True story behind Joburg’s online security problems

[InfoSec News <alerts () infosecnews org>]

http://mybroadband.co.za/news/security/84993-true-story-behind-joburgs-online-security-problems.html

By Rudolph Muller
MyBroadband.co.za
August 22, 2013

On Tuesday (20 August 2013) BidorBuy CTO Gerd Naschenweng reported a 
security problem with the City of Joburg’s online billing system. The 
events before and after his report of the problem raises concerns about 
the city’s online security and the municipal processes.

A timeline of events shows when the security vulnerability was discovered, 
what Naschenweng tried to do when he discovered the problem, and what 
happened in the aftermath of the media reports.


11:00 on Tuesday 20 August 2013

Naschenweng discovered the COJ billing system problem which exposes Joburg 
residents’ invoices containing private information, including names, 
addresses, account numbers, PIN codes, and financial details.


Shortly after 11:00 on Tuesday 20 August 2013

Naschenweng phoned the COJ call-centre, but he was told that he could not 
be connected to IT or anyone who is responsible for the website.

[...]

--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/