Microsoft Outlook Support

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Wednesday, 1 July 2009

Experts say Parcelforce data leaks caused by code audit shortcomings

Posted on 11:22 by Unknown
Fortify says Parcelforce data leaks caused by code audit shortcomings

June 2009 (Eskenzi PR) - Fortify Software, the application vulnerability specialist, says that the Parcelforce data leak - in which Web customers were given access to the entire customer records of seemingly random data relating to other customer's postal consignments - is almost certainly the result of shortcomings at the program code auditing stage.

"From what has been reported by the BBC and others, this sounds like a scripting issue with the site concerned," said Richard Kirk, Fortify's European director.

"What's interesting about the Parcelforce site is the scripts used on the main landing pages appear to have been developed in-house, rather than the firm relying on third-party interfaces. This suggests to me that the site was developed by an in-house programming team using Omniture's SiteCatalyst software," he added.

The problem with in-house development of Web sites, says Kirk, is that whilst the staff concerned can be well acquainted with the requirements of the company, they may well lack the facility of looking at the code from an audit perspective.

Things have moved on from the old days of `soak tests' with programs and Web sites, he explained, adding that his means that external professionals are usually asked to conduct a range of tests on the Web site software, even including penetration testing where appropriate.
Whether this happened or not remains to be seen, but the fact that customer data was leaked means that the company has probably breached the Data Protection Act, meaning that an investigation is likely.

The Information Commissioner's Office is reported to be contacting Parcelforce to work out what actually happened with the Web site errors and what can be done to prevent it happening again, said Kirk.

"Almost certainly this will involve some sort of audit. It is to be hoped that, as well as Parcelforce learning from this situation, that other companies realise it could be their own IT team involved in the corporate red face stakes and review their own Web sites as well," he said.

"Only by efficient code auditing can major errors like this be avoided. We all learn from mistakes. Some more than others," he added.

For more on the Parcelforce Web site errors: http://preview.tinyurl.com/m59pcy

For more on Fortify Software: http://www.fortify.com

<>
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • DDoS-Attacks disable many shopping websites, including Amazon
    Just in time for last minute Christmas shopping major shopping sites disabled by Michael Smith (Veshengro) London, December 26, 2009: An...
  • Open Source Software in Business & Government
    by Michael Smith (Veshengro) Lots of Open Source in use in mainland Europe, including EU member states, very little in the UK and less still...
  • Cyber-Ark Expands RSA Secured Partner Program Certification Status
    Cyber-Ark Privileged Identity Management Suite, Inter-Business Vault and Sensitive Document Vault Now Formally Interoperable with RSA enVisi...
  • Infosecurity Adviser applauds forensics lab training facilities at key UK university
    London, UK. May 2009: Infosecurity Adviser, Infosecurity Europe’s online community for the information security industry, has published a r...
  • Scientific company discusses simultaneously protecting applications and data
    Simultaneously protecting applications and data: The next evolution in security? September 2009 (Eskenzi PR) – In a recent Imperva podcast...
  • TUFIN TECHNOLOGIES WINS the PRESTIGIOUS 2010 Computing Security Award for ‘Best bench tested solution of the Year’
    Network Computing and Computing Security Magazine Editors Select Tufin’s SecureChange Workflow as the Top Product Reviewed in 2010 Londo...
  • Brocade Service Could Help Reduce Billions in Data Centre Operations Costs
    New Energy Efficiency Review provides holistic assessment and remedial strategies to help companies optimise efficiency and reduce costs Ene...
  • Infosecurity Europe 2011 Hall of Fame nominations now open
    London UK, February  2011 – The time is ripe to elevate the greatest movers and shakers in the world of information security as nominations ...
  • Tufin survey reveals the truth about fudging audits, IT cost cutting and buying equipment online
    Ramat Gan, Israel – May 27, 2009 – Tufin Technologies today announced the results of its “Reality Bytes” security survey. The survey parti...
  • ISACA’s EuroCACS Conference Demystifies the Cloud
    Event for IT Professionals Will Take Place 20-23 March, Manchester London, England, (8 th March 2011)— Global business and information ...

