ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Security threats Toolkit

MS blocks peephole into customer data

Paul Festa CNET News.com CNet

Published: 11 Oct 2001 09:17 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Microsoft moved swiftly this week to close a security gap in its customer service Web site that let anyone with a browser view customers' sales records and other confidential information.

The software giant had left a search database exposed without security protections. The address of the customer service page was unpublished, but by altering the numerical IP (Internet Protocol) addresses of known Microsoft Web sites, a security enthusiast located it and found himself with access to an unknown number of customer service records.

Each exposed record included the customer's name, purchasing history, shipping address, billing address, phone numbers, e-mail address and credit card type. It did not include the actual credit card number.

"We were notified of this, we fixed the problem, and we're reviewing our internal systems to make sure proper procedures are followed to make sure this doesn't happen again," Microsoft representative Jim Desler said Wednesday. "This was a case of human error, and we will remain vigilant in our efforts to protect customer information and will not accept any breakdowns or failures in this process."

Adrian Lamo, who discovered the unprotected page, has exposed other embarrassing security gaffes by Internet giants. Last month, Lamo succeeded in breaking into Yahoo's news production tools and altering news stories. Prior to that, Excite@Home credited him with helping them shore up their customer records, which had been vulnerable to exposure.

Lamo said Microsoft fixed the hole within an hour of notification by news Web site NewsBytes.

See the Viruses and Hacking News Section for the latest headlines.

See the Net Crime News Section for the latest on hacking, fraud, viruses and related issues.

See the Internet News Section for full coverage.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
68 out of 117 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:







Related Jobs

Spanish RMC Engineer (Linux)

Junior Internet Developer - 16k to 20k

Customer Service Administrator Electrical/Mechanical

Sentry Posts Blog

Toshiba touts Quantum Key Distribution

Toshiba research scientists have developed a method of distributing quantum keys more efficiently, the company has claimed in a statement: "[Quantum Key Distribution -- ] QKD --... More

Post a comment

Virtual Teams: Small Business Innovati...

Virtual Teams: Small Business Innovation Author: Eric Everson, Founder – MyMobiSafe.com As the founder of MyMobiSafe.com, I’ve found that because of our presence in the industry... More

Post a comment

Mobile Security and Innovation: An Ope...

Mobile Security and Innovation: An Open Case Author: Eric Everson, Founder MyMobiSafe.com The times are changing in the mobile industry as “big wireless” in the US Markets are calling... More

Post a comment

Featured Oracle Resources

Human Resources Management eBook

Supply Chain Management eBook

Design and Innovation Report

Economist Intelligence Unit Report - Technology and growth at mid-sized companies

See All White Papers