Better Business Bureau footnotes & follow-up

Last week I broke the story of a local Better Business Bureau's mile-wide security hole on its website.

I did notify a few media outlets and blogs about the vulnerability, but only Martin McKeay's Network Security Blog has really followed what's going on. This is quite understandable, considering the crisis our country is now experiencing, but I wanted to add a footnote about how the BBB responded to my notification. Martin gives the summary on his blog.

One other thing: As it's still possible for someone to get into my own BBB case file (but not others) with only my first and last name, I have left my last name out of this blog and the information that Martin reproduced on his blog. I think if the BBB is managing personal data such as contact information and the details of financial disputes, they really need to get a more robust authentication system, not the Mickey Mouse system that the BBB uses now.