Comment On Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

One of the cardinal rules of computer programming is to never trust your input. This holds especially true when your input comes from users, and even more so when it comes from the anonymous, general public. Apparently, the developers at Oklahoma’s Department of Corrections slept through that day in computer science class, and even managed to skip all of Common Sense 101. You see, not only did they trust anonymous user input on their public-facing website, but they blindly executed it and displayed whatever came back. [expand full text]
« PrevPage 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6Next »

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-16 15:56 • by Anonymous (unregistered)
190167 in reply to 190161
Not really going to be a problem though since the only cached data is going to be the data they originally wanted posted. Google spiders while cool don't rewrite sql statements when they find them to include SSN, but hey if I am wrong post them I need another CC :)

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-16 16:29 • by Master TMO (unregistered)
I had a semi-similar WTF at my company several years ago. They had rolled out a new series of employee detail pages - I can't even remember what they were for now. You put in your user ID, and it listed out your pertinent information, including your SSN.

After about 30 seconds, I realized I didn't have to enter a password to see my data. So I put in my manager's user ID. Lo and behold, there was his information, including his SSN.

So I wrote it down on a sticky note and explained the problem to him. He was not the least bit concerned. So I looked at the bottom of the page, got the 'send problems to the webmaster' link, found out who it went to, looked up his SSN and sent it to him, with an explanation of the problem.

HE promptly booted it up to his supervisor, and all detailed personal information was immediately removed until the system was password protected.

To me the system was just an oversight. The real WTF to me was my manager's unconcern. ;)

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-16 16:39 • by gruckiii (unregistered)
190172 in reply to 190123
SKFox:
http://newsok.com/article/3230675/1208345421

The bloggers used certain search parameters to troll for the information.


captcha: validus

Certainly not...


They reported it as a glitch.. a glitch? It's a gapping huge security hole that should be obvious to any developer. I guess they wanted to downplay it and make it seem like some minor or obscure problem.

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-16 17:50 • by DavidN (unregistered)
That whole NewsOK article smells of "Let's just throw some Internet-related words at it", to be honest.

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-16 18:03 • by Mr (unregistered)
190183 in reply to 189829
DAMN:
Real WTF:
http://dheera.net/projects/blur.php


That reminds me of a story I read in a national news paper. Someone had distributed a Word document with sensitive information, and "blacked out" the sensitive parts. And he/she did that by drawing a box on top of it. It was just a matter of dragging the box to another place to see the information...

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-16 18:04 • by Mr (unregistered)
190184 in reply to 189838
KG:
I've been a frequent visitor of this site for months now (discovered it when it was named "worse than failure" - stupid name to be sure), but this... this is a new low.


I've been a frequent visitor since before it was named "worse than failure", and I can confirm that this is a new low.

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-16 18:24 • by Jon (unregistered)
190186 in reply to 190158
umm...:
I suppose that assumption really makes you feel alot safer. Too bad a good feeling can't help you to actually be any safer - why don't you try to present even one theoretical example of these dangerous unlicensed drivers you refer to, who are being prevented from driving simply by the requirement to be licensed. It certainly won't be the drunk, unlicensed, uninsured moron who totalled my car a few years ago.

On the other hand, and also in reference to the wonderful Hennepin County system mentioned in the comment above yours, I've twice had a 'suspended' license, due to either software or data-entry screw-ups on the part of that county. You know how great that is? It's so nice to get pulled over for no apparent reason, to have the nice officer approach the vehicle with gun drawn, barking orders, and then to lose a couple hours of my life inspecting the back seat of his police cruiser. Thankfully, I was eventually able, purely by way of having a completely perfect driving record, to convince the officer that it had to be a mixup, so he let me go. In the second occurrence I was lucky enough to have had friends riding with me, so one of them could take the wheel...otherwise, since the officers wouldn't listen to reason, I'd have had my car impounded and spent the night in jail.

Yep, the existence of driver's licenses has sure made my life alot better.
You have convinced me that we need Internet licenses. Yours has just been revoked.

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-16 20:33 • by lolagoetz
Alex, would you mind if part of your screen caps are used in a short article about this, with links back to your content? I wanted to get permission before grabbing something.

