Slashdot Mirror


Oklahoma Leaks 10,000 Social Security Numbers

DrJokepu writes "Apparently the folks at the Department of Corrections of Oklahoma just forgot to use common sense when they created the state's Sexual and Violent Offender Registry. By putting SQL queries in the URLs, they not only leaked the personal data of tens of thousands of people, but enabled literally anyone with basic SQL knowledge to put his neighbor/boss/enemies on the sexual offender list. Fortunately, after the author of the blog The Daily WTF notified the department about the issue, the site went down for 'routine maintenance' on April 13 2008."

2 of 245 comments (clear)

  1. Re:Pleeeese! by trolltalk.com · · Score: 1, Flamebait

    It's kind of hard to believe ...

    leaked the personal data of tens of thousands of people

    They have tens of thousands of people in Oklahoma?

    And it's also hard to believe they'd have that many people on the sexual offender's list - I mean, they're Okies - they consider it "normal" to marry "kinfolks", polygamy, etc.

  2. Re:*facepalm* by MightyMartian · · Score: 0, Flamebait

    I agree. PHP really does invite sloppy code. It's the BASIC of the Internet age, an easy and accessible language, but a somewhat incoherent one that is easy to create disasters, even for a reasonably skilled coder. I quite frankly dislike intensely, but it's taken over the world, unfortunately, despite much better languages like Python being out there.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.