Full Disclosure mailing list archives
TxDOT fixes security issues with txtag.org
From: David Longenecker <dnlongen () gmail com>
Date: Wed, 9 Jul 2014 15:04:23 -0500
It's nice to see when security issues are resolved. In April, I reported several security concerns to the Texas Department of Transportation, which is responsible for among other things toll roads throughout the state. The concerns had to do with the billing and management website for TXTAG, one of several tolling systems in the state. Specifically, the login design made it easy for someone with ill intent to gain unauthorized access to a substantial portion of driver accounts, and having gained access, to acquire complete credit card numbers along with the collateral necessary to use them (expiration date, mailing address, cardholder name). Today, TXDOT rolled out a significant update to the web site which nicely addresses the concerns I raised. http://dnlongen.blogspot.com/2014/07/txdot-fixes-security-issues-with.html -- Regards, David Longenecker Connect: Security Blog <http://dnlongen.blogspot.com> | Security Twitter <https://www.twitter.com/dnlongen> | Awana Twitter <https://www.twitter.com/dstx_awana> | LinkedIn <https://www.linkedin.com/in/dnlongen/> _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- TxDOT fixes security issues with txtag.org David Longenecker (Jul 09)