Becky

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-16 22:50 • by umm... (unregistered)
190217 in reply to 190166
Jon:
umm...:
I suppose that assumption really makes you feel alot safer...
You have convinced me that we need Internet licenses. Yours has just been revoked.

Nice try. Next time you might want to actually make a point of some kind. You know, kind of like this:

m0ffx:
umm...:
David:
Licensing doesn't prevent idiot drivers. but it reduces them. Imagine who would be driving if NO licenses were required.

I suppose that assumption really makes you feel alot safer...


There were some major screwups in the UK a while back, with people's license classes getting randomly changed, so suddenly someone with a motorbike license gets told they can't drive a motorbike - but are licensed to drive a tank! In some cases the attitude of the DVLA (organisation responsible for licensing) was 'retake your test. And no we won't even pay for it'.

But licensing driving is still important. Not to stop the 'dangerous unlicensed drivers' we have, who drive despite being banned, but in helping ensure that EVERYONE on the roads has at least a minimum level of competence - that required to pass the test in the first place (of course it's not foolproof, loads of people forget some of it, and wouldn't pass a snap retest were such things administered). If there was no driving license, we'd soon have a lot of crap drivers on the road; those who currently learn what they have to, but if they weren't compelled to, wouldn't bother.

I can appreciate the theory, but observing other drivers has only convinced me that in driver's ed, they mostly learned to stop when they should go, and to go when they should stop. Either that, or they were all too busy discussing how to make home-made bongs, as was the case back when I attended.

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-17 04:15 • by Joe Holmes (unregistered)
I can tell you from personal experience (having worked there as a web developer for about a year) that there is some definite incompetence within the OK DOC. BTW, the article fails to point out that George is actually the Director of IT (not that I would expect management to know about things like SQL Injection, etc.).

In Mr. Floyd's defense (not that he's on trial or anything :), from what I saw of him he was working to try to bring some structure to an organization that seemed to lack such things for quite some time from what I could tell.

I worked within a group that wasn't even actually a part of IT and they were working to replace their current Offender Management system. Anyway, it was a freakin' cluster. We had no real requirements to work from.

Basically, we worked off of a prototype that was put together by a couple of guys that told us straight up that they were not programmers. The web pages had SQL all throughout (a project of this size should have been done in layers... if not tiers). Also, the site did not use CSS/ASP.Net Skins/Master Pages so we were constantly changing colors, fonts, etc. of a non-functioning site.

I wanted to say, "Look ladies this isn't Trading Spaces or Home Makeover, etc. Who cares what the pages look like right now? Do I really need to change that font? Does that color really need to be changed when the stupid page doesn't work in the first place? Maybe we should worry about functionality right now".

Actually, I was quite verbal after I had been there for a while and had witnessed some of the incompetence for myself. I did wind up saying it almost that directly... two days later they asked for my resignation :) haha That might have also been brought on by the fact that I mentioned I should call the Fraud, Waste, and Abuse hot-line :) hehe Also, I was told to work from home the day those auditors were in our office :)

Basically, my boss was a former probation officer that learned the previous system well and she was a trainer. Someone up above (obviously knowing nothing of software development, etc.) decided she could manage the project. I don't fault my manager for this as I think she was overwhelmed by all of it and rightfully so. I was like "no that's called a SME (Subject Matter Expert)". When there are experienced managers and PMs and 80% of software development projects go beyond the timeline and budget, what kind of lunatic thinks that a probation officer could manage a software development team?

Anyway, it's late and I'm rambling and probably not making any sense. I could go on and on. Typical government employee ineptitude.

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-17 07:49 • by Andrew (unregistered)
190259 in reply to 190180
DavidN:
That whole NewsOK article smells of "Let's just throw some Internet-related words at it", to be honest.


".. but let's not bother about getting them right:

> The bloggers used certain search parameters to troll for the information.


I know there probably aren't many deep-sea fishermen in Oklahmoma, but it's TRAWL, boys. TROLLs on the other hand.. oh, never mind.

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-17 08:23 • by Jasper (unregistered)
Wow.

You should have sent them a copy of the book Managing Catastrophic Loss of Sensitive Data as a hint...

