Full Disclosure mailing list archives
Whitepaper: IT (in)security implementation in a real world example
From: Denis Jedig <seclists () syneticon de>
Date: Mon, 26 Jun 2006 00:10:40 +0200
Greetings to the list, I have written a short paper on principles and failures of IT security based on a real-world example of a (yet unpublished) issue with DB CarSharing - a German car rental company. Extract: Preface This paper is not meant to be a disclosure or accusation. Although it is based on a true story and describes a rather concerning security-related issue, its focus is the analysis of security issues in projects heavily dependant on IT. Its primary goal is to serve as a guideline for people intending to do better than today. Story For a couple of months now DB Carsharing is largely advertized as a convenient car rental service (you can get cars on an hourly basis) offered by a company named DB Rent – a subsidiary of Deutsche Bahn - throughout all German railway stations. However, this public service becomes a potential danger to its customers – due to inherent flaws in handling of sensitive data, insufficient user restrictions and significant flaws in vulnerability management. The paper can be found at http://syneticon.net/support/security/security-by-example.html in HTML for your convinience. Regards, Denis Jedig syneticon networks GbR _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Whitepaper: IT (in)security implementation in a real world example Denis Jedig (Jun 25)