Safari's gaping hole

I went to login to my Safari account this morning and was surprised to find that I had access to their full library of online books (currently over 600 titles)!

Oddly enough, it showed me logged in under the account "North Harris Montgomery Community College District". Needless to say, I was perplexed. Obviously I was still at my desk, at Circle.com which (I'm sure) bears no resemblance to the aforementioned college.

After a quick couple of lookups, I found that there are two domains for 'NHMCCD' (as I'll refer to them for brevity). One had a subnet of 192.234.*.* and the other had a subnet of 198.216.*.*. Our corporate network has a subnet of 192.216.*.*. So I reasoned that someone at O'Reilly goofed in mapping the subnet to the account and inadvertently put in OUR corporate subnet instead of the right one(s).

While I could have probably gone for months reading myself sick before they noticed it, I felt I should alert them to the situation. E-mailing them with the subject "Gaping security hole in your Safari service" must have gotten their attention as I got a call within less than an hour of clicking the 'send' button (lightning speed for a customer service department).

The tech support guy was happy I had reported the problem. So much so that he gave me a full week of free service for my honesty (roughly $3.45 US). Thanks, Kevin-- that'll go far.

About

This article was published on April 4, 2002 2:37 PM.

The article previously posted was No Celine for me thanks.

The next article is Friday Five.

Many more can be found on the home page or by looking through the archives.

Powered by Movable Type