Bugtraq mailing list archives
Re: Back Door in Commercial Shopping Cart [RESOLVED]
From: dankamin () CISCO COM (Dan Kaminsky)
Date: Mon, 17 Apr 2000 12:16:26 -0700
Just to bring some closure to this, the Dansie Shopping Cart bug has been removed--it should no longer either email him anti-piracy information nor allow any surreptitious access. Craig is shipping the patch in his next update to all his customers; due to the nature of his script, all customers need to update on a regular basis to remain functional. So the bug should truly be eradicated within the next few days. This was actually taken care of on Friday, within a few hours of me contacting a client of Dansie's(James Hart of Stormer Hosting; many thanks to him for hearing me out and acting so quickly). They were pretty proactive once they understood their position. This wasn't a malicious case, but it did illustrate just how dangerous a lack of security knowledge can be. I'm curious if there's something along the lines of a "two page checklist" for the non-security oriented programmer to look at (and be pointed to) that basically issues critical do's and don'ts when programming anything that's network enabled. Not something vague(but true) like "Don't trust anything from the client"...more along the lines of specifying MD5/SHA-1, never add a backdoor, never include identifiable feedback, etc. I think alot of us simply take for granted just how much there is to know in the security realm. One only needs to look around to realize that good programmers can just do very bad things not out of malice or even stupidity but just plain old lack of knowledge. We can, and should, do something to fix that. Yours Truly, Dan Kaminsky
Current thread:
- Back Door in Commercial Shopping Cart Joe (Apr 11)
- Performance Copilot for IRIX 6.5 Marcelo Magnasco (Apr 12)
- Microsoft Security Bulletin (MS00-024) Microsoft Product Security (Apr 12)
- Re: Back Door in Commercial Shopping Cart Luciano Ramos (Apr 13)
- [TL-Security-Announce] PAM and usermode TLSA2000009-1 Katie Moussouris (Apr 14)
- Re: Back Door in Commercial Shopping Cart Luciano Ramos (Apr 14)
- Re: Back Door in Commercial Shopping Cart [Stormer Hosting] Dan Kaminsky (Apr 14)
- New DOS on Interscan NT/3.32 Alain Thivillon (Apr 17)
- Re: Back Door in Commercial Shopping Cart [RESOLVED] Dan Kaminsky (Apr 17)
- Re: Back Door in Commercial Shopping Cart Pete Holsberg (Apr 13)
- Re: Back Door in Commercial Shopping Cart Anik (Apr 13)
- more problems with that POS dansie cart software! tombow (Apr 14)
- Re: more problems with that POS dansie cart software! Randy Janinda (Apr 14)
- nmh-1.0.4 released Dan Harkless (Apr 14)
- xfs Michal Zalewski (Apr 16)
- StarOffice 5.1 Michal Zalewski (Apr 16)
- XFree86 server overflow Michal Zalewski (Apr 16)
- XFree86 server overflow - exploit issues Michal Zalewski (Apr 16)
- Reappearance of an old IE security bug Ben Mesander (Apr 16)