# L&M website attacked - FYI



## davetcan (Feb 27, 2006)

*VISIT OUR WEBSITE AT WWW.LONG-MCQUADE.COM*
Our website has been the target of a ddos attack.
This means it has been flooded with fake users, rendering it inaccessible. However, no data has been hacked and we have shut the website down until this has been resolved. 

Please contact your store.


----------



## sulphur (Jun 2, 2011)

Looks like it's back up.


----------



## cboutilier (Jan 12, 2016)

I can't think of a nicer community to cyber-attack than Canadian musicians.


----------



## Wardo (Feb 5, 2010)

Even if it's back up now I'd give it a month or so before using it again. Which is too bad because I was thinking about getting a Pignose delivered. On the other hand, I have enough amps so perhaps this was a devine intervention ..lol


----------



## Powdered Toast Man (Apr 6, 2006)

I just got the email from L&M insider saying their site is down. O M G this means I might have to play the instruments I have instead of lusting after new ones...


----------



## Robert1950 (Jan 21, 2006)

Just tried to log on. It was down again (1:01pm MT)


----------



## Wardo (Feb 5, 2010)

Powdered Toast Man said:


> O M G this means I might have to play the instruments I have instead of lusting after new ones...


Maybe there will be some kind of government relief program starting in January for musicians in this situation - depending on need I would expect to see up to 10 beer tickets per week for those most severely affected.


----------



## butterknucket (Feb 5, 2006)

Yeah, I got that email earlier.


----------



## Chito (Feb 17, 2006)

I went to the one in Kanata to pick up a strap which didn't arrive on time. Anyways, I forgot it's all curbside pickup and I tried to go in. LOL So I phoned and asked for the strap and started inquiring about the Gibson LP JR Tributes if they still have it. And they actually did. I was told they have it in 4 different colors. So I asked how much and he went $899+tax. I said, wait it says $849 on your website. He said he will check it. But the website was again down. He said I can always return or take the sale price if the site says the lower price. So I asked him how much with the taxes and then the reality hit me. LOL I don't need another freaking guitar. Anyways, I balked so instead of paying for it, I said I'll just wait till the website goes back up.

So I get home and check the site. Well it's $849 but those are the demo ones. So now I really am not sure if I still want it


----------



## BlueRocker (Jan 5, 2020)

Chito said:


> So I get home and check the site. Well it's $849 but those are the demo ones. So now I really am not sure if I still want it


Pussy


----------



## Chito (Feb 17, 2006)

BlueRocker said:


> Pussy


hahaha well there is still a few more days. Now I know that I can get one of those for at least 899.


----------



## Wardo (Feb 5, 2010)

Chito said:


> So I get home and check the site. Well it's $849 but those are the demo ones. So now I really am not sure if I still want it


Never go into a guitar shop without someone to boot you in the ass when you start getting ideas to buy yet another guitar that you don't need .. lol.


----------



## Guitar101 (Jan 19, 2011)

L&M's up now.





__





Canada's Music Store, Musical Instruments | Long & McQuade


Long & McQuade is Canada`s biggest music store offering a huge selection of musical instruments and music lessons across Canada. Guitars & Drums!




www.long-mcquade.com


----------



## Chito (Feb 17, 2006)

Wardo said:


> Never go into a guitar shop without someone to boot you in the ass when you start getting ideas to buy yet another guitar that you don't need .. lol.


LOL I think if I had the guitar in my hands I would've succumbed to it.


----------



## Powdered Toast Man (Apr 6, 2006)

Chito said:


> I went to the one in Kanata to pick up a strap which didn't arrive on time. Anyways, I forgot it's all curbside pickup and I tried to go in. LOL So I phoned and asked for the strap and started inquiring about the Gibson LP JR Tributes if they still have it. And they actually did. I was told they have it in 4 different colors. So I asked how much and he went $899+tax. I said, wait it says $849 on your website. He said he will check it. But the website was again down. He said I can always return or take the sale price if the site says the lower price. So I asked him how much with the taxes and then the reality hit me. LOL I don't need another freaking guitar. Anyways, I balked so instead of paying for it, I said I'll just wait till the website goes back up.
> 
> So I get home and check the site. Well it's $849 but those are the demo ones. So now I really am not sure if I still want it


So the guy wouldn't budge over 50 bucks and had no idea what was on sale in his own store without the public facing website to tell him? This is my experience with L&M and why I generally don't shop there for larger purchases.


----------



## Wardo (Feb 5, 2010)

They offered me $100.00 off their list price on a 57 Custom Deluxe they'd had out on rental for god knows how long - nyet to that and out the door.


----------



## Chito (Feb 17, 2006)

Powdered Toast Man said:


> So the guy wouldn't budge over 50 bucks and had no idea what was on sale in his own store without the public facing website to tell him? This is my experience with L&M and why I generally don't shop there for larger purchases.


I'll give them some credit because the one he's selling me is not a demo unit. But they should know what they have in the store without having to look online. This is the second incident i've had over there. I ordered something online for pickup at their store and I wanted them to cancel it as there is nothing on their website that lets you cancel your order. It says 'Contact the store you are picking it up from'. So the sales girl didn't know how to do it and called one of the senior guys. He said loudly across the room, "you can't do that here. You have to cancel it online.' I turned around and responded loudly too, 'your website says to contact the store about anything to do with the order." He said, 'oh.. okay'.. then told the girl to cancel it. LOL I was going to tell him, 'you think I would ask you guys to do that for me if I can do that easily online?'


----------



## Powdered Toast Man (Apr 6, 2006)

Chito said:


> I'll give them some credit because the one he's selling me is not a demo unit. But they should know what they have in the store without having to look online. This is the second incident i've had over there. I ordered something online for pickup at their store and I wanted them to cancel it as there is nothing on their website that lets you cancel your order. It says 'Contact the store you are picking it up from'. So the sales girl didn't know how to do it and called one of the senior guys. He said loudly across the room, "you can't do that here. You have to cancel it online.' I turned around and responded loudly too, 'your website says to contact the store about anything to do with the order." He said, 'oh.. okay'.. then told the girl to cancel it. LOL I was going to tell him, 'you think I would ask you guys to do that for me if I can do that easily online?'


So, in other words, they were completely capable of fulfilling your request for customer service at the store - where you were already physically standing - but instead the manager ordered his employee to turn you away and basically do it yourself via the website. That complete lack of ownership is the definition of poor customer service. And if that's the attitude of the manager you can expect that all of his staff will also have that attitude. I have worked serving the public directly for years and that is a lousy manager.


----------



## colchar (May 22, 2010)

Wardo said:


> They offered me $100.00 off their list price on a 57 Custom Deluxe they'd had out on rental for god knows how long - nyet to that and out the door.


The computer tells them exactly how many days it has been out, and if you know them well enough they'll tell you or show you.


----------



## Wardo (Feb 5, 2010)

colchar said:


> The computer tells them exactly how many days it has been out, and if you know them well enough they'll tell you or show you.


That amp was 2,500 then and it's pushing 3 grand now. Makes no sense to buy it used for 100 off. Just get it new in a box and delivered from the on line store.


----------



## zontar (Oct 25, 2007)

colchar said:


> The computer tells them exactly how many days it has been out, and if you know them well enough they'll tell you or show you.


I've had that happen with a couple of things--which meant they were still out of my price rnage.
But they are willing to check, (& show me) because --hey it could make or break a sale.


----------



## Always12AM (Sep 2, 2018)

I like to go into Long @ McQuade and ask why amps are missing their jewel and then when the guy walks over and says “WTF”? I pretend to pull it from behind his ear and say “woaaaaahh you see that buddy.. it was behind your ear the whole darn time”!!


----------



## player99 (Sep 5, 2019)

Why do the attackers attack? What does a DOS do other than shut down the server?


----------



## Squawk (Jun 21, 2018)

player99 said:


> Why do the attackers attack? What does a DOS do other than shut down the server?


Nothing, it just brings the server to its knees with requests that end up crashing it or essentially paralyzing it. It's a really weird target for a DDOS attack. They probably did it because it was a soft target. Plus, with L&M having sales going on, it does probably hurt business in a big way.


----------



## BlueRocker (Jan 5, 2020)

Squawk said:


> Nothing, it just brings the server to its knees with requests that end up crashing it or essentially paralyzing it. It's a really weird target for a DDOS attack. They probably did it because it was a soft target. Plus, with L&M having sales going on, it does probably hurt business in a big way.


