Archive

Posts Tagged ‘信用卡’

linode被爆客户信用卡资料被黑客窃取

April 16th, 2013 No comments

前几天莫名其妙的账户被多扣了20美金,应该是linode被爆客户信用卡资料被黑客窃取的前兆,linode的支付方式只支持信用卡,被多数国人诟病。为啥不支持Paypal呢,为啥不支持支付宝呢?经过此次黑客窃取linode客户信用卡资料事件,我想linode应该有所动作了。不过看看如下的linode官方博客声明,大意是客户的信用卡资料是存储在数据库中的,但是以公钥,私钥加密。平时大家在linode管理后台看到的卡号末尾4位,是便于核对和查找支付记录的。目前没有证据表明,客户的信用卡资料被窃取,但是安全起见,建议大家关闭境外支付,或者更新换卡。

Yesterday, a group named HTP claimed responsibility for accessing Linode Manager web servers, we believe by exploiting a previously unknown zero-day vulnerability in Adobe’s ColdFusion application server. The vulnerabilities have only recently been addressed in Adobe’s APSB13-10 hotfix (CVE-2013-1387 and CVE-2013-1388) which was released less than a week ago.

As a result of the vulnerability, this group gained access to a web server, parts of our source code, and ultimately, our database. We have been working around the clock since discovering this vulnerability. Our investigation reveals that this group did not have access to any other component of the Linode infrastructure, including access to the host machines or any other server or service that runs our infrastructure.

Credit card numbers in our database are stored in encrypted format, using public and private key encryption. The private key is itself encrypted with passphrase encryption and the complex passphrase is not stored electronically. Along with the encrypted credit card, the last four digits are stored in clear text to assist in lookups and for display on things like your Account tab and payment receipt emails. We have no evidence decrypted credit card numbers were obtained.

Linode Manager user passwords are not stored in our database, but their salted and cryptographically hashed representations are. Despite the uselessness of these hashes, as you know we expired Linode Manager passwords on Friday.

There were occurrences of Lish passwords in clear text in our database. We have corrected this issue and have invalidated all affected Lish passwords effective immediately. If you need access to the Lish console, you can reset a new Lish password under the Remote Access sub-tab of your Linode.

For users who have set an API key, we’re also taking action to expire those keys. We’ll be emailing API-enabled users with that information.

We take your trust and confidence in us very seriously, and we truly apologize for the inconvenience that these individuals caused. Our entire team has been affected by this, leaving all of us, like you, feeling violated. We care deeply about the integrity of Linode and are proud of the work that we accomplish here for you. This unfortunate incident has only strengthened our commitment to you, our customer.

linode信用卡注册pending active多此一举

March 18th, 2013 No comments

linode-credit-yz

感觉linode最近给客户的体验很差,是不是大家追捧linode,给linode长脸了,然后linode就可以不考虑客户的感受了?注册个账户,还要等待数分钟的pending active。

老易linode代购价格变更通知

June 30th, 2012 No comments

老易代购linode价格变更说明:自从上次linode给我发邮件说我滥用linode推介(自己用自己的Linode推介码买vps)后,代购linode基本没啥利润了,本来还图一个推介20美金的,现在20美金也没有了,将来就是为大家义务代购linode了。

Read more…

永远不给不在我这里买linode的朋友续费

June 26th, 2012 No comments

永远不给不在我这里买linode的朋友续费,这里面的风险我想搞linode代购的朋友都清楚。今天接触到一个朋友,要我给他的linode帐号续费,说是之前在别人那里买的,但是找不到上家,所以想找我续费。我说好,可以。淘宝拍款吧。由于信用卡都是及时扣费的,所以我的规则是客户先确认,我必须确认钱到了,我才会给对方续费。我不管淘宝规则是怎么样的,因为我懂,很多客户都懒得确认,如果不确认,要10天才到我的账上。今天见识了个朋友就是不确认,没办法就退款了。

我想说下帮他人的Linode账户续费的风险,我今天特意问了下,你的linode账户是独立帐号不,对方说是的,是独立的,幸好后来我没有给他续费,实际上他并不是独立帐号。如果给不是独立帐号的朋友续费,有一个很大的风险,就是如果你把账户的信用卡信息更新成你自己的信用卡来续费的时候,或者续费之前,或者续费之后,虽然就这么短暂的一个时间段,但是风险巨大。在这个时间段,如果此Linode账户的另外一个朋友点击续费,此时用的就是我的信用卡,如果对方这样做,损失不是一般大。因为国外消费信用卡是没有密码的,直接点击续费即可,这点尤其要引起大家的注意。

注意:linode退款小额不退还到信用卡

June 3rd, 2012 No comments

注意,linode退款,小额度是不退还到信用卡的。前几天帮一个网友把linode vps退了,退的时候,显示可以有1.29美金可退。结果几天过去了,信用卡还是没有收到退款,今天发了个ticket,问题解决了,不退还到信用卡,可以退还到linode帐号,算返还信用,可以用返还的信用继续用linode的服务。

Read more…

linode购买成功会收到三封邮件

June 3rd, 2012 No comments

正常下linode购买成功后,会收到三封邮件,以昨天帮网友代购的linode512为例。第一封是说信用卡已经支付了19.29美金;第二封是列账单明细;第三封是linode帐号激活,告诉你如何登录linode,以及你在使用linode的过程中遇到问题如何解决。

Linode.com: Payment Receipt [1279860]

Company Name: xxx xxxfeng
Payment Number: 1279860
Payment Date: June 02, 2012
Payment Card: xxxx Exp: 6/15

This is your receipt of payment against your credit card in the
amount of $19.29.

Thank you.

Please note that charges will appear as “Linode.com” on your
credit card’s statement.

For account information and current balance, please visit the
Linode Manager at https://manager.linode.com/

If you have any questions or concerns, please open a support ticket.

Sincerely,

The Linode Team

—————————————————————————
http://www.linode.com/ – Linux Virtual Private Servers

  Read more…

购买linode信用卡填写错误提示

May 26th, 2012 No comments

We’re sorry, but the transaction failed. Please make sure your credit card information is correct and resubmit the form, or contact your credit card company for the reason your transaction failed. If you continue to have problems, please email [email protected].

今天帮网友代购linode的时候,确认支付的时候,蹦出一个界面,说我的信用卡不对。头脑里第一反应是,前几天我去银行把信用卡搞了个网银,难道是没有开通信用卡境外支付功能?不对,再一想,估计是信用卡信息填错了,果然,回到上一步看看,原来是信用卡的有效日期,年付填错了。使用信用卡购买linode的朋友要注意了,别的资料都可以填错,唯独信用卡的卡号,有效日期,CVV码别填错。