To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39116938,00.htm

Website security: How many times do shops have to be warned?
Shoppers' details considerably easier to get hold of this Christmas than this year's Buzz Lightyear...

By silicon.com

Published: Monday 17 November 2003

In the space of four days silicon.com has revealed two serious security flaws on major UK shopping websites.

Argos and B&Q were leaving customers' details vulnerable - and not just to crackers or experienced techies with the knowledge to circumvent security. These details could be accessed by anybody on the internet - you didn't even need a password. In security terms the doors were wide open.

This is an appalling lapse in security and shows a worrying level of awareness among two companies who are at the forefront of the drive towards ecommerce dominance. We hope they are the only two.

After all if 'Joe and Joanne Public' can't trust Argos and B&Q then what chance the little vendors? Those at the top may be unfairly tarnishing the reputations of far more reliable, security-conscious companies.

In truth ecommerce is by and large safe - everybody at silicon.com is an advocate and this publication stresses most sites are secure. But that's why this news is so difficult to swallow.

If this was an advanced hack it would still be a failing on the part of the victim site but it would also be more understandable - as criminals' raison d'être is to stay one step ahead of measures in place to block them - but the fact these sites gave up the information without much of a fight is unforgivable.

It's been three-and-a-half years since silicon.com exposed the Powergen scandal and still we are writing stories such as these.

It would make it a lot easier to push forward ecommerce if the companies concerned were fighting only the most devious minds out there, rather than trying to remember whether they locked the back door.