Information Security News mailing list archives
BT Web site security blunder
From: William Knowles <wk () C4I ORG>
Date: Thu, 24 Aug 2000 03:49:02 -0500
http://www.theregister.co.uk/content/6/12794.html By: Lucy Sherriff Posted: 23/08/2000 at 16:48 GMT The Insight Interactive portion of the BT.com Web site has a gaping hole in its security. Any registered user's details can be accessed by entering their user name and password. The trouble is, the same password works whichever username you use. And no, we are not going to tell you what the password is. Or how the user names work. Details recorded on the site are work related: job title and work address, rather than any home details. So while no one's personal life has been compromised, it is still rather embarrassing for BT. No one at BT could be reached for comment by the close of play today, nor could anyone tell us what the "Insight Interactive" project was or is. And to top it all off I've been cookied and when I go back to the BT.com site I am welcomed as Andy. Oh well, maybe the androgynous thing will be in again this autumn. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- BT Web site security blunder William Knowles (Aug 24)