Simple Flaw Exposed Data On Millions of Charter Internet Customers

Daniel_Stuckey writes: A security flaw discovered in the website of Charter Communications, a cable and Internet provider active in 28 states, may have exposed the personal account details of millions of its customers. Security researcher Eric Taylor discovered the internet service provider's vulnerability as part of his research, and demonstrated how a simple header modification performed with a browser plug-in could reveal details of Charter subscriber accounts. After Fast Company notified Charter of the issue, the company said it had installed a fix within hours.

Ridiculous

[Etherwalk]

This is Security 101 stuff... as in, you read a good book on security and you know simple header changes should never be enough to reveal data of another customer. IIRC David LeBlanc's book mentioned a story where he pointed out the problem for a bank once...

Fundamentally security for most companies is still a "don't invest unless we get caught not investing" type of expense. Like landlords who don't worry about providing... electricity...