[Owasp-Malaysia] PTPTN debtors list with their IC and status (backlisted, warned or else)

Hazrul Hamzah hazrul at hazrulnz.net
Wed Oct 13 23:17:11 EDT 2010


 Bro, this is what security.org.my try to point out to the govt agencies
regarding this kind of data leakage. You don't have to use any
sophisticated tools, just a proper query from google will do. I managed
to get myself into trouble for this, well dun mention about what the
owners of that security.org.my have to endure. Thousands of pen-tests
done but heck if you failed to give appropriate responses or taking any
actions on the advice given, then that exercise is useless. Assessment -
Protection - Detection - Response

p/s: I'm not surprise on this findings anyway :D

On 14/10/2010 11:06, Hasanuddin Abu Bakar wrote:
> Another identity exposed flaw by PTPTN :)
>
> Why am I exposing this? because I GOT MY NAME AND IC ON IT........
> DAMN IT!!...with final warning
>
> see it yourself http://eform.ptptn.gov.my:8080/PortalXS/web_200710_sen.txt
>
> WARNING!! file size 26MB with 226369 debtors..so better wget or
> something before see it.
>
> -- 
> Hasanuddin Abu Bakar
> GSEC #28858
> IT Security Engineer
> +6017 913 1983
>
> Sigma Rectrix Systems (M) Sdn Bhd
> No.15 & 15-1, Jalan Equine 9A,
> Equine Park, Bandar Putra Permai
> 43300 Seri Kembangan Selangor
> URL             : www.sigmarectrix.com <http://www.sigmarectrix.com>
>
> Phone        : 03-89486696
> Fax              : 03-89487796
> Helpdesk  : 03-89486596
>
>
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus signature database 5529 (20101013) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>




__________ Information from ESET NOD32 Antivirus, version of virus signature database 5529 (20101013) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20101014/80e283b1/attachment.html 


More information about the Owasp-Malaysia mailing list