[ISN] Cracks in the foundations of local ISP, MWeb?

From: mea culpa (jerichot_private)
Date: Mon Jul 20 1998 - 20:13:11 PDT

  • Next message: mea culpa: "Re: [ISN] Windows 98 disables Microsoft competitors' software"

    Forwarded From: Simon Taplin <stickert_private>
    
    Comnputerweek 18 May 1998 Vol21 No 19
    Cracks in the foundations of local ISP, MWeb?
    Hackers Find a way in
    
    Security - Jason Norwoord-Young
    
    Hackers claim they have broken into M-Web's servers and obtained
    information from 30 000 user accounts containint 8 000 credit card
    numbers.  A log in Computerweek's posession purpors to show a hacker
    entering through M-Web's mail server, obtaining root access and accessing
    the www.mweb.co.za machine. 
    
    Although acknowledging that it may have been hacked, M-Web denies that its
    account information has fallen into the wrong hands. It says that this
    information is not accessible from the Internet, and is kept entirely on
    back-end servers. 
    
    Gary Bonney, marketing director for M-Web, states that the hackers have "a
    complete lack of understanding of our system and out security needs,
    casting doubt on the validity of their information." 
    
    However, Bretton Vine, MD of the SA Tiger Team Initiative (SATII), a
    security consultant group, argues that M-Web's account information is
    available on the Web "for a price or for trade of information".  He
    maintains M-Web has no back-end server, and that all of its servers are
    accessible over the Web. 
    
    "SATTI has approached M-Web on numerous occasions, but to no avail. They
    believe that their technical staff have the competency rtequired to
    protect their site," says Vine. 
    
    "Are we aware when hackers come in? Generally. Do we pursue them? 
    Absolutely!" states Bonney. 
    
    Vine claims that any ISP that uses Windows NT server is at high risk, and
    rates IS as having the best security in SA, followed by UUNet, Iafrica and
    GIA. 
    
    
    -o-
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:59:01 PDT