funsec mailing list archives
Ikea closes global spam hole
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Mon, 21 Jan 2008 15:13:23 +0200 (EET)
From the Computerworld Denmark:
"COPENHAGEN -- The global furniture company Ikea has closed a serious security hole that for an unknown period of time gave hackers and phishers a free rein to exploit the company's mail server. The security gap made it possible for anyone to create a potent spam service, using the company's international mail server in Sweden as the sender. The reason is that the contact template on the company's home page was not adequately secured, making it possible to insert alternative e-mail addresses in a contact form on the home page in a number of countries." And one piece of information related to the reason of spam hole itself: "The security problem was originally discovered by IT architect Jonas Thomsen. "It is a standard form-submit, which can be utilized mechanically in all respects. And it can be used to send loads of e-mails," Thomsen said. Thomsen warned Ikea of a security problem during the weekend, but Ikea chose not to close the gap until the following Thursday." More at http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=internet_business&articleId=9057278&taxonomyId=71&intsrc=kc_top IKEA really emphasizes security in its business... IKEA prints customer ID and entire credit card number to receipts: http://linuxbox.org/pipermail/funsec/2007-November/015371.html Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Ikea closes global spam hole Juha-Matti Laurio (Jan 21)