Excite Inc’s customizable portal web site has had a security flaw exposed, that enables web users to gain access to personal information about Excite subscribers. The security bug was discovered by software and development company, Argus Interessengemeinscharf owner and webmaster Jason Salisbury, who found a URL that linked to someone-else’s my.excite homepage. In theory the bug will give the ‘fake’ user access to another person’s Internet Protocol address of his or her computer, the type of computer and browser used, and the URL of the last page looked at. Salisbury managed to find out that the URL he stumbled across ‘belonged’ to Bill Coderre, an employee at Apple Computer Inc in Cupertino, his email address, his zip code, his level of education, marital status and the stocks he tracked. But the bug is only activated if one computer has more than one bookmarked and customized my.excite page, which is likely to be connected with a home computer that has several family users. According to Excite’s chief technology officer, Graham Spencer around 1% of the company’s users who have customized pages will be affected. The bug comes to light when a user of the Excite page goes to another site, which tracks the sites its visitors were last at. Spencer said Excite is working on fixing the problem, but in the mean time, the problem can be solved by users who share a computer removing their bookmarks and logging in each time they want to visit the site instead.