Categories

  • ASUS
  • AVG Link Scanner
  • BeCrypt
  • book review
  • Brocade
  • Codenomicon
  • Columbian USB stick loss
  • computer recycling
  • Conficker worm
  • Credant Technologies
  • cyber crime
  • Cyber-Ark
  • Cyber-Ark®
  • Data Center
  • data encryption
  • DeviceLock
  • Digital Pathways
  • diskGenie
  • Eclypt
  • Eee PC
  • Eee PC Seashell 1008HA
  • F5 Networks
  • Facebook
  • Finjan
  • Finjan Inc.
  • Finjan MCRC
  • Firewall Management
  • Fortify
  • Fortify 360
  • Fortify Software
  • Fortify® Software
  • gadgets
  • Google
  • Google Chrome
  • green computing
  • green IT
  • IBM
  • Infosec
  • Infosec Europe 2009
  • Infosecurity Adviser
  • Infosecurity Europe
  • Infosecurity Europe 2009
  • Internet privacy
  • iStorage
  • iStorage diskGenie
  • iStorage Ltd.
  • Juniper Networks
  • Lakeland
  • Lapdesk
  • LLC
  • Logitech
  • malware
  • ManageEngine
  • McAfee International Ltd
  • MI6
  • MI6 data loss
  • Microsoft
  • MiFi™ 2352
  • Mio
  • Mobile Broadband
  • MS Office
  • National Cybersecurity Advisor
  • Navman
  • Navman Spirit
  • Netac
  • Novatel
  • Novatel Wireless Intelligent Mobile Hotspot 2352
  • OneClick IntelliPanel Desktop
  • online social media
  • open source
  • OpenOffice.org
  • Optenet
  • Origin Data Locker
  • Origin Storage
  • PNDs
  • product review
  • Red
  • SaaS
  • Sat Nav
  • saving energy
  • Security
  • Shavlik Technologies
  • SIS
  • spam
  • Stonewood Group
  • Storage Area Networks
  • Storage Expo
  • Storage Expo 2009
  • Sun Microsystems
  • Swine Flu
  • Syphan Technologies
  • Throwing Sheep in the Boardroom
  • Tufin Technologies
  • Twitter
  • U256
  • Unisys Security Index
  • USB drives
  • Vektor
  • VisionRacer
  • VisionRacer VR3
  • VMware
  • Weast
  • Web Apps Security
  • WebFilter PC Solution
  • WebSpy
  • XSS-driven attacks

Blog Archive

  • ►  2012 (1)
    • ►  January (1)
  • ►  2011 (67)
    • ►  December (1)
    • ►  April (1)
    • ►  March (14)
    • ►  February (30)
    • ►  January (21)
  • ►  2010 (192)
    • ►  December (20)
    • ►  November (22)
    • ►  October (19)
    • ►  September (5)
    • ►  August (8)
    • ►  July (5)
    • ►  June (22)
    • ►  May (13)
    • ►  April (11)
    • ►  March (13)
    • ►  February (27)
    • ►  January (27)
  • ▼  2009 (240)
    • ►  December (25)
    • ►  November (9)
    • ►  October (21)
    • ►  September (19)
    • ►  August (30)
    • ▼  July (35)
      • What links Twitter, stolen bikes and the Boston Po...
      • Ironkey Announces over 1,000 Enterprises have Adop...
      • Website login with Biometric Identity Card
      • Twitter email account hack multi-vectored and but ...
      • ISACA Leader Calls for Fundamental Changes to Info...
      • Don't always jump on the SSD bandwagon
      • Experts predict more mobile trojan slip-ups on the...
      • Split Stick, Double-Sided USB Drive, Hits quirky's...
      • Charmaga brothers card fraud case highlights need ...
      • Twitter hack caused by lack of security
      • New Oracle security flaws facilitate data leaks ac...
      • Head Office of Powerpets, Inc. has switched to Ubu...
      • McAfee partners with Tufin to automate network sec...
      • Microsoft's Gazelle Web browser project a positive?
      • Organisations unprepared for iPhone security threa...
      • Denial of Service attacks could have been engineer...
      • IronKey first USB storage device to achieve FIPS 1...
      • Napatech zero packet loss technology boosts data t...
      • ASUS Eee PCs and Linux
      • Information Commisioner's Office action against in...
      • Finjan Blocks New Zero-Day Attack on Microsoft Vid...
      • Britney Spears hack highlights reputational risk o...
      • SecureFlash by Insight Promotions – Product Review
      • Tufin delivers first-to-market functionality with ...
      • Tufin Technologies Delivers on the vision of Secur...
      • Google's Anti-Malvertising.com Site Launch Welcome...
      • Six pound broadband tax planned for UK telephone u...
      • Even IT Professionals can’t be bothered with Passw...
      • ISACA applauds plan to boost Information Commissio...
      • Responding to Cyber Criminals Finjan release Secur...
      • Digital Britain plan leaves Infosecurity Adviser b...
      • Open Source Software in Business & Government
      • Experts say Irish Gas Board data loss highlights n...
      • Women's British Bobsleigh team zooms along with Or...
      • Experts say Parcelforce data leaks caused by code ...
    • ►  June (30)
    • ►  May (21)
    • ►  April (42)
    • ►  March (8)
Powered by Blogger.

About Me

Unknown
View my complete profile