- Worst of the lot: PCConnection and PCMall
- 10 ways the Chinese Internet is different
- Hacker writes rootkit for Cisco's routers
- Cisco loses $2 million order to Nortel
- Enterasys, Extreme hooking up?
BitTorrent blocking; SQL injection attack. Listen now!
Hacker writes Cisco rootkit; Microsoft launches online telescope. Listen now!
Learn how network-wide routing and CoS traffic visibility can help ensure your CoS traffic and converged IP service delivery
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Watch this webcast to learn in six modules how to more cost effectively consolidate your Windows servers with virtualization. This unique program allows you to pick and choose which of the six modules you would like to view or watch the entire webcast at once. Topics covered: Performance, Use Cases, Enterprise-level Support, Managing Windows Workloads, Setup and Configuration and The Future. Find out how you can simplify server consolidation within your organization today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
For implementing GTD you might try out this web-based application:
Gtdagenda
You can use it to...- Dan
With voting in Pennsylvania's presidential primary just a month away, the state was forced to pull the plug on a voter registration Web site Tuesday after it was found to be exposing sensitive data about voters in the state. (Compare Data Leak Protection products)
The problem lay in an online voter registration application form that was designed to simplify the task of registering to vote. State residents used it to enter their information on the Web site, which then generated a printable form that could be mailed to state election officials. Pennsylvania's Department of State disabled the registration form late Tuesday after being informed of the vulnerability by IDG News Service.
Because of a Web programming error, the Web site was allowing anyone on the Internet to view the forms, which contained data such as the voter's name, date of birth, driver's license number and political party affiliation. On some forms, the last four digits of social security numbers could also be seen.
"Upon learning of this situation, the Department of State acted immediately to disable the specific page," said Department of State Spokeswoman Leslie Amoros in an e-mail message.
"The Department is reviewing the facts to determine how this information became available," she said. "We are also taking all necessary steps to correct the situation and are implementing processes aimed to prevent future occurrences"
The flaw was first reported by a reader of Digg.com, who stumbled upon the bug after filling out a voter registration form.
"Being a security conscious programmer, I decided to test," wrote the reader, identified only as mtg169, "Very bad PA...very very bad!"
The bug did not expose all registration data, just the information supplied by those who used the Web site's online form. About 30,000 voter registration records appeared to be available on the site.
"That's bad, really bad," said Jeremiah Grossman, chief technology officer with Web security vendor WhiteHat Security. In an e-mail, he said he hadn't seen this type of error on a voter registration Web site before, but that it was caused by a common Web programming error. "We've seen a great many vulnerabilities like this in the course of doing out work.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