Can also be used to hide other more subtle exploits. People tend to focus on the DOS.


----------



## player99 (Sep 5, 2019)

So it could be competitors? Or a disgruntled employee with skills?


----------



## Chito (Feb 17, 2006)

player99 said:


> So it could be competitors? Or a disgruntled employee with skills?


I don't think it's competitors or a dsgruntled employee. For the competitors, that's just too much work and money to do that without a 'real' benefit to one particular competitor. As for the employee, if he could attack a website like they did, he wouldn't be working at L&M. I think these attacks could've come from overseas.


----------



## Squawk (Jun 21, 2018)

As @Chito said, usually overseas, and often hired at a price for their services. In this case, it could be hackers just testing their slave systems in prep for a bigger target, or just done for bragging rights. Of course I'm just speculating, since it's pretty hard to know what the deal was...


----------



## player99 (Sep 5, 2019)

Chito said:


> I don't think it's competitors or a dsgruntled employee. For the competitors, that's just too much work and money to do that without a 'real' benefit to one particular competitor. As for the employee, if he could attack a website like they did, he wouldn't be working at L&M. I think these attacks could've come from overseas.


So back to why?


----------



## Chito (Feb 17, 2006)

player99 said:


> So back to why?


Why? With the objective is to make a website unavailable by flooding or crashing the website with too much traffic, it could have been done by anyone including those mentioned. I am just saying that I don't think L&M's competitors specially here in Canada would go to all that trouble is all I'm saying. It could be another country trying to mess up business in canada. It could be for revenge by someone who is smart enough to write a DDOS attack software. The bottom line, it is an annoyance and disrupts their online business.


----------



## player99 (Sep 5, 2019)

Who would benefit from shutting down L & M... when shutting them down is the only benefit...?


----------



## laristotle (Aug 29, 2019)

Practice for something more nefarious later on?


----------



## player99 (Sep 5, 2019)

I wonder if it was one of many attacks across the country. Is there anybody tracking the attacks and publishing the data?


----------



## davetcan (Feb 27, 2006)

No politics, no personal attacks, next guy gets a time out. It’s Christmas, chill a bit please.


----------



## gear_addict (Sep 19, 2018)

I ordered a pedal from the website that was part of the Boxing Day Sale before the site went down. I hope my info didnt get shared


----------



## davetcan (Feb 27, 2006)

I imagine that anyone with a Log in, or who receives emails from them is at risk. We won't know for awhile.


----------



## Chito (Feb 17, 2006)

davetcan said:


> I imagine that anyone with a Log in, or who receives emails from them is at risk. We won't know for awhile.


They have already mentioned in their emails and on facebook that there is no breach as far as customer information is concerned. Here is what they said in the email:



> Our website has been the target of a ddos attack.
> 
> This means it has been flooded with fake users, rendering it inaccessible. However, *no data has been hacked* and we have shut the website down until this has been resolved.


----------



## davetcan (Feb 27, 2006)

Chito said:


> They have already mentioned in their emails and on facebook that there is no breach as far as customer information is concerned. Here is what they said in the email:


Yeah, I got that email and I know what they said. I just don't believe them


----------



## player99 (Sep 5, 2019)

They are required by law to disclose info breaches?


----------



## BlueRocker (Jan 5, 2020)

player99 said:


> They are required by law to disclose info breaches?


No they are not unless they're subject to PIPEDA (that's my understanding - there was some talk of extending the legislation to private business but I don't think it ever happened).


----------



## Chito (Feb 17, 2006)

davetcan said:


> Yeah, I got that email and I know what they said. I just don't believe them


Ahhh hahahaha If the hackers were using it as a diversion, you could be right.


----------



## JBFairthorne (Oct 11, 2014)

Probably an attempt to lock things up until they pay ransom. At some point it’s gotta be cheaper to pay than it is to lose business. At least that’s the logic behind it.


----------



## Alan Small (Dec 30, 2019)

unfortunately I have never had a single pleasant experience trying to shop at any L&M; always unknowing and poorly trained tie wearing nametags as staff.


----------



## player99 (Sep 5, 2019)

The older managers are usually pretty good guys. Most are gearheads and have been around the block.


----------



## davetcan (Feb 27, 2006)

player99 said:


> The older managers are usually pretty good guys. Most are gearheads and have been around the block.


Yep, the asst manager at London North is awesome, I've known him for years.


----------



## Mooh (Mar 7, 2007)

Alan Small said:


> unfortunately I have never had a single pleasant experience trying to shop at any L&M; always unknowing and poorly trained tie wearing nametags as staff.


That's too bad, but I get what you're saying, I've seen it happen to people many times. 

I don't need them much unless it's to find something, I always figure they can't be that much better than my own knowledge and common sense...I mean, I'm not being sold something I don't know about or haven't researched myself. However, it's pretty irritating when staff can't answer basic stuff about something new I notice.


----------



## tomee2 (Feb 27, 2017)

Alan Small said:


> unfortunately I have never had a single pleasant experience trying to shop at any L&M; always unknowing and poorly trained tie wearing nametags as staff.


I've had the opposite experience. 2 keyboards bought off rental desk for less then going rate on kijiji and they found the deals for me on their system.


----------



## BlueRocker (Jan 5, 2020)

I've rarely had anything but excellent service from Long & McQuade. Compared to most places I shop, they're "Rockstars"  Don't believe me, try returning something to Canadian Tire, or ask a Walmart employee to show you a TV that supports 120mhz refresh rate with local dimming.


----------



## Mooh (Mar 7, 2007)

davetcan said:


> Yep, the asst manager at London North is awesome, I've known him for years.


London North is a good store, though it's been a while since I was there last. I know one of the managers too, we played together long ago. I suspect that not all the stores can be judged on the same merits.


----------



## bw66 (Dec 17, 2009)

Mooh said:


> ... I suspect that not all the stores can be judged on the same merits.


That's the truth. There are 3 L&Ms that are about 30 minutes from me and the cultures vary widely. Markham is easily the best of the three and it also blows away Cosmo and The Arts, which are also in that same radius.


----------



## colchar (May 22, 2010)

BlueRocker said:


> I've rarely had anything but excellent service from Long & McQuade. Compared to most places I shop, they're "Rockstars"



I've always had good experiences except at their North York store.




> Don't believe me, try returning something to Canadian Tire


Only once have I ever had a problem, the rest of the time they've been fine.





> or ask a Walmart employee to show you a TV that supports 120mhz refresh rate with local dimming.


Does Walmart even sell such a thing?


----------



## bzrkrage (Mar 20, 2011)

Alan Small said:


> unfortunately I have never had a single pleasant experience trying to shop at any L&M; always unknowing and poorly trained tie wearing nametags as staff.


----------



## fretzel (Aug 8, 2014)

I have to echo what was said above. I've never had a bad experience personally. Markham, Pickering and Oshawa stores have exceptional service IMO. North York could use a pep talk. LOL


----------



## Alan Small (Dec 30, 2019)

fair enough that we experience different cultures at various locations: I will keep trying to shop at them because i must aquire more stuff for some reason(i dont have a sports car or a trophy wife)


----------



## DavidP (Mar 7, 2006)

Long-time customer here. I only deal direct with the local store manager who I've known for years, and he treats me well. As others have said, the floor staff run the spectrum of knowledge/service/attitude, and that probably applies to the competition.


----------



## bw66 (Dec 17, 2009)

fretzel said:


> I have to echo what was said above. I've never had a bad experience personally. Markham, Pickering and Oshawa stores have exceptional service IMO. North York could use a pep talk. LOL


You've had better luck than me with Oshawa - though I have to admit I'm not as familiar a face in Oshawa as in other locations and I really believe that you get better service if they recognize you, no matter where you go. However, trying to blow me off with incorrect information is not cool - and Oshawa has two infractions in the last year or so.


----------



## fretzel (Aug 8, 2014)

bw66 said:


> You've had better luck than me with Oshawa - though I have to admit I'm not as familiar a face in Oshawa as in other locations and I really believe that you get better service if they recognize you, no matter where you go. However, trying to blow me off with incorrect information is not cool - and Oshawa has two infractions in the last year or so.


Sorry to hear that. I'm in Whitby so it is my closest location.


----------



## bw66 (Dec 17, 2009)

And it's down again...


----------



## jb welder (Sep 14, 2010)

player99 said:


> They are required by law to disclose info breaches?


I'm not sure, but if data was compromised, I'd think you might get a heads-up from your credit card company.


----------



## Electraglide (Jan 24, 2010)

player99 said:


> So back to why?





laristotle said:


> Practice for something more nefarious later on?


Pick an easy target and shut it down.....maybe toss a little something extra in there just for fun. If that works possibly go on to bigger and better targets.


davetcan said:


> I imagine that anyone with a Log in, or who receives emails from them is at risk. We won't know for awhile.


Possibly something along the lines of the Heartbleed bug of a few years ago. 


player99 said:


> They are required by law to disclose info breaches?


I think so.....at least to one power that be's. Whether or not the company eventually informs people on their mailing lists is a grey area. A full year of mandatory data breach reporting: What we’ve learned and what businesses need to know - Office of the Privacy Commissioner of Canada Could be a smart idea to wait a bit and hope what ever got into your system didn't hack into your contact list and start phishing.


----------



## Electraglide (Jan 24, 2010)

jb welder said:


> if data was compromised, I'd think you might get a heads-up from your credit card company.


Hopefully before things get hit hard but usually the credit card companies and banks find out after the fact. Hopefully you don't find out that you have a new credit card and a new bank acct./pay pal acct. etc.. They can mine enough info to do all sorts of things.


----------



## jdto (Sep 30, 2015)

It’s a good idea to use a credit monitoring service. There are paid and free ones that can tell you of any new activity, thus allowing you to recognize and report it. There are also software and websites that will search the hacker sites and the dark web list dumps to see if your email is out there. My wife just had a warning about her email being out there from a site called “evite” being hacked. I’m trying to get her to be more conscientious about password strength, so this might actually help.


----------



## jayoldschool (Sep 12, 2013)

On all online e commerce sites: checkout as "guest". Simple. Don't store your info and cards.


----------



## vadsy (Dec 2, 2010)




----------



## Waterloo (Dec 25, 2012)

Didn't read the posts between page one and now as I'm lazy so maybe I'm repeating something already said... I miss the days when you could just walk into a store and have a look around, find something you like and pay with paper money. This interconnectedness is the double-edge sword that some have warned us about. Feels like I'm not a consumer; I'm the product and someone out there is trying to steal me or sell me (read: my online tracks), whether it's hackers or FB and the like in order to sell it to companies or hold us up for ransom.


----------



## vadsy (Dec 2, 2010)

Waterloo said:


> I miss the days when you could just walk into a store and have a look around, find something you like and pay with paper money.


you can still do that.


----------



## Dorian2 (Jun 9, 2015)

Well that was old school. Wouldn't worry too much about your info folks.


----------



## jbealsmusic (Feb 12, 2014)

jayoldschool said:


> On all online e commerce sites: checkout as "guest". Simple. Don't store your info and cards.


Except that's not really how it works... The info you submit with your order (name, address, contact info, etc) will be in the system either way, because it is associated with the order you placed. That data will always be in the system, with or without a customer account. Creating a customer account lets you look up all your past orders, current order details, and it makes it easier to make future purchases at the same business. It also makes it easier on the business, should you need customer support. It doesn't increase your risk factor or exposure any more than placing an order as a guest does.

As for payments and credit card storage, that stuff is highly regulated and requires the same high security. The fact is, if you're willing to input your credit card info to place an order once, you already took on the same amount of risk as if you chose to store your credit card info. Of course, all of this is assuming you're purchasing from responsible and reputable businesses that stay up to date with their PCI compliance.

It's arguably more secure to store it, just like it's more secure to auto-fill passwords rather than type them in each time. The more times you type in a password or enter your credit card info manually, the greater your risk of a key-logger capturing those keystrokes.

Note that unlike with in-person transactions or phoned in orders, businesses never actually have full access to your credit card information when you place an order online. They can bill it, but they don't actually know anything but a few of the numbers (usually the last 4, but sometimes the first 4 also) and the expiry date, but never the CVV number on the back of your card. No one but the actual card holder should ever have direct access to the CVV number. That's why credit card companies tell people not to place phone orders. It's the least secure way to pay with a credit card.

