German Federal Finance Agency's Web Server Wide Open
Having been informed of serious security problems by the Chaos Computer Club (CCC), Germany's federal finance agency has taken its online service offline. According to the CCC, for several years internet users have been able to set up their own quotes for financial transactions from a web browser and to alter, amend and add to quotes provided by the agency. What is not clear is whether or not this has occurred in practice.
Bundesrepublik Deutschland – Finanzagentur GmbH, also known as the Deutsche Finanzagentur, is a financial services company which deals with placing federal borrowing with large customers and managing federal debt. The agency also offers free portfolio management of Federal securities; a service which private investors can also make use of.
The cause of the problem appears to have been a browser based file manager which was accessible to all users and allowed free access to files on the server. This made it possible to change both settings and content. Because the agency's website also includes an entry page to internet banking services, attackers could have intercepted access data entered by customers – this could have been achieved using a PHP script or by reconfiguring the Apache server, for example.
More here.