Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@hitko There is a certain irony here in that the gov system in question is for use primarily by lawyers.
-
@wannabe If it's something like the one they use here in Spain…
Right off the bat, it was found that any user logged in could access any case from anyone just by changing the ID in the URL, with no access control whatsoever.
This was their defense:
The system is perfectly closed and secure, as long as it's used lawfully and ethically.
Snowden doesn't fuck around
Hey government, can I have the latest version of wiretapper ?
I love the government sites in my country.
I had the opportunity to ask some basic security questions of a government system that is rolling out (got invited to a meeting).
So now I am absolutely terrified about any technology that is being rolled out by this particular government agency. Their security model literally ends at "we use HTTPS".
Seriously, how the fuck are these systems not audited before they reach public use? Is this normal??
rant
government