Advertisement
Promo

Security threats Toolkit

MS blocks peephole into customer data

Paul Festa CNET News.com CNet

Published: 11 Oct 2001 09:17 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Microsoft moved swiftly this week to close a security gap in its customer service Web site that let anyone with a browser view customers' sales records and other confidential information.

The software giant had left a search database exposed without security protections. The address of the customer service page was unpublished, but by altering the numerical IP (Internet Protocol) addresses of known Microsoft Web sites, a security enthusiast located it and found himself with access to an unknown number of customer service records.

Each exposed record included the customer's name, purchasing history, shipping address, billing address, phone numbers, e-mail address and credit card type. It did not include the actual credit card number.

"We were notified of this, we fixed the problem, and we're reviewing our internal systems to make sure proper procedures are followed to make sure this doesn't happen again," Microsoft representative Jim Desler said Wednesday. "This was a case of human error, and we will remain vigilant in our efforts to protect customer information and will not accept any breakdowns or failures in this process."

Adrian Lamo, who discovered the unprotected page, has exposed other embarrassing security gaffes by Internet giants. Last month, Lamo succeeded in breaking into Yahoo's news production tools and altering news stories. Prior to that, Excite@Home credited him with helping them shore up their customer records, which had been vulnerable to exposure.

Lamo said Microsoft fixed the hole within an hour of notification by news Web site NewsBytes.

See the Viruses and Hacking News Section for the latest headlines.

See the Net Crime News Section for the latest on hacking, fraud, viruses and related issues.

See the Internet News Section for full coverage.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
68 out of 117 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:







Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Beware of keeping your head in the clo...

Information security professionals can look forward to a deepening appreciation for their skills as security continues to be recognised as an essential element for doing business in... More

1 comment

Civil liberties groups attack file-sha...

Civil liberties and digital rights organisations have strongly criticised Lord Mandelson's Digital Economy Bill. Liberty said in a position paper on Tuesday that the bill, part of... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters