Web Host Industry News | ModernBill Security Flaw Spotted

Jobs | Events | Sitemap | Search
Green Data Center Info

<< CFDynamics Offers Free Web Hosting

Helly Hansen Deploys Verizon Network >>

ModernBill Security Flaw Spotted

August 31, 2006 -- (WEB HOST INDUSTRY REVIEW) -- Automated billing software provider ModernBill's (modernbill.com) payment gateway is missing a peer certificate verification, according to vulnerability intelligence provider Secunia (secunia.com).

DataPipe’s high-value managed global IT services help thousands of businesses decrease CAPEX, OPEX, & risk while increasing overall service levels. Partner with DataPipe – Improve your ROI - Extend your IT resources

Secunia says the security issue is caused by the CURL application being set to false when communicating with a payment gateway over SSL, causing the CURL library to not properly verify the peer certificate. This can be exploited in a man-in-the-middle attack to decrypt all communications between ModernBill and the payment gateway.

Secunia says the security flaw appears in versions 5.0.1 and 5.0.4. Other versions may also be affected. It is rated less critical by the company.

According to the vulnerability intelligence provider the best solution for now is to avoid configuring the application to use the payment gateway or to use another product until the vulnerabilities have been addressed.

Print this Page Email this Page Add to: | del.icio.us | digg

COMMENTS

Be the first one to comment on this article. Click the link below to post your comment.

[POST COMMENT]

WEB HOST INTERVIEWS, FEATURES

Q&A: Jim Lewandowski, Rackspace

Q&A: Clint Poole, Brinkster

New Features in Parallels Plesk 9

Q&A: James Bond, Apptix

Noise Filter: McColo Taken Down

Wowza Offers Friction Free Flash

Sun Battles for Greenest Data Center

More feature interviews and reports

WHIR BLOGGERS - RECENT ENTRIES

Go Daddy Ads in the Grey Cup

Video Interview with Vinay Nagpal, Tata Communications

Copywriting for Direct Mail - Part 2: Big Guns

What Exactly is Semi-Dedicated Hosting?

Own your own jet

MLB.com switches to Flash; Hosting and Video Streaming Questions

More posts from our Bloggers

RECENT WEB HOSTING NEWS

NameCheap Launches Twitter Promo

CBS Web Site Faces Malware Hack

VineyardHosting Limits Eternal Hosting

Email Use Increases As Economy Slows

HostNine Re-Launches New Website

SoftLayer Sponsors MSDN Conference

Hosting Sales and Promos Roundup

SoftLayer Shows Continued Growth

Microsoft Named on Spam Host List

3FN Ups Hardware Swap Capability

ZNet Brings Hyper-V VPS to India

Black Friday Causes Shutdowns

RECENT WEB HOSTING JOBS

Marketing/Sales Trainer

Sales Operator

Management Trainer

Senior Account Manager, Dedicated Hosting

Sales Executive

Senior Accounting Analyst

Technical Solutions Engineer

Product Manager

Account Manager

Ajax Experienced Developer

SPONSORED LINKS

> Apollo Hosting: Award Winning Website Hosting from $6.96 – Click Here!

> iWeb: Quality servers. 3000GB of traffic for only $69

> TopLayer: SC Mag Recommended. Protect against DDoS Attacks & more.

> Parallels: Automation and Virtualization. Buy ONLINE or Learn MORE!

> Rackspace: What Do You Get With Your Hosting Provider?

> Verio: Get Email Anywhere w/ Hosted Exchange $11.95/mo, 2 Mo Free

> IronScale: Why Rack? Automate with IronScale Managed Hosting

> Learn more about the greening of the data center here.

> Is your company hiring? Post your job listing here!

> Get your company listed in our annual Buyer's Guide magazine issue - Deadline: Dec 31

WHIR NEWSLETTER SIGN-UP | MANAGE SUBSCRIPTIONS | WHIR RSS FEEDS

Name:

Email:

Password:

theWHIR Blog Email Update
Magazine
Daily News
Find Web Hosts

Occupation:

Company Type:

About WHIR \| Online Advertising \| Print Advertising \| Print Subscription \| Email Newsletters \| RSS Feeds		Submit News \| Privacy Policy \| Buy Reprints
Web Host Industry Review, Inc. is not responsible for the content of comments submitted by our users.		© Copyright Web Host Industry Review, Inc.