[ISN] Cisco blunders with insecure web page

From: InfoSec News (isnat_private)
Date: Thu Apr 25 2002 - 01:09:13 PDT

  • Next message: InfoSec News: "Re: [ISN] FC: More on hoopla.com domain reportedly stolen via fax to Verisign"

    Wednesday 24th April 2002
    Cisco has been forced to close an online registration form after
    neglecting to secure the web page.
    The page was part of a marketing programme which offered Cisco's
    second-tier resellers in Europe the chance to increase marketing funds
    if they upped sales of certain Cisco products.
    But applicants registering for the programme online discovered their
    banking and company details were going onto an open web page. When one
    irate silicon.com reader called the Cisco helpdesk, he was informed
    that the company was aware of the problem because several other users
    had complained.
    Helpdesk staff recommended that users enter fake details on the web
    and forward the real information in the post, a course of action our
    reader regarded as an extreme waste of time.
    In a statement, Cisco said it had pulled the registration URL for 48
    hours to install SSL (secure sockets layer) - a common way of securing
    web pages.
    A spokesman for the company said: "I can only put it down to an
    unfortunate oversight in corporate procedure&not a great deal of
    people have been affected but that's no excuse."
    The registration site had been running for 10 days before it was taken
    down on Monday. Cisco said just 100 people had registered in that
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Apr 25 2002 - 04:10:01 PDT