eWeek: Openhack gets cracked! - E-commerce application [MiniVend] proves vulnerable in security testJul 10, 2000, 21:51 (1 Talkback[s])
(Other stories by Timothy Dyck)
"On July 3, Austrian hacker Alexander Lazic penetrated our e-commerce storefront package, Akopia Inc.'s MiniVend, by finding and exploiting two previously unknown application security holes. (The package, including new security updates, is available at www.minivend.com.)"
"Also on July 3, we informed MiniVend author Mike Heins of the security problems. Heins, who is based in Oxford, Ohio, posted a workaround and a patch to the MiniVend users mailing list on the morning of July 5 and told us that an updated version of MiniVend-without the holes-will shortly be posted on the product's Web site."
"The new security information and updates will be vital for the many MiniVend users on the Web. Heins estimates that between 5,000 and 10,000 people have deployed the product and that it is live on tens of thousands of sites. It's been downloaded nearly 1 million times, and "a fair number" of these sites will be vulnerable to this new crack, Heins said."