02/01/2013

OPRRN : close down RRNlogin at solidariteit.be please

this is the most stupid thing I have ever seen and I still can't believe nobody has ever said to those organisations that this is the most stupid thing that they could every do but even than they do it  (and where is there securityofficer, doesn't he know that it is insecure and that this is NOT a way to do such things)

will somebody wake up around here - this is asking for dataleakage - there were RRN's leaked on the web before (Rex Mundi leaked some) and some other were or are published or are in insecure databases online (in a more complex operation you have to hack first these databases to get the numbers and be sure that there are numbers in it that you may use in another database)

stupid stupid stupid

close it down and get back with a real solution before it is too late and don't shoot the pianist

you are handling the most important files for your organisation for which you are legally the most responsable, those from your workers in a totally insecure way

http://personeel.solidariteit.be/    no https  only RRN needed to logon

but what is this than https://esol.solidariteit.be/secure/logon.aspx with password and certificate

you can do it differently

Permalink | |  Print |  Facebook | | | | Pin it! |

Post a comment