lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <76912af80502130301227b783a@mail.gmail.com>
From: loptr.chaote at gmail.com (Loptr Chaote)
Subject: Credit Card data disclosure in CitrusDB

On Sat, 12 Feb 2005 23:31:03 +0100, Maximillian Dornseif
<dornseif@...ormatik.rwth-aachen.de> wrote:
> Fix
> ===
> 
> Update to CitrusDB version 0.3.6 or higher and set the $path_to_ccfile
> in the configuration to a path not accessible via http
> 

How about NOT using software coded by people without _any_ sense for
security as a fix? Seriously, this "bug" is intolerable, even for
"beta" software. Who ever the authors, they should never have been put
in front of a developer environment..

What's this new wave of idiocy and point-and-click mentality. All of
the sudden everyone is a coder?

This shows that they have no knowledge of security whatsoever, and
THAT is not the kind of people you want writing software to handle
credit card information and/or other sensitive data.

Am I the only one being stumped here? 

-LC

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