Bro, this is what security.org.my try to point out to the govt agencies regarding this kind of data leakage. You don't have to use any sophisticated tools, just a proper query from google will do. I managed to get myself into trouble for this, well dun mention about what the owners of that security.org.my have to endure. Thousands of pen-tests done but heck if you failed to give appropriate responses or taking any actions on the advice given, then that exercise is useless. Assessment - Protection - Detection - Response
p/s: I'm not surprise on this findings anyway :D On 14/10/2010 11:06, Hasanuddin Abu Bakar wrote: > Another identity exposed flaw by PTPTN :) > > Why am I exposing this? because I GOT MY NAME AND IC ON IT........ > DAMN IT!!...with final warning > > see it yourself http://eform.ptptn.gov.my:8080/PortalXS/web_200710_sen.txt > > WARNING!! file size 26MB with 226369 debtors..so better wget or > something before see it. > > -- > Hasanuddin Abu Bakar > GSEC #28858 > IT Security Engineer > +6017 913 1983 > > Sigma Rectrix Systems (M) Sdn Bhd > No.15 & 15-1, Jalan Equine 9A, > Equine Park, Bandar Putra Permai > 43300 Seri Kembangan Selangor > URL : www.sigmarectrix.com <http://www.sigmarectrix.com> > > Phone : 03-89486696 > Fax : 03-89487796 > Helpdesk : 03-89486596 > > > _______________________________________________ > Owasp-Malaysia mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > OWASP Malaysia Wiki > http://www.owasp.org/index.php/Malaysia > > OWASP Malaysia Wiki Facebook > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > > > __________ Information from ESET NOD32 Antivirus, version of virus signature > database 5529 (20101013) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > __________ Information from ESET NOD32 Antivirus, version of virus signature database 5529 (20101013) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com
_______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
