Personal data on consumers of public transport in Victoria has surrendered to the potential theft of individuality because the authority of government to ensure Transport Victoria fudge your website.
The security flaw in the website of PTV was determined by schoolboy Joshua Rogers , 16, who exploited a method of simple hacking to unearth a database which contains the personal files of the old consumers online booking Metlink .
The database includes full names , addresses, home and cell phone numbers , email addresses , birth dates , card identification numbers of the elderly, and extorts nine digits of credit card numbers .
Joshua got in touch with the PTV last month to warn of the vulnerabilities of the page. On Tuesday, the matter was referred to law enforcement .
Joshua a self - portrayed , "white hat" security researcher said he was stimulated by the desire to achieve greater online security. PTV initially contacted by email on Boxing Day , but accepted no response. He then contacted Fairfax Media.
More than a week after Joshua contact PTV prepared , had not yet reacted , but this past week in the case of the Victoria Police and the Privacy Victoria after investigations by Fairfax Media.
The Joshua technique used to go through the site of PTV has been represented by those skilled in cyber security as one that is easily avoided .
It is not recognized if others before you have hacked the official website , which is the most important online source of information on schedules tram, train and bus, myki and current projects and planned public transport. Metlink was lower against the Transportation Department shop " for users of the structure prior to public transport in Victoria 2012 civil transport. An estimated 600,000 entries were found in the database .
Phil Kernick , of computer security consultancy CQR , alleged PTV generated succeeded to make a proper concern to make sure your site from prospective hacking .
"It's really satisfying than a government organization has expanded a website that has this type of defect , " claimed Mr. Kernick .
" So if this guy start it, was almost certainly not the first . Anyone else , in all likelihood you will also discover, indicating that these statistics may be out there beforehand ."
Ty Miller, manager of threat intelligence , which puts the security flaws in web sites that may be predetermined , said the personal information hidden in the site of the PTV was required by the outrageous hackers .
"Most of the things is the individual personal information that is used over and over for things like theft of individuality, such as ringing up your bank, then in addition to answering the essential questions - like:" what is your birthday , what is your address , '" Mr. Miller argued . " That then allows perhaps restore a keyword for internet banking, then do more deceptive transactions. "
Fairfax Media provides time to PTV locked place before publication.
A spokesman said the individual data was not available or accessible through any coordination in line . It sets the record was not connected to myki online records and no functional data credit cards were stored all over the disk.
ليست هناك تعليقات:
إرسال تعليق