[Dataloss] Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data
lyger
lyger at attrition.org
Tue Apr 15 19:11:54 UTC 2008
(courtesy Jericho)
http://thedailywtf.com/Articles/Oklahoma-Leaks-Tens-of-Thousands-of-Social-Security-Numbers,-Other-Sensitive-Data.aspx
One of the cardinal rules of computer programming is to never trust your
input. This holds especially true when your input comes from users, and
even more so when it comes from the anonymous, general public. Apparently,
the developers at Oklahoma.s Department of Corrections slept through that
day in computer science class, and even managed to skip all of Common
Sense 101. You see, not only did they trust anonymous user input on their
public-facing website, but they blindly executed it and displayed whatever
came back.
The result of this negligently bad coding has some rather serious
consequences: the names, addresses, and social security numbers of tens of
thousands of Oklahoma residents were made available to the general public
for a period of at least three years. Up until yesterday, April 13 2008,
anyone with a web browser and the knowledge from Chapter One of SQL For
Dummies could have easily accessed - and possibly, changed - any data
within the DOC's databases. It took me all of a minute to figure out how
to download 10,597 records - SSNs and all - from their website:
[...]
More information about the Dataloss
mailing list