Thursday, December 6, 2007

Passport Canada Website Glitch Lets Man Access the Personal Information of Others

Passport Canada's Website reportedly had a security flaw that could allow applicants to change one character in the Web address to view other people's application forms, including private information like social insurance numbers and home addresses. It was a man in Ontario who made the discovery.

According to Reuters, Passport Canada has since fixed the discrepancy, and says it only revealed a "portion of the application", and only showed the information of others who were also filling out the application online at the same time. This wouldn't be such a big deal if there weren't tons of people filling out passport applications all the time in Canada. Just walk into any Passport Canada office and you'll see what I mean.

If this doesn't express the importance of Web security, I don't know what will. There are many large corporations that store tons of personal information about customers, yet don't invest in the proper security measures to ensure that this information can't be easily hacked. The old WEP security standard simply doesn't cut it anymore, with any old 13-year-old computer geek able to hack into networks supposedly "protected" by this standard. WPA is the much more secure method. Businesses that haven't yet switched over should seriously consider doing so; especially if you tend to store private, customer information in your computer databases. The other solution: don't store personal information about your customers. Why is this relevant anyway?

As for Passport Canada, the Canadian government insists that the Website's security system has now been enhanced to prevent any type of unauthorized entry; and claims that the situation with the Ontario man was an "isolated anomaly". And here I was thinking that you needed to be some sort of Web genuis to hack into personal information online. Apparently it's possible to be one keystroke away from stealing someone's life. And we wonder why identity theft is so rampant in our country...

1 comment:

Sir Ripster said...

Actually this is a more prevalent address hack that most people think. Just sloppy IT security on the government’s part. And to think soon we will have Canadian SIN, Health & Tax Info easily accessible.

Private Personal Info Needs only to be lost once to cause problems.