mailing list archives
Whitepaper: IT (in)security implementation in a real world example
From: Denis Jedig <seclists () syneticon de>
Date: Fri, 30 Jun 2006 20:21:18 +0200
Greetings to the list,
I have written a short paper on principles and failures of IT security
based on a real-world example of a (yet unpublished) issue with DB
CarSharing - a German car rental company. It discusses how security does
fail in a flawed implementation.
This paper is not meant to be a disclosure or accusation. Although it is
based on a true story and describes a rather concerning security-related
issue, its focus is the analysis of security issues in projects heavily
dependant on IT. Its primary goal is to serve as a guideline for people
intending to do better than today.
For a couple of months now DB Carsharing is largely advertized as a
convenient car rental service (you can get cars on an hourly basis)
offered by a company named DB Rent – a subsidiary of Deutsche Bahn -
throughout all German railway stations. However, this public service
becomes a potential danger to its customers – due to inherent flaws in
handling of sensitive data, insufficient user restrictions and
significant flaws in vulnerability management.
The paper can be found at
in HTML for your convinience.
syneticon networks GbR
- Whitepaper: IT (in)security implementation in a real world example Denis Jedig (Jul 03)