What did BUGTRAQ have to say about Cyber Patrol?
Eddy pointed this one out to me: BUGTRAQ bug ID 1977, which you can read about on Security Focus’s yuckiframe site, describes how Cyber Patrol uses substandard encryption (in fact, even more insecure than the encryption Eddy and I looked at) to attempt to conceal the user’s credit card number when performing the “registration” process. As a result, if you enter your credit card information when the program asks you to, then crackers sniffing the network may be able to recover enough information to attack your credit card account. You should read the original BUGTRAQ posting, because it gives a whole lot of interesting detail. My favourite part is that the hacker who discovered the vulnerability attempted to contact Microsystems and warn them, on his own dime, and he only “went public” with the vulnerability after they didn’t return his phone calls or email in literally months. I would have thought that after their experience with Eddy and myself, they might have learned their lesson.
