11/17/2014

mensura.be the media has it all wrong and forget the priorities

1  Mensura was not hacked, they had an sql injection in a form which is a vulnerability that is known since the year 2000 and which could have been found out if they had checked the code or did a securitycontrol before they launched the site or the form

but they didn't

2  The biggest problem is that there are thousands of rijksregisternumbers linked to a name and linked to indications about the health situation of the people or the reason the employer wants a check of his medical leave

these Unique identifiers can't be changed and the fact that these numbers were obligatory in the form just showed how little they were interested in privacy because if you are privacyconscious you only ask the information you really need and nothing more and you absolutely never ask Unique Identifiers likes the Rijksregisternumber because they are used throughout your life (like the social securitynumber in the US)

we should take those rijksregisternumbers of the internet - or stop using them as Unique Identifiers - but you can't have it both ways

3. the victims themselves were not contacted only the firms or organisations for which they worked but I am not sure that anyone of these firms informed their members that there was medical information or some very negative comments about them online

and it is  not the information of the companies that is compromised, it is the information of the persons, it is their rijksregisternumber, it is their reputations, it is their sickness which is in that file for some

4. Mensura is not very clear about what was stolen. We have access to a file with about 1100 lines but the numbers of the lines go up to 10.000 and more and in the first reaction in De TIJD mensura itself talked about thousands of files and Rex mundi say that they have MORE

5. Mensura has not communicated about the leak and the breach and there was no mention of it on the website and I reckon that if I didn't  mention it and write about it and send this information to the press nobody would have talked about it and everybody would have forgotten about it - like all the other cases

Permalink | |  Print |  Facebook | | | | Pin it! |

The comments are closed.