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-17 09:54 • by anonymously evil's nemesis (unregistered)
190296 in reply to 189922
anonymously evil:
I "have personal knowledge" of the I.T. department at Oklahoma DOC. The guy that wrote their Sex Offender Registry system was a contractor. He was with a company that no longer exists. He was NOT a competent programmer.

The administration at DOC has not supported the I.T. department in many years. They play the blame game, and usually get away with it. George Floyd probably didn't report the FIRST phone call to the idiot he works for. That will give them an excuse to use Mr Floyd as a scapegoat.
Agency Director Justin Jones has seen the I.T. department as a personal enemy for a long time - not realizing that he is blaming the wrong people for the problems there.

The I.T. staff at Oklahoma DOC are not the villains here. The fault lies with Directors and Deputy Directors.....

BTW, have a look at this link: http://www.okhouse.gov/Documents/OKRVSDFinalReport080103.pdf

Have a look at the part on Information Technology. (page 231 on...)


I too have first hand knowledge of ODOC since I work/worked there.

The fault for this type code doesn't belong to to Directors or Deputy Directors, (even though they don't have a clue). The fact that the IT department let this code out there for so long without any testing shows how incompetent the IT department is. If George, Daniel, or Pat did their jobs properly then they would have never let this code out in production in the first place. This type of code has been discouraged for years.

Also, you can't be serious about how the IT department has been neglected. When there was a surplus in the budget in 2006, they let Daniel go on a spending spree to buy all new servers and infrastructure equipment (which was needed). They could have done something then to address the issues with OMS that was mentioned in the audit you posted.

There is no excuse for not continually to improve your knowledge of your chosen industry. You should atleast keep up with reading about new technology and the latest threats. The IT department is to blame for this, plain and simple.

btw, I bet you are either George, Daniel, or Pat

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-17 16:12 • by lolwtf
To those who keep saying "sex offenders deserve to have their identities stolen, they are scum of the earth and so on": Being a sex offender doesn't mean you're a rapist. It could mean you were once caught naked in public. Or in this case, it could mean someone added you by changing the URL. ;-)

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-17 20:50 • by chrismcb
190425 in reply to 189972
Program.X:
So I take it "For those unaware, the SVOR is a federally-mandated, publically-available registry designed to protect us from the truly horrendous specimens of humanity by forever branding those convicted of a certain crimes with a big “SO”." is a personal, uneducated view?

If you were a UK citizen, I'd assumed you'd got that politicised uneducated nonsense from The Daily Mail. For those who are educated in the causes of Sex Offences, it is a little more complicated.


Yes it is a personal view, but why do you say it is uneducated? Are you saying that any educated views should have the same opinion?
WTF is "politicised uneducated"

I'm not sure what is complicated about branding someone with a Scarlet Letter?

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-18 01:10 • by lolagoetz
190440 in reply to 190259
Andrew:
DavidN:
That whole NewsOK article smells of "Let's just throw some Internet-related words at it", to be honest.


".. but let's not bother about getting them right:

> The bloggers used certain search parameters to troll for the information.


I know there probably aren't many deep-sea fishermen in Oklahmoma, but it's TRAWL, boys. TROLLs on the other hand.. oh, never mind.


In deep-sea fishing for tuna, you drop a line behind the boat and TROLL. You try to solicit a bite. Trawling uses big nets and scoops things up. Two different animals.

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-18 04:57 • by anon (unregistered)
this is atrocious, they person coding it should be sacked and his boss and the security person and their boss!

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-18 09:05 • by WTF + Schneier fan (unregistered)
You made schneier's blog too! This is a bigger acheivement in my book than digg and /. ;o)

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-18 13:17 • by Random832
190550 in reply to 190198
lolagoetz:
Alex, would you mind if part of your screen caps are used in a short article about this, with links back to your content? I wanted to get permission before grabbing something.

Becky


I don't think he reads the comments, there's a contact form http://thedailywtf.com/Contact.aspx

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-18 14:51 • by Eugene Jim Ed Justin and others (unregistered)
We said that we wouldn’t get involved.

OOPS.

