Passport Canada privacy breach
-
Sounds like they were passing unencrypted userIDs in the querystring.
http://www.theglobeandmail.com/servlet/story/RTGAM.20071204.wpassport1204/BNStory/National/home
-
Ouch. And I expect the UK's ID card scheme will suffer from hundreds of vulnerabilities, some similarly trivial.
Still, it could be worse. I would not have been surprised if he'd been immediately arrested and charged with hacking, identity theft, or maybe even 'terrorism' . Especially in the UK, where the authorities can cry 'terrorist', lock you up for a month (and they want to extend that to three), then release you without charge.
-
They fixed the problem on Friday, and I submitted my application for a Canadian passport on Monday. That's starting to sound a little suspicious!
-
@PonyGumbo said:
Sounds like they were passing unencrypted userIDs in the querystring.
http://www.theglobeandmail.com/servlet/story/RTGAM.20071204.wpassport1204/BNStory/National/home
Owned.
-
FUCK!
I JUST USED that rotten piece of crap like a month ago. YOU FUCKING OCTOPUS.
The context ad is a little amusing though:
"NO ENTRY! You must have revealed your personal data to any idiot with a keyboard to proceed. "Seriously, if you DON'T use the online or quick-renewal processes, do you know how long the standard passport application line takes to get through? It's disgusting and obscene. You sorta have your choice between exposing yourself to identity theft, or, uh, not traveling.