Re: Huge Security Vulnerability with California Department of Worker Comp EDEX
- From: Blupencl <Blupencl.2i0ajf@xxxxxxxxxx>
- Date: Tue, 28 Nov 2006 17:58:01 -0500
Anna Predslava Wrote:
Ok, this is just stupid! Enough is enough... Last week a co-worker ofWho are you, and who let you out?
mine (A Network Engineer) "demonstrated" a major security flaw with
the California DWC EDEX. Believe it or not (Just believe it because it
is true), the California Department of Workers Compensation now has
internet facing access to their injured worker database. Millions of
identities, including SSN, Full name, date of birth and addresses are
now free and easy for the taking. Worst of all, I have an old comp case
on file with the DWC and I cannot get it off their insecure system. The
DWC keeps passing me on from person to person, office to office to no
avail. I'm covering my *** by using identity theft services from my
bank and another through free credit report dot com (almost scam
artists, I would avoid using FCR if possible) The DWC must be stupid or
want to get hacked. I'm no security expert but I am a Systems
Administrator with a major financial institution, I do know what I'm
talking about and I'm certain the easiest way to get to the data is
through one of their cheesy 3rd party internet venders. These web sites
are ripe and just begging to get hacked. See for yourself:
http://www.workcompcentral.com/ezcomp/index.htm
IP = 207.178.203.35
https://secure.edexis.com/members/login1.wcs?account
IP = 65.74.145.237
I hope to god no one has been successful getting in to one of these
sites. I would assume it would be quite profitable for some foreign
entity as these servers do contain several million American Identities
and personal information. This data has the potential to be more
destructive than credit cards info, banking info, credit reports,
background info or any other type data out on the internet. It has got
to be worth multi-millions and a primary target once word of this gets
out... and it will. Remember the Veterans Affairs Data loss of 8/2006
that made headline news? That only involved 38,000 identities on a
missing laptop.
Any thoughts on this one?
Anna
--
Blupencl
.
- Follow-Ups:
- Re: Huge Security Vulnerability with California Department of Worker Comp EDEX
- From: Anna Predslava
- Re: Huge Security Vulnerability with California Department of Worker Comp EDEX
- Prev by Date: Re: Spheris and Career Step
- Next by Date: Re: Spheris and Career Step
- Previous by thread: Spheris and Career Step
- Next by thread: Re: Huge Security Vulnerability with California Department of Worker Comp EDEX
- Index(es):
Loading
