Our site www.viart.com site is operated by latest Viart Shop 5 with default Clear design
Topic Information
spy8750
spy8750
So...where is update for 4.3.2?
 
spy8750
spy8750
So...where is update for 3.4.2?...sorrry
 
on2dvd
on2dvd
The latest fixes as Yoda listed are still breaking out it errors when I visit a page with product options.
 
magicessence
magicessence
I uploaded the block_order_info per Master Yoda's post at 7/26/08 12:52 PM
and options prices are zero again
Bad
 
SajMalik
SajMalik
Why don't you put in a support ticket?
- as my option prices still show after uploading the new files you should get your installation checked Wink
 
on2dvd
on2dvd
I have Live Person which tracks vistors and the URLs' they visit and even Google.
I just had someone from Saudi Arabia google and enter my sitre using the keywords.
 
allinurl:products.php?category_id=
 
Would this be a keyword phrase used by hackers?
 
dale (Guest)
dale (Guest)
Yes.
 
Details can be found here
http://milw0rm.com/exploits/6154
 
TOCDCO
TOCDCO
Okay. These critical fixes are huge problems.
 
on2dvd
on2dvd
Bloody heck.
Okay, I am not silly enough to put 100% trust in any developer to build 100% hacker proof software, I understand that it is my responsibility to do the best I can to protect my customers personal information from these people.
 
At least this has been patched now buit what about the future, there will be times that Viart allow this to happen again, the hackers are always one step ahead.
 
For me, storing credit card numbers in the database is not an option anymore, thankfully I was forced not to do this from my bank and I can now see why. I don't want to be at fault for hundreds of my customers credit cards being comprimised and I emplore every single Viart user to think about this very carefully......
 
What to do.
 
1) Remove all credit card numbers and security codes stored in the database. Did you know it is illegal to store security CNV codes? To do thi srun SQL query below
update va_orders set cc_number='', cc_security_code='';
 
2) Get a payment gateway that is approved by your merchant bank (one that is reputable) and one that doesn't hold you money for you, rather is a simple connection to yoru bank.. Ie, Pay Pal is not one of these and I soon will be droping PayPal as an option.
 
3) Destroy all credit card details from your personal computer if part of the number was emailed from the shop.
 
Gone are the days of being Naïve about what your responsibilities are to your customers,
 
DickS
DickS
Quote from http://milw0rm.com/exploits/6154:
 
"It is also worth mentioning that ViArt stores all credentials in plain text, so once an attacker has the credentials he is guaranteed access to the application."
 
This is only true of you do not activate the MD5 option for password encryption in the Global Options. Unfortunately this is not set by default. We have set this and our passwords show up as an MD5 string in the SQL database thus useless for attacker to login to the admin.
 
In addition we have also immediately installed the patches - so things should be OK for now.
 
Cheers
 
DickS
 

 First 1 2 3 of 3