[Zope] Re: [ZCommerce] Secure storage of credit card info

Curtis Maloney curtis@umd.com.au
Fri, 30 Jun 2000 12:15:09 +1000


On Fri, 30 Jun 2000, Andrew Kenneth Milton wrote:
> Just to make those people who think "It will never happen to me" think
> twice, the Australian Government Treasury site was hacked and lots of
> banking details about lots of small businesses was released.
>
> The Australian Treasury was very happy with their security too. Until
> yesterday.

Whilst I agree that "It will never happen to me" is a stupid stance, the ATO 
web site was not 'hacked'.  As an example, the Federal Police and the 
government are NOT doing anything to the person.

What happened was somebody noticed that a number in the URL for a page of 
their details matched their ID number, and tried some others.  Upon finding 
they worked, he wrote a script to try numbers, munge the page, and e-mail 
people their details.

This showed a serious flaw in the design of the site, but it was not 'hacked'.

Perhaps the lesson to learn here is: Crackers are NOT the only people you 
need to protect yourself from.

Have a better one,
	Curtis Maloney.

<dtml-var standard_work_disclaimer>