Jump to content

- Security flaws in two British online stores -


andsome
 Share

Recommended Posts

- Security flaws in two British online stores -

Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, November 18, 2003 - Silicon.com has announced -at

http://www.silicon.com/software/security/0...9116938,00.htm- that

over the last few days, two major online stores in the UK -B&Q and Argos-

have been affected by security flaws that have left client data vulnerable.

The problem at the B&Q store allowed access to user accounts to anyone

accessing the website, without the need for in-depth IT knowledge. In

theory, an attacker could access and modify the data obtained (including

e-mail address, full name, address, telephone number) and if the user had

entered credit card details, the attacker could purchase goods online.

The problem at Argos on the other hand lies in the weak security procedure

when a user has forgotten their password. In this event, users are asked to

reply to a question, which is all too often guessable, and then by answering

the question correctly users go straight through to account details, rather

than any subsequent level of security, such as e-mailing a new password or

secure URL to the customer's registered email address.

Reports like these concerning digital stores are becoming more frequent. On

the whole, these flaws are less down to failure to apply patches or system

configuration than to the programming by the business itself.

NOTE: The address above may not show up on your screen as a single line.

This would prevent you from using the link to access the web page. If this

happens, just use the 'cut' and 'paste' options to join the pieces of the

URL.

------------------------------------------------------------

The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's

free online scanner: 1)Parite.B; 2)Bugbear.B; 3)Blaster; 4)Klez.I;

5)Blaster.E.

------------------------------------------------------------

To unsubscribe from Oxygen3 24h-365d, please visit:

http://www.pandasoftware.com/unsubscribe.asp

To contact with Panda Software, please visit:

http://www.pandasoftware.com/about/contact/

------------------------------------------------------------

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy