UKNM: security

[James Tarin]

Hi,


for anybody that has much faith in the security of the Internet for

protecting private data, eg. credit card numbers, it may be worth having a

look at this:



http://www.shout.net/~nothing/cache-cow/


Being a client side exploit is is obviously impossible for a merchant to

protect the customer other than to make sure that in their applications,

sensitive information is not encrypted on the query string.


if you want to see the thing in operation then go to:



http://james.marketing.co.uk/cgi-bin/cache.cgi


this script writes no logs, it simply displays your cache data back to you

in your browser if you are using netscape 4.0x where x<6 (there is also

another version for v4.06 and v4.07


James

_______________________

James Tarin

Director of Strategy, Clarity

Tel: +44 171 397 2911

Fax: +44 171 397 2939


http://www.marketing.co.uk