Feeds

Fund manager withdraws legal threat over security vuln

Sanity prevails

Intelligent flash storage arrays

First State Super, the company that called the police and fired off legal threats when a security researcher notified it of vulnerabilities in its online funds management application, is reportedly softening its stance.

According to Australia’s Financial Standard, the company has decided against further legal action, and instead is setting up a meeting with Patrick Webster, who notified the company that its use of direct object references in the URL bar meant any logged-in user could view other users’ information merely by changing the ID number.

After originally welcoming the notification, the company then called police and sent legal letters threatening Webster.

The ensuing media storm, which began when Webster told his story to security podcaster Patrick Gray and was broken on his Risky Business site, has apparently helped bring about the change of heart. While the fund still needs to ensure that Webster has not retained any of the records he downloaded when crafting his proof-of-concept, FSS has now arranged a meeting with him.

However, FSS is still subject to criticism for other aspects of its response to the security breach. Its decision to notify only those users whose data was downloaded by Webster has come under fire from acting NSW Privacy Commissioner John McAteer, who believes that all of its customers should have been notified.

The Australian Privacy Commissioner, Tim Pilgrim, has also launched an investigation into the matter. ®

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.