Today just for the fun of it, I've surfed to the ecareers website that was done by MOE. To my surprise (and a little horror), I've seen a very big security loophole the moment I saw the first page.
It asks for the person's NRIC, and that page and the subsequent pages are not even secured by SSL. In IT, this is quite serious. A person can do much with an NRIC. Even the number itself should be protected, regardless if there is a password or not. Especially now where people are surfing around wirelessly, it's quite simple to grab the information off the air.
I do hope someone fixes it.
No comments:
Post a Comment