Ikea Banned a Major Security Hole
Security firm Tier-3 has cautioned the companies to follow the IT security arrangements as a major spam incident has attempted to damage the mail server of Ikea.
Tier-3 claimed that the Ikea has banned a serious spam incident that for a long period of time gave the access of their mail servers to hackers and also allows them to send bulk mails from the furniture giant's systems. The security gap made things feasible for anyone to set up a potent spam service which uses the international mail server of the company as the sender which is in Sweden.
Peter Kruse remarked that anyone who programmed secure web applications can identify this problem.
Chief Technology Officer of IT security company Tier-3, Geoff Sweeney, informed that the Ikea's problems arose because the contact information on the home page was not properly secured due to which the hackers and phishers were able to replace it with another mail address in the contact form , as reported by ComputerWeekly on January 16, 2008.
He also added that anyone with a very basic technical knowledge can send lots of bulk mails or spam messages by making use of a simple and easy script from Ikea's mail servers. The damage inflicted on the company's reputation and the chances of e-mail blacklisting can be severe. Further, there were also chances of designing the mails by inserting pop-ups, images and graphics.
Chief analyst at Danish security company Csis, Peter Kruse, said that a security gap with a brand like this is significantly serious, as reported by ComputerWeekly on January 15, 2008.
Geoff Sweeney said that the most dangerous aspect of the problem is that it gives the hackers a chance to introduce specially targeted mails which contains rootkits or zero-day Trojans. This mail clears and passes through almost all mails and anti-spam filters as it appear to have come from an authentic domain of Ikea. Also, attackers can make use of Ikea's or any larger company's name to attract customers in divulging personal data like credit card numbers.
This also serves as a perfect example of how bad things can turn when applications are not validated appropriately. Peter remarked that this is the first time they have noticed something so sloppy in company like Ikea.
Related article: ICC Cup Event Could Be Fodder for Phishers
» SPAMfighter News - 02-02-2008