|
|
|
|
|
|
|
In Partnership with:
|
21
April 2008
Oklahoma Department of Corrections leaks personal data from websiteAntony Savvas, Computer Weekly Thousands of residents of Oklahoma state in the US have found their personal details have been freely available on the web for three years. The data includes their names, social security numbers and other personal information. The source of the leak is Oklahoma's Department of Corrections website. Anyone with a basic knowledge of SQL programming could interpret the URL and other data returned by Oklahoma's Department of Corrections (DoC) website. Amending the long URLs returned by the site, a hacker could retrieve tens of thousands of social security numbers and allied data from the site. Fredrick Lee, a software security researcher at Fortify Software, said the origin of the problem was poor coding on the state's DoC website. "This is a classic SQL injection vulnerability," he said, adding that the security lapse could easily have been caught with a simple code review. According to Lee, had some form of automated analysis been used on the site, the incident could have been avoided. "The sad thing is that vulnerabilities like these indicate to attackers that other related applications and organisations are probably vulnerable as well," he said. This article first appeared on the web-site of Computer Weekly ( Click here to read ). © Reed Business Information 2008.
|
|
|
 |
Infosecurity US © Copyright 2008, Elsevier Ltd, All rights reserved. Your use of this service is governed by Terms and Conditions. Please review our Privacy Policy for details on how we protect information that you supply. |
Terms & Conditions | Privacy Policy |