The ways to protect yourself when online purchasing primarily have to do with your internet habits. Only browse secured websites and only purchase from secured websites. Only do it when on a secure connection, not an open/public one. Lastly, be smart about what you download and install on your computer.

If you place one order as a guest with a business, you already took on the same risk of exposure that you do if you open an account and store your credit card for future purchases. Again, all of this is assuming we're talking about purchasing from a company that stays up to date with their PCI compliance. The reality is if they get hacked, customer account or not, stored credit card or not, your data is at the same level of risk of exposure.


----------



## Electraglide (Jan 24, 2010)

jayoldschool said:


> On all online e commerce sites: checkout as "guest". Simple. Don't store your info and cards.


Use pre-paid credit cards if you can and don't give your phone number if you can help it. Burners come in handy.


----------



## BlueRocker (Jan 5, 2020)

Electraglide said:


> Use pre-paid credit cards if you can and don't give your phone number if you can help it. Burners come in handy.


Paypal is a one-time transaction - no opportunity for a dumb-ass retail website to retain your credit card information.


----------



## colchar (May 22, 2010)

Waterloo said:


> Didn't read the posts between page one and now as I'm lazy so maybe I'm repeating something already said... I miss the days when you could just walk into a store and have a look around, find something you like and pay with paper money.



Um, unless you are in lockdown you can still do that. Even if you are in lockdown, you can still do that in many stores.


----------



## colchar (May 22, 2010)

BlueRocker said:


> Paypal is a one-time transaction - no opportunity for a dumb-ass retail website to retain your credit card information.



But Paypal does and it can be hacked.


----------



## Granny Gremlin (Jun 3, 2016)

Wardo said:


> Even if it's back up now I'd give it a month or so before using it again. Which is too bad because I was thinking about getting a Pignose delivered. On the other hand, I have enough amps so perhaps this was a devine intervention ..lol



Go ahead and don't worry about it. A DDOS (Distributed Denial Of Service) attack is not penetrative (no security was breached) but a brute force method that overwhelms the site's front end with bot-driven transactional requests from multiple sources (the 'distributed' bit - means they can't just block an IP to stop it cuz coming from all over) so real people can't get through. It's usually a revenge thing, or cutting one's teeth as a newb hacker or maybe even extortion (pay me or it won't stop); you're not stealing data this way.


----------



## Electraglide (Jan 24, 2010)

BlueRocker said:


> Paypal is a one-time transaction - no opportunity for a dumb-ass retail website to retain your credit card information.


You give paypal your info and it's stored some where and that info is available to the right.....or wrong.....person. Paypal stores your credit card and/or bank account info among other stuff and it can be hit. Maybe not by a "dumb-ass" retail site but there are people who don't worry about that. I like where it says that they "may" share your personal data and info with others and, how they provide "reasonable protection" and "are not responsible etc.". 








PayPal







www.paypal.com


----------



## Electraglide (Jan 24, 2010)

Granny Gremlin said:


> Go ahead and don't worry about it. A DDOS (Distributed Denial Of Service) attack is not penetrative (no security was breached) but a brute force method that overwhelms the site's front end with bot-driven transactional requests from multiple sources (the 'distributed' bit - means they can't just block an IP to stop it cuz coming from all over) so real people can't get through. It's usually a revenge thing, or cutting one's teeth as a newb hacker or maybe even extortion (pay me or it won't stop); you're not stealing data this way.


If it overwhelms and effectively shuts down the site I'd say that security was breached. If there's something backpacking in all the info slammed into the site then it could be compromised. As I understand it the info is sent from multiple places/computers....who's to say that they are all bot driven and you figure somebody or groups of somebodies has to write the code and program the bots. That in itself can be a sell able commodity.


----------



## Granny Gremlin (Jun 3, 2016)

Electraglide said:


> If it overwhelms and effectively shuts down the site I'd say that security was breached. If there's something backpacking in all the info slammed into the site then it could be compromised. As I understand it the info is sent from multiple places/computers....who's to say that they are all bot driven and you figure somebody or groups of somebodies has to write the code and program the bots. That in itself can be a sell able commodity.



I mean you're entitled to your opinion, but from a technical standpoint, if it never gets past the login, then no, security was not breached in any proper meaning of the term. It's an attack; it's a threat; it's harmful to business, but not a breach. There's no transaction getting through for anything to piggy back on. It's like a traffic jam at the front door; nobody gets inside.

