Full Disclosure mailing list archives
Bankruptcy Court IT Security Contact
From: "Bernie, CTA" <cta () hcsin net>
Date: Wed, 09 Jul 2003 11:53:39 -0400
Does anyone know the email address of the person responsible for the Security of the information systems of the United States Bankruptcy Court? I attempted to write them and bring attention to a simple security/privacy flaw in their system, which if exploited enables identity thieves to easily obtain personal and private information, including a debtors' PHI (Protected Health Information) that is protected from unauthorized disclosure pursuant to HIPAA Privacy Rules. While putting aside the HIPAA issues, and the fact the debtor must disclose certain information about their estate to "interested parties" and the general public, this may not appear significant from the standpoint of a Chapter 7 debtor. However, such flaw facilitates Identity Theft and may expose certain "private" information of a chapter 7, 11 or 13 debtor, to a "non- interested party", unjustly placing the debtors' financial assets at risk. I would like to give the person(s) accountable time to address the flaw or respond before it is fully disclosed. tic tic tic - **************************************************** Bernie Chief Technology Architect Chief Security Officer cta () hcsin net Euclidean Systems, Inc. ******************************************************* // "There is no expedient to which a man will not go // to avoid the pure labor of honest thinking." // Honest thought, the real business capital. // Observe> Think> Plan> Think> Do> Think> ******************************************************* _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Bankruptcy Court IT Security Contact Bernie, CTA (Jul 09)