[ISN] Auction security holes

From: mea culpa (jerichoat_private)
Date: Thu Sep 24 1998 - 11:33:31 PDT

  • Next message: mea culpa: "[ISN] Firm attacks digital pirates"

    Forwarded From: blueskyat_private
    
    http://www.news.com/SpecialFeatures/0,5,26760,00.html?owv
    
    Auctions close major security hole
    By Janet Kornblum
    Staff Writer, CNET News.com
    September 24, 1998, 4:00 a.m. PT 
    
    Hundreds and perhaps thousands of credit card numbers, home addresses, and
    phone numbers were exposed for months through a gaping security hole on
    many small Internet auction sites, raising serious questions about the
    effectiveness of online safeguards, CNET News.com has learned.
    
    Security experts said the problem was especially alarming because, unlike
    more technically complicated software problems, this one left records
    exposed to virtually anyone who happened to click on the right Web page
    listings.
    
    Records at several sites using older versions of the same auction software
    were exposed when administrators either did not secure their sites with
    keys or otherwise failed to use the software properly. The risk varied
    from site to site, ranging from data immediately accessible with a few
    mouse clicks to information obtainable through rudimentary hacking. 
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:05:37 PDT