As a follow-on to the numerous reports of EC app security vulnerabilities, I thought that I would add my $.02. I did a (fairly) detailed analysis of WebStore ( http://www.extropia.com/scripts/web_store.html ) and have published my paper at http://www.cse.ogi.edu/~fredb/cse527paper.html for all to read. While WebStore has already been mentioned in a thread here, the detail given was limited. If you desire additional information, my report may be of interest. In addition to the unauthorized access to order information, I found potential denial of service or installation corruption issues that, while not as large a problem as publication of credit card numbers, are still significant problems in the product. fred Fred Bower Standard Disclaimers Apply fredbat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:44:10 PDT