... And once again our government decides to charge those finding major flaws in the system without exploiting them, instead of getting them fixed. Because they're not getting fixed.
Recently, our online signature and sign-on public service system called NemID had been announced to be switched from requiring Java as a plugin and being provenly unsafe to the point where a simple man-in-the-middle could steal your personal data, including, but not limited to, bank account information, and even gain a browser hijack, to be using Javascript instead which, while not requiring an external plugin, wasn't done for any kind of security reasons.
I honestly wish our government would take more care to use international standards and follow the mere basic of security standards when it comes to the public safety.
[QUOTE=mastersrp;42946469]... And once again our government decides to charge those finding major flaws in the system without exploiting them[/QUOTE]
I'm pretty sure downloading files you got access to illegally counts as exploiting a flaw.
[img]http://news.bbcimg.co.uk/media/images/71280000/jpg/_71280259_018380648-1.jpg[/img]
Jesus, either that's an old picture or he has been letting himself go recently.
[QUOTE=Pvt. Martin;42946509][img]http://news.bbcimg.co.uk/media/images/71280000/jpg/_71280259_018380648-1.jpg[/img]
Jesus, either that's an old picture or he has been letting himself go recently.[/QUOTE]
he's been looknig like that for years
Gingerbeard - founder of the Pirate Bay
[QUOTE=mastersrp;42946469]... And once again our government decides to charge those finding major flaws in the system without exploiting them, instead of getting them fixed. Because they're not getting fixed.
Recently, our online signature and sign-on public service system called NemID had been announced to be switched from requiring Java as a plugin and being provenly unsafe to the point where a simple man-in-the-middle could steal your personal data, including, but not limited to, bank account information, and even gain a browser hijack, to be using Javascript instead which, while not requiring an external plugin, wasn't done for any kind of security reasons.
I honestly wish our government would take more care to use international standards and follow the mere basic of security standards when it comes to the public safety.[/QUOTE]
Makes it pointless for security researches to point out security issues in any system at risk of you being sued.
[QUOTE=Map in a box;42947832]Makes it pointless for security researches to point out security issues in any system at risk of you being sued.[/QUOTE]
Exactly, and this isn't the first time it's happened. I will admit that my message isn't entirely true, as it is true that this guy actually did exploit the system by (allegedly) fetching information from the server.
Sorry, you need to Log In to post a reply to this thread.