Its not particularly advanced programming and you can probably DL prefab scripts. The only complicated bit is the 'distributed' part. On the easy side you get yer buds from the wannabe hacker board to voluntarily host your botnet. On the advanced side you release a virus that turns unsuspecting infected computers into your bot hosts. The virus may have no other effect than to run the script and use your computers resources to do so; a user may not even notice. If there is a security breach it is here, on the unsuspecting user end, not on L&M's webserver end.


----------



## Electraglide (Jan 24, 2010)

Granny Gremlin said:


> I mean you're entitled to your opinion, but from a technical standpoint, if it never gets past the login, then no, security was not breached in any proper meaning of the term. It's an attack; it's a threat; it's harmful to business, but not a breach. There's no transaction getting through for anything to piggy back on. It's like a traffic jam at the front door; nobody gets inside.
> 
> Its not particularly advanced programming and you can probably DL prefab scripts. The only complicated bit is the 'distributed' part. On the easy side you get yer buds from the wannabe hacker board to voluntarily host your botnet. On the advanced side you release a virus that turns unsuspecting infected computers into your bot hosts. The virus may have no other effect than to run the script and use your computers resources to do so; a user may not even notice. If there is a security breach it is here, on the unsuspecting user end, not on L&M's webserver end.


Did it not shut down the site for a while? I still say that's a security breach. Doesn't have to be a transaction, just has to sneak something thru and into the site. Nobody gets inside thru the front door but there's always the back door.....and the windows.


----------



## Wardo (Feb 5, 2010)

We used to hang horse thieves; that law should be brought back for car thieves and computer hackers ... lol


----------



## Dorian2 (Jun 9, 2015)

Electraglide said:


> Did it not shut down the site for a while? I still say that's a security breach. Doesn't have to be a transaction, just has to sneak something thru and into the site. Nobody gets inside thru the front door but there's always the back door.....and the windows.


Those types of attacks don't work that way. It's a different security layer involved in actual transactions and user info and has nada to do with the DDOS attack.


----------



## Granny Gremlin (Jun 3, 2016)

Electraglide said:


> Did it not shut down the site for a while? I still say that's a security breach. Doesn't have to be a transaction, just has to sneak something thru and into the site. Nobody gets inside thru the front door but there's always the back door.....and the windows.


The site was still up just nobody could get there because this one 800lbs dude (made up of a thousand 0.8lb dudes, all knocking at once) was standing in the doorway and wouldn't move. L&M then took it down themselves (putting up that screenshotted page above) as part of the process to get rid of the dude(s).


----------



## Electraglide (Jan 24, 2010)

Dorian2 said:


> Those types of attacks don't work that way. It's a different security layer involved in actual transactions and user info and has nada to do with the DDOS attack.


Who said that the only desired result of the attack would be to get user info etc.? There's various other ways to get that, including from what it looks like just asking PayPal.








PayPal







www.paypal.com




They're such a loving company they share, and from the sounds of it with or without your consent.


----------



## Dorian2 (Jun 9, 2015)

Electraglide said:


> Who said that the only desired result of the attack would be to get user info etc.? There's various other ways to get that, including from what it looks like just asking PayPal.
> 
> 
> 
> ...


I was talking about DDOS attacks. Nothing more. Not sure what you're saying with this to be honest. Different topic all together.


----------



## Waterloo (Dec 25, 2012)

colchar said:


> Um, unless you are in lockdown you can still do that. Even if you are in lockdown, you can still do that in many stores.


For sure but not everywhere as you've pointed out. Tried on my new hiking boots on the loading dock at Adventure Guide. I was just being nostalgic in my prev post.


----------



## colchar (May 22, 2010)

The L&M website is down again.


----------



## 1SweetRide (Oct 25, 2016)

colchar said:


> The L&M website is down again.


Noticed that. Hope they can fix it soon and it's not another attack.


----------



## colchar (May 22, 2010)

1SweetRide said:


> Noticed that. Hope they can fix it soon and it's not another attack.




I just got an email from the Assistant Manager at my local store who had found something for me, so it must be back up internally but when I tried to check something on it myself it was still down for me.


----------

