About Me

My photo
I Am Hamza Subedar And Like To Resolve Issues Related Computers Or Any Gadgets So People Who Are Looking My Blog And Following It Kindly Share Your Issue And I Will Provide You Solution For It

Followers

Thursday, October 27, 2011

Australian Pension Outfit Exposed By Hacker

An Aussie insurer that made an attempt to hassle a hacker willing to help the outfit fix vulnerability is currently in great trouble in a cyber billabong.


The insurer was quick to call the police to complain at private security consultant Patrick Webster, after the latter simply informed the company of a bug able to open up access to the insurer’s database of customer private details. The company demanded that Webster wiped his hard-drive and forgot he ever knew about vulnerability in its operations.

It was no surprise that Webster’s story was highlighted by the media reports and it seems now that the antics of the insurer look more than just a PR own goal. Recently the Federal Privacy Commissioner announced he opened his own motion investigation into the pension outfit. Patrick Webster pointed at a serious security hole of the company. Punters had no idea about it until the media reports appeared about the company giving a guy a good kicking. The insurer was described as treating him quite badly. Moreover, the company failed to detect such a glaring and easily exploited security hole. In fact, all Patrick Webster had to do was to change some digits in a URL bar. One can agree that this can hardly be considered a serious hack.

Still, the possibility remains that hundreds of thousands of accounts may have been exposed. At the same time, the pension outfit known as First State Super only managed to warn a few of its customers, while Acting NSW Privacy Commissioner claimed that failing to warn the entire database isn’t acceptable at all.

According to some reports, First State has only informed 500 and something clients whose accounts were exposed by Webster during the demonstration of the flaw, but not all of the customers who potentially could be accessed through the vulnerability. The insurer’s Chief Executive Officer claimed that there was no evidence that anyone else except Webster had obtained illegal access to client accounts. Nevertheless, other security experts that are paid by the enterprises to test the reliability of their networks had doubts that the insurer kept logs or could check.

Meanwhile, the industry observers point out that the company’s 770,000 customers may not have been at risk if only it had heeded a warning after a similar hack which took place earlier in 2011.

No comments:

Post a Comment