Payroll Website Still Not Secured

By Hiawatha Bray, Globe Staff | March 1, 2005

Boston software entrepreneur Aaron Greenspan, who revealed serious security flaws in the website of Tennessee payroll company PayMaxx Inc. last week, said yesterday that the site remains insecure. Greenspan said that a computer hacker still could use the site to obtain the Social Security numbers of hundreds of Americans.

Greenspan called the management of PayMaxx incompetent, and urged Congress to investigate the company. "They have no idea what they're doing," he said.

Greenspan's company, Think Computer Corp., had its payrolls prepared by PayMaxx, of Franklin, Tenn., until late last year. After ending their relationship, Greenspan found that his name, address, Social Security number, and other personal data were still available on the PayMaxx website, which could be accessed by entering zeroes in the site's login windows. Greenspan also found that he could obtain the same information about other PayMaxx customers by typing random numbers into the browser's address window. He estimated that up to

100,000 files could be accessed this way.

formatting link

[TELECOM Digest Editor's Note: There are so many real idiots out there working on websites, etc. I am _hardly_ a brilliant web designer, but don't any of these fools know simple security measures they can take to thwart all but the most detirmined hackers? PAT]
Reply to
Monty Solomon
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.