IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

ADVISORY 01-007

"PDG Shopping Cart Software" Vulnerability Affecting E-Commerce
April 06, 2001

PDG Software, Inc. has issued an advisory to customers of its Shopping Cart software regarding a potential security vulnerability that is known to affect earlier versions of this Software (prior to version 1.63). The company has developed a free patch, available on its web site at http://www.pdgsoft.com/security-upgrade.htm.

The NIPC is issuing this advisory to confirm the significance of this vulnerability and to let systems administrators know that hackers are actively exploiting it. Based on ongoing investigations, including information immediately provided to the FBI by PDG Software and numerous victim companies, the NIPC is aware that the vulnerability has already resulted in compromise and theft of important information, including consumer data.

The NIPC emphasizes the recommendation that all computer network systems administrators check relevant systems and consider applying updated patches as necessary, especially for systems related to e-commerce.

Recipients of this advisory are encouraged to report computer crime to their local FBI office (http://www.fbi.gov/contact/fo/fo.htm) or the NIPC, and to other appropriate authorities. Incidents may be reported online at http://www.nipc.gov/incident/cirr.htm.

The NIPC Watch and Warning Unit can be reached at (202) 323-3204/3205/3206 or nipc.watch@fbi.gov.