Information Security News mailing list archives
BREAKING: First State Superannuation threatens researcher
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 14 Oct 2011 03:22:16 -0500 (CDT)
http://risky.biz/minter By Patrick Gray risky.biz October 14, 2011Australian security researcher Patrick Webster has received a letter from commercial law firm Minter Ellison demanding he turn over his computer to its client First State Superannuation.
The legal threat follows Webster's disclosure of a serious and trivially exploitable security vulnerability in First State Superannuation's website to the company in September.
The flaw allowed any logged in member to access other member's statements by changing a single digit in their browser's URL bar.
The letter, received today, threatens to pursue Webster for costs incurred "in dealing with this matter" if he does not agree to delete all information he obtained by demonstrating the flaw and promise to never attempt to access other member information again.
[...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isn
Current thread:
- BREAKING: First State Superannuation threatens researcher InfoSec News (Oct 14)