Australian Teen Facing Charges After Reporting Government Security Flaw
Discovered error in site for body responsible for public transport in Victoria
Late last year, a 16 year-old school boy on summer holidays found a simple security flaw in Public Transport Victoria's (PTV) website. The flaw the high-schooler discovered is commonly known as a MySQL error, and it is ridiculously simple to fix. With teenage curiosity at play, Joshua Rogers managed to access the government server, using a process known as SQL injection.
Due to the PTV's security oversight, databases of personal information of over 600,000 users – including full names, emails, addresses, phone numbers, dates of birth and nine digits of their credit cards – were accessible online. And if the young wunderkind could access those databases, it meant that far more nefarious and potentially criminal types could illicitly access the databases as well.
(H/T Charles WT)
Hide Comments (0)
Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.
Please
to post commentsMute this user?
Ban this user?
Un-ban this user?
Nuke this user?
Un-nuke this user?
Flag this comment?
Un-flag this comment?