Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[ISN] BT Web site security blunder
From: William Knowles (wkC4I.ORG)
Date: Thu Aug 24 2000 - 03:49:02 CDT
By: Lucy Sherriff
Posted: 23/08/2000 at 16:48 GMT
The Insight Interactive portion of the BT.com Web site has a gaping
hole in its security.
Any registered user's details can be accessed by entering their user
name and password. The trouble is, the same password works whichever
username you use.
And no, we are not going to tell you what the password is. Or how the
user names work.
Details recorded on the site are work related: job title and work
address, rather than any home details. So while no one's personal life
has been compromised, it is still rather embarrassing for BT.
No one at BT could be reached for comment by the close of play today,
nor could anyone tell us what the "Insight Interactive" project was or
And to top it all off I've been cookied and when I go back to the
BT.com site I am welcomed as Andy. Oh well, maybe the androgynous
thing will be in again this autumn.
"Communications without intelligence is noise; Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
ISN is hosted by SecurityFocus.com
To unsubscribe email LISTSERVSecurityFocus.com with a message body of