
Coding Flaw Exposes Voter Details for 6.5M Israelis - awb
https://www.databreachtoday.asia/coding-flaw-exposes-voter-details-for-65-million-israelis-a-13708
======
cryptozeus
"Embedded in the code was a file path labelled "get-admin-users." He simply
copied and pasted that back into the URL bar, and then suddenly saw a list of
admins, including their usernames and passwords."

Its almost like you were asking for it. I dont even keep plain text password
on my local machine.

~~~
ericmcer
How is that even possible? Beyond storing passwords unencrypted anywhere, why
would you make a specific endpoint to return them.

It feels suspicious that someone could be capable of building this app
(requires some level of knowledge) and creating a publicly exposed endpoint
that is almost designed for malicious purposes.

~~~
LinuxBender
Perhaps plausible deniability around selling data? If you outright sell data,
that is illegal, but if your app "leaks" data maybe it is harder to prove
malfeasance and instead say "negligence"? I am obviously not a lawyer and
certainly don't know the laws of Israel. Does what I described ever happen?

~~~
awb
I'm not sure how you'd monitize publicly leaked data. If they accepted money
for access to the data, then that's selling data. I don't think that happened
here though.

------
dang
Discussed yesterday:
[https://news.ycombinator.com/item?id=22286925](https://news.ycombinator.com/item?id=22286925)

It seems this submission has new technical details, so we won't treat it as a
dupe.

------
tcd
I often wonder if we, as humans during this era, are really at the primitive
end of the introduction of computers and big data.

We're still incredibly new to the concept of storing PB's of easily searchable
and accessible data, and can be accessed at the speed of light.

At the same time, exposing this can do real human harm, depending on the
motives (for example, Cambridge Analytica).

I wonder what the next 100, 500 years will look like, after all this has
'settled' down.

We're seeing this today with facial recognition and machine learning - new
concepts today that will grow old with time.

I wish I was capable of seeing all of this 'big tech' in that time to see how
it matures. To say we have a long way to go is an understatement.

Breaches like this should be _impossible_ as there should be designs against
it.

~~~
vincentmarle
> I wonder what the next 100, 500 years will look like, after all this has
> 'settled' down.

> Breaches like this should be impossible as there should be designs against
> it.

I see it the other way around. Privacy is equal to security, it is only as
strong as its weakest link, and there are many many “links” (attack vectors)
and the amount of data you can breach with asymmetric attacks is
unprecedented. By way of ergodicity, everything’s going to be leaked
eventually, no matter how good our intentions are to protect it.

If you take everything to its logical conclusion, it is _inevitable_ that the
concept of privacy is going to be absolutely destroyed in the future, and
everyone will know everything about everyone at all times. The latest privacy
laws are futile attempts to put the finger in the dike before it explodes; too
little, too late.

~~~
deepspace
> it is inevitable that the concept of privacy is going to be absolutely
> destroyed in the future,

Totally agree, and I am on record as saying that this will happen sooner than
people think. Given the rate at which large-scale data breeches keep happening
and the lack of ANY kind of consequences for companies and institutions who
fail to protect data, I firmly believe that pretty much all personal data
belonging to everyone will be either publicly accessible or available for sale
by 2025 at the latest.

For most people their address history, phone numbers, medical history,
financial transaction history, account- and other ID numbers, browser/search
history and every email they ever sent or received will be available for
search or purchase.

------
Aaronstotle
Ironic given the amount of cyber-security companies/startups in Israel.

~~~
jkol-
As above poster noted, best talent isn't flocking to work for the bureaucratic
arms of the govt. In fact I'd venture as far to say that a large portion of
the Israeli population has a very negative view of the government itself.

~~~
untog
It's a self-fulfilling prophecy we see a lot in the US as well. Underfund the
government, they become inefficient, use that inefficiency as the reason for
cutting funding yet again because everyone is sick of the inefficiency.

~~~
clumsysmurf
Known as "starving the beast"
[https://rationalwiki.org/wiki/Starve_the_beast](https://rationalwiki.org/wiki/Starve_the_beast)

------
AzzieElbab
Maybe the international body of politicians will finally realize that while
anyone can write a website, not everyone should, and certainly not their
nieces and nephews

------
jacinda
Relevant: [https://xkcd.com/2030/](https://xkcd.com/2030/)

~~~
RHSeeger
> our entire field is bad at what we do

I tend to think that if \- everyone had access to military grade weaponry, and
\- their actions were close to anonymous, and \- it was so obvious they were
killing people by acting

then a lot more planes and elevators would be a lot less safe.

I think plane and elevator technology has had a long time to becomes more
robust, and there's a lot less players in the field, with a lot more
regulations, and a LOT less people actively trying to sabotage them.

All things being equal, I don't think the people designing them are much more
skilled than the people writing software for some of the better firms.

------
onyva
“Startup Nation”. As any Israeli would tell you, that’s a joke.

