[ISN] Card numbers, other details easily available at online stores

From: cult hero (jerichoat_private)
Date: Thu Apr 22 1999 - 17:52:28 PDT

  • Next message: cult hero: "[ISN] CIH virus to hit April 26th. Infecting tens of thousands"

    Forwarded From: 7Pillars Partners <partnersat_private>
    Card numbers, other details easily available at online stores
    6.38 a.m. ET (1039 GMT) April 22, 1999
    FOOTNOTE: LOS ANGELES (AP) There are gaping holes in the security webs of
    more than 100 small Internet retailers, allowing anyone with a little
    computer savvy to obtain shoppers' credit card numbers and other personal
    information, a technician warned. 
    The retail sites, and probably hundreds more, incorrectly installed
    "shopping cart'' software that is used to take customer orders, leaving
    confidential material in files that virtually anyone can find with a World
    Wide Web search engine, said Joe Harris, a computer technician at
    Seattle-based Blarg Online Services, an Internet service provider. 
    "There are inexperienced Web site developers out there who don't know how
    to set up an online store safely, but they don't tell their clients,''
    Harris said Wednesday. 
    Harris said he found the problem while reviewing an online store hosted by
    his service. 
    The Los Angeles Times reported today that it managed to download more than
    100 pages of credit card numbers, travel reservations, e-mail and other
    information from Internet sites. 
    Among the computer programs that are vulnerable include those from Order
    Form, Seaside Enterprises, QuikStore, PDGSoft and Mercantec. 
    QuikStore said only two of its estimated 700 users have reported problems
    with the shopping carts. 
    "It's not necessarily their fault,'' said Dwight Vietzke, a spokesman for
    QuikStore. "These are things that fall through the cracks.''
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Hacker News Network [www.hackernews.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:22:36 PDT