“On July 3, Austrian hacker Alexander Lazic penetrated our
e-commerce storefront package, Akopia Inc.’s MiniVend, by finding
and exploiting two previously unknown application security
holes. (The package, including new security updates, is
available at www.minivend.com.)”
“Also on July 3, we informed MiniVend author Mike Heins of the
security problems. Heins, who is based in Oxford, Ohio, posted a
workaround and a patch to the MiniVend users mailing list on the
morning of July 5 and told us that an updated version of
MiniVend-without the holes-will shortly be posted on the product’s
Web site.”
“The new security information and updates will be vital for the
many MiniVend users on the Web. Heins estimates that between 5,000
and 10,000 people have deployed the product and that it is live on
tens of thousands of sites. It’s been downloaded nearly 1 million
times, and “a fair number” of these sites will be vulnerable to
this new crack, Heins said.”