TxDOT fixes security issues with txtag.org

[David Longenecker <dnlongen () gmail com>]

It's nice to see when security issues are resolved.

In April, I reported several security concerns to the Texas Department of
Transportation, which is responsible for among other things toll roads
throughout the state. The concerns had to do with the billing and
management website for TXTAG, one of several tolling systems in the state.
Specifically, the login design made it easy for someone with ill intent to
gain unauthorized access to a substantial portion of driver accounts, and
having gained access, to acquire complete credit card numbers along with
the collateral necessary to use them (expiration date, mailing address,
cardholder name).

Today, TXDOT rolled out a significant update to the web site which nicely
addresses the concerns I raised.

http://dnlongen.blogspot.com/2014/07/txdot-fixes-security-issues-with.html

-- 
Regards,
David Longenecker

Connect: Security Blog <http://dnlongen.blogspot.com> | Security Twitter
<https://www.twitter.com/dnlongen> | Awana Twitter
<https://www.twitter.com/dstx_awana> | LinkedIn
<https://www.linkedin.com/in/dnlongen/>

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/