|
Authored by: Anonymous on Tuesday, July 02 2013 @ 07:15 PM EDT |
It's called a cryptographic hash....had they hashed those PCB IDs, it would have
required a lot of guesses (possibly millions or billions) before the guys would
have found another hash that worked.
But even so, there is still the problem that if your website responds to me
sending you j. random URL, then you really can't claim there is any meaningful
protection in place.
But the whole concept is, really dicey: No warning, no HTTPS or SSL session
required, no "wait a minute, these guys have sent a hundred requests from
the same IP, how can they possibly be legit?"...
I mean if a supposedly locked door is locked so poorly that it blows open in the
wind, how is anyone supposed to know it was locked? Any sort of unauthorized
computer access statute needs to specify some minimum level of notice and access
protection...[ Reply to This | Parent | # ]
|
|
Authored by: dio gratia on Wednesday, July 03 2013 @ 12:02 AM EDT |
I recall my 1973 University of Oregon student ID had my social security number
as an account number.
The Privacy Act of 1974 required a commission to examine the use of social
security numbers as indexes in data bases.
It also made it unlawful for any federal state or local government agency to
deny rights, benefits or privileges for not disclosing a social security number
unless required by federal statute. You're also supposed to be informed if a
request for disclosure is mandatory.
Public Law 93-579.
[ Reply to This | Parent | # ]
|
|
|
|
|