RSS Alerts

Related Links

Related Stories

  • Hackers hit the road
    In a fresh case of social engineering, ever-resourceful hackers in the US have found a new way to direct unsuspecting users into downloading a virus, through fake parking tickets.
  • Safari File Access Bug Discovered
    Security researcher Brian Mastenbrook claims to have discovered a flaw in the Safari web browser that makes it possible for a malicious website to read files on a user's hard drive without their permission. Users of the browser on both the Windows and Mac OS X operating systems are affected. The workaround, posted on his blog, suggests that the problem lies with the browser's RSS capabilities, although he adds that users of OS X 10.5 (Leopard) are affected by the problem whether or not they use the RSS feeds.
  • Microsoft patches critical Internet Explorer flaw
    Microsoft has posted an emergency security patch for Internet Explorer after a critical zero-day flaw was discovered in the browser. Users have been advised to download the patch via Windows Automated Updated.
  • More Research Needed to Understand hacker Techniques, say Experts
    IT security defences are unable to cope with e-crime operations that are now at the heart of a professional and well organised underground economy.
  • Medicare drug plan rebates invite data theft scammers
    The checks are in the mail – that is, if you are a Medicare recipient. Rebates to help ease the costs of the so-called Medicare Part D “donut hole” have begun mailing out says the Department of Health and Human Services, and the agency is warning attorneys general throughout the country about the dangers of associated data theft scams.

News

Commuter matching website highly vulnerable to SQL injections

14 September 2009

RideMatch.info, a website used by several California-based companies and transportation boards to match commuters on similar routes, has been found to be potentially vulnerable to massive SQL injections that could result in the disclosure of users' personal data.

According to a report on the CyberInsecure website, among the many organizations that use SQL injections vulnerable service, there were some US military bases that could have all their staff's commuting information exposed on the web.

CyberInsecure said the website is currently under the supervision of five Southern California Transportation Boards (Los Angeles, San Bernandino, Riverside County, Orange County and Ventura County), which use the portal as a match-making service to maximize transportation vehicle usage in daily commutes.

Kristian Hermansen, a security researcher working in the area, reported that he tested the site for SQL injections and found it wanting.

After discovering the site's SQL injections flaws, he said he informed the site administrators, but two weeks later, they had failed to fix the SQL injections problem.

Faced with apparent indifference, he issued a statement: "The reason I am bringing this to your attention is that the issue is not being fixed by the admins and most companies don't even know that their employees' personal and corporate information, like employee ID and login ID, may have been compromised."

 

This article is featured in:
Compliance and Policy Data Loss Internet and Network Security Malware and Hardware Security Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water