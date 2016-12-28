Nevada Website Bug Leaks Thousands of Medical Marijuana Dispensary Applications (zdnet.com) 11
An anonymous reader quotes a report from ZDNet: Nevada's state government website has leaked the personal data on over 11,700 applicants for dispensing medical marijuana in the state. Each application, eight pages in length, includes the person's full name, home address, citizenship, and even their weight and height, race, and eye and hair color. The applications also include the applicant's citizenship, their driving license number (where applicable), and social security number. Security researcher Justin Shafer found the bug in the state's website portal, allowing anyone with the right web address to access and enumerate the thousands of applications. Though the medical marijuana portal can be found with a crafted Google search query, we're not publishing the web address out of caution until the bug is fixed. A spokesperson for the Nevada Dept. Health and Human Services, which runs the medical marijuana application program, told ZDNet that the website has been pulled offline to limit the vulnerability. The spokesperson added that the leaked data was a "portion" of one of several databases.
Just say you're authorized (Score:1)
Anyone with the right web address? That's not just a bug, it's plain incompetence.
To every one of those applicants, it may have well been the entire database.
Re: (Score:2)
Anyone with the right web address? That's not just a bug, it's plain incompetence.
Yeah . . . what were those guys smoking, when they set that up . . . ?
. . . maybe they were doing Whippets, as well . . . ?
Dude (Score:2)
Re: (Score:2)
What? (Score:2)
weight and height, race, and eye and hair color.
Why the hell is that on the application?
Re: (Score:2)
weight and height, race, and eye and hair color.
Why the hell is that on the application?
For the same reason it's on, say, the paperwork for someone who wants to fly a 4-pound plastic toy with a camera on it in order to save themselves the risk of climbing up a ladder to give someone a quote for $75 worth of roof gutter cleaning. For the same reason the government wants to know the eye and hair color of a farmer who buys a $100 rimfire
.22 rifle to use on rodents around his grain storage.
Re: (Score:2)
Some information clearly wants to be free whether you like it or not. A socially mature society, however, would be able to distinguish this from identity theft.