"This is like walking down the street and finding a black Hefty bag filled with 300 credit cards, all valid. Names, addresses, phone numbers, credit card numbers, email addresses -- it was all there. This is a nightmare."
- Joe Harris'' recent comments about the shopping card vulnerabilities
he discovered and reported to the Bugtraq security mailing list.
In last week''s Internetnews.com report Shopping Carts Expose Order Data, Brian McWilliams underscores how vulnerable e-commerce sites truly are and emphasizes the need for experienced professionals to help create and manage any serious undertakings in the e-commerce realm.
In case you missed the report, Joe Harris, a senior technical support professional at Blarg Online Services, discovered that improperly configured shopping cart software will create a world-readable log file of transaction data that resides in a directory accessible via the public Internet.
Upon further investigation, Harris found vulnerabilities in shopping cart systems from:
"All of these carts could have been secured by following the instructions that came with the CGI. The reason I found all of these is because the people did not follow those guidelines." said Harris.
IE 7
Firefox 2.0
