Penetration Testing mailing list archives
Re: Valid/sufficient identification mechanisms/credentials for personal data collection.
From: "Kurt Seifried" <bt () seifried org>
Date: Tue, 1 Aug 2006 01:12:25 -0600
Currently, every Australian resident is going through their Census (http://www.abs.gov.au/census) survey forms. Seems like a reasonable thing to do, maybe not for the paranoid, but anyway… The form is around 18 pages long and contains a fair amount of personal questions such as your name, surname, date of birth, address, employment information, income bracket, etc. A sample can be found here: http://www.abs.gov.au/websitedbs/d3310114.nsf/4a256353001af3ed4b2562bb00121564/d14318a2e9282072ca25715d00177d17/$FILE/HHF%202006%20Sample%20only.pdf It is delivered via a courier and is left near the front the door, and pick-up is very much the same. On the front cover of the form, one of the bullet points is "Your Collector will return between 9 August and 28 August to collect your form".
Interesting, in Canada we mail them in, or we can fill them out online. Each paper census that was delivered had a large unique number on it you had to enter to do the census online (so they can match forms delivered to responses, and addresses and whatnot). Seems alot more secure and cheaper than "leave it out on the porch for a few weeks".
-Kurt
------------------------------------------------------------------------------ This List Sponsored by: CenzicConcerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------
Current thread:
- Re: Valid/sufficient identification mechanisms/credentials for personal data collection. Kurt Seifried (Aug 01)
- Re: Valid/sufficient identification mechanisms/credentials for personal data collection. Serg B. (Aug 01)
- <Possible follow-ups>
- Re: Valid/sufficient identification mechanisms/credentials for personal data collection. Michael Krymson (Aug 01)