IS Security

I was going to just post this to the breach forum… but it flabbergasts me so much that I needed to vent.

“This” is the New Zealand company, Sky TV, who had a ‘breach’ in their authentication system.  Specifically, someone couldn’t get in, and found out the only authentication was the email address of the customer.

Or the sales rep.  Or the sysadmin.  Or the CEO.   That’s right folks, they got burned, his account got defaced.

But what gives???  I’d love to go to New Zealand, it’s beautiful, but why is this company still in the mid-90s?  Didn’t this go out of style when Mitnick pulled off his famous stunts?

Of course anyone who got in with an email address could see PII of the person in question.  They could also modify it, delete it, the works.  Best (worst) part?  This quote FTA - “the requirement for a password was turned off“.

You gotta work hard to fail that well.  Original link here.

This entry was posted on Monday, March 2nd, 2009 at 3:55 am and is filed under Various. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.