[ale] OT: Egghead cracked

Michael H. Warfield mhw at wittsend.com
Tue Dec 26 18:51:29 EST 2000 

On Tue, Dec 26, 2000 at 05:25:27PM -0500, Bob's ALE Mail wrote:
> OT: Egghead cracked; credit cards compromised

> Egghead's M$ IIS web server was cracked in the past week, apparently due to
> the unpatched M$ IIS Unicode exploit.

> Anyone who has used Egghead (and thus has their credit card data on file
> at Egghead) is at risk for being the victim of credit card fraud.  The
> most common fraud seems to be charges showing as being from Russia or
> Moscow for Telecom/phone services.  Those at risk may want to advise
> their credit card company.

	It's bad enough that they are running unpatched servers.  I would
love to hear someone explain WHY they are storing those card numbers on
the same server as their web server and not sinking them into a oneway
database on a separate chunk of iron from which they can not be retrieved.
They can make all the excuses they want about unpatched IIS and unexpected
web exploits, but there is no excuse for not protecting those things
from on-line access by using an isolated server for secure storage.

> CD Universe suffered a similar fate earlier this year (with a different
> exploit through their IIS web server).

	Not the first time and won't be the last time.  Simple precautions
could prevent the compromise of the credit card data even if the web
server gets compromised.  You would think they would learn...

> Bob Toxen
> transam at cavu.com                       [Bob's ALE Bulk email]
> bob at cavu.com
> http://www.cavu.com
> http://www.realworldlinuxsecurity.com/ [My new book: Real World Linux Security]
> Fly-By-Day Consulting, Inc.      "Don't go with a fly-by-night outfit!"
> Quality Linux & UNIX security and software consulting since 1990.
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list