GOOD GRIEF! This is serious. The glitch was discovered last week by Ben Simo, a software tester in Arizona. Simo found that gaining access to peoples accounts was frighteningly simple. You could have: guessed an existing user name, and the website would have confirmed it exists; claimed you forgot your password, and the site would have reset it; viewed the sites unencrypted source code in any browser to find the password reset code; plugged in the user name and reset code, and the website would have displayed a persons three security questions (your oldest nieces first name, name of favorite pet, date of wedding anniversary, etc.); answered the security questions wrong, and the website would have spit out the account owners email address -- again, unencrypted.
Posted on: Wed, 30 Oct 2013 02:32:59 +0000
Trending Topics
Recently Viewed Topics
© 2015