Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment Re:you have got to be kiddinbg me (Score 4, Informative) 371

Sending the account number out in a URL over SSL should not be that big of a hole

Exposing an internal ID in such fashion is not only foolish, but very much a beginner error. I would expect this from some half-assed forum software - not a bank. That said, I've worked for the government before, and seen the same stupid mistake repeated time and time again. A salted hash would have been a lot less idiotic. The fact that there was no authorization performed makes compounds the issue, however, and one wonder who these people hired to write their infrastructure.

Security

PBS Web Sites and Databases Hacked 387

wiredmikey writes "Late Sunday night, hackers gained access to several areas of PBS Web servers and were able publish a fake news story on a PBS news blog. The group also published PBS internal user login information that they were able to siphon out of PBS databases. The fake story was about rapper Tupac Shakur, who died in 1996 after being shot in Las Vegas, being been found alive and well in a small resort in New Zealand. A group going by the name of 'LulzSec' claimed responsibility for the hack, saying the attack was a protest against a PBS Frontline broadcast last week about WikiLeaks."

Slashdot Top Deals

"Lead us in a few words of silent prayer." -- Bill Peterson, former Houston Oiler football coach

Working...