Feeds

back to article Pennsylvania officials bail after voter reg site springs a leak

Pennsylvania officials pulled the plug on a voter registration website after a user posted online instructions that showed the site was exposing sensitive information about people who used the service. The flaw with the state's Voter Registration Application made it possible for anyone on the net to view registration forms that …

COMMENTS

This topic is closed for new posts.
Thumb Up

good job mtg169

I grew up in Pennsylvania and lived there many years, until my career eventually took me to other regions. During my time there, I saw a level of incompetency and corruption in government there (both local and state levels) I have never experienced anywhere else. Not that other places are Utopia or anything. This development should just be seen as normal business. Good for the user who exposed this. That state needs more people like mtg169 to peek under the rug.

0
0
Pirate

Yet another one who unwisely avoided playing "the three monkeys"

I hope that guy is working from Pakistan otherwise he will be looking at the wrong end of a SWAT team with a subsequent workover in the courts for illegal access to an information processing device, as it is customary to shoot messengers. But then again, if he _is_ from Pakistan he will probably be snatched off the street and get to test sensory deprivation gear in a Cuban KZ. Either way, it ain't gonna be pretty.

0
0
Happy

Stupid Programmer Contest

This time the voter registration machine developers win, defeating the voting machine programmers by a half-decayed bit.

0
0
Linux

PA most currupt? Nah!!!

I gather that you have not been to New Jersey then...

0
0
Thumb Down

Irresponsible

mtg169 should not be congratulated. He discovers that a system can be tricked into revealing sensitive personal data about possibly thousands of individuals, and he posts the method on digg?! Couldn't he have picked up the phone and reported it to the local government, or even told the story to a local/national newspaper that could break the news without revealing the method to world + dog. What an asshole.

0
0

Lowest bidder...

I'd love to know which moronic company got the contract to produce such a damn mess. For the most part, Pennsylvania has a fairly rational government. But when we screw up, the whole frigging world knows...

0
0
Paris Hilton

Blargh

Didn't this happen a few years ago to eBay, or HMRC, or some such? You could just alter your session ID in the address bar and - PAF! - the website thought you were another person, and gave you all the gen. I'm not a computer programmer but even I can understand the concept of this one; surely the people in PA must have known?

0
0
Pirate

Cradle of liberties

@ AC and Tim

i lived in PA for 25+ years, worked on contract for the city of Philadelphia, and later a suburban county; also dealt with state (i'm systems support).

don't know which PA these two are talking about, but i can say that the level of waste, corruption and incompetence i witnessed, was worthy of Louisiana (or so its reputation indicates). Philadelphia is, very quietly, one of the most corrupt cities in the nation. it is also one of the oldest, so that fits.

you think this person could notify the local government? are you joking? local government systems support people are mostly overworked, underpaid, disgruntled, burned-out, apathetic and cynical. many are also passive-aggressive, and completely unqualified for their jobs, so this security issue is no surprise at all.

additionally, the contact information for systems support is unavailable to most of the local government workers (they have to go up one or more levels in their chain of command, their boss or boss's boss has to call for them), let alone the public. last, and certainly not least, gov systems workers are highly likely to ignore a problem unless and until it reaches public crisis status.

be serious. this person did the only rationally useful thing, and posted the information where it would humiliate senior officials, which is the ONLY way to get most of them to act quickly (or indeed, at all).

kudos for the bravery. personally, i would have acted through a third party, preferably a security firm by way of thereg, for example. i like to avoid having my identity tied to this sort of thing, for fear of retaliation.

0
0
This topic is closed for new posts.