Hello Guest, welcome to torrentinvites.org - Your #1 source for Torrent Invites!
CLICK HERE to register for free and gain full access to TI.org!
Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!
2Likes
-
2
Post By sedna
-
sedna
Guest
Huddle lets in outsiders
Office collaboration tool was wide open
The BBC discovered a security flaw in the office collaboration tool Huddle that led to private documents being exposed to unauthorised parties.
For those who came in late, Huddle is an online tool that lets work colleagues share content and describes itself as "the global leader in secure content collaboration."
It has some big clients included the Home Office, Cabinet Office, Revenue & Customs, and several branches of the NHS to share documents, diaries and messages.
Unfortunately, BBC happens to be one of the customers and apparently, a BBC journalist was inadvertently signed in to a KPMG account, with full access to private financial documents.
Huddle said it had fixed the flaw which affected "six individual user sessions between March and November this year".
"With 4.96 million log-ins to Huddle occurring over the same time period, the instances of this bug occurring were extremely rare," it said.
Huddle admitted that a third party had accessed one of the BBC's Huddle accounts.
The problem occurs during the Huddle sign-in process, the customer's device requests an authorisation code.
According to Huddle, if two people arrived on the same login server within 20 milliseconds of one another, they would both be issued the same authorisation code.
This authorisation code is carried over to the next step, in which a security token is issued, letting the customer access their Huddle.
Since both User A and User B present the same authorisation code, whoever is fastest to request the security token is logged in as User A.
Huddle has now changed its system so that every time it is invoked, it generates a new authorisation code.
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules