Wednesday, December 05, 2007

Personal data exposed on Passport application website

Don't get excited, it's not another British data scandal, this time it's the Canadians'. Remember how our Government had the junior doctor application website that with simple changes to the URL in the browser could mean accessing other people's information? Well the Canadian Passport Application website appears to have had exactly the same type of flaw.

All a user has to do is change a character in the URL and they are presented with other people's passport applications including social insurance numbers, driver's license numbers, addresses, phone numbers, federal ID card numbers and even details of someone firearms license if they have a gun.

2 comments:

wonderfulforhisage said...
5 Dec 2007 22:08:00  

Dizzy,

Doing the job you do, I was wondering if you sometimes feel like a piano player in a brothel, as it were?

Vasey said...
6 Dec 2007 18:55:00  

My A-Level computing project, shit though it was, managed to avoid such a vulnerability. What sort of retards do governments hire for this stuff? I'm not exactly super-programmer here.


 

dizzythinks.net is a participant in the Amazon Europe S.à.r.l. Associates Programme, an affiliate advertising programme designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.co.uk/Javari.co.uk.