| Author |
 Replies: 15 / Views: 1,525 |
|
|
Pillar Of The Community
501 Posts |
|
|
|
I am not a computer guy, but it looks like here in Canada at least, there in no access to the Hibid auction platform. All of my links give me the same error. Scary when they run auctions all the time...
|
|
Send note to Staff
|
|
|
|
|
Forum Dad
USA
2055 Posts |
|
|
Pillar Of The Community
United States
1851 Posts |
|
|
Also, my browser says that the SCF security certificate has expired. It started yesterday but I figured you would be on top of it so I didn't want to raise an alarm. Could it be related? |
Send note to Staff 
|
|
|
Forum Dad
USA
2055 Posts |
|
|
It's this... https://www.zdnet.com/article/forti...ypt-expires/Firefox has it's own cert store and can look it up, some versions of Chrome and older cell systems cannot. Everything is still encrypted. An SSL cert is not even needed for this site, but some browsers make you think the site will steal your children if you don't, it's ridiculous. |
|
Send note to Staff
|
|
|
|
Forum Dad
USA
2055 Posts |
|
|
Pillar Of The Community
723 Posts |
|
|
Sites that are purely content driven (ie blogs, static content, etc.) I totally agree with you bobby131313. Certs on these only slow things down for the unnecessary encryption and decryption of content in transit.
All sites with logons should have encryption as the credentials used for authentication can easily be eavesdropped on and used inappropriately (spam posts, hijacked accounts postings, emailing users, etc). The browsers took this stance to raise the bar across all sites, which has helped overall internet security. Also with sites that have logons, people improperly don't use super strong passwords and a unique password for every site they login to, so password reuse is huge, and a compromise of user passwords on a forum site, could reveal emails and passwords, that might work on other sites. So I think it's great that this site does indeed use them and feel comfortable with the lock on the urlbar.
|
|
Send note to Staff
|
|
|
Moderator
United States
12330 Posts |
|
|
In my opinion HTTPS is purely a marketing scheme and profit center.
Only a small percentage of security issue rise from someone sniffing for network packets, filtering and capturing the relevant ones, and then reassembling them. Far and away the most common internet and website security breaches are physical; it is many times easier to just go get a job at an internet/hosting provider and walk out with a thumb drive then it is to hack your way into something.
Does anyone think that their house is really secure because you encrypted the phone line coming into your house. No locks on the doors or windows, no security system, no big dogs, no fences; but hey, the website has https so you are safe to send your credit card number and PIN.
If you want to know about a website's security, call them up and ask them if they vet and bond their employees.
Don
|
|
Send note to Staff
|
|
|
Pillar Of The Community
501 Posts |
|
|
 I am going to restart my computer to see if it helps. All day long I've had this from any and all Hibid auctions, US or Canada. |
|
Send note to Staff
|
|
|
Moderator
United States
12330 Posts |
|
|
It is not just you 4bidding.hibid.com gives me the same error. Note you can always check a site with one of the many 'site checkers' like this one https://www.isitdownrightnow.com/4b...bid.com.htmlThe website server is online (answering pings) as shown here  but like the error page shows, the DNS (lookup for the domain name is not working). Don |
|
Send note to Staff
|
|
|
Pillar Of The Community
501 Posts |
|
|
I just restarted the computer and it did not help. It's anything Hibid. The main Site, each province. I have about 40 sites bookmarked at it's all of them. |
|
Send note to Staff
|
|
|
Forum Dad
USA
2055 Posts |
|
|
My host told me that revoking and recreating all my Let's Encrypt certs would replace the old root cert described in that article with the new one good till 2025. I did that, but I've never had the issue so I'm not positive it's fixed. |
|
Send note to Staff
|
|
|
|
Pillar Of The Community
501 Posts |
|
|
Don - thanks for the link. It's saying Hibid.com is down. I'll save a few bucks tonight if nothing else. |
|
Send note to Staff
|
|
|
Valued Member
United States
108 Posts |
|
|
I received an email from one of the auction sites that uses HiBid. Apparently it is a ransomware attack. |
|
Send note to Staff
|
|
|
Pillar Of The Community
501 Posts |
|
|
copied from my inbox...
Dear Valued Customer:
Sandhills Global is currently responding to a ransomware attack that impacted our operations. Systems and operations have been temporarily shut down to protect data and information, and we have retained cybersecurity experts to assist us with the investigation, which is ongoing. We are working actively and diligently with the assistance of our retained experts to fully restore operations.
At this time, we are continuing to investigate whether any of our client's information has been accessed or impacted by this incident. At this time, we have not discovered evidence that confirms that customer information has been compromised. Please know that our clients are our number one priority and we are working diligently to restore operations and remediate the attack. At this time, our ability to respond to your messages may be delayed. We appreciate your patience and deeply regret any inconvenience this may cause.
We will provide updates regarding this matter and the status of our services as soon as possible.
Sandhills Global |
|
Send note to Staff
|
|
|
Pillar Of The Community
United States
2830 Posts |
|
|
At least one auction site I follow postponed an upcoming auction due to HiBid being the victim of ransomware. So it must still be generally shut down.
"The server provider (Sandhills Global) that is used by our auction software company (Auctionflex - Hibid platform) has had a ransomware cyber attack. All we really know at this point is that a huge number of servers are down. We don't have an estimated time for return. Your personal data and all of the auction backend data (lot info, photos, etc) is secure but the actual bidding webpage has been hacked and effectively 'turned off'.
We are not happy about this and have no direct control over the resolution. With limited information available, we are delaying the auction but don't have a firm date yet. Ideally we'll run this auction next weekend and all future auctions will continue on with their existing planned schedules."
|
|
Send note to Staff
|
| Edited by shermae - 10/03/2021 1:46 pm |
|
|
Moderator
United States
12330 Posts |
|
|
Quote:
...At this time, we have not discovered evidence that confirms that customer information has been compromised.. . Of course information was accessed and not having your website and data secured is the fault of HiBid and these auction companies. The best they can hope for is that the hackers are only seeking the ransom and are not interested in selling the data. There are two parts of this kind of hack; how they got in and the security which should have prevented it and having redundant backups available which prevent down time after an attack. Appears to be a 'fail' on both counts for HiBid and the auction companies. This is what can happen when an auction company does not 'roll your own', a single vulnerability takes down multiple companies and the companies are left without any way to get back up and running. They understood this vulnerability but decided to risk this approach anyway. Is running an online auction part of a core competency for them or is it something they should be outsourcing? Don Edit: Would be interesting to know if only HiBid got the ransomware notice or if each of the auction companies also got the notice from the hackers. |
|
Send note to Staff
|
|
| |
Replies: 15 / Views: 1,525 |
|
Posted 10/01/2021 12:19 pm
