By Hiawatha Bray, Globe Staff | March 1, 2005
Boston software entrepreneur Aaron Greenspan, who revealed serious
security flaws in the website of Tennessee payroll company PayMaxx
Inc. last week, said yesterday that the site remains insecure.
Greenspan said that a computer hacker still could use the site to
obtain the Social Security numbers of hundreds of Americans.
Greenspan called the management of PayMaxx incompetent, and urged
Congress to investigate the company. "They have no idea what they're
doing," he said.
Greenspan's company, Think Computer Corp., had its payrolls prepared
by PayMaxx, of Franklin, Tenn., until late last year. After ending
their relationship, Greenspan found that his name, address, Social
Security number, and other personal data were still available on the
PayMaxx website, which could be accessed by entering zeroes in the
site's login windows. Greenspan also found that he could obtain the
same information about other PayMaxx customers by typing random
numbers into the browser's address window. He estimated that up to
100,000 files could be accessed this way.
[TELECOM Digest Editor's Note: There are so many real idiots out there
working on websites, etc. I am _hardly_ a brilliant web designer, but
don't any of these fools know simple security measures they can take
to thwart all but the most detirmined hackers? PAT]