andsome Posted November 19, 2003 Report Share Posted November 19, 2003 - Security flaws in two British online stores - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)Madrid, November 18, 2003 - Silicon.com has announced -athttp://www.silicon.com/software/security/0...9116938,00.htm- thatover the last few days, two major online stores in the UK -B&Q and Argos-have been affected by security flaws that have left client data vulnerable.The problem at the B&Q store allowed access to user accounts to anyoneaccessing the website, without the need for in-depth IT knowledge. Intheory, an attacker could access and modify the data obtained (includinge-mail address, full name, address, telephone number) and if the user hadentered credit card details, the attacker could purchase goods online.The problem at Argos on the other hand lies in the weak security procedurewhen a user has forgotten their password. In this event, users are asked toreply to a question, which is all too often guessable, and then by answeringthe question correctly users go straight through to account details, ratherthan any subsequent level of security, such as e-mailing a new password orsecure URL to the customer's registered email address.Reports like these concerning digital stores are becoming more frequent. Onthe whole, these flaws are less down to failure to apply patches or systemconfiguration than to the programming by the business itself. NOTE: The address above may not show up on your screen as a single line.This would prevent you from using the link to access the web page. If thishappens, just use the 'cut' and 'paste' options to join the pieces of theURL.------------------------------------------------------------The 5 viruses most frequently detected by Panda ActiveScan, Panda Software'sfree online scanner: 1)Parite.B; 2)Bugbear.B; 3)Blaster; 4)Klez.I;5)Blaster.E.------------------------------------------------------------To unsubscribe from Oxygen3 24h-365d, please visit:http://www.pandasoftware.com/unsubscribe.aspTo contact with Panda Software, please visit:http://www.pandasoftware.com/about/contact/------------------------------------------------------------ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.