by Mike Masnick
Thu, Dec 6th 2007 12:43am
Back in the early days of the web, there were plenty of stories about a rather simple security breach on various sites. Basically, many sites would simply pass a user's account number through as a part of the URL. If a user simply changed the URL, her or she could see the account info of that other issue associated with the new number. After a few such cases came to light, most web app designers quickly realized to plug that hole, and it's been quite some time since we've heard of a site with such a security hole. However, it appears that there are still a few. The site for Passport Canada, where people can apply for a Canadian passport apparently had exactly that security vulnerability, allowing the guy who discovered it to see the passport application data of other applicants simply by adjusting the URL. It's never nice to hear about a security flaw (especially on a gov't website with all sorts of private info), but it actually induces a bit of nostalgia to hear of such a basic security flaw showing up in the wild yet again.
If you liked this post, you may also be interested in...
- Bruce Schneier Sounds The Alarm: If You're Worried About Russians Hacking, Maybe Help Fix Voting Machine Security
- Security Researchers Sued For Exposing Internet Filtering Company's Sale Of Censorship Software To Blacklisted Country
- The Internet Of Things Is a Security And Privacy Dumpster Fire And The Check Is About To Come Due
- IsoHunt Settles The Last Of Its Lawsuits, Laughably Agrees To 'Pay' Recording Industry $66 Million
- Nick Denton Bucks The Trend Du Jour, Thinks News Comments Are Worth Saving