A reader wrote to me with a concern that I want to bring to the attention of all the Webmasters among my readers.
Although the reader prefers to remain anonymous, he has graciously granted permission to be quoted. He wrote, “I received a postcard from <company name suppressed> requesting my participation in a service satisfaction survey. A registration code was provided to access the Web site… My code was 18467849. For demonstration purposes, let's suppose you mistype the number and input 18467848. If you choose to do so, you will be given the name, full postal address and… account number of another subscriber without any challenge… [T]he Web site is also the equivalent of a random name generator for a would-be identity thief (and other criminal types), with a good deal of information to initiate a social engineering attack.”
Any Web site that allows an unidentified user to access confidential information by entering a numerical code without identifying the user puts that information at risk. Worse, it is easy to create scripts to download pages from a Web site automatically. By creating a script with a list of possible customer-code numbers, it becomes possible to download the records from a poorly designed Web site without authorization and in large volumes.
A similar error occurs when a programmer designs a system to create customized URLs that include an identifier; e.g., (a made-up-example): http://www.something.dom/survey/id=12345
Any user can alter the code number in the URL and easily access someone else’s record. An easy way to access large numbers of such URLs is to generate an HTML file with a series of URLs (e.g., using a spreadsheet’s CONCATENATE function for the fixed portions combined with a numerical field for the variable portions) and use Adobe Acrobat to download all the pages into a single PDF file.
I urge network managers to discuss this issue with their Webmasters to ensure that you are not exposing confidential data to systematic harvesting.