Software // Enterprise Applications
News
3/20/2008
05:35 PM
Connect Directly
RSS
E-Mail
50%
50%

Pennsylvania Voter Reg Site Leaked Personal Info

Before the site shut down, PDFs containing names, dates of birth, and portions of Social Security numbers could be accessed through the state's servers.

Pennsylvania took down its online voter registration Wednesday after discovering it failed to protect personal data, and the vulnerability was apparently caused by a programming error.

A Digg user reported earlier this week that Pennsylvania's online voter registration Web site exposed voters' personal information.

"This was discovered after filling out a registration myself," the Digg contributor wrote. "Being a security conscious programmer, I decided to test."

The programmer said that the printable voter application -- which users could fill out online, print out, and mail to election officials -- was not protected by authentication or validation.

Before the site shut down, PDFs containing names, dates of birth, and portions of Social Security numbers of some voters could be accessed through the state's servers.

"Had their programmer(s) validated that a requested ID belonged to the user that was logged in, there would have been no data leak," the programmer explained. "There was absolutely no validation at all and ANYONE (didn't even have to be logged into the SURE Portal System) could make requests to the script and retrieve data. Something as simple as that really makes you wonder about the security of the rest of our government systems which could be storing confidential information."

In addition to making voters vulnerable to identity theft, the programmer stated that someone could change a voter's party affiliation, print out the form, and mail it in, preventing people from voting in primaries.

State officials did not comment on the number of voter records that could have been compromised. In the 2004 presidential election, 5,731,942 registered voters went to the polls. State Democrats are holding their 2008 presidential primary on April 22.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 20, 2014
CIOs need people who know the ins and outs of cloud software stacks and security, and, most of all, can break through cultural resistance.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.