BreachExchange mailing list archives
Claims First State Super flaw ignored for 'years'
From: security curmudgeon <jericho () attrition org>
Date: Wed, 19 Oct 2011 21:03:51 -0500 (CDT)
http://www.smh.com.au/it-pro/security-it/claims-first-state-super-flaw-ignored-for-years-20111020-1m9ao.html Claims First State Super flaw ignored for 'years' Asher Moses October 20, 2011 - 12:09PM The company that manages the day-to-day operations of First State Super denies claims by a former IT staffer that it knew of a major security flaw that potentially exposed 770,000 member details years ago and did nothing. The flaw, exposed by IT security consultant Patrick Webster, allowed members to access other members' statements simply by changing a number in the URL bar. [..] It claims the only statements that were accessed without permission with the 568 downloaded by Webster when he was testing the security flaw. [..] One First State customer who contacted Fairfax Media said they stumbled across the security flaw while checking their statement more than 18 months ago. ''I discovered the problem completely by accident,'' the customer said. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Claims First State Super flaw ignored for 'years' security curmudgeon (Oct 19)