[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Auction security holes
From:       mea culpa <jericho () dimensional ! com>
Date:       1998-09-24 18:33:31
[Download RAW message or body]


Forwarded From: bluesky@rcia.com

http://www.news.com/SpecialFeatures/0,5,26760,00.html?owv

Auctions close major security hole
By Janet Kornblum
Staff Writer, CNET News.com
September 24, 1998, 4:00 a.m. PT 

Hundreds and perhaps thousands of credit card numbers, home addresses, and
phone numbers were exposed for months through a gaping security hole on
many small Internet auction sites, raising serious questions about the
effectiveness of online safeguards, CNET News.com has learned.

Security experts said the problem was especially alarming because, unlike
more technically complicated software problems, this one left records
exposed to virtually anyone who happened to click on the right Web page
listings.

Records at several sites using older versions of the same auction software
were exposed when administrators either did not secure their sites with
keys or otherwise failed to use the software properly. The risk varied
from site to site, ranging from data immediately accessible with a few
mouse clicks to information obtainable through rudimentary hacking. 


-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

[prev in list] [next in list] [prev in thread] [next in thread]