Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy Breach In Canadian Passport Application Site

Posted by kdawson on from the didn't-need-that-old-identity-anyhow dept.

Joanna Karczmarek sends us news of a massive privacy breach in the Government of Canada passport website. "A security flaw in Passport Canada's website has allowed easy access to the personal information — including social insurance numbers, dates of birth and driver's license numbers — of people applying for new passports. ... The breach was discovered last week by an Ontario man completing his own passport application. He found he could easily view the applications of others by altering one character in the Internet address displayed by his Web browser."

12 of 197 comments (clear)

  1. Trash the World by Smordnys+s'regrepsA · · Score: 4, Funny

    3...
    2...
    1...

    Breaking News, a L33t Canadian Hacker broke into a national security site, stealing millions of Dollars worth of personal information.

    No word yet on any arrests.

    More at 11.

    --
    Just -1, Troll talking to another.
  2. 31337 h4x0r by martinX · · Score: 3, Funny

    That's some leet hakking going on there...

    http://www.freedom-to-tinker.com/index.php?p=780
    http://www.tjmcintyre.com/2005/06/morris-tribunal-learns-pitfalls-of.html
    http://blogs.zdnet.com/threatchaos/?p=464

    --
    When they came for the communists, I said "He's next door. Take him away. Goddam commies."
  3. Bad Monkey!!!! by TheeBlueRoom · · Score: 3, Funny

    Sounds like some web monkey needs a beating....

    --
    I wish I was clever!
    1. Re:Bad Monkey!!!! by chuckymonkey · · Score: 4, Funny

      *Waves hand in the air* I am not the monkey you are looking for.

      --
      "Some books contain the machinery required to create and sustain universes."-Tycho
  4. Re:25% of Canadians not born in Canada. by meringuoid · · Score: 3, Funny
    It's not unusual to go to a mall, and see 45% to 50% of the people who are clearly not born in Canada. This is evident from their clothing, their mannerisms, and especially their near-complete lack of knowledge of English or French.

    I wouldn't say Americans are that bad at English...

    --
    Real Daleks don't climb stairs - they level the building.
  5. Re:Wow by tttonyyy · · Score: 4, Funny

    Who wants to bet that the 'unrelated problem' that resulted the the site shutting down was SQL injection. If you're stupid enough to allow access to other people's details via slight URL changes, you're probably also stupid enough not to check or parameterise form fields. I blame that Canadian called '; drop table passport_info -- ' and password = ''; myself.

    Irresponsible name to have these days.
    --
    biopowered.co.uk - catalytically cracking triglycerides for home automotive use since 2008. Just say no to big oil!
  6. Re:fixed AND old news. by Yetihehe · · Score: 3, Funny

    What is it with IIS installations and dodgy security?
    If you make a server even idiot can run, idiots will be running it.
    --
    Extreme Programming - Redundant Array of Inexpensive Developers
  7. Re:Accidentally on purpose by Anonymous Coward · · Score: 1, Funny

    "ignored by the clueless management to save money?"

    As a Canadian citizen, allow me to assure you that they were most certainly not concerned with saving money.

  8. Re:Accidentally on purpose by schon · · Score: 3, Funny

    incompetent MCSE techies Umm, you realize you put a redundant term and an oxymoron in three words?
  9. I'm not surprised by Pope · · Score: 2, Funny

    Note the capitols

    Well you did say it was a government contract.
    --
    It doesn't mean much now, it's built for the future.
  10. give us a break... by steveaustin1971 · · Score: 1, Funny

    Its damn hard to perfect code with all these polar bears trying to eat our igloos, and mashing the keyboards in mittens makes for some pretty long debugging sessions. Also someone spilled beer on the one copy of "html for dummies" the government makes us share. So soon as we come down from the marijuana and finish the cheetos we'll go over the code again. Has anyone seen my keyboard de-icer? (Hope you can read comments in Frenglish, it was written in Ottawa)

  11. Re:Any site that documents these breeches? by 1u3hr · · Score: 2, Funny

    Lots of breeches listed here.