Ikea closes global spam hole

[Juha-Matti Laurio <juha-matti.laurio () netti fi>]

> From the Computerworld Denmark:

"COPENHAGEN -- The global furniture company Ikea has closed a serious security hole that for an unknown period of time 
gave hackers and phishers a free rein to exploit the company's mail server.

The security gap made it possible for anyone to create a potent spam service, using the company's international mail 
server in Sweden as the sender.

The reason is that the contact template on the company's home page was not adequately secured,
making it possible to insert alternative e-mail addresses in a contact form on the home page in a number of countries."

And one piece of information related to the reason of spam hole itself:

"The security problem was originally discovered by IT architect Jonas Thomsen.
"It is a standard form-submit, which can be utilized mechanically in all respects. And it can be used to send loads of 
e-mails," Thomsen said.

Thomsen warned Ikea of a security problem during the weekend, but Ikea chose not to close the gap until the following 
Thursday."

More at
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=internet_business&articleId=9057278&taxonomyId=71&intsrc=kc_top

IKEA really emphasizes security in its business...
IKEA prints customer ID and entire credit card number to receipts:
http://linuxbox.org/pipermail/funsec/2007-November/015371.html
 
Juha-Matti
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.