Wednesday, December 05, 2007

Personal data exposed on Passport application website

Don't get excited, it's not another British data scandal, this time it's the Canadians'. Remember how our Government had the junior doctor application website that with simple changes to the URL in the browser could mean accessing other people's information? Well the Canadian Passport Application website appears to have had exactly the same type of flaw.

All a user has to do is change a character in the URL and they are presented with other people's passport applications including social insurance numbers, driver's license numbers, addresses, phone numbers, federal ID card numbers and even details of someone firearms license if they have a gun.


wonderfulforhisage said...


Doing the job you do, I was wondering if you sometimes feel like a piano player in a brothel, as it were?

Vasey said...

My A-Level computing project, shit though it was, managed to avoid such a vulnerability. What sort of retards do governments hire for this stuff? I'm not exactly super-programmer here.