Re: [Full-Disclosure] Credit Card data disclosure in CitrusDB

From: Loptr Chaote (loptr.chaote_at_gmail.com)
Date: 02/13/05

Next message: Volker Tanger: "Re: [Full-Disclosure] Re: [Mailman-Developers] mailman emailharvester"

Previous message: Aditya Deshmukh: "RE: [Full-Disclosure] Re: [Mailman-Developers] mailman emailharvester"
In reply to: Maximillian Dornseif: "[Full-Disclosure] Credit Card data disclosure in CitrusDB"
Next in thread: Curt Purdy: "RE: [lists] Re: [Full-Disclosure] Credit Card data disclosure in CitrusDB"
Reply: Curt Purdy: "RE: [lists] Re: [Full-Disclosure] Credit Card data disclosure in CitrusDB"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 13 Feb 2005 12:01:20 +0100
To: full-disclosure@lists.netsys.com

On Sat, 12 Feb 2005 23:31:03 +0100, Maximillian Dornseif
<dornseif@informatik.rwth-aachen.de> wrote:
> Fix
> ===
>
> Update to CitrusDB version 0.3.6 or higher and set the $path_to_ccfile
> in the configuration to a path not accessible via http
>

How about NOT using software coded by people without _any_ sense for
security as a fix? Seriously, this "bug" is intolerable, even for
"beta" software. Who ever the authors, they should never have been put
in front of a developer environment..

What's this new wave of idiocy and point-and-click mentality. All of
the sudden everyone is a coder?

This shows that they have no knowledge of security whatsoever, and
THAT is not the kind of people you want writing software to handle
credit card information and/or other sensitive data.

Am I the only one being stumped here?

-LC
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Volker Tanger: "Re: [Full-Disclosure] Re: [Mailman-Developers] mailman emailharvester"

Previous message: Aditya Deshmukh: "RE: [Full-Disclosure] Re: [Mailman-Developers] mailman emailharvester"
In reply to: Maximillian Dornseif: "[Full-Disclosure] Credit Card data disclosure in CitrusDB"
Next in thread: Curt Purdy: "RE: [lists] Re: [Full-Disclosure] Credit Card data disclosure in CitrusDB"
Reply: Curt Purdy: "RE: [lists] Re: [Full-Disclosure] Credit Card data disclosure in CitrusDB"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: error "respawning too fast" on Toshiba Protege 7200
... > 1) How do you stop linux from booting into the GUI and go into Command Line mode? ... > 2) How do I searchout this error and fix it? ... Next we need to try to correct the X configuration. ... Next we probably want to investigate what video card you have and you ...
(Fedora)
Re: Trace Files and Alert Logs Filling Up Hard Drive
... db_unique_name = gisx ... Also run dgmgrl from the shell and connect as your system user. ... should get an error, if you don't, show configuration. ... be sure and get after support to fix it - I'm ...
(comp.databases.oracle.server)
RE: error 80072efd
... Any suggestions as to fix this. ... "VeraUkr" wrote: ... "curtiu" wrote: ... HTTP status code = 0 ...
(microsoft.public.windowsupdate)
Re: try, throw, and catch Gets a Linker Error
... The target board is a WinSystems SAT-520PLUS: ... The fix seems to be for ARM microprocessors so it does not appear to help. ... It looks like exceptions are not supported for my configuration. ... > If the config is Pocket PC/Smartphone 2003, there is a bug in the SDK. ...
(microsoft.public.windowsce.embedded)
Re: FC5: opengl screensavers on Dell inspiron 710m (intel 82852/855GM)
... I have an Dell Inspiron 710m with this configuration ... 00:02.0 VGA compatible controller: Intel Corporation 82852/855GM Integrated Graphics Device ... I installed 855resolution with the hope to fix this, ... but installing 855res.. ...
(Fedora)