Some of us are still smart enough not to say anything, but the rest of us still feel that there is something worth saying…

Once Upon a time, the Oklahoma Department of Corrections, faced with the looming Y2K bug, decided to replace their Cobol-based Offender Management system with a product that they would buy from Syscon Justice Systems of Richmond, British Columbia. The IT department had stated that they could update the existing system, but management was convinced that it could not be done in time.

Ironically enough, as the year 2000 approached, it became obvious that the new OMS would not be ready to go online in time and the IT department was told to "fix the Y2K bug". They succeeded, but that brought no accolades.

The Oklahoma Department Of Corrections spent millions of dollars on hardware, network infrastructure and the aforementioned Syscon software. In the spring of 2000 the system went live, and was immediately met with screams of outrage from the user community. Any time you replace an enterprise system you face user resistance, but the powers that be had created a nightmare situation. The entire user community and most of middle management agency-wide had been alienated. The new OMS would never be popular.

This was not a good time to be working in the IT department at Oklahoma’s Department Of Corrections. Source code was not a part of the deal when DOC bought the new system; DOC was expected to pay Syscon to fix any bugs and make any changes, and the programming staff at DOC would not be allowed to touch the system. Meanwhile, users saw the IT department as a dreadful enemy that had shoved a horrible new system down their throats. The project manager saw the IT staff as incompetents and fools, and treated them as such. Syscon Justice Systems, of course, had no reason to give the IT staff any detailed information about the OMS database. (It was their intellectual property after all.) This made report writing and the construction of ancillary systems problematic at best.

In the spring of 2001 work on the Sex Offender Registry, a federally mandated and funded project, was begun. The rules in place at the time did not allow DOC to hire staff to build the system, so they outsourced the job to a less-than-entirely-legitimate consulting firm. The contract programmer who wrote the SOR had never worked in the development environment that was used. He had no real knowledge of database design or of Internet security. For that matter, the original statement of work for the project does not mention security.

Pre-Y2K, Internet security was (comparatively) in its infancy. We know for a fact that members of the DOC IT staff ASKED about security, but they were told that the issue was none of their business.

The timeline now brings us to the “COMIT” project. Mr. Holmes (comment 190231) appears to have been a part of this project.

This project was born when two malcontents in IT convinced a Deputy Director that the entire IT staff, from the IT director on down, was guilty of criminal malfeasance, corruption and bad manners. Obviously all members of the IT staff (except these two) were criminals, idiots and fools.

They said that that they could write a replacement system in six months time.

These two had NO experience in database design. They had NO experience with the development of enterprise applications. They had several other minor deficiencies, BUT one of them was a Deputy Director’s fishing buddy.

Two years later, when no real progress had been made, the fishing buddy astounded the entire IT staff by asking if the OMS could not be “fixed” or rewritten. The IT department contacted Syscon, who offered to sell an updated version of the source code for the OMS to DOC for a fairly reasonable amount. Unfortunately the Deputy Director went fishing that week and the source code purchase idea was abandoned.

More recently, Syscon offered to license the source code to DOC for $60K per year. This contract would run as long as DOC was using any of the Syscon product. (In effect the contract would run forever.) This offer was rejected, but apparently no effort was made to go back to the outright purchase deal.

Mr. Holmes asks "what kind of lunatic thinks that a probation officer could manage a software development team". The answer to that question is obviously "JUSTIN JONES". It seems that every day one of us hears about "typical government employee ineptitude". That dear friends, is very tiring. DOC had some very talented programmers and a few people were are a waste of skin; a situation that can be found in most private sector organizations. (Those of us who have years of experience in the private sector are ranting at this point.)

Now we come to anonymously evil's nemesis. (S)he says that the fault doesn't belong to Directors or Deputy Directors.

It was the preference of Directors and Deputy Directors (among others) that the IT staff keep their nasty hands OFF of the SOR – the excuse being that they hadn’t written it in the first place.

(S)he says that "they would have never let this code out in production in the first place".

1. George was not a DOC employee when the code went to production.
2. Daniel was in charge of network security, but NOT application security.
3. Pat was a programmer when the code went to production. She had hoped to be the one who got to write the SOR. If she had been, we can assure you that we wouldn't be having this debate.

