LifeLock's identity theft protection service suffered from a security flaw that put users' identities in jeopardy. The event forced its parent company, Symantec, to pull its website down to fix the issue after it was notified by KrebsOnSecurity. According to Krebs, an Atlanta-based security researcher discovered the vulnerability through a newsletter email he received from the service. Upon clicking "unsubscribe," a page that clearly showed his subscriber key popped up. That allowed the researcher to write a script that sequences numbers, which was able to pull keys and their corresponding email addresses from the service.
--
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.