Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

So I\'m unsure how to go about dealing with what I found. It\'s a really simple

ID: 653483 • Letter: S

Question

So I'm unsure how to go about dealing with what I found. It's a really simple security hole, but opens lots of personal data if exploited.

I was on a government utility (being vague intentionally) website and I was having an issue recovering my password. I noticed that it was able to tell me my security question answer was invalid without requesting a new page and i thought it was odd so i opened my dev tools and found it was relying entirely on Javascript to determine if my answer was correct. To be sure, i had the function always return true and I was greeted with the password change screen, and it (laughably) didn't require the old password. I changed my password and I had access to my profile again, only needing a username to access my information.

I tried to email the webmaster about the issue. No response. I'm concerned because I hadn't done very much on the site and already I had my SSN, bank account routing/acc numbers, personal address, etc.

What should I do? I don't want to hear in a few months that some other amateur hacker got all of the information and sold/leaked it. Thanks!

Explanation / Answer

Any issue with a federal government web application, I would contact the office of my congress-person.

They are becoming increasingly aware of and concerned with security and privace of government computer systems. You can say what you want about our deadlocked, ineffective congress, but they are still pretty good at making things happen at the various government agencies they fund. Tell them what you wrote above, especially that you never got a response.

If you don't get traction from this, let them know that the congress-person is now in the chain of people who "knew but did nothing" when you finally contact the press.

I think calling them up and demanding money is a risky idea.

Related Questions

So I was originally given the equation Q(x)= (x1)^2 + 4(x1)(x2) + 4(x2)^2. I put
Question #1947797
So I was reading the EF experiment that\'s used at the MIT to measure the vacuum
Question #2287798
So I was taught that: Kinetic Energy (of electron) = Energy (of photon) - Ioniza
Question #1383123
So I was thinking about this while driving home the other day. I\'ve never been
Question #1382368
So I was wondering about the event horizon on a black hole. And wondering if the
Question #1384037
So I was wondering how I could find my maximum normal stress and shear stresses
Question #2995404
So I was wondering how i can take in a input of unknown ( i.e. it count be strin
Question #3645199
So I went over quite a lot of topics here and on the internet.. but I still can\
Question #658196
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
So I\'m trying to write a program that recursively determines the square root of
Next
So I\'m working on this project where I have a database full of team winning his

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.