Oct 22, 2009

Doug Tygar Discusses CalJobs Security Flaws on CBS5 TV

From CBS 5 TV (KPIX)

Security Flaws Discovered In Calif. EDD Website

By Anna Werner

It's one of the most serious security breaches one computer expert has ever seen. CBS 5 Investigates has discovered a state-run web site may be putting hundreds of thousands of Californians at risk of identity theft.

It started off with a tip from a viewer, a local job seeker who noticed a computer glitch. Once CBS 5 started looking closer at the glitch, it was a gaping hole.

For laid off workers such as Tom Diederich of Pacifica, it's a requirement: To get unemployment benefits you have to post your resume on CalJOBS, the state's job site. "I filled out my employment history and I saved it," said Diederich, who bookmarked it for future reference.

But the next day when he clicked back in he said, "I saw someone else's information. I saw their name, where they live, their email, their phone number. I was shocked, really."...

CBS 5 asked UC Berkeley [School of Information and] computer science professor and privacy expert, Doug Tygar to take a look at Diederich's problem. He said, "I consider that to be a serious security breach."

But it turns out, not the only one. Because just moments after beginning his examination of that website, using Diederich's web link, Tygar was able to get into the site, and look at other applicants' supposedly private data. "I was able to access other people's personal information including their address, their phone numbers, email, personal details," Tygar said....

Watch online...

Last updated:

October 4, 2016