gonzo
05-02-2008, 11:21 AM
Source-Code Audit Detects Issue in MPA3
Clients' programs were fixed 'right away,' company says.
By: Sherri L. Shaulis (http://www.avn.com/performer/profiles/55233.html)
Posted: 04/30/2008
LOS ANGELES - A routine audit of source code for MPA3 found a "mySQL injection," but the company said the matter has already been resolved.
Oystein Wright, CEO of Mansion Productions, the parent company of MPA3, said the injection meant someone could have added strings to the variables MPA3 uses and extracted some information from the database
The company that conducted the audit notified officials from MPA3 about the issue Monday, and MPA3 officials checked and verified the issue, Wright said.
"We prepared a fix and started updating clients' programs right away," he said.
Clients were notified of the security issue findings and the implemented fix via email, Wright said, adding that, "To date, no information has been lost or compromised that we know of."
"We did get feedback from a few clients asking if their programs had been fixed, and they were all happy to hear that they were," he said. "I have yet to get a single complaint, and I believe it is because we made the necessary changes to secure their programs as soon as we found out about it."
Clients' programs were fixed 'right away,' company says.
By: Sherri L. Shaulis (http://www.avn.com/performer/profiles/55233.html)
Posted: 04/30/2008
LOS ANGELES - A routine audit of source code for MPA3 found a "mySQL injection," but the company said the matter has already been resolved.
Oystein Wright, CEO of Mansion Productions, the parent company of MPA3, said the injection meant someone could have added strings to the variables MPA3 uses and extracted some information from the database
The company that conducted the audit notified officials from MPA3 about the issue Monday, and MPA3 officials checked and verified the issue, Wright said.
"We prepared a fix and started updating clients' programs right away," he said.
Clients were notified of the security issue findings and the implemented fix via email, Wright said, adding that, "To date, no information has been lost or compromised that we know of."
"We did get feedback from a few clients asking if their programs had been fixed, and they were all happy to hear that they were," he said. "I have yet to get a single complaint, and I believe it is because we made the necessary changes to secure their programs as soon as we found out about it."