Backdoor allows entry into shopping cart

CART32, a popular shopping cart for small e-commerce sites, has been found to have a software backdoor that allows access to the servers running the software, said Cerberus Internet Security Ltd. in a Thursday advisory. The software, created by McMurtrey/Whitaker & Associates, Inc. of Springfield, Mo., contains a password "wemilo" that, when entered in the right way, lists the full-access passwords for all the CART32 shopping cart clients on the server. Using the backdoor, network attackers could gain access to credit card numbers, deface the Web site or change permissions on files. Full story. -- Robert Lemos, ZDNet News