E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.		 LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


MULTIPLE COMPANIES FEND OFF VULNERABILITY CLAIMS

Source: Security Wire Digest

Posted on February 26, 2001

      Five major companies were engaged in heavy spin control last week following the discovery of security breaches in their Web sites. While observers say each of the incidents constituted serious security and/or privacy leaks, the companies downplayed their severity.

      Security weaknesses and bad PR plagued Web sites owned by British Telecommunications (BT), Columbia House, Earthlink, Bull and OfficeMax. The security breaches all involved unintentional disclosure of proprietary customer information.

      At least one of the companies, Earthlink, came under fire for not telling its customers about the breach until weeks after it occurred. The ISP says it did not publicize the incident because no customer information was exposed during the Feb. 14 attack. According to Wired, the hackers penetrated Earthlink's defenses and planted a Trojan that granted them access to the company's developmental site.

      "It amazes me that reputable companies get into this kind of trouble," says Robert Ellis Smith, publisher of Privacy Journal. "They don't reveal security issues to their customers because in some instances it probably violates their own privacy policy--they made the commitment to keep the information secure. No business ever wants to publicly admit these things -- it affects their reputation."

      For British Telecom (BT), last week's incident was its second embarrassing security glitch in less than a month, according to reports. Customers were outraged when they discovered personal details, such as addresses, home telephone numbers, e-mail addresses and business information were exposed on the company's Openworld broadband Web site. Though BT was apparently notified of the problem early last Wednesday, it failed to remove the page until late the following day, compounding its error.

      Meanwhile, news of a breach of the Columbia House web site was not music to the ears of its members. The Indiana-based music clearinghouse admits a technical error during a system upgrade last week temporarily exposed the personal information of an undetermined number of its members, including their names, addresses and portions of their credit card numbers. A company spokesperson says a simple mistake caused the information to be exposed on its Web site. However, the spokesperson says the problem was quickly corrected and the company is confident no customer data was compromised.

      And Bull is disputing claims by French bug hunter Kitetoa that its U.K. Web site had a serious vulnerability that could have exposed usernames and passwords to hackers. A company spokesperson confirmed that crackers were able to access the company's system file on the U.K. Web site, but did not get through the firewall or other defenses. The problem has since been corrected and the compromised information has been determined to be useless to unauthorized users because it was encrypted, the French company says. While Bull says the problem was not serious, Kitetoa claims the usernames could have been decrypted with common cracking programs, such as L0phtcrack.

      Finally, retailer OfficeMax last Thursday announced that it had resolved flaws in its security system that caused credit card data and other personal information to be included when customers forwarded links from the OfficeMax site to friends or business associates. Attributed to a programming error, privacy advocates say this incident is less serious because anyone attempting to use the information would have to know the victim.



CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.