to this Reply
It is not just you 4bidding.hibid.com gives me the same error.

Note you can always check a site with one of the many 'site checkers' like this one
https://www.isitdownrightnow.com/4b...bid.com.html

The website server is online (answering pings) as shown here

but like the error page shows, the DNS (lookup for the domain name is not working).
Don
Send note to Staff  Go to Top of Page
Valued Member
Canada
315 Posts
Posted 10/01/2021   4:55 pm  Show Profile Bookmark this reply Add Casey Magoo to your friends list  Get a Link to this Reply
I just restarted the computer and it did not help. It's anything Hibid. The main Site, each province. I have about 40 sites bookmarked at it's all of them.
Send note to Staff  Go to Top of Page
my best friend has four legs
and a soft pillow
Forum Dad
USA
1723 Posts
Posted 10/01/2021   4:57 pm  Show Profile Bookmark this reply Add bobby131313 to your friends list  Get a Link to this Reply
My host told me that revoking and recreating all my Let's Encrypt certs would replace the old root cert described in that article with the new one good till 2025. I did that, but I've never had the issue so I'm not positive it's fixed.
Send note to Staff  Go to Top of Page
Valued Member
Canada
315 Posts
Posted 10/01/2021   5:03 pm  Show Profile Bookmark this reply Add Casey Magoo to your friends list  Get a Link to this Reply
Don - thanks for the link. It's saying Hibid.com is down. I'll save a few bucks tonight if nothing else.
Send note to Staff  Go to Top of Page
my best friend has four legs
and a soft pillow
Valued Member
United States
100 Posts
Posted 10/03/2021   08:42 am  Show Profile Bookmark this reply Add percyjgp to your friends list  Get a Link to this Reply
I received an email from one of the auction sites that uses HiBid. Apparently it is a ransomware attack.
Send note to Staff  Go to Top of Page
Valued Member
Canada
315 Posts
Posted 10/03/2021   11:04 am  Show Profile Bookmark this reply Add Casey Magoo to your friends list  Get a Link to this Reply
copied from my inbox...

Dear Valued Customer:

Sandhills Global is currently responding to a ransomware attack that impacted our operations. Systems and operations have been temporarily shut down to protect data and information, and we have retained cybersecurity experts to assist us with the investigation, which is ongoing. We are working actively and diligently with the assistance of our retained experts to fully restore operations.

At this time, we are continuing to investigate whether any of our client's information has been accessed or impacted by this incident. At this time, we have not discovered evidence that confirms that customer information has been compromised. Please know that our clients are our number one priority and we are working diligently to restore operations and remediate the attack. At this time, our ability to respond to your messages may be delayed. We appreciate your patience and deeply regret any inconvenience this may cause.

We will provide updates regarding this matter and the status of our services as soon as possible.

Sandhills Global
Send note to Staff  Go to Top of Page
my best friend has four legs
and a soft pillow
Pillar Of The Community
United States
2046 Posts
Posted 10/03/2021   1:43 pm  Show Profile Bookmark this reply Add shermae to your friends list  Get a Link to this Reply
At least one auction site I follow postponed an upcoming auction due to HiBid being the victim of ransomware. So it must still be generally shut down.

"The server provider (Sandhills Global) that is used by our auction software company (Auctionflex - Hibid platform) has had a ransomware cyber attack. All we really know at this point is that a huge number of servers are down. We don't have an estimated time for return. Your personal data and all of the auction backend data (lot info, photos, etc) is secure but the actual bidding webpage has been hacked and effectively 'turned off'.

We are not happy about this and have no direct control over the resolution. With limited information available, we are delaying the auction but don't have a firm date yet. Ideally we'll run this auction next weekend and all future auctions will continue on with their existing planned schedules."
Send note to Staff  Go to Top of Page
Edited by shermae - 10/03/2021 1:46 pm
Moderator
Learn More...
9902 Posts
Posted 10/03/2021   1:50 pm  Show Profile Check 51studebaker's eBay Listings Bookmark this reply Add 51studebaker to your friends list  Get a Link to this Reply

Quote:
...At this time, we have not discovered evidence that confirms that customer information has been compromised..
.
Of course information was accessed and not having your website and data secured is the fault of HiBid and these auction companies. The best they can hope for is that the hackers are only seeking the ransom and are not interested in selling the data.

There are two parts of this kind of hack; how they got in and the security which should have prevented it and having redundant backups available which prevent down time after an attack. Appears to be a 'fail' on both counts for HiBid and the auction companies.

This is what can happen when an auction company does not 'roll your own', a single vulnerability takes down multiple companies and the companies are left without any way to get back up and running. They understood this vulnerability but decided to risk this approach anyway. Is running an online auction part of a core competency for them or is it something they should be outsourcing?
Don

Edit: Would be interesting to know if only HiBid got the ransomware notice or if each of the auction companies also got the notice from the hackers.
Send note to Staff  Go to Top of Page
  Previous TopicReplies: 15 / Views: 782Next Topic  
 
To participate in the forum you must log in or register.


Go to Top of Page
Disclaimer: While a tremendous amount of effort goes into ensuring the accuracy of the information contained in this site, Stamp Community assumes no liability for errors. Copyright 2005 - 2021 Stamp Community Family - All rights reserved worldwide. Use of any images or content on this website without prior written permission of Stamp Community or the original lender is strictly prohibited.
Privacy Policy / Terms of Use    Advertise Here
Stamp Community Forum © 2007 - 2021 Stamp Community Forums
It took 0.32 seconds to lick this stamp. Powered By: Snitz Forums 2000 Version 3.4.05