funsec mailing list archives
Astroglide Website Helps Hackers Insert Rogue Code, Reader Reports
From: "Fergie" <fergdawg () netzero net>
Date: Tue, 1 May 2007 00:10:29 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via Threat Level. [snip] Just last week BioFilm, the maker of the popular sexual lubricant Astroglide, confirmed that it had failed to properly secure the names and addresses of more than 250,000 individuals who requested free samples which resulted in those files showing up in a Google search for those individuals' names. Now THREAT LEVEL reader Ronald van den Heetkamp reports that he found that the Astroglide website is vulnerable to SQL injections, a potentially much more serious threat to Astroglide customer privacy than not keeping names and addresses where Google can find them. [snip] More: http://blog.wired.com/27bstroke6/2007/04/astroglide_webs.html - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.1 (Build 1012) wj8DBQFGNoVsq1pz9mNUZTMRAtJwAJ9m3NZtX90U96uAr+gWxPTmMHAivQCfUG83 2nNnwEz6zTqSIbUGlgy3AfM= =Rwo0 -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Astroglide Website Helps Hackers Insert Rogue Code, Reader Reports Fergie (Apr 30)