RSS

Critical Security flaw: AFL Dreamteam

Friday, 3 September 2010

Was logging on to my AFL Dreamteam site last night (http://afl.virtualsports.com.au), and noticed that the username and password are passed as clear text in the query string! Easily picked up in any proxies / reverse proxies as well as browser histories! Given the competition has prizes, I'm sure there is a duty of care the the AFL or Telstra (their online service provider) have to protect this information. The technology to do so has existed since Feb 1995!!

I'm also sure that the body responsible for giving out permits needs a confirmation of data security and integrity completed as well. The AFL surely fail in this regard!

PS - the links to Dreamteam don't even work on the front page of the AFL.com.au we site.



This entry was written by Karl Kopp, posted on Friday, 3 September 2010 Bookmark the permalink. Follow any comments here with the RSS feed for this post. You can post a comment.

Post a comment

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact me so we can take care of it!

Visit my friends!

A few highly recommended friends...

About

Some semi-interesting ramblings from a technology geek (me, Karl Kopp) about some future adventures...