And now the Canadian Passport application web-site was discovered to have a fault - by a simple change of the ID in the URL, all applications and privacy data of other users where available.
Duh.
Discovered at the I.T. Security Guy.
passport
Undress yourself! Sloggi wants your passport number!
Sloggi, the company of great underwear - want to undress your passport number according to a Norwegian article.
Sloggi runs a world-wide campaign to boost their sales. As any sane multinational would do. They do it with a twist. And they use Internet.
They want you to photograph your butt and upload it to their website. If your butt is found attracting enough, people may vote you to become a new model. What a bummer.
I guess they got the idea from the sites like Penest.no, where young girls sell pictures of their booty for points.
In the article, Sloggi spokeswoman Sofie Lindahl-Jensen, says they have very good controls of making sure users are over 18.
"They [users] have to register with an e-mail address and a cellphone".
I am positive that I do not have to inform my readers how easy it is to fake that? Even the journalist of the article knows how to do it.
Well, it's not over yet. After being confronted with sharp reactions from Datatilsynet (Norwegian Data Protectorate), and the fake profile with a strangers behind, the same Sofie Lindahl-Jensen assures the readers that new measures to control the age are being implemented.
How?
"We will use passport numbers to compare with the national passport databases to check their age.."
No, you will not. Sorry. As the police says:
"Unless they are paying off some rouge policeofficers, they will not get that access. That data is illegal to obtain."
Sloggi, we may question your methods. We may question your security. We may even question your motives. And we may believe you are stupid and incompetent.
YOU (Sloggi) should NEVER remove that doubt by admitting you have no clue what so ever about security. If you are in doubt - say nothing. When the journalist has gone, call someone for help.
NEVER, EVER let us realize you are clueless.
If you do something stupid, make sure your spokesperson either knows what to say, or know when to shut up.Bummer. Or was it Butthead?
Content copyright Kai ROER / Roer.Com. Content is provided using the Creative Commons License.
All names and logos are copyright their respective owner(s).
All names and logos are copyright their respective owner(s).
Explore Security Bloggers Network
Recent comments
3 days 23 hours ago
4 days 8 hours ago
6 days 13 hours ago
1 week 3 days ago
1 week 3 days ago
2 weeks 20 hours ago
2 weeks 23 hours ago
3 weeks 1 day ago
4 weeks 1 day ago
4 weeks 3 days ago