Information Security News mailing list archives
FTC Denies Web Site Security Hole
From: InfoSec News <isn () C4I ORG>
Date: Wed, 13 Dec 2000 23:00:01 -0600
http://www.computeruser.com/news/00/12/13/news5.html By David McGuire December 13, 2000 The Federal Trade Commission (FTC) has angrily refuted a news story that its Web site is vulnerable to intrusion due to a reported security hole in Netscape's Enterprise Server software. In an article late last week, IDG News Service quoted an unnamed European ex-hacker as saying that the Enterprise Server software used by the FTC and the FBI on its Web site allowed savvy users to access to restricted levels of the government Web sites. "I'm stunned that there was a story because the allegations that the guy made were totally and completely inaccurate," FTC spokesperson Claudia Bourne Farrell said. "There is no way in the world that they could have gotten into our site using" the purported security hole, Farrell said. Mike Frank, a senior FTC computer specialist who was quoted in the IDG article, said that the Enterprise Server feature that reportedly allowed hackers access to the site wasn't even enabled on the FTC site. And if that feature was enabled, it would not allow even a savvy hacker to alter or gain access to sensitive portions of the FTC site, since those changes are made at the operating system level, behind yet another set of security defenses, Frank said. Responding to the nature of the reported security flaw in the Netscape software, Frank said, "It could conceivably be a hole if someone were dumb enough." An FBI spokesperson had no comment on the story or the alleged security hole except to say that the bureau does not comment on ongoing investigations. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- FTC Denies Web Site Security Hole InfoSec News (Dec 14)
- <Possible follow-ups>
- Re: FTC Denies Web Site Security Hole InfoSec News (Dec 15)