TechTarget

M&S calls in security consultants

Retailer Marks & Spencer has called in security consultants after a programming blunder gave the public access to confidential...

Retailer Marks & Spencer has called in security consultants after a programming blunder gave the public access to confidential system passwords.

Bill Goodwin

M&S disclosed this week that an error on its Web site transferred customers to a "dump file" containing two system passwords when they clicked on one of the site's links. But the retailer denied that the passwords would have allowed hackers easy access to M&S systems.

"The file gave details of two out of five systems passwords," M&S said. "A hacker would not have got far with them. You have to use the passwords in the right sequence in the right areas. Even with the passwords you still have to negotiate around firewalls."

M&S uses the dump files to record the movements of visitors to its sites. The files contain an encrypted copy of each customer's password in addition to the two system passwords and details of their activity on the site.

The retailer said it fixed the problem within hours of it being detected by automatic monitoring software. It has called in consultants to ensure that the problem is not repeated.

This was first published in October 2000

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close