Author Topic: Security flaw in gov site that allows SSN to be harvested  (Read 995 times)

0 Members and 1 Guest are viewing this topic.

Offline MrHigh

  • Adherent
  • *
  • Posts: 69
  • Social Security Specialist
    • View Profile
Security flaw in gov site that allows SSN to be harvested
« on: September 14, 2014, 09:24:04 am »
My friend has this site that she is finished havesting data from and she wants to know how to go about it from here.  She only harvested full names, SSN, and DOB.

1. She can report the error to the admins and give them their own PI just for the lulz.  If she does this, she can no longer get additional info on people.

2. She can leave it open and risk other novice hackers find the flaw, which will make her data less valuable.  However, she could get people's addresses and other info if needed.

3. She could contact local news crews, give them their own PI, explain how she got it, and she if they call the site out on the news.

What should she do?

Offline MrHigh

  • Adherent
  • *
  • Posts: 69
  • Social Security Specialist
    • View Profile
Re: Security flaw in gov site that allows SSN to be harvested
« Reply #1 on: October 04, 2014, 07:18:51 pm »
Reported.

Offline degenerate matter

  • Adherent
  • *
  • !
  • Posts: 63
    • View Profile
Re: Security flaw in gov site that allows SSN to be harvested
« Reply #2 on: October 04, 2014, 07:43:19 pm »
The security community as a whole benefits from prompt disclosure of any bugs found, so the ethical thing to do is report the flaw to the sysadmin, then post a public description of how you accomplished the hack in order to help others avoid making the same configuration mistake.

Offline iam

  • Adherent
  • *
  • Posts: 97
    • View Profile
Re: Security flaw in gov site that allows SSN to be harvested
« Reply #3 on: October 04, 2014, 07:49:23 pm »
'she'

didn't know sluts have computers in the kitchen

Offline Tokolosh

  • Devotee
  • **
  • Posts: 100
    • View Profile
Re: Security flaw in gov site that allows SSN to be harvested
« Reply #4 on: October 04, 2014, 10:16:12 pm »
Reported.

Whitehat pussy :(

'she'

didn't know sluts have computers in the kitchen

I'm sure microwaves have ethernet ports nowadays. Something about Radioactive Broadband for the best Jacket potato internet experience.

Offline komokazi

  • Disciple
  • ***
  • Posts: 280
  • I hate niggers
    • View Profile
Re: Security flaw in gov site that allows SSN to be harvested
« Reply #5 on: October 05, 2014, 12:05:37 am »
The value of the goods will not be affected by simply one site's security configuration. Also, OP most likely just works somewhere and stole the information.
I hate niggers

Offline MrHigh

  • Adherent
  • *
  • Posts: 69
  • Social Security Specialist
    • View Profile
Re: Security flaw in gov site that allows SSN to be harvested
« Reply #6 on: October 07, 2014, 06:10:18 pm »
Whitehat pussy :(

I only reported it because I have already harvested all of the current SSN in it.

They have fix it, for the most part.  I can still get into other user's accounts, but I cant view the SSN and other personal information.

Lets pretend like this is a couple that end in 1234...

Scott J Betterly
04/28/1971
542-04-1234

Darren F Rainey
03/16/1973
565-89-1234

 ;)

Offline MrHigh

  • Adherent
  • *
  • Posts: 69
  • Social Security Specialist
    • View Profile
Re: Security flaw in gov site that allows SSN to be harvested
« Reply #7 on: October 07, 2014, 06:12:05 pm »
Also, lol @ the kidiots that dont know how to check if last name + DOB matches a SSN.


Offline MrHigh

  • Adherent
  • *
  • Posts: 69
  • Social Security Specialist
    • View Profile