Forwarded From: Mark Merkow <Mark.Merkowat_private> http://www.webreference.com/ecommerce/mm/column25/ April 29, 1999 E-commerce Security Threats Are Legion Protect your site! Security placed in the wrong hands is worse than no security at all. Learn what's required to keep out of harms way in implementing and managing your e-commerce site. "This is like walking down the street and finding a black Hefty bag filled with 300 credit cards, all valid. Names, addresses, phone numbers, credit card numbers, email addresses -- it was all there. This is a nightmare." - Joe Harris' recent comments about the shopping card vulnerabilities he discovered and reported to the Bugtraq security mailing list. In last week's Internetnews.com report Shopping Carts Expose Order Data, Brian McWilliams underscores how vulnerable e-commerce sites truly are and emphasizes the need for experienced professionals to help create and manage any serious undertakings in the e-commerce realm. In case you missed the report, Joe Harris, a senior technical support professional at Blarg Online Services, discovered that improperly configured shopping cart software will create a world-readable log file of transaction data that resides in a directory accessible via the public Internet. Upon further investigation, Harris found vulnerabilities in shopping cart systems from: * Extropia (WebStore) * Order Form (a shareware system) * EZMall 2000 (Seaside Enterprises) * QuickStore (from QuickStore software) * PDG Shopping Cart (PDGSoft) * SoftCart (Mercantec) "All of these carts could have been secured by following the instructions that came with the CGI. The reason I found all of these is because the people did not follow those guidelines." said Harris. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Hacker News Network [www.hackernews.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:23:03 PDT