[guru] [seclists@syneticon.de: Whitepaper: IT (in)security implementation in a real world example]
DATE: Thu, 03 Aug 2006 13:48:13 +0200
Egy érdekes történet, hogy milyen biztonsági hibákat is lehet elkövetni
egy rendszer bevezetésekor. Semmi világrengető információ, de könnyű és
szórakoztató olvasmány.
----- Forwarded message from Denis Jedig <seclists@syneticon.de> -----
Date: Fri, 30 Jun 2006 20:21:18 +0200
From: Denis Jedig <seclists@syneticon.de>
To: bugtraq@securityfocus.com
Subject: Whitepaper: IT (in)security implementation in a real world example
Repost
Greetings to the list,
I have written a short paper on principles and failures of IT security
based on a real-world example of a (yet unpublished) issue with DB
CarSharing - a German car rental company. It discusses how security does
fail in a flawed implementation.
Extract:
Preface
This paper is not meant to be a disclosure or accusation. Although it is
based on a true story and describes a rather concerning security-related
issue, its focus is the analysis of security issues in projects heavily
dependant on IT. Its primary goal is to serve as a guideline for people
intending to do better than today.
Story
For a couple of months now DB Carsharing is largely advertized as a
convenient car rental service (you can get cars on an hourly basis)
offered by a company named DB Rent ? a subsidiary of Deutsche Bahn -
throughout all German railway stations. However, this public service
becomes a potential danger to its customers ? due to inherent flaws in
handling of sensitive data, insufficient user restrictions and
significant flaws in vulnerability management.
The paper can be found at
http://syneticon.net/support/security/security-by-example.html
in HTML for your convinience.
Regards,
Denis Jedig
syneticon networks GbR
----- End forwarded message -----