Forwarded From: 7Pillars Partners <partnersat_private> Card numbers, other details easily available at online stores 6.38 a.m. ET (1039 GMT) April 22, 1999 FOOTNOTE: LOS ANGELES (AP) There are gaping holes in the security webs of more than 100 small Internet retailers, allowing anyone with a little computer savvy to obtain shoppers' credit card numbers and other personal information, a technician warned. The retail sites, and probably hundreds more, incorrectly installed "shopping cart'' software that is used to take customer orders, leaving confidential material in files that virtually anyone can find with a World Wide Web search engine, said Joe Harris, a computer technician at Seattle-based Blarg Online Services, an Internet service provider. "There are inexperienced Web site developers out there who don't know how to set up an online store safely, but they don't tell their clients,'' Harris said Wednesday. Harris said he found the problem while reviewing an online store hosted by his service. The Los Angeles Times reported today that it managed to download more than 100 pages of credit card numbers, travel reservations, e-mail and other information from Internet sites. Among the computer programs that are vulnerable include those from Order Form, Seaside Enterprises, QuikStore, PDGSoft and Mercantec. QuikStore said only two of its estimated 700 users have reported problems with the shopping carts. "It's not necessarily their fault,'' said Dwight Vietzke, a spokesman for QuikStore. "These are things that fall through the cracks.'' -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Hacker News Network [www.hackernews.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:22:36 PDT