Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy Breach In Canadian Passport Application Site

Posted by kdawson on from the didn't-need-that-old-identity-anyhow dept.

Joanna Karczmarek sends us news of a massive privacy breach in the Government of Canada passport website. "A security flaw in Passport Canada's website has allowed easy access to the personal information — including social insurance numbers, dates of birth and driver's license numbers — of people applying for new passports. ... The breach was discovered last week by an Ontario man completing his own passport application. He found he could easily view the applications of others by altering one character in the Internet address displayed by his Web browser."

7 of 197 comments (clear)

  1. Comment removed by account_deleted · · Score: 4, Informative

    Comment removed based on user account deletion

  2. Re:Wonderful by Wowsers · · Score: 3, Informative

    In the UK, applying for a passport _now_ gets around the UK's ID card laws and it's Nazi-esque data gathering, oh, and is considerably cheaper now compared to IF the ID cards ever come into existence.

    As for this security flaw, there was a similar one found a few months ago in the UK's own online visa applications system http://www.channel4.com/news/articles/business_money/online+visa+security+flaw/517157 . Maybe they hired the same idiot programmers?

    --
    Take Nobody's Word For It.
  3. fixed AND old news. by notrandom · · Score: 3, Informative

    http://www.cbc.ca/consumer/story/2007/12/04/passport-security.html?ref=rss

  4. Re:.aspx by Jellybob · · Score: 3, Informative

    I havn't looked at the article, but I doubt that's going to help against someone determined. Sure - Joe Blogs who found the bug this time probably wouldn't have, but that's just an URL encoded string, which are trivial to decode (I believe PHP has an urldecode function for just that).

    Never, ever, trust data provided by the user. If there's potential to cause trouble, somebody will do it, which is why the site should have been keeping track of who's application was being filled out on the server, probably in a session variable.

  5. Re:More fool them. by Bozzio · · Score: 2, Informative

    Parent's links are viruses.

    --
    I just pooped your party.
  6. Re:25% of Canadians not born in Canada. by kndyer · · Score: 5, Informative

    As a fourth generation Canadian, I too have met a large number of Canadians. While I have no intention of defending the AC, I resent the absurd generalization that Canadians are uneducated and racist. With any large sampling of people, you will encounter the good and the bad. I am sorry to discover that you have clearly encountered only the bad, yet you are a sample of one.

    I work at a company with fifteen employees, representing eight distinct nationalities and we operate in perfect harmony. This place is not anomalous; I have lived through several similar situations at other companies.

    However, I am also a sample of one. Let us look at statistics. Immigration accounted for two-thirds of Canada's population growth in 2006/2007 (http://www.statcan.ca/Daily/English/070927/d070927a.htm/) and has always been a significant contributor to our population (http://www40.statcan.ca/l01/cst01/demo03.htm?sdi=population%20growth/).

    Does this trend pose difficulties? Certainly. However, were such a policy not embraced by the majority of Canadians, it certainly would not persist. The tolerance is real. Join us and see for yourself.

  7. Re:Wow by MMC+Monster · · Score: 4, Informative

    ObXKCD link: http://xkcd.com/327/

    --
    Help! I'm a slashdot refugee.