|
|
|
archives If you want an RSS feed try this
Friday, November 21, 2003DIY Hacking
 B&Q the DIY store took it's advertising motto to heart the other day and left its online customers exposed. The 'You Can Do IT when you B&Q IT' strapline could come back to haunt them after it was revealed earlier this week that anyone, even those without any real IT knowledge could bypass the store's security measures and gain access to another's users details. Likewise too Argos seems to have failed at the same hurdle and similarly demonstrated any real understanding of either the technical issues or the seriousness of their actions.The two vulnerabilities were revealed at the beginning of this week, (17th Nov 2003) by Silicon.com, and related to the way a user of either site could gain access to another users account just by guessing a likely username and answering what appears to be a simple reminder question. True the users themselves are implicated in this particular instance, they should have some responsibility to make their password reminder questions more difficult and the answer less obvious, but the manner in which this password reminder system was implemented by both sites is, frankly, appalling. Perhaps the fines imposed by the FTC for similar lax behaviour by GUESS and Victoria's Secret should be imposed on these two too. Related Links Now Argos exposes customer account details online - November 17 2003 by Will Sturgeon How many times do shops have to be warned? November 17 2003 by silicon.com posted by Robert Campbell 6:14 PM
|
