I hadn't realised this was still online: Back in 1998, I discovered a Web Application Security hole in an Irish e-commerce site. This was back when I was living in Dublin and jointly running an EDI/Internet/Security programming consultancy which was named Delphium Technologies after an old Aphex Twin song. Basically, it was possible to read the contents of CGI scripts (remember CGI?) and discover SQL Server usernames and passwords, then connect using a SQL Server client to hoover up customer credit card details. The story made the front pages of the Irish Independent and the Evening Herald.
Full details here: http://ireland.iol.ie/~kooltek/eek_commerce.html [part of John McCormack's www.hackwatch.com site which is now sadly dormant]
A blog post like this allows me to "federate" my identity as Mark O'Neill CTO of Vordel with my previous identity as Mark O'Neill CTO of Delphium Technologies.
3:39:07 PM 
|
