First Release: A hole in the Jerusalem Municipality website revealed the personal information of the residents

First Release: A hole in the Jerusalem Municipality website revealed the personal information of the residents

Property tax forms, building files, photos of vehicles, parking reports and many other documents were exposed in another embarrassing weakness that could easily be prevented – this time in the big city of Israel. The municipality responded: “The Jerusalem municipality is studying this case and will take lessons accordingly.”

Photo: Omar Markovsky, from the PikiWiki website

Another day passes and more security vulnerabilities are revealed. Then Uncomfortable holes in the “grief” service, Associations, Voter use And more recently The Shirbit affair Companies and organizations are learning the hard way about the importance of protecting their corporate information. Today we are learning about another hole left by anyone seeking the personal details of citizens – this time donating to more than 900,000 residents in Israel’s largest city, Jerusalem.

I wanted to appeal the parking report – got a hole

From the leaked documents to the Jerusalem Municipality website

Hezekiah Rabul, a geeky programmer and reader, sought to help his uncle, who wanted to appeal the parking report he received. “We wanted to see pictures taken by the inspector. I went to their site and looked at the pictures, but there was no download button. I wanted to keep it (picture, AB), draw it and send it to appeal, ”Raphael explains. I pressed F12 and saw the URL where the image comes from. I found that he had a sign and a running number. “

If you have followed some of the hacks posted here this year, you already understand how it works: Any person with a minimum of technical knowledge and any powerful hacking tool Pegasus You can change the last digit at the end of a browser URL and get a picture of another car. If that’s not enough, Raffles says the change in the digits in the middle of the string is a building file, property tax applications, copies of appeals, copies of reports and “any document issued or sent by the municipality.” If that’s not enough, when Raphael pasted the link to the report in a Google search, he discovered that it was defined as public and coded by the search engine. “If I tried to get into them, I would not need a parking report to find the link. The link is public,” he explains.

Want to talk to our reporters?

Want to talk to our reporters?
Join our telegraph team here now

Raphael rushed to do what every responsible citizen expects to do and undertook a disclosure process to the internet queue, where he got a quick response. Within about an hour the corresponding part of the site flew into the air.

When asked about his feelings about the bad security issue, Raphael says, “Hold yourself up with your hands.” “Maybe we should make a law for them to do tests … I did not try to get into them, I did not fish, and then I won … I saw it. If I get too bored tomorrow, I will not try to help my uncle, but if I try to get into them What to do? It’s nothing less than a magic wand. Here are the identity cards, the property tax documents. “

Most importantly, what about the report?

Rable: “Now I hope I can appeal the statement.”

Jerusalem Municipality: Read the case and draw lessons accordingly

Cyber ​​Answer: “This issue was reported to the queue and was soon shut down by the municipality, according to the report. As part of the organization’s new plan, companies may require hosting companies and / or their website builders to meet the organization’s information security standards and” system hosting nature “.

We asked the Jerusalem Municipality for an answer, especially to understand whether the information revealed was still in the hands of the less sympathetic. This is their answer: “This morning, the Jerusalem Municipality received an update from the Internet regarding a technical malfunction that was immediately resolved. The Municipality of Jerusalem is studying the case and will draw lessons accordingly.”

A good old man

Born with joystick in hand. He has more gadgets and less time to play with them. Unspecified hammer holder for measuring device batteries. When he’s not busy writing about technology, he wants to talk about it, and a lot more

You May Also Like

About the Author: Seth Sale

"Passionate creator. Wannabe travel expert. Reader. Entrepreneur. Zombie aficionado. General thinker."

Leave a Reply

Your email address will not be published. Required fields are marked *