admin's blog

Just a few emails etc we've had over the last week or two:

Subject: [Sales Questions etc.] payment

I would like to use a credit card.  I don't see that possibility on your site. - Nancy

Answer:

Yes, sorry about that.  Our credit card processor was costing too much so we switched to paypal or check/money order.  You can use a credit card via paypal but we don't do direct credit card processing any more.  We might add it back if we can find a processor that isn't so expensive.

Nacy Replied:

Ok thanks!  We LOVE your tuna.

Thanks Nacy!

Subject: [Contact The Captain and Crew] Your Albacore Tuna

Congratulations to you!  Your tuna is the best canned tuna we've ever had -  and most likely a lot better for us!  Best to you and your family.  George and Leanne

Thanks so much George and Leanne -- you guys rock!

Subject: [Sales Questions etc.] ordering tuna and crab

I would like to order from you but am leary of putting my credit card number on the internet, having just been the victim of a fraud. -Petie

Answer:

Our shopping system has an option for 'check/money order'.  If you would like to go to http://www.theoceanharvest.com/zen and shop as normal.  You'll get a shipping quote and then for payment just select 'check/money order'.  There will be our address:

Mail your payment to:

Long Fisheries, Inc

P.O. box 813

Langlois, OR

97450

1 541 260 1731



And just send in the payment.  Then once the check clears we'll send out your order.

 

I understand that credit cards over the internet might be scary.  We do use paypal as well, which is pretty safe.  However, the check/money order option also works just fine.

 

Thanks Petie.  We're glad to take checks, cash or even gold. We'd probably trade for some diesel mechanics on the boat too. Whatever works best for you!

 Thanks again for your support 

-Harvester Captain & Crew

A BOFH moment of BITCH

You know you are in hell when folk like securitymetrics.com do scan on your system. Oh they don't just test normal stuff they bombard your server with every known exploit there is for over six hours taxing the hell out of your system and driving loads up as they bombard your poor computer with so many bogus requests your little home grown system GROANS

I mean they *should* know theoceanharvest.com is hosted on linux so why hit us with every known microsoft exploit?? we shrug it off. So naturally we passed the PCI test for the past 4 months but then.. out of the blue WE FAILED!!

TCP 110 pop3 5 Synopsis : The remote server's SSL certificate has already expired. Description : This script checks expiry dates of certificates associated with SSL- enabled services on the target and reports whether any have already expired. Solution: Purchase or generate a new SSL certificate to replace the existing one. Risk Factor: Medium / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

why?

Because the ssl certificate setup by dovecot had expired... so folk (which is nobody on this server) who used our pop3 mail service on port 110 would have gotten an expired cert notice.

So this results because when you blithely install dovecot from say centos (doing yum install dovecot) turns out it installs a certificate that is good for a year. A year later that cert is no good according to the anal douchbags at securitymetrics.com

Why does this matter? Well our merchant bank requires us to be PCI compliant or we have to pay a bunch of extra fees, so now suddenly we're in trouble all because the pop3 mail SSL cert (which we don't use) is out of date (even though an expired cert still allows fully encrypted data). Assholes

So if you EVER go this problem here is the fix.

log into your server as root or sudo to root

do locate mkcert.sh

or look in the standard spot
/usr/share/doc/dovecot-1.0.7/examples/mkcert.sh

this is a simple shell script that executes when you install dovecot. Edit this bitch using vi or nano or what not
at line 36

edit this line
OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2

and change -days 365 to -days 12312312 or a million or whatever. Make those days a large number so you never have to do it again.

then remove the old certs:

rm /etc/pki/dovecot/certs/dovecot.pem
rm /etc/pki/dovecot/certs/private/dovecot.pem

then do

sh /usr/share/doc/dovecot-1.0.7/examples/mkcert.sh

as root and you'll have new pop3 certs installed which will be good for another however many days you set in the mkcert file.

I made mine good for 20 years.

Hope this helps any PCI testing out there.. it was a bitch to figure out why we failed for freaking pop3 ssl certs but it did the trick

much love
F/V Harvester -- Fishing for a living, unix geeking for love.

HAH!
just got this: Thanks a lot

Thank you for using SecurityMetrics for your PCI DSS compliance.

Congratulations, your PCI compliance has been validated as of the date and time of this email! We encourage you to continue to maintain PCI compliance and keep your customer data secure.

Some acquiring banks or processors charge their merchants a PCI non-compliance fee. Since you have now validated your PCI compliance you should not be charged PCI non-compliance fees (if
your acquiring bank or processor charges these fees). You do not need to contact your acquirer to confirm your PCI compliance status because SecurityMetrics provides your acquirer with access to
view your PCI compliance status.

If you have any questions regarding your PCI compliance validation contact our Technical Support Department at 801.705.5700 (USA) or 0844 561 1658 (UK), or by email at
support@securitymetrics.com.

We appreciate your business.

SecurityMetrics Support Team