Hacked Hotline Hacked Vol. 1
Jan 16, 2024
Caller shares experience of finding security vulnerability in university's enrollment system, hacker accesses 7 million social security numbers, speaker hacks parking system for free parking, hosts reflect on past con and sense of justice, speaker discusses use of Notion for data organization, speaker shares experience of falling for Discord scam, caller warns receptionist about hacker infiltrating company
AI Snips
Chapters
Transcript
Episode notes
Unintentional Data Breach
- A caller accidentally accessed student transcripts by entering an incorrect social security number on a university website.
- The website failed to verify last names, exposing sensitive student data.
Unintentional Crime
- Jordan Harbinger points out the caller unknowingly committed a crime by demonstrating the system's vulnerability.
- This is similar to a case in Alberta where an MLA was investigated for exploiting a flaw in a COVID certification system.
Poor Security Design
- Many database-driven systems prioritize functionality over security, leading to vulnerabilities.
- Often, developers focus on querying information without implementing proper access controls.