Major security flaw on a web site

Last edited:
If someone were going to create a site for the purpose of stealing personal information, it would be best to design it to be hackable so they could claim that it obviously must have been the hackers that stole the data.
 
logical muse said:
Please note that they didn't really "fess up".

computerworld.com.au/article/278298


eta: And it's still not fixed!
Click to expand...

Send an e-mail to Computerworld, or take the story to InfoWeek, Network World, TechTarget, Net-Security.org, or a number of other places, stating that you've attempted to contact the site owners and you've sent a message off to CERT, and point them to the instance in Feb. when the problem was taken advantage of in the first place. If you want to help the people who may be taken advantage of, do what you can to have the vulnerability highlighted and made public through a 'reputable' source. Some states have laws that will place the onus and responsibility on the owner of the site/server if anything does happen, which will be a much greater use of leverage than sending the admins of the site a simple e-mail.
 
GreNME said:
Send an e-mail to Computerworld, or take the story to InfoWeek, Network World, TechTarget, Net-Security.org, or a number of other places, stating that you've attempted to contact the site owners and you've sent a message off to CERT, and point them to the instance in Feb. when the problem was taken advantage of in the first place. If you want to help the people who may be taken advantage of, do what you can to have the vulnerability highlighted and made public through a 'reputable' source. Some states have laws that will place the onus and responsibility on the owner of the site/server if anything does happen, which will be a much greater use of leverage than sending the admins of the site a simple e-mail.
Click to expand...

I've contacted CERT and secunia.

I've emailed:
support@singles.org
and other associated email address that I've found:
njjersey2000@aol.com
webmaster@cybergrace.com
associates@cybergrace.com
csc@tampabay.rr.com

Some of those email addresses just bounce. In particular, and worryingly so for members of singles.org, the only email address given to them as the contact address for the site, support@singles.org, bounces.

As you can see from the computerworld article I linked to, the media was made aware of this problem back in February. They may not be following it up though.

I'll contact those sites you mentioned.
 
Dan O. said:
If someone were going to create a site for the purpose of stealing personal information, it would be best to design it to be hackable so they could claim that it obviously must have been the hackers that stole the data.
Click to expand...
I could be wrong, but I think you're giving them a bit too much credit.
 
You must log in or register to reply here.

Back
Top Bottom