ComputerWorld: Credit-card numbers stolen via known security hole

“A 2-year-old security hole in Microsoft Corp.’s Internet
Information Server (IIS) software let a computer cracker download
thousands of credit-card numbers from e-commerce sites recently and
post them on the Internet.”

“A patch for that hole has been available for 18 months. But
webmasters at small companies say they don’t have the resources to
keep up with all of the patches…”

“…many small e-commerce sites neglect security. “The
biggest flaw you can have is to go into business undercapitalized.
And one of the biggest traps you can fall into is not to fund your
IT security”…”