follow-up: Passport security breach repaired, official says

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.theglobeandmail.com/servlet/story/RTGAM.20071205.wpassport05/BNStory/National/home

By Kenyon Wallace
Globe and Mail
December 5, 2007

Passport Canada says that a security breach in its passport application 
website that allowed easy access to the personal information of applicants 
has been repaired.

"We're definitely looking into how this happened, but right now, it's 
fixed," said Fabien Lengelle, a spokesman for Passport Canada. "We are 
very committed to security and we would like to reassure the Canadian 
public that passport online is a secure application."

Mr. Lengelle added that the personal information of applicants is never 
stored online.

However, an Ontario man applying online for a passport last Thursday 
discovered he could access personal information - such as social insurance 
numbers, birthdates and driver's licence numbers - of other applicants by 
altering one character in the Internet address displayed by his Web 
browser.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml