http://webwereld.nl/nieuws/66012/ov-site-lekt-persoonlijke-data-168-000-reizigers.html By Brenno de Winter WebWereld May 18, 2010 (Google Translation from Dutch) An ordering site for personal OV-chip cards show leak. Hackers have long-term access to information of 168,000 passengers. The SP wants the minister to account. A website to entice travelers to a personalized smart card to buy appears to be open. Attackers have the personal data of over 168,000 passengers got owned. It is a promotional website with the provinces of Gelderland, Flevoland and Overijssel people in public transport to get. On Experience the OV people can sign up for coupons, a personalized smart card or a special trip for their product OV-chip card. Leak site An error in the website is wrong to import too much information is returned. This makes it possible to communicate directly with the database. So not only can the information be searched, but it is also possible to delete data, add or change. These so-called SQL insertion attack is relatively easy to exploit and is actually a basic mistake to create a site. In the database in different places personal information about individuals, for example, a personalized smart card have requested. In total, over that for 168.000 people, of which at least the name, address, birth date, email address and telephone number to call. There are also database fields to store numbers and identification documents indicate some tables on an agreement for payment. [...] _______________________________________________ Best Selling Security Books and More! Shop InfoSec News http://www.shopinfosecnews.org/Received on Tue May 18 2010 - 22:02:52 PDT
This archive was generated by hypermail 2.2.0 : Tue May 18 2010 - 22:16:29 PDT