The fact that Mr. Floyd didn't find out about the security problems until now is not a huge surprise, considering the neglected shop that he walked into. The fact that someone at DOC changed the case of ONE LETTER and called that a security fix is also not a huge surprise, but Mr. Floyd would be well advised to take a hard look at his shop and make sure that nobody does anything that stupid again.

Anonymously evil "can't be serious about how the IT department has been neglected". HA!

DOC spent a fortune on the OMS, and they spent a second and third fortune on PC's and networks. Having spent those fortunes, between 2000 and 2006, financial times were rough. They were rough enough that furloughs were considered imminent. The fact some fool funded a "spending spree" in 2006 does not obviate the neglect and mishandling that the IT department suffered BEFORE the spree.

We agree that at that time something could have been done to address the issues with OMS. Someone, above the IT manager and the programming staff, decided to spend money on infrastructure. That same someone decided NOT to spend money and/or effort on the very real problems that DOC IT still faces.

Historically, Ed and Justin discounted everyone in the IT department. An IT department that brought DOC out of the Stone Age, and which has more than once earned the trust of the user community, was routinely ignored to support lies and a pipe dream provided by a couple of inexperienced hacks who promised to write an enterprise offender system. It is obvious to those in the know that the fault certainly does belong to Directors and Deputy Directors.


The fix that won’t happen:
Management could give the IT department a mandate. They could buy the source code for the OMS. (This should be an outright purchase, not a licensing agreement.) The Sex Offender Registry could be moved into the OMS. The OMS could be rebuilt over a period of time. Security could be made a paramount issue. This would mean that the agency would not be endangered by the problem of non-existent security in the future, as security issues would be addressed up front. This would mean that the user community would be faced with small changes over time instead of struggling through another huge shift in business rules.

It is our humble opinion that buying another canned system is NOT what DOC needs. A slow replacement of a BAD system with a GOOD system - built specifically to fit the needs of Oklahoma's DOC, would cost less and would be worth MUCH more.

It won’t happen, and the Oklahoma Department Of Corrections WILL be sued.

Oh well.

By the way, George, Daniel and Pat are not a part of our group, and we do not believe that any of them are “anonymously evil”.

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-18 16:50 • by anonymously evil's nemesis (unregistered)
@Eugene Jim Ed Justin and others

I do not believe for one minute that you are the individuals listed, but yet another IT person who wishes to defend his/her department. I would have done the same. The IT department may or may not have been negelected but as an IT group, you are responsible for the hardware and software that is comprised of the ODOC network. That means auditing everything, whether you created it or not. Its just good a quality assurance practice.

The root of the issue that I think we both can agree on is that the deputy directors and the director need to leave the decision making resposibility of hardware and software to the IT department.

One other issue that we both agree on is that Phil and Larry had no business saying they could do a better job than OMS. They were and still aren't formally trained in software development. From what I saw of what they had started before Larry left and Phil was removed from the project was just horrendous.

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-19 09:02 • by anonymously evil (unregistered)
You must be too young to have a sense of humor or you would have gotten the joke in their title. I don't want to out them but Darth and Ferris and Frances Lee probably had a hand in that post. Don't try for a move into management until you learn the subtlety of logic. I prefer to have the last word and by guaranteeing that I won't post again I get it. "Toe Pick".

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-20 17:59 • by James (unregistered)
Isn't there a limit on how much data you can put into the query string? I am not sure if the limit is an HTTP 1.0/1.1 limitation or was a browser limitation, but I thought anything over a certain number of characters would cause problems.

Still, three years, I'd sue the state if I was in that database, that's what trial lawyers live for.

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-21 01:12 • by cappicard
190668 in reply to 189717
This is unbelievable... the sor_roster.sql command is still available! Anyone can still break into the DOC's systems that way! Talk about incompetence!

Re: Please!!!

2008-04-21 20:30 • by JJ (unregistered)
190795 in reply to 189764
I did that. When I got to page 30 I got a page from Google saying my query looked like automated software and I had to enter a captcha. Since everything is NATted behind one IP, everyone in the company trying to use Google had to enter a captcha for the next three hours. Whoops.

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-04-29 16:43 • by RICHARD BURKES (unregistered)
192163 in reply to 189924
Anonymous:
Looks like they need this consultant quick!

Oklahoma DCS Central Purchasing Division
Status: Open Bid Number: 1310002506
Description: Department of Corrections is soliciting proposals from vendors to provide consultant services to assist DOC in determining requirements, direction, and the acquisition of a new offender management system.
Buyer: Liza Hanke

Find on http://www.dcs.state.ok.us/Solicitations.nsf, or direct link

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-05-03 13:55 • by Anonymous (unregistered)
..and if you go here http://docapp8.doc.state.ok.us/ you get the Oracle web server welcome page.

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-05-12 14:18 • by Let's keep that quiet (unregistered)
I recieved notification about this breach of security today. Just today. Though the form letter is dated April 18, 2008; it is post marked 05/09/2008.

This notification gives the politically correct version of your statement. They are pretty sure a breach happened, that I was included in it and then the definitions and law concerning such an event.

It never says by whom, for what purpose. Who was negligent, what was to be done about it and how that information was presented at that time.

You see, I fall into a rather unique category, whereby my crime does NOT fall into the category of requiring you to register as a sex offender. HOwever, the written words on my records appear to indicate that I should and during the suspended part of my sentence I was actually required to register. After eight months of being registered as a sex offender and fighting the status legally to no avail, I voluntarily returned to serve my remaining time and was released without the registration requirement.

I have since been arrested by local authorities for failure to register (without incident but due to a 'sweep' of an area of town I live in)and that charge was dismissed after waiting 54 days in jail for that determination.

So now I get this vague notice that someone who was not supposed to, got some information that was not supposed to be made public and did what with it I don't know.

I have had a hard enough time dealing with the public information that is misleading, yet publicly available. I can only imagine what could be taking place with information that was legally supposed to have been protected.

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-05-12 16:54 • by ok rso (unregistered)
I am on the Oklahoma registry, and got this in the mail today (May 12) from the Oklahoma DOC:

---------------------
April 18, 2008
**********NOTICE**********
According to Oklahoma law, a state agency owning computerized data that contains personal information must inform any Oklahoma resident when there is reasonable basis to believe that such personal information may have been acquired by an unauthorized person. The Oklahoma Department of Corrections has a reasonable basis to believe that your personal information may have been acquired by an unauthorized person on or about April 10, 2008.

The law defines "breach of the security of the “System” as unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the state agency, board, commission or other unit or subdivision of state government.

"Personal information" means the first name or first initial and last name of an individual in combination with any one or more of the following data elements: social security number, driver license number, or account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to the financial account of an individual.

This notice is provided in compliance with 74 O.S. § 3 113. 1. Please be advised that the agency is working diligently to prevent further security breaches. If you have questions, please go to www.doc.state.ok.us and access the appropriate link.

---------------------

They're "working diligently" to prevent further security breaches... gee, I feel safer already :rolleyes:

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-05-29 20:05 • by matthew Brandolino (unregistered)
197701 in reply to 189726
my name is matthew Tang Brnadolino and im very supported for new ssn codes please respond back

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-05-29 20:07 • by matthew Brandolino (unregistered)
my name is mathew Brandolino and im very hard to relex so please respond to me banck thanks matthew

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-08-10 04:37 • by Vanessa (unregistered)
211090 in reply to 189924
It is shocking to hear this news. What are the steps being taken to stop this act? Is there any agency which fights against the cause?
----------------
Vanessa

Oklahoma Treatment Centers

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-08-10 04:39 • by Vanessa (unregistered)
211091 in reply to 189924
This is a shocking news. Is there any agency which fights against this practice?
-------------------
Vanessa

Oklahoma Treatment Centers

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-09-18 15:01 • by OBloodyhell (unregistered)
> The I.T. staff at Oklahoma DOC are not the villains here. The fault lies with Directors and Deputy Directors.....

It's the government. Of COURSE that's where the fault lies.

Little guys screw up. Managers point fingers. Government managers never point at each other.

NASA blows up a billion and a half dollars. Does anyone high up lose their jobs? Is a bear Catholic?

