Kevin Poulsen, SecurityFocus 2003-09-25
At least 1,000 automobile shoppers who submitted online credit applications to any of 150 different automotive dealerships around the U.S. had their personal and financial details exposed on a publicly-accessible website, according to a computer security consultant who stumbled across the privacy gaffe.
Colapse all |
Post comment
Car shoppers' credit details exposed in bulk
2003-09-25
Anonymous (3 replies)
Anonymous (3 replies)
Car shoppers' credit details exposed in bulk
2003-09-26
Jake (1 replies)
Jake (1 replies)
Er, from what it said, it didn't take that much skill; someone found a link to a "hidden" page which gave out the credit card info.
Dealerskins reply in the final paragraph seems to say "We're going to get hacked anyway, so we might as well be nice to those hackers and make it easy for them. Oh,...
[ more ] [ reply ]
Dealerskins reply in the final paragraph seems to say "We're going to get hacked anyway, so we might as well be nice to those hackers and make it easy for them. Oh,...
[ more ] [ reply ]
Those wascally hackers
2003-09-25
Anonymous (1 replies)
Anonymous (1 replies)
Yes, given enough time and resources, you too may be able to "read HTML source code" someday! However, beware the years of arduous study required for such a task.
Indeed this is the holy grail of hacker knowledge!...
[ more ] [ reply ]
Indeed this is the holy grail of hacker knowledge!...
[ more ] [ reply ]
Car shoppers' credit details exposed in bulk
2003-09-25
Anonymous (2 replies)
Anonymous (2 replies)
The question in my mind is; why would anyone who just wanted to make a service appointmnet spend hours looking for a security breach and then downloading 1000 credit applications? IF, they had a real job? Obviously they had A LOT of time on their hands. This hardly sounds quite as innocent or hel...
[ more ] [ reply ]
[ more ] [ reply ]
Car shoppers' credit details exposed in bulk
2003-09-30
Good Samaritan
Good Samaritan
Common folks - What this guy did took little knowledge and little time. The code on the page (and we are talking clear text here) referenced a page. He went to that page. He got booted to an admin page. (Admin pages that come with web tools are normally not secured.) He looked at the URL and sa...
[ more ] [ reply ]
[ more ] [ reply ]
Car shoppers' credit details exposed in bulk
2003-09-25
Anonymous (2 replies)
Anonymous (2 replies)
Car shoppers' credit details exposed in bulk
2003-09-26
Anonymous (1 replies)
Anonymous (1 replies)
Car shoppers' credit details exposed in bulk
2003-09-29
Roger
Roger
Anonymous wrote:
> Oh hold on, slow down. Right-click what?
Right-click the web page you are looking at. A "context sensitive menu" will pop up. One of the options is "View Page Source" or "View Source". Selecting that option shows you the HTML instructions for the page you are looking at. It ta...
[ more ] [ reply ]
> Oh hold on, slow down. Right-click what?
Right-click the web page you are looking at. A "context sensitive menu" will pop up. One of the options is "View Page Source" or "View Source". Selecting that option shows you the HTML instructions for the page you are looking at. It ta...
[ more ] [ reply ]
Shame on you, Security Focus?
2003-09-26
Anonymous (2 replies)
Anonymous (2 replies)
Let me get this straight, some anon. source finds a whole, and then instead of working with the vendor -- they go to Security Focus so you can have a "scoop"?
...
[ more ] [ reply ]
...
[ more ] [ reply ]
Shame on you, Security Focus?
2003-09-28
Anonymous
Anonymous
Let me get this straight. You would have the guy come forward and identify himself to the company in an effort to correct the situation?
That plan didn't seem to work out so well for Adrian Lamo, now did it?
Great job Mr. Poulsen and Security Focus, for allowing a venue where people feel that...
[ more ] [ reply ]
That plan didn't seem to work out so well for Adrian Lamo, now did it?
Great job Mr. Poulsen and Security Focus, for allowing a venue where people feel that...
[ more ] [ reply ]
Shame on you, Security Focus?
2003-09-29
Anonymous
Anonymous
"Anonymous" ironically criticized anonymity by writing:
> Let me get this straight, some anon. source finds a whole, and then instead of working with the vendor -- they go to Security Focus so you can have a "scoop"?
Yeah, and so recently after the major headlines about the FBI prosecuting some...
[ more ] [ reply ]
> Let me get this straight, some anon. source finds a whole, and then instead of working with the vendor -- they go to Security Focus so you can have a "scoop"?
Yeah, and so recently after the major headlines about the FBI prosecuting some...
[ more ] [ reply ]
Car shoppers' credit details exposed in bulk
2003-09-26
Grimm (1 replies)
Grimm (1 replies)
It takes only rudmentary knowledge of html to sort through and pick out a blatantly obvious flaw like this. Shame on their IT security for not knowing better. They deserve whatever befalls them over this....
[ more ] [ reply ]
[ more ] [ reply ]
Shame on their IT security?
2003-09-30
Anonymous
Anonymous
I blame the CIO, who clearly is an idiot. Does he even have an IT security staff?
More than likely, the CIO's idea of IT security is a web designer who set up a web server and believed that because the transaction was handled via SSL, everything was encrypted.
Besides this, how often is IT se...
[ more ] [ reply ]
More than likely, the CIO's idea of IT security is a web designer who set up a web server and believed that because the transaction was handled via SSL, everything was encrypted.
Besides this, how often is IT se...
[ more ] [ reply ]
CIO = Buffoon
2003-09-26
Anonymous
Anonymous
From its press release, Dealerskins shows itself culturally and technically incompetent. It will never be able to secure this database.
It has been my experience that CTO's and CIO's may have MBA's, but usually have no understanding of the technology they are supposed to be managing. That is beyo...
[ more ] [ reply ]
It has been my experience that CTO's and CIO's may have MBA's, but usually have no understanding of the technology they are supposed to be managing. That is beyo...
[ more ] [ reply ]
Car shoppers' credit details exposed in bulk
2003-09-27
0ption
0ption
it all comes down to this...html is one of the easieast things to look at without proir understanding and get even a faint concept of whats going on. Also i veiw source on lots of sites just to see how "they" did it. Not to mention if you knew htlm pretty good and you knew that there are risks in pu...
[ more ] [ reply ]
[ more ] [ reply ]
Car shoppers' credit details exposed in bulk
2003-10-01
BojanTrojan
BojanTrojan
Scenario:
You're an IT Director using a CRM package with a serious security bug you've just discovered. Every one of the over 5000 installations of this software are easily compromised with knowledge of this bug.
What do you do?
1. Nothing
2. Alert the vendor and maybe get a medal.
3. Sta...
[ more ] [ reply ]
You're an IT Director using a CRM package with a serious security bug you've just discovered. Every one of the over 5000 installations of this software are easily compromised with knowledge of this bug.
What do you do?
1. Nothing
2. Alert the vendor and maybe get a medal.
3. Sta...
[ more ] [ reply ]
Car shoppers' credit details exposed in bulk
2003-10-02
Anonymous
Anonymous
This appears to be a no win situation for anyone with some computer knowledge. There have been too many accounts of people stumbling onto a vulnerability and getting screwed for it. There has to be a way for a consumer to identify a problem and report it without that person being investigated by th...
[ more ] [ reply ]
[ more ] [ reply ]
...
[ more ] [ reply ]