[Dataloss] follow-up: Passport security breach repaired, official says
security curmudgeon
jericho at attrition.org
Thu Dec 6 10:50:02 UTC 2007
---------- Forwarded message ----------
From: InfoSec News <alerts at infosecnews.org>
http://www.theglobeandmail.com/servlet/story/RTGAM.20071205.wpassport05/BNStory/National/home
By Kenyon Wallace
Globe and Mail
December 5, 2007
Passport Canada says that a security breach in its passport application
website that allowed easy access to the personal information of applicants
has been repaired.
"We're definitely looking into how this happened, but right now, it's
fixed," said Fabien Lengelle, a spokesman for Passport Canada. "We are
very committed to security and we would like to reassure the Canadian
public that passport online is a secure application."
Mr. Lengelle added that the personal information of applicants is never
stored online.
However, an Ontario man applying online for a passport last Thursday
discovered he could access personal information - such as social insurance
numbers, birthdates and driver's licence numbers - of other applicants by
altering one character in the Internet address displayed by his Web
browser.
[..]
More information about the Dataloss
mailing list