AIG screws up. CEO steps down.
Now find me an example where a government agency screwed up, and the director stepped down. No, Fannie Mae is not a government agency, it's like the Post Office.

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-09-22 21:37 • by VS (unregistered)
Ha, that is nothing compared to this: http://hep.fi.infn.it/LHCb/fichambers/utiquery.php

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2008-10-15 10:58 • by pozycjonowanie stron (unregistered)
I think is the best site!
Very interesting and useful informations.
Excellent work!
Really good tutorial include so many helpful informations!
Cheers

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2009-01-10 19:32 • by rubbish clearance london (unregistered)
238437 in reply to 194323

Very interesting and useful tips,
so many helpful informations include in this article!
Thanks for good items! This looks good! Excellent SITE.

Re: Thank you, Javascript

2009-03-01 23:19 • by huojia (unregistered)
  
货架racking.   仓储货架
南京货架设备要产品包括:重型货架
,阁楼货架,超市Shelf,重量型货架,横梁式货架,驶入式货架... 仓储笼
货架的形式与材料 · 立体仓库 · 货架厂
物流规划设计的步骤与程序(货架的设计... 中国物流行业呈现三足鼎立抢市场 · 亚洲第三方物流的现状和发展 ... 托盘
抽出式货架系列 · 重力式 货架/推入式货架钢托盘
移动式货架 · 阁楼式货架 · 悬臂式货架
系列 长件物料储存货架 货架公司

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2009-04-19 09:10 • by Ohan (unregistered)
They should use encryption tools like http://www.discryptor.net/ or any other and ther will not be a problem..

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2009-07-06 16:52 • by kmdk (unregistered)
273216 in reply to 189922
page 29 chastises their inadequate IT resources as well.

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2009-09-24 05:16 • by 徵信社 (unregistered)
286010 in reply to 194323
<a href="http://www.detectiveservice.com.tw/">徵信社</a>是屬於民間的營利性質的調查機構,針對個人、企業提供不同的徵信調查服務。針對個人<a href="http://www.detectivecompany.com.tw/">徵信</a>方面,由於屬於隱私面,例如:婚前<a href="http://www.detectiveservice.com.tw/">徵信</a>-為了調查個人的日常交友及感情狀況;至於個人資料及背景資料等提供,<a href="http://www.detectivecompany.com.tw/">徵信社</a>也容易因個資外洩,而侵害個人隱私權等觸犯了法律的地雷。<a href="http://www.investigators.com.tw/">徵信社</a>對於企業<a href="http://www.investigators.com.tw/">徵信</a>的部分,避免淪為商業間諜之虞,還要小心取得證據的合法性。

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2009-09-24 05:18 • by ielts (unregistered)
286011 in reply to 273216
ielts、留學、遊學、托福及全民英檢等考試資訊,可以上網查詢,並找到適合自己的補習班或學習方法。

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2009-09-24 05:19 • by butterflystory (unregistered)
286012 in reply to 286011
芙蝶創意婚禮企劃備有專業婚禮顧問外,還提供海外婚禮服務,給結婚的準新人最貼心的服務。

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2009-09-27 04:42 • by www.happyracks.com (unregistered)
286270 in reply to 286012
随着我国物流业的快速发展,整个华东地区物流业的发展也正以物流服务提升到较国内其他地区更高的地位而推进。重视具有提升区域物流效率功能的专业化和标准化物流基础设施建设,打造整体物流服务平台。 南京海佩货架公司将积极推行物流业标准化战略,建立健全仓储物流服务标准化体系,加快推进物流装备设施、信息系统、经营管理、服务提供等的标准化,打造最 先进的仓储设备交易数码港,争取成为国内物流业标准化建设的典范。 近年来,我国物流业发展迅速,物流业增加值持续上升,已成为推动国家经济持续发展的重点产业。与此同时,物流业面临运输和仓储成本高昂、产业形态相互割裂等问题,亟需推行标准化战略,以降低成本, 提高效率提升服务质量,满足产业提档升级的需要。” 南京海佩公司是对物流标准化比较重视的公司之一,实施标准化的速度也块。在标准体系研究中注重与很多仓储笼公司进行合作,将重点放在标准的国际通用型上。目前,海佩已经提出了包括物流模数体系、 集装箱的基本尺寸、物流用语、物流设施的设备基准、输送用包装塑料托盘的系列尺术、包装用语、钢托盘大型集装箱、 塑料托盘用箱、平托盘仓储笼,卡车车厢内壁尺寸, 铁托盘等。

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2009-09-27 09:46 • by butterflystory (unregistered)
286272 in reply to 189746
不景氣,產婦的月子還是得坐,所以坊間出現了「到府坐月子」的服務,專業保母直接登門造訪到府服務,不但幫產婦坐月子,還幫忙買菜、做坐月子餐、帶小孩、做家事,有點像是幫傭一樣,深受職業婦女歡迎。

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2010-01-05 18:48 • by Mark G (unregistered)
... Back in 99 thru approx 2006 you used to be able to sign into their site after you downloaded their client program with the simple Username and Password of " test " / " test " ... and could access/add/change inmate records... think about THAT ....

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2010-01-05 18:51 • by Mark G (unregistered)
294879 in reply to 192842
yes... use pasword and username " test " .. and you have access...

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2010-01-21 01:49 • by Jessica (unregistered)
There are other ways of getting Oklahomans ssn through the oscn.net website. It might take a little bit more work than you had to do but there are still convected criminals ssn available for the public eye to see all you need is a simple first or last name and to look through there dockets.

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2011-03-16 09:34 • by Tom (unregistered)
341115 in reply to 190167
We are main diving equipment manufacturer in Taiwan. Scuba diving equipment are our best selling products. We have 10 more years experiences in manufacturing diving mask, diving snorkel, diving regulator, and diving accessory. These years we worked with well-known brand companies for scuba diving equipment. Following the year millennium, we started in on developing new diving products. Now we are proud of hundreds of items of diving products and earned excellent reputation.

Nowadays, we are a professional scuba diving equipment & gear manufacturer, such as diving mask, diving snorkel, diving knife, diving regulator, diving compass, diving tool,Scuba gear, pressure gauge, adaptor, converter, repairing tool, diving accessories etc.

Hot products: diving snorkel, diving regulator, diving mask, diving knife, diving fin...

If you are interested in our scuba diving equipment, please feel free to contact us as soon as possible. Thank you !

Re: Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data

2011-03-16 09:40 • by Tom (unregistered)
341121 in reply to 341115

DATA SUPPORT CO.,LTD. Was established since 1992. We are the supplier of material and equipment of P.C.B. in Taiwan and Asia. Our company has been made great strides under the motto "Practice, Great, Service".

All of the members are dedicated to the improvement of
process quality supplying low price & high quality products
to increase the customer's competitive power.

Until Jan. 2005, more than 200 customers dealed with us.
In order to share technical experience with our customers.
We'll set up small local office in 2005, that will more quickly
serve the customer located any where at any time.





1992
Established

1993 Cooperated & developed with Eternal chemical Dry Film market in Taiwan. Before 1999 Eternal Dry Film is the No.1 Brand in Taiwan、 H.K. and China, Toward world wide No.1 Brand in the future.

1995 Cooperated with CHUNG-YU chemical to develop LPI( Liquid Photo Image Ink) combined with vertical & horizontal Roller Coating M/C, Which can be applied in inner layer fine line etching process. End of 2000, this system already becomes the highest occupation rate in ASIA.

1997 Agency and developing several PCB machine and material:Diazo Film Developer, Emulsion Protection Laminator….etc and relative material-Diazo Film, Clean paper Roller and Emulsion Protection Film…., continuously serve customers.

1999 Taiwan Nan-Kan storage & office plant be established.





Sale Item

PCB Material and Equipment :

Materials:

Inner Layer Roller Coating Ink、Eternal Dry Film 、Diazo Film、Protective Film、AGFA Silver Halide Film

Materials:

UV Exposure Lamp、TA-321 Film Cleaner、TA-353 LPSM Stripper、Clean Paper Roller、Clean Paper

Equipment:

Diazo Film Developer、Protective Laminator Machine

« PrevPage 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6Next »

Add Comment