[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Card numbers, other details easily available at online stores
From:       cult hero <jericho () dimensional ! com>
Date:       1999-04-23 0:52:28
[Download RAW message or body]


Forwarded From: 7Pillars Partners <partners@sirius.infonex.com>

Card numbers, other details easily available at online stores
6.38 a.m. ET (1039 GMT) April 22, 1999
   
FOOTNOTE: LOS ANGELES (AP) There are gaping holes in the security webs of
more than 100 small Internet retailers, allowing anyone with a little
computer savvy to obtain shoppers' credit card numbers and other personal
information, a technician warned. 
     
The retail sites, and probably hundreds more, incorrectly installed
"shopping cart'' software that is used to take customer orders, leaving
confidential material in files that virtually anyone can find with a World
Wide Web search engine, said Joe Harris, a computer technician at
Seattle-based Blarg Online Services, an Internet service provider. 
     
"There are inexperienced Web site developers out there who don't know how
to set up an online store safely, but they don't tell their clients,''
Harris said Wednesday. 
     
Harris said he found the problem while reviewing an online store hosted by
his service. 
     
The Los Angeles Times reported today that it managed to download more than
100 pages of credit card numbers, travel reservations, e-mail and other
information from Internet sites. 
     
Among the computer programs that are vulnerable include those from Order
Form, Seaside Enterprises, QuikStore, PDGSoft and Mercantec. 
     
QuikStore said only two of its estimated 700 users have reported problems
with the shopping carts. 
     
"It's not necessarily their fault,'' said Dwight Vietzke, a spokesman for
QuikStore. "These are things that fall through the cracks.''


-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Hacker News Network [www.hackernews.com]

[prev in list] [next in list] [prev in thread] [next in thread]