Astroglide Website Helps Hackers Insert Rogue Code, Reader Reports

["Fergie" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via Threat Level.

[snip]

Just last week BioFilm, the maker of the popular sexual lubricant
Astroglide, confirmed that it had failed to properly secure the names and
addresses of more than 250,000 individuals who requested free samples which
resulted in those files showing up in a Google search for those
individuals' names.

Now THREAT LEVEL reader Ronald van den Heetkamp reports that he found that
the Astroglide website is vulnerable to SQL injections, a potentially much
more serious threat to Astroglide customer privacy than not keeping names
and addresses where Google can find them.

[snip]

More:
http://blog.wired.com/27bstroke6/2007/04/astroglide_webs.html

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.1 (Build 1012)

wj8DBQFGNoVsq1pz9mNUZTMRAtJwAJ9m3NZtX90U96uAr+gWxPTmMHAivQCfUG83
2nNnwEz6zTqSIbUGlgy3AfM=
=Rwo0
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.