Wednesday, June 06, 2007

Security Flaw in the U.S. Census Website

I recently received a census form to fill out from the U.S. Census Bureau. It looked like a perfect phishing scam using snail mail instead of the typical route of email.

Being slightly skeptical, I checked out the U. S. Census Bureau website. I clicked on the "Embargoed Releases" link in the right column. It asked me for a user Id and password. Of course, I don't have one. I clicked the Cancel button and it displayed an error page. The error page tells me what kind of operating system and webserver they're using and it shows me the versions of those items. This makes it pretty easy for hackers to try and break into their site. It's information that shouldn't be displayed to the public.

Big deal, right? It's just another poorly secured website. But I think it's a really big deal. They tell me I'm required to fill out the census form by law. But I can't trust them to protect my information if they can't even get the basics of a website right.


Frostbike said...

Call and complain, and demand that they mail you a hard copy.

Anonymous said...

yikes. that site could serve as a teaching tool for what not to do to secure your website

Sophzilla said...

The man. So bossy yet so incompetent.

Blog Archive