GoFuckYourself.com - Adult Webmaster Forum - View Single Post

Oliver Klozov · 12-04-2002, 01:32 PM

My tech sent me this email today about a huge problem he noticed with the CCBILL password management system......

There has been an exploit out for the ccbill password management for
quite some time now.

I noticed TONS of accounts being added (20 at a time) to our system, so
I called them up and they acknowledged the security hole and are "still
waiting for a fix" which is expected to be finished by the END of next
week.

oh yeah... and according to the two people I spoke with, their policy is
NOT to notify webmasters when there are security holes in ccbill
scripts.

the best they can do is rename the script so its harder to find.

so all we can do is wait for them to get their act together and fix
their shit, but dont expect to be notified. we are responsible for
watching out for their problems.

this is total bullshit. I just happened to be extremly lucky in
noticing a suspicious looking account and investigate it further to find
this huge mess. they should AT LEAST tell us when things like this crop
up. the whole reason we use password management is so that we DONT have
to maintain our members database with a fine tooth comb.

the only answer I could get out of anybody was 'talk to your sales rep'.

even Ibill wasn't this bad when it came to security updates.

12-04-2002, 01:32 PM
Oliver Klozov Confirmed User Join Date: Jul 2001 Location: San Diego, Ca. USA Posts: 629	Security Holes in CCBILL My tech sent me this email today about a huge problem he noticed with the CCBILL password management system...... There has been an exploit out for the ccbill password management for quite some time now. I noticed TONS of accounts being added (20 at a time) to our system, so I called them up and they acknowledged the security hole and are "still waiting for a fix" which is expected to be finished by the END of next week. oh yeah... and according to the two people I spoke with, their policy is NOT to notify webmasters when there are security holes in ccbill scripts. the best they can do is rename the script so its harder to find. so all we can do is wait for them to get their act together and fix their shit, but dont expect to be notified. we are responsible for watching out for their problems. this is total bullshit. I just happened to be extremly lucky in noticing a suspicious looking account and investigate it further to find this huge mess. they should AT LEAST tell us when things like this crop up. the whole reason we use password management is so that we DONT have to maintain our members database with a fine tooth comb. the only answer I could get out of anybody was 'talk to your sales rep'. even Ibill wasn't this bad when it came to security updates. __________________ Babe-Bucks.com ICQ 895-80-702 oliversgirls at gmail.com