The November 2022 issue of IEEE Spectrum is here!

Close bar

A massive data breach has been disclosed by Network Solutions, a leading provider of Web services. According to its press release, the company discovered unauthorized code on servers supporting some of its E-Commerce merchants’ websites.

After subsequent analysis, Network Solutions:

"determined that the unauthorized code may have been used to transfer data on certain transactions for approximately 4,343 of our more than 10,000 merchant websites to servers outside the company.  On July 13, 2009, we were informed by our outside forensic experts that the data being transferred may have included credit card information."

In addition,

"The code may have captured transaction data from approximately 573,928 cardholders for certain periods this spring.  Exposure varied by merchant, but in all cases took place sometime between March 12, 2009 and June 8, 2009.  Transactions after June 8, 2009 were not exposed to the unauthorized code."

So far, there have been no reports of credit card fraud resulting from the breach. Network Solutions also says that:

"We have arranged for a leading credit reporting agency to work with us, on behalf of our merchants, to contact our merchants’ customers whose data may have been affected and provide services that will help potentially affected U.S.-based customers protect their information. These services are being provided free of charge to our merchants and their U.S.-based customers."

The company doesn't know how the unauthorized code got into its servers or where it came from.

In other IT security news, Microsoft is going to be releasing an "out-of-cycle" security patch most likely tomorrow. The rumor is that a flaw has been discovered that provides a way to by-pass Internet Explorer security controls. According to a ComputerWorld news report which has more detail about the issue, there is a "cone-of-silence" being invoked on those knowledgeable about it.

A patch is expected to be available sometime tomorrow.

ComputerWorld also has a story on a zero-day flaw in Adobe'sFlash Player that supposedly affects 9 out of every 10 Windows users. The flaw won't be patched until Thursday.

Adobe has known about the problem since the end of 2008, but was only spurred into action when it was hit with a wave of negative publicity about not fixing it.

Finally, eWeek has a story about a security researcher posting two videos to YouTube (one is here) on how one can access private data on the Apple iPhone 3GS. Apple has been touting its enhanced security features on the iPhone 3GS as a reason enterprises should consider buying them, eWeek says.

Some companies have been reluctant to buy iPhones because of security concerns.

The Conversation (0)

Why Functional Programming Should Be the Future of Software Development

It’s hard to learn, but your code will produce fewer nasty surprises

11 min read
Vertical
A plate of spaghetti made from code
Shira Inbar
DarkBlue1

You’d expectthe longest and most costly phase in the lifecycle of a software product to be the initial development of the system, when all those great features are first imagined and then created. In fact, the hardest part comes later, during the maintenance phase. That’s when programmers pay the price for the shortcuts they took during development.

So why did they take shortcuts? Maybe they didn’t realize that they were cutting any corners. Only when their code was deployed and exercised by a lot of users did its hidden flaws come to light. And maybe the developers were rushed. Time-to-market pressures would almost guarantee that their software will contain more bugs than it would otherwise.

Keep Reading ↓Show less
{"imageShortcodeIds":["31996907"]}