ZDNet: EarthLink flaw exposes domainsOct 18, 2000, 07:41 (0 Talkback[s])
(Other stories by Robert Lemos)
"A one-two punch of poor security left up to 81,000 domains hosted by Internet service provider EarthLink Inc. open to defacement and exploitation for at least a week, ZDNet News learned on Tuesday."
"The vulnerability resulted from a recently discovered flaw in an open-source e-commerce package combined with a misconfigured hosting server operated by EarthLink subsidiary MindSpring. As a result, files containing the encrypted passwords for 81,000 accounts were readable by any Web browser."
"White-hat hacker and security expert Rain Forest Puppy said the extent of the security breach would rely on how MindSpring and its parent company EarthLink had configured its servers."