Slashdot Mirror


Privacy Breach In Canadian Passport Application Site

Joanna Karczmarek sends us news of a massive privacy breach in the Government of Canada passport website. "A security flaw in Passport Canada's website has allowed easy access to the personal information — including social insurance numbers, dates of birth and driver's license numbers — of people applying for new passports. ... The breach was discovered last week by an Ontario man completing his own passport application. He found he could easily view the applications of others by altering one character in the Internet address displayed by his Web browser."

8 of 197 comments (clear)

  1. Trash the World by Smordnys+s'regrepsA · · Score: 4, Funny

    3...
    2...
    1...

    Breaking News, a L33t Canadian Hacker broke into a national security site, stealing millions of Dollars worth of personal information.

    No word yet on any arrests.

    More at 11.

    --
    Just -1, Troll talking to another.
  2. 31337 h4x0r by martinX · · Score: 3, Funny
    --
    When they came for the communists, I said "He's next door. Take him away. Goddam commies."
  3. Bad Monkey!!!! by TheeBlueRoom · · Score: 3, Funny

    Sounds like some web monkey needs a beating....

    --
    I wish I was clever!
    1. Re:Bad Monkey!!!! by chuckymonkey · · Score: 4, Funny

      *Waves hand in the air* I am not the monkey you are looking for.

      --
      "Some books contain the machinery required to create and sustain universes."-Tycho
  4. Re:25% of Canadians not born in Canada. by meringuoid · · Score: 3, Funny
    It's not unusual to go to a mall, and see 45% to 50% of the people who are clearly not born in Canada. This is evident from their clothing, their mannerisms, and especially their near-complete lack of knowledge of English or French.

    I wouldn't say Americans are that bad at English...

    --
    Real Daleks don't climb stairs - they level the building.
  5. Re:Wow by tttonyyy · · Score: 4, Funny

    Who wants to bet that the 'unrelated problem' that resulted the the site shutting down was SQL injection. If you're stupid enough to allow access to other people's details via slight URL changes, you're probably also stupid enough not to check or parameterise form fields. I blame that Canadian called '; drop table passport_info -- ' and password = ''; myself.

    Irresponsible name to have these days.
    --
    biopowered.co.uk - catalytically cracking triglycerides for home automotive use since 2008. Just say no to big oil!
  6. Re:fixed AND old news. by Yetihehe · · Score: 3, Funny

    What is it with IIS installations and dodgy security?
    If you make a server even idiot can run, idiots will be running it.
    --
    Extreme Programming - Redundant Array of Inexpensive Developers
  7. Re:Accidentally on purpose by schon · · Score: 3, Funny

    incompetent MCSE techies Umm, you realize you put a redundant term and an oxymoron in three words?