Submission + - PA Online Voter Registration Data Left Unsecure (digg.com)
mtg169 writes: Anyone in Pennsylvania who has used the SURE Portal System to update their voter registration information or register to vote currently is at risk. A script (PrintVoterApplication.aspx) used to generate PDF files populated with user-submitted information is currently exploitable by simply changing the value of a request ID (ApplicationID), as there is no validation to ensure the ID being requested belongs to the user that is logged in, nor does it even check to see if a user is logged in, allowing anyone on the Internet full access. View linked story for additional exploit details.
I should also note that the SURE Portal Web site has a Privacy Policy including security and an information disclaimer, which basically states that they have implemented security practices, but that they are not responsible for any loss.
I should also note that the SURE Portal Web site has a Privacy Policy including security and an information disclaimer, which basically states that they have implemented security practices, but that they are not responsible for any loss.
