SANRAL E-TOLL WEBSITE VULNERABILITY

Wow, this is so scary, I can imagine how easy it is, to log in to a LOT of accounts by just guessing usernames. Lots of them might have banking details readily available too! I'm SO glad I'm not registered with SCAMRAL!
 
Last edited:
ambo said:
The fact that the pin appears in the page means that the pin is being stored in plaintext in their DB in order for them to create the page. That is also concerning. Passwords should be stored as hashes.

I'm also wary of any password that is only 4 chars and digits only. Only 10000 combinations to brute force. That's not going to keep a determined hacker busy for long.

Why not allow a normal 30 character alphanumeric password?
Click to expand...

JustinB said:
heh - if the pin is stored in clear text, i wonder if credit card details are too? :P
Click to expand...

Some big misconceptions here.

Just because it appears in plain text in your browser, does not mean it is saved in plain text... Go figure. It just means it is not hashed... Following this logic, why would they hash credit cards? Seriously....
 
Just for what it is worth (speaking from CoJ experience) - if you want to avoid months with lawyers and being at the mercy of Hawks/CoJ, I would honestly not post what you are doing. I consider Sanral just as vindictive as CoJ and most of you will probably not have the stamina to fight this for months on end.

Having said that, there is nothing wrong to point the public via Twitter (Kapsch and Austrian media for example) to the issues Sanral has here. There is nothing worse for the Austrian company then having bad press and the overseas media is hardly aware of anything. Was great to see an article in the New York Times the other week.
 
Sunday Times calling the Sunday Times, Carte Blanche come visit here. Our ANC has furked it up again.
 
Another possibility is that people buy etags, but don't use them.

Then, when they get a bill, they'll be entitled to a discount.
 
Paul Hjul said:
... basically it is the difference between asking a bank teller for information about an account and telling the bank teller that you are a particular person and want to know about your account
Click to expand...

...and in both instances I would expect the teller to follow protocol and verify that I have authorization to request/receive the info I requested.

Had a Standard Bank teller giving out info to a 3rd party about my gf's account a few years back and all hell broke loose after we informed the branch manager thereof. He did not follow the procedures that one would expect them to follow.
 
anton55 said:
http://www.downforeveryoneorjustme.com/sanral.co.za

It's not just you! http://sanral.co.za looks down from here.

Been like this for past 6 hours or so...
Click to expand...

Please see some of the other sanral threads in various sections of the forum. There have been some routing issues to SANRAL (on SANRAL's side) since around 30 Dec. Telkom Internet ADSL IPs were affected, but that is now fixed. Telkom Mobile has some IP blocks (at least 197.208/16) that are still affected. Afrihost/MTN's 105.237/16 was affected last time I checked. And, every website availability testing site I tried still shows it as down. It took about 4 days from when we reported it to their service providers to get access from Telkom Internet ADSL fixed.

Maybe when that gets to the news they will claim that they were hacked. Or trying to prevent hacking. When of course, it seems they don't understand routing much ...
 
ranger said:
Please see some of the other sanral threads in various sections of the forum. There have been some routing issues to SANRAL (on SANRAL's side) since around 30 Dec. Telkom Internet ADSL IPs were affected, but that is now fixed. Telkom Mobile has some IP blocks (at least 197.208/16) that are still affected. Afrihost/MTN's 105.237/16 was affected last time I checked. And, every website availability testing site I tried still shows it as down. It took about 4 days from when we reported it to their service providers to get access from Telkom Internet ADSL fixed.

Maybe when that gets to the news they will claim that they were hacked. Or trying to prevent hacking. When of course, it seems they don't understand routing much ...
Click to expand...

Maybe they put toll gantries in the internet. :D
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X