| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAKAWO_UtabqzZuYMbvZBp39E28N0g8egN1cP=7W05KFbTq0mCQ@mail.gmail.com> Date: Wed, 9 Jul 2014 15:04:23 -0500 From: David Longenecker <dnlongen@...il.com> To: fulldisclosure@...lists.org Subject: [FD] TxDOT fixes security issues with txtag.org It's nice to see when security issues are resolved. In April, I reported several security concerns to the Texas Department of Transportation, which is responsible for among other things toll roads throughout the state. The concerns had to do with the billing and management website for TXTAG, one of several tolling systems in the state. Specifically, the login design made it easy for someone with ill intent to gain unauthorized access to a substantial portion of driver accounts, and having gained access, to acquire complete credit card numbers along with the collateral necessary to use them (expiration date, mailing address, cardholder name). Today, TXDOT rolled out a significant update to the web site which nicely addresses the concerns I raised. http://dnlongen.blogspot.com/2014/07/txdot-fixes-security-issues-with.html -- Regards, David Longenecker Connect: Security Blog <http://dnlongen.blogspot.com> | Security Twitter <https://www.twitter.com/dnlongen> | Awana Twitter <https://www.twitter.com/dstx_awana> | LinkedIn <https://www.linkedin.com/in/dnlongen/> _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists