Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security

Journal Journal: The truth about software low hanging fruit vulnerability

http://www.daniweb.com/blogs/entry1560.html If you were to just take weekly media reports and monthly security researcher statistics as your metric, then I suspect it would be a safe bet to suggest that you would say software security vulnerabilities are on a steep upwards curve. Furthermore, it is just as likely that given the media exposure to such events as Microsoft Patch Tuesday and the furore when Adobe or Apple announce a hole has

Feed Indian Visa Application Data Easily Accessible Using Old 'Change Number In URL' (techdirt.com)

The folks over at Daniweb have submitted their story about the online visa application system in India. Approximately a year ago, someone who was using the system ran into a problem, where all the work he had done in filling out the application seemed to disappear, and the back button wasn't work. So he tried making small changes to the URL... which gave him access to someone else's visa application. There are plenty of online systems that do this, but you would expect something a little more secure when it comes to government documents that include all sorts of personal info. The guy notified those responsible, and his alert was promptly ignored. It was only after they were contacted a second time, by the person writing the article about it, that they took it seriously enough to finally plug the hole. With governments leaking data all the time, is it any wonder that people don't feel particularly safe when the government wants even more data from us, while promising that there's no way it would ever be leaked?

Slashdot Top Deals

Anyone can hold the helm when the sea is calm. -- Publius Syrus

Working...