Today just for the fun of it, I've surfed to the ecareers website that was done by MOE. To my surprise (and a little horror), I've seen a very big security loophole the moment I saw the first page.
It asks for the person's NRIC, and that page and the subsequent pages are not even secured by SSL. In IT, this is quite serious. A person can do much with an NRIC. Even the number itself should be protected, regardless if there is a password or not. Especially now where people are surfing around wirelessly, it's quite simple to grab the information off the air.
I do hope someone fixes it.
No comments:
Post a Comment
Please bear with the word verification as I have been getting tons of spam comments daily.
You will see 2 sets of images for the word verification. Type the characters you see on the first image, followed by a space, and the characters you see on the second image.