http://risky.biz/minter By Patrick Gray risky.biz October 14, 2011 Australian security researcher Patrick Webster has received a letter from commercial law firm Minter Ellison demanding he turn over his computer to its client First State Superannuation. The legal threat follows Webster's disclosure of a serious and trivially exploitable security vulnerability in First State Superannuation's website to the company in September. The flaw allowed any logged in member to access other member's statements by changing a single digit in their browser's URL bar. The letter, received today, threatens to pursue Webster for costs incurred "in dealing with this matter" if he does not agree to delete all information he obtained by demonstrating the flaw and promise to never attempt to access other member information again. [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Fri Oct 14 2011 - 01:22:16 PDT
This archive was generated by hypermail 2.2.0 : Fri Oct 14 2011 - 01:35:20 PDT