On TV.com: THE OFFICE: Cue Sad Horn Noise
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 19 of 78:
Next »
« Previous
perfect example
A perfect example of ignorance in these matters --- A while ago, I was going to use an online pharmacy to order the prescriptions needed by my family. I decided to check security on this rather large, very popular website (it shall be unnamed, though people using the site really should know). The web server was running on a Solaris 9 box, using Apache, with the daemon running as root. It was so insecure it took a matter of 5 minutes or so to be ssh'ed into the machine under a root account, at which time there was complete access to the users names, addresses, phone numbers, credit card information, and order histort (all this contained in a mySQL Database on the local server). I notified the company of the lack of security, and gave information on how to secure the site. I never used any of the information that was presented, and I immediately notified the company of the serious security issues and what they can do to fix the problems they had. They replied by threatening to arrest me and a myriad other legal actions. They shall remain nameless, especially since even almost a year later, the same security holes exist. They not only threatened me, but they ignored my very helpful advice. There are litterly thousands of customers on this site that have no idea of how this ignorance compromises their personal information. I have never offered this type of advise again, but I do feel sorry for the users of insecure sites like these that could be harmed.
Posted by: sabayer   Posted on: 11/04/05 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

network security in future tense...  nynetsec | 11/04/05
Poacher turned Game Keeper?  Doc Farmer | 11/04/05
It takes one to know one...  StephG72 | 11/04/05
There are very few people more qualified than Kevin  sabayer | 11/04/05
Convicted Criminal  Dr_Zinj | 11/04/05
The laws are flawed...  cburgess | 11/04/05
Convicted Criminal  Doc Farmer | 11/04/05
The Spirit of 1776  cburgess | 11/04/05
Anarchy vs. Civilization  paulpuente@... | 11/06/05
Topic focus  cburgess | 11/07/05
Anarchy vs. Civilization  paulpuente@... | 11/06/05
Good post, except I think you meant...  dsentman@... | 11/06/05
Anne Frank  cburgess | 11/07/05
Convicted Criminal  sabayer | 11/04/05
It is called BIGOTRY  cburgess | 11/04/05
Actually, not quite true.  maldain | 11/04/05
But...  cburgess | 11/04/05
Those who are more qualified...  cburgess | 11/04/05
perfect example  sabayer | 11/04/05
Very true...  cburgess | 11/04/05
Turnabout is fair play  pwalters@... | 11/04/05
(Conman != wizard)  berk25@... | 11/04/05
Security Software...  cburgess | 11/04/05
Flawed logic...  cburgess | 11/04/05
So True  IceTheNet@... | 11/04/05
Wrong  Umbar | 11/04/05
Very Close....  cburgess | 11/04/05
True, but...  Umbar | 11/04/05
Agree  cburgess | 11/07/05
give it a rest  SC-man | 11/07/05
sh33p  cburgess | 11/07/05
SC-man  cburgess | 11/07/05
133+ 5|-|33p  SC-man | 11/08/05
Shut up  IceTheNet@... | 11/04/05
Wow  Doc Farmer | 11/04/05
Actually I will bet that..  drew1313 | 11/05/05
I agree with Marcus Ranum, it is a dumb idea to idolize 'hackers'  dstahl@... | 11/04/05
The 6 dumbest...  cburgess | 11/04/05
not all bad  sabayer | 11/04/05
Code Wars with MIT  cburgess | 11/04/05
code wars  sabayer | 11/08/05
Begin with...  cburgess | 11/08/05
Do you?  drew1313 | 11/05/05
No.  Umbar | 11/05/05
It is good to know...  cburgess | 11/07/05
Thank's Mitnick  IceTheNet@... | 11/04/05
Good Hackers  uppy | 11/04/05
Convictions  preacherx | 11/04/05
preach it!  cburgess | 11/04/05
The Reality of Hacking  cburgess | 11/04/05
Sorry not quite true anymore  maldain | 11/04/05
A case of mistaken Identity...  cburgess | 11/04/05
Kind of...  Umbar | 11/05/05
Boogyman  cburgess | 11/07/05
The Reality Of Exploitation  node357 | 11/05/05
Crackers = Criminal Hackers  cburgess | 11/08/05
False Logic  paulpuente@... | 11/06/05
Respect for property  cburgess | 11/08/05
Wrong caption on his picture  gordon@... | 11/04/05
No, security expert fits perfectly  biajja | 11/04/05
If a murderer...  cburgess | 11/04/05
For some...  Umbar | 11/04/05
Oh, so Mitnick is an apostle now?  gordon@... | 11/05/05
Man's got to make a living somehow  cburgess | 11/07/05
Hacker humor...  cburgess | 11/04/05
With the way things are going...  Rincon Bikerider | 11/04/05
Or...  cburgess | 11/04/05
Hackers hack bin Ladin  cburgess | 11/04/05
COOL!!!!  drew1313 | 11/05/05
Intelligence contributions to national security  cburgess | 11/07/05
A bit dramatic and expensive.  osreinstall | 11/04/05
Hackers better users still weak  Boot_Agnostic | 11/05/05
Vendors are the blame...  cburgess | 11/08/05
Lots of interesting opinions here  netminder | 11/05/05
Excellent post  dsentman@... | 11/06/05
Excellent points.  cburgess | 11/07/05
to netminder about reflecting morality  Hrothgar - PCLinuxOS User | 11/08/05
Freedom of Speech  cburgess | 11/07/05

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement

SmartPlanet

Click Here