Payroll website still not secured

[David Farber <dave () farber net>]

------ Forwarded Message
From: Monty Solomon <monty () roscom com>
Date: Mon, 14 Mar 2005 00:44:27 -0500
To: <undisclosed-recipient:;>
Subject: Payroll website still not secured

Payroll website still not secured

By Hiawatha Bray, Globe Staff  |  March 1, 2005

Boston software entrepreneur Aaron Greenspan, who revealed serious
security flaws in the website of Tennessee payroll company PayMaxx
Inc. last week, said yesterday that the site remains insecure.
Greenspan said that a computer hacker still could use the site to
obtain the Social Security numbers of hundreds of Americans.

Greenspan called the management of PayMaxx ''incompetent," and urged
Congress to investigate the company. ''They have no idea what they're
doing," he said.

Greenspan's company, Think Computer Corp., had its payrolls prepared
by PayMaxx, of Franklin, Tenn., until late last year. After ending
their relationship, Greenspan found that his name, address, Social
Security number, and other personal data were still available on the
PayMaxx website, which could be accessed by entering zeroes in the
site's login windows. Greenspan also found that he could obtain the
same information about other PayMaxx customers by typing random
numbers into the browser's address window. He estimated that up to
100,000 files could be accessed this way.

...

http://www.boston.com/business/globe/articles/2005/03/01/payroll_website_sti
ll_not_secured/


------ End of Forwarded Message


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/