BREAKING: First State Superannuation threatens researcher

[InfoSec News <alerts () infosecnews org>]

http://risky.biz/minter

By Patrick Gray
risky.biz
October 14, 2011

Australian security researcher Patrick Webster has received a letter 
from commercial law firm Minter Ellison demanding he turn over his 
computer to its client First State Superannuation.

The legal threat follows Webster's disclosure of a serious and trivially 
exploitable security vulnerability in First State Superannuation's 
website to the company in September.

The flaw allowed any logged in member to access other member's 
statements by changing a single digit in their browser's URL bar.

The letter, received today, threatens to pursue Webster for costs 
incurred "in dealing with this matter" if he does not agree to delete 
all information he obtained by demonstrating the flaw and promise to 
never attempt to access other member information again.

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn