« How not to respond to a targeted malware attack | Main | Paychoice update »

October 06, 2009

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8357ac57769e20120a5c42c5f970b

Listed below are links to weblogs that reference Payroll Associates doesn't care about its customers:

Comments

Marcina

Payroll Associates Inc, any response to this?
(silence except for sounds of crickets chirping)

Chris Erwin

I've sent you an email, but one thing I'm concerned about is that the emails were sent with the username and part of the password that end-users use to log into the Paychoice portal. This seems to indicate that the attackers were able to pull at least some data from Paychoice. It also means that passwords are stored, at least partially, as plaintext or by some two-way algorithm instead of a one-way hash as it should be.

So, from my perspective, Paychoice cannot be considered secure.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

ABOUT STEVE

  • Steve Friedl is a software and network security consultant in Southern California. He has been a C and UNIX developer since 1981 and has an exceptionally broad background in this area. Some areas of expertise include:

    • C and C++ systems software development on the UNIX and Win32 platforms
    • Communications, including serial and TCP/IP based controllers
    • Enterprise internet security administration and configuration
    • Penetration tests, audits, and network reviews
    • Security forensics, reverse engineering, and tools development
    • General UNIX and Windows system/network administration
    • The Windows Printing System
    • Database software development
    • Technology problem solving and research
    • Technical writing and standup training

Unix Wiz

Stephen J. FriedlSoftware ConsultantOrange County, CA USASteve@unixwiz.net