* Somebody has to create a mechanism for tracking the population, such as a database. Personal information sells at about 14 bucks in the black market, so
this means you need to create a repository worth a lot of money and give the keys to somebody.
* Somebody has to create a mechanism for tracking the population, such as a database. Personal information sells at about 14 bucks in the black market, so
this means you need to create a repository worth a lot of money and give the keys to somebody.
In the United States, there are several examples (although some may not be well known) of state, federal, and trusted-third-party vendor networks
being hacked and PII being leaked to the black market. A lot of people
have had their IDs stolen as a result of these hacks and don't know it.
Whenever the government (especially federal) starts putting together a new database, it is a big target.
* SLMR 2.1a * DALETECH - for all your home security needs!I remember a friend discovering a flaw in one of the portals used to book hospital visits in Italy by Regioen Lombardia; basically you would enter you "SSN" (codice fiscale) and it would land you to a authentication page, however just having the SSN (really easy to do: https://en.wikipedia.org/wiki/Italian_fiscal_code#Fiscal_code_generation) would provide all kind of sensible personal data from street address to telephone number and so on. All you had to do was looking at the requests and you had a fantastic JSON with all the data possible. Bad design.
---
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
In the United States, there are several examples (although some may not be well known) of state, federal, and trusted-third-party vendor networks being hacked and PII being leaked to the black market. A lot of people have had their IDs stolen as a result of these hacks and don't know it.
I remember a friend discovering a flaw in one of the portals used to book hospital visits in Italy by Regioen Lombardia; basically you would enter you "SSN" (codice fiscale) and it would land you to a authentication page, however
just having the SSN (really easy to do: https://en.wikipedia.org/wiki/Italian_fiscal_code#Fiscal_code_generation) woul
provide all kind of sensible personal data from street address to telephone number and so on. All you had to do was looking at the requests and you had a fantastic JSON with all the data possible. Bad design.
Stuff like this gives me goosebumps. I don't know if goverments have a special
ucket of trash syops, devs and security experts for hire when they have to dev
op something for the public that needs to be secure. It's like magic; Some cou
hoses here still have old public ftp servers with documents trown around (some
ven recent) containing sensitive stuff like transcipts of private conversation
and so on. Sad stuff.
Sysop: | Eric Oulashin |
---|---|
Location: | Beaverton, Oregon, USA |
Users: | 89 |
Nodes: | 16 (0 / 16) |
Uptime: | 02:43:15 |
Calls: | 5,076 |
Calls today: | 1 |
Files: | 8,491 |
Messages: | 351,651 |