| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <44A56B9E.9070509@syneticon.de> Date: Fri, 30 Jun 2006 20:21:18 +0200 From: Denis Jedig <seclists@...eticon.de> To: bugtraq@...urityfocus.com Subject: Whitepaper: IT (in)security implementation in a real world example Repost Greetings to the list, I have written a short paper on principles and failures of IT security based on a real-world example of a (yet unpublished) issue with DB CarSharing - a German car rental company. It discusses how security does fail in a flawed implementation. Extract: Preface This paper is not meant to be a disclosure or accusation. Although it is based on a true story and describes a rather concerning security-related issue, its focus is the analysis of security issues in projects heavily dependant on IT. Its primary goal is to serve as a guideline for people intending to do better than today. Story For a couple of months now DB Carsharing is largely advertized as a convenient car rental service (you can get cars on an hourly basis) offered by a company named DB Rent – a subsidiary of Deutsche Bahn - throughout all German railway stations. However, this public service becomes a potential danger to its customers – due to inherent flaws in handling of sensitive data, insufficient user restrictions and significant flaws in vulnerability management. The paper can be found at http://syneticon.net/support/security/security-by-example.html in HTML for your convinience. Regards, Denis Jedig syneticon networks GbR
Powered by blists - more mailing lists