Announcement

Collapse
No announcement yet.

How would I go about reporting a security bug

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    How would I go about reporting a security bug

    Hi,

    I have upgraded my pc from a windows98 to windows2k which worked quite well. I however think i have discovered a security flaw in the actinic system after doing the update....

    How should i go about reporting this?

    Thanks

    Dave Shorthouse.
    David Shorthouse,
    Website Manager,
    http://www.Queenswood.co.uk
    Tags: None
    #2
    Call Actinic www.actinic.co.uk

    Comment

      #3
      There is a known issue when previewing offline in Internet Explorer with some later versions of Windows which causes the nagging bar to appear at the top of the window asking for approval ... this is the Javascript for the navigation / cart display etc that will not display unless you approve.


      Bikster
      SellerDeck Designs and Responsive Themes

      Comment

        #4
        No the issue that I have found is to do with credit card details being displayed with a different encryption code within actinic.

        This has only happened once but I think it would be classed a potential risk.

        I expect it has already been reported....
        I think it would be repeatable...

        But because we are using v6 it might be fixed in 7???

        Dave
        David Shorthouse,
        Website Manager,
        http://www.Queenswood.co.uk

        Comment

          #5
          As far as I know, Credit Card details are not encrypted within the actinic database. It's been raised before as a problem.

          Mike
          -----------------------------------------

          First Tackle - Fly Fishing and Game Angling

          -----------------------------------------

          Comment

            #6
            I am not going to go into details of how this happened.. When you download an order from the internet the data is encrypted so that someone couldnt just connect to your server download your orders.

            Actinic then downloads the orders & decrypts the order files so they are unencrypted within actinic. If your encryption code on actinic doen't match the encrytion code on the orders it "SHOULD NOT" allow you to see the credit card details. But will allow you get the other information.

            I will try to phone support today if I get a break from what I am doing.

            Dave
            David Shorthouse,
            Website Manager,
            http://www.Queenswood.co.uk

            Comment

              #7
              Hi Dave,

              I understand what you're saying. You're right that orders are encrypted on the server but once downloaded none of the order should be visible without the proper security key.

              If they can be seen then do contact actinic and let them know.

              You can call them or report the problem here http://www.actinic.co.uk/support/register.htm

              Mike
              -----------------------------------------

              First Tackle - Fly Fishing and Game Angling

              -----------------------------------------

              Comment

              Previous template Next
              Working...
              X