KOREA: Major web sites not safe from leakage of personal information
Big security problem with major websites leaking personal info
Published: Tuesday, February 24, 2004
The Korea Times
Tuesday, February 24, 2004
By Kim Rahn
Many major Web sites, including those of the Supreme Public Prosecutors’ Office, broadcasters and newspapers, have been found to be vulnerable to leaking confidential personal data due to a lack of security measures.
Computer security businesses warned on Tuesday that leaked information could be used for fraud, illegal campaigning, defamation and other crimes.
Such leakage is reported to occur as a large number of sites don’t encrypt personal data such as a user’s registration number, name, address and phone number as well as cookies and text files, which mediate between PCs and Web site servers for login and connection.
Confidential personal information can be disclosed easily from sites of lax security, and it is possible to login to another person’s account even without a password, given only pieces of personal data from cookies.
Due to the fact that data leakage also enables falsification of personal information and theft of cyber money, and that even government Web sites are vulnerable to it, questions are arising about the effectiveness of a new election law which obligates people to reveal their real names on online message boards.
In a study conducted by the Yonhap News Agency, the Web site of the Supreme Public Prosecutors’ Office was found to use unencrypted cookies that contain a user’s ID, name and e-mail address. If hacked with another person’s ID, one could access the site and communicate with civil affairs with a false ID. The same goes for some major newspapers’ Web sites.
One of largest online community sites, with more than a 10 million-user membership, was reported to loosely secure a cookie that manages its cyber money system, making it easy to divert other people’s funds.
The information leakage problem, however, had already been pointed out about two years ago by Web site programmers, and major Internet-based companies and online media outlets have worked to tighten their security.
"It is rather a neglect of basic principle than a security problem. They seem to have established Web sites without considering the basis of their Web connection," a computer expert at BIT Computer said.