Kurt did it again this year. He was able to crack the MD5 codes on the Macworld Expo registration page to get a platinum pass for free!
Last year when he discovered the flaw, he notified IDG about it, and they fixed the issue at that time. We figured it would be completely fixed this year, but all they did was change the code schema. Instead of a 6 character length code, it was 8 characters this year. But all the codes started with 08, so really it was still a 6 character brute force attempt. At least they mixed in numbers this time.
When will companies start taking security seriously? How many times do we need to tell someone they are at risk before they act on it? Too bad TruTV’s show “Tiger Team” is canceled. I thought they showed a decent mix of physical and cyber security issues. Maybe Fortify’s upcoming documentary movie “The New Face of Cybercrime” will give the corporate world a shock.