Someone had noticed that the site was not guarded by a CAPTCHA test that would prevent automated “brute forcing” of the site using a computer-generated barrage of birthdates and Alberta health insurance numbers.
The government’s COVID-records site did have a barrier to repeated lookups from the same IP address, but overcoming that by obfuscating your IP is a hacking task much less difficult than writing a script for brute-forcing. Dang decided to execute a principled “white-hat hack” of the site to prove that it was creating a terrible information-security risk for the Alberta public, and he chose the birthdate of Premier Jason Kenney for the test.
On Friday, RCMP cybersecurity specialists announced that Dang would be summoned and charged with a violation of the Alberta Health Information Act. He faces a possible fine of up to $200,000 and has not decided how he will plea. He continues to point out, as he did when his hack came to light last year, that the government of Alberta completely lacks any semblance of a bug-bounty or “vulnerability disclosure” scheme that would give white-hat hackers incentives to help stop up security holes.
Health Health Latest News, Health Health Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Source: nationalpost - 🏆 10. / 80 Read more »
Source: nationalpost - 🏆 10. / 80 Read more »