Authorize.Net Down Due to Data Center Fire [Updated]
Word has come to us by way of The Internet Patrol that Authorize.Net is down due to a fire at their Seattle data center. As we use Authorize.Net as our merchant card services provider, this means that we are likely unable to process online orders using credit cards at this time. We can, of course, still accept purchase orders in the mean time. We’ll update this post when we hear that Authorize.Net services have been restored or if we have any additional news.
UPDATE: Authorize.net says they’re back up (at least the interface we use). Orders placed through our web site should proceed normally.
Posted in 
Notices
Comments Off on Authorize.Net Down Due to Data Center Fire [Updated]
MIB Validator is back online
The Online MIB Validator service was offline due to some library dependency issues between the SDK and the new web server platform. These issues have been resolved and the service is now back online.
Posted in Notices
Comments Off on MIB Validator is back online
Web Site Back to Normal
It took a bit longer than I’d expected to get our SSL certificate replaced, but we received the new certificate this morning, the server software’s been rebuilt, keys changed, etc. The SSL server is back online, and users may once again log in to their accounts and use the shopping cart to make purchases.
Once again I would like to apologize for the inconvenienced caused by the downtime.
Michael Kirkham, President & CEO
Security Notice (Updated)
This is an update to the security notice sent out Thursday, February 21, 2008.
After reviewing security logs and comparing file systems and source code to known backups as part of our security audit, we are relieved to report that we have not found any evidence that any systems or customer information were successfully compromised during the period that firewall rules were partially disabled and some internet-facing systems were under attack. Additionally it appears that at least some of what was reported as an attack was the work of worms targeting Windows vulnerabilities, which we do not use for our servers–traffic we do not normally see due to firewalls and other protections.
The main avenue for attack that we were most concerned with was certain systems that were being brought up to migrate services to that might not have been fully patched or locked down yet while they were in transition. Though it doesn’t appear there’s been any compromise, as an added precaution, we will still be reinstalling these systems and services, so you may expect some brief periods of down time over the weekend (much of this we’re doing anyway, to sync up deployed software versions with versions being installed on the new systems to ease transition). We’re also revoking all authentication and encryption keys and have requested a new SSL certificate, and will take additional steps to improve our auditing procedures and response time.
Once we have finished upgrading critical server software and have received the new SSL certificate, we will bring the shopping system back online. You will not be able to log into your Muonics web site account until this time.
Please accept our apology for any inconvenience or worry caused by our previous notice and the downtime involved. Though it appears to have been a false alarm, one can never be too cautious about these things.
Should you have any lingering concerns, we will be more than happy to reimburse anyone who has placed orders with us online, at any time in the past, for up to 12 months of credit activity monitoring from your choice of provider. You can contact me directly by phone or email any time between now and March 31, 2008 to arrange.
Thank you for your patience.
Michael Kirkham, President & CEO
Important SNMP Security Notices
CERT recently released security advisory CA-2002-03 regarding multiple SNMP vulnerabilities. If you have SNMP devices running on your network, you may wish to check the following links for more information. You may have devices or computers running SNMP on your network and not be aware.