[LINK] Super fund security breach lands good Samaritan in hot water
marty at supine.com
Fri Oct 21 00:09:58 AEDT 2011
$quoted_author = "Jan Whitaker" ;
> New article: - Note the finger pointing - Yes we did, no you didn't!
> Claims First State Super flaw ignored for 'years'
> Asher Moses
It's all "he said, she said" and there wasn't much to take away till I got
> First State Super chief executive Michael Dwyer claims he has logs
> which definitively show that no one aside from Webster exploited the
> flaw to access statements other than their own. He claimed the
> company had received alerts when Webster was accessing the statements.
You have an alert for something that you weren't aware is possible? An alert
for something you would assume should not be possible? I don't buy it.
Perhaps they had an alert that covers the accessing of multiple members
details from the same IP (i.e. rate limiting) but then you would describe it
as such. And then it leaves their "it hasn't happened before" on thin ice
because rate limits always have thresholds and anything under the threshold
would go un-noticed.
More information about the Link