Thursday 1 October 2015

Weekly Update #102: The Eye Of Suentus Po


It was a good news/bad news sort of week: Cerebus Online made some money, but then a bunch of bills came due! Isn't that always the way? Also, a brand new scanner means brand new problems. Join us as we travel to Camp David, the electronic nerve centre of Aardvark-Vanaheim, and gaze deep into the eye of Suentus Po...

THE GREAT CEREBUS BACK-ISSUE GIVEAWAY!
The giveaway of Cerebus back-issues (full details here) has been scheduled for October 23/24/25 in Leamington, Ontario. Dave has reserved a block of rooms for Cerebus fans at the Comfort Inn in Leamington. To register for one of the rooms in the block, call the Comfort Inn at 519 326 9071 and cite the name of the event: CEREBUS 2015. Book now!

7 comments:

Michael said...

Patreon Hacked

Jeff Seiler said...

Yet another reason I'm glad I don't use Patreon to support Dave. Anybody knowledgeable about these things know whether Kickstarter could be hacked?

Tony Dunlop said...

Anything can be hacked. I make as few transactions online as possible. I still pay all my utility bills by mail (as does a computer scientist I work with).

A Moment Of Cerebus said...

FYI: Message from Patreon:

Dear A Moment Of Cerebus,
Yesterday we learned that there was unauthorized access to a Patreon database containing user information. Our engineering team has since blocked this access and taken immediate measures to prevent future breaches. We apologize to you for this breach of trust. The Patreon team is working especially hard right now to ensure the safety of the community.

There was unauthorized access to registered names, email addresses, posts, and some shipping addresses. Additionally, some billing addresses that were added prior to 2014 were also accessed. We do not store full credit card numbers on our servers and no credit card numbers were compromised. Although accessed, all passwords, social security numbers and tax form information remain safely encrypted. No specific action is required of you, but as a precaution we recommend that all users update their passwords on Patreon.

For further details, we encourage you to read this update from our CEO (https://www.patreon.com/posts/3457485) and reach out to us with any additional questions at security@patreon.com.

Sincerely,
The Patreon Team

Anonymous said...

According to Patreon officials, user passwords were cryptographically protected using bcrypt, a hashing function that's extremely slow and computationally demanding to use. Its use was one of the saving graces of the breach, since it meant crackers would have to devote vast amounts of time and resources to crack the hashes.

With the inclusion of source code, however, it's possible crackers may find programming mistakes that could significantly accelerate the process. That's precisely what crackers did last month to bcrypt-hashed password data taken during the hack of the cheaters dating website Ashley Madison. Access to the source code may also expose the encryption key said to protect social security numbers and tax IDs.

Travis Pelkie said...

Got my Archive 3 in the mail Wednesday. Another great looking package. I didn't realize how tiny the Diamondback decks were -- I was nervous there at first that it wasn't in there! Now I need to pledge for another one so I can keep this one mint! (I'm such a nerd!) And I'd forgotten that the Ultimate Cerebus color bonus print was one I went for, the one Sean wrote about recently (or did Mara write about it? Guess I should do more than scroll through the pretty pictures!). Damn, that looks great!

I may be wrong, but wasn't it spelled "Suenteus Po"?

Just a thought, maybe make sure the scans are usable after maybe 50 scans, and not 500? Seems...not wise to wait that long before checking...(I know, I know, you realize that NOW!)

And Dave's a Skinny Puppy fan? Oh. Wait. He just said that phrase (which I'd never heard otherwise), not that he was talking about the band. (I think they're Canadian, too, though!)

Unknown said...

If I'm reading that correctly, there's not much to be worried about. The card numbers weren't accessed, and I'm pretty sure they don't have my SS#...but should I be sending Dave a check instead? Jeff, what do you use instead of Patreon?