ad info

 
CNN.com  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  

 

  Search
 
 

 
TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

TOP STORIES

More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections

(MORE)

MARKETS
4:30pm ET, 4/16
144.70
8257.60
3.71
1394.72
10.90
879.91
 


WORLD

U.S.

POLITICS

LAW

ENTERTAINMENT

HEALTH

TRAVEL

FOOD

ARTS & STYLE



(MORE HEADLINES)
*
 
CNN Websites
Networks image


Credit-card numbers stolen via known security hole

Computerworld

March 13, 2000
Web posted at: 8:14 a.m. EST (1314 GMT)

(IDG) -- A 2-year-old security hole in Microsoft Corporation's Internet Information Server (IIS) software let a computer cracker download thousands of credit-card numbers from e-commerce sites recently and post them on the Internet.

A patch for that hole has been available for 18 months. But webmasters at small companies say they don't have the resources to keep up with all of the patches needed to keep out malicious hackers, also known as crackers.

  MESSAGE BOARD
 

"In a lot of companies, you have one system/admin guy who goes around and fixes computers, and you can't keep up to date with all the patches," said Eric Geiler, a principal at Promobility Inc. in Markham, Ontario. The wireless phone seller had 50,000 to 70,000 credit-card numbers downloaded from Web sites it runs.

Geiler said the credit-card numbers, which include his personal credit card, were stolen along with customer names, addresses and phone numbers.

The cracker, who calls himself Curador, has exploited the IIS hole to steal credit-card numbers from several e-commerce sites.

Chris Davis, a partner at Tyger Team Consultants Ltd., an Ottawa-based security firm, said other victims included:

SalesGate.com, owned by Buffalo, N.Y.-based Internet Management Services Inc.

LTA Media LLC in Knoxville, Tenn.

Feelgoodfalls.com, a health site owned by Raleigh Professional Pharmacy in Denver.

Davis said Curador is being pursued by investigators in Canada, the U.S., the U.K. and Thailand, where authorities are looking into a breach at the Shoppingthailand.com site.

MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  Computerworld's home page
  Is a new Internet architecture needed?
  Computerworld's online subscription center
  IDG.net's product reviews page
  Reviews & in-depth info at IDG.net
  E-BusinessWorld
  Year 2000 World
  Questions about computers? Let IDG.net's editors help you
  Subscribe to IDG.net's free daily newsletter for IT leaders
  Search IDG.net in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

Geiler said he delivered evidence of the theft to Royal Canadian Mounted Police investigators who are still pursuing the case and he's pressing charges of trespassing, fraud and vandalism.

But Geiler said he's still puzzled as to why Curador targeted Promobility's Web site. "How the hell did he even find us? We are nobody. Why did he pick us?" Geiler wondered.

A Microsoft spokeswoman said the company created a patch for the hole in July 1998 and reissued the warning in July 1999, when it became clear that users weren't installing it.

"Microsoft takes this very seriously, because even after a bulletin is issued, Microsoft looks poorly" if the security gap remains, the spokeswoman said.

Promobility's Geiler said many small e-commerce sites neglect security. "The biggest flaw you can have is to go into business undercapitalized. And one of the biggest traps you can fall into is not to fund your IT security," he said.



RELATED STORIES:
Administration report on fighting Internet crime wins broad industry support
March 9, 2000
Net crime does pay for cops
February 24, 2000
Did your server help the cybervandals?
February 15, 2000
The denial-of-service aftermath
February 14, 2000
Classic Hackers Decry Heavy-Handed Upstarts
February 9, 2000

RELATED IDG.net STORIES:
Is a new Internet architecture needed?
(Network World Fusion)
Cyberdefense alarms ring on Capitol Hill
(FCW)
Exodus offers new security services for dot-coms
(IDG.net)
Justice Dept. seeks expanded powers to track hackers
(Computerworld)
Windows PCs become tools for DoS attacks
(IDG.net)
Web sites consider hacker insurance
(PC World)
Asleep at the security wheel?
(FCW)
Users feel aftershocks of Web attacks
(PC World)

RELATED SITES:
Promobility Inc.
Tyger Team Consultants, Ltd.
Internet Management Services Inc.
LTA Media LLC
Feelgoodfalls.com

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

 Search   

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.