Subj : Re: Government databases
To   : Dumas Walker
From : Andrea
Date : Mon Nov 29 2021 20:25:11

 > > * Somebody has to create a mechanism for tracking the population, such as
 > > a database. Personal information sells at about 14 bucks in the black
 > > market, so
 > > this means you need to create a repository worth a lot of money and give
 > > the keys to somebody.

 > In the United States, there are several examples (although some may not be
 > well known) of state, federal, and trusted-third-party vendor networks
 > being hacked and PII being leaked to the black market.  A lot of people
 > have had their IDs stolen as a result of these hacks and don't know it.

 > Whenever the government (especially federal) starts putting together a new
 > database, it is a big target.


 >  * SLMR 2.1a * DALETECH - for all your home security needs!

 > ---
 >  þ Synchronet þ CAPCITY2 * capcity2.synchro.net *
 > Telnet/SSH:2022/Rlogin/HTTP
I remember a friend discovering a flaw in one of the portals used to book
hospital visits in Italy by Regioen Lombardia; basically you would enter you
"SSN" (codice fiscale) and it would land you to a authentication page, however
just having the SSN (really easy to do:
https://en.wikipedia.org/wiki/Italian_fiscal_code#Fiscal_code_generation) would
provide all kind of sensible personal data from street address to telephone
number and so on. All you had to do was looking at the requests and you had a
fantastic JSON with all the data possible. Bad design.

---
 þ Synchronet þ bbs.monocul.us > Come visit us!

.