Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Web sites keep making the same mistakes over and over again

from [Richard M. Smith] Network Security [Permanent Link]
Subject: Web sites keep making the same mistakes over and over again
Date: Wed, 23 Feb 2005 09:57:25 -0500 
http://www.thinkcomputer.com/corporate/news/pressreleases.html?id=18

Think Finds Flaw Revealing Up To 100,000 Social Security Numbers

BOSTON, MA -- Today -- Think Computer Corporation has released another
security-related White Paper detailing how anywhere from 25,000 to 100,000
Social Security numbers may have been accessible to the public for several
years. The discovery of the flaw is particularly timely given the recent
controversy surrounding similar problems at ChoicePoint, Inc., as well as
changes in California state law that require companies to notify California
residents whose Social Security numbers may have been compromised.

Though PayMaxx, Inc., the company responsible for the problem, was contacted
repeatedly and urged to remedy the problem, a representative responded by
saying, "we already cooperate with a significantly experienced testing
agency and have been tested several times for security issues."

Since PayMaxx, Inc. provides payroll services to its clients, salary data
and home addresses were also exposed.

The paper is available at:

http://www.thinkcomputer.com/corporate/news/identitycrisis.pdf
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Web sites keep making the same mistakes over and over again, Richard M. Smith <=
Previous by Date:  Re: ISA Server and SQL Injection, Paul Johnston
Next by Date:  RE: ISA Server and SQL Injection, Mark Curphey
Previous by Thread:  Doubt in Application Audit, Alfred Hitchcock
Next by Thread:  Filtering by client IP address for Web App Sessions, Evans, Arian
Indexes:  [Date] [Thread] [Top] [All Lists]