Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy Breach In Canadian Passport Application Site

Posted by kdawson on from the didn't-need-that-old-identity-anyhow dept.

Joanna Karczmarek sends us news of a massive privacy breach in the Government of Canada passport website. "A security flaw in Passport Canada's website has allowed easy access to the personal information — including social insurance numbers, dates of birth and driver's license numbers — of people applying for new passports. ... The breach was discovered last week by an Ontario man completing his own passport application. He found he could easily view the applications of others by altering one character in the Internet address displayed by his Web browser."

9 of 197 comments (clear)

  1. Wonderful by Grey_14 · · Score: 4, Interesting

    Odd's are, lots of people are applying for passports nowadays too, since apparently we Canadians need them to cross the border into americaland in the near future.

  2. Trash the World by Smordnys+s'regrepsA · · Score: 4, Funny

    3...
    2...
    1...

    Breaking News, a L33t Canadian Hacker broke into a national security site, stealing millions of Dollars worth of personal information.

    No word yet on any arrests.

    More at 11.

    --
    Just -1, Troll talking to another.
  3. Re:Bad Monkey!!!! by chuckymonkey · · Score: 4, Funny

    *Waves hand in the air* I am not the monkey you are looking for.

    --
    "Some books contain the machinery required to create and sustain universes."-Tycho
  4. Comment removed by account_deleted · · Score: 4, Informative

    Comment removed based on user account deletion

  5. Re:Wow by tttonyyy · · Score: 4, Funny

    Who wants to bet that the 'unrelated problem' that resulted the the site shutting down was SQL injection. If you're stupid enough to allow access to other people's details via slight URL changes, you're probably also stupid enough not to check or parameterise form fields. I blame that Canadian called '; drop table passport_info -- ' and password = ''; myself.

    Irresponsible name to have these days.
    --
    biopowered.co.uk - catalytically cracking triglycerides for home automotive use since 2008. Just say no to big oil!
  6. Why are state computing projects always like this? by Richard+Kirk · · Score: 4, Interesting

    This is not just a moan - it is a serious question.

    In the UK, every large computer project since the Navy sponsored the Babbige engine seems to end up running hugely over budget and time, and often delivering nothing. Often, many of these projects could have been done on standard equipment from the high street shop. Remember the 10 lb military wearable computer and radio that did little more than a mobile phone? The recent leak of disks with 25 million UYK residents' personal information, most of which was not wanted by the people it was going to was not removed because that was 'too labour intensive'. A few lines of perl, tops. If they want to send discs, then can send discs of random numbers, and do one-time pad encryption. If you have a proper source of random numbers, then provided the discs arrive with the seals intact, they can send the actual data XORed with the one-time pad. Not exactly rocket science, any of this.

    The usual explanation is a lack of market forces. State projects tend to get offered to contractors with vetted personnel, contractors who have done similar projects before. If you have a military requirement then your choice is restriced to positively vetted people who don't mind working on such stuff. Certainly, in the UK, there seems to be a cosy relationship between the state and the contractors. I am not sure I altogether buy this explanation. If there really is a free market, then more talented people ought eventually to come to the top if the contracts are so lucrative,

    Perhaps the problem lies with the national interest. The UK government would have to prever UK companies to overseas ones. Sometimes the competition has to come from outside a country. 20 years ago, prescription glasses used to be expensive and took a week to arrive. If you were going to the US, you could take your prescription, and get a pair made in an hour. Now you can get the same service in the UK. In the US, it is hard to get a mobile phone unlocked - it is looked on as illegal, but in the UK this is commonplace. IN both cases, I don't think there was anyhing that was actively preventing competition: it just wasn't happening.

  7. Re:25% of Canadians not born in Canada. by kndyer · · Score: 5, Informative

    As a fourth generation Canadian, I too have met a large number of Canadians. While I have no intention of defending the AC, I resent the absurd generalization that Canadians are uneducated and racist. With any large sampling of people, you will encounter the good and the bad. I am sorry to discover that you have clearly encountered only the bad, yet you are a sample of one.

    I work at a company with fifteen employees, representing eight distinct nationalities and we operate in perfect harmony. This place is not anomalous; I have lived through several similar situations at other companies.

    However, I am also a sample of one. Let us look at statistics. Immigration accounted for two-thirds of Canada's population growth in 2006/2007 (http://www.statcan.ca/Daily/English/070927/d070927a.htm/) and has always been a significant contributor to our population (http://www40.statcan.ca/l01/cst01/demo03.htm?sdi=population%20growth/).

    Does this trend pose difficulties? Certainly. However, were such a policy not embraced by the majority of Canadians, it certainly would not persist. The tolerance is real. Join us and see for yourself.

  8. Re:Wow by MMC+Monster · · Score: 4, Informative

    ObXKCD link: http://xkcd.com/327/

    --
    Help! I'm a slashdot refugee.
  9. Re:Bad Monkey!!!! by Hotawa+Hawk-eye · · Score: 4, Insightful

    What if the boss had these options:

    Option A and B: A & B achieve identical functionality but B comes with an enormous security breach. Implementing A costs one million dollars more than implementing B.

    WWDPHBD? [What Would Dilbert's Pointy Haired Boss Do?]