Pennsylvania Web Site Application Exposes Voter Data

A voter in Pennsylvania discovered that the state's Web site was far less than secure. After registering, the voter noticed that a parameter at the end of a URL could be changed, thereby giving him a view of other voter's information.

However, instead of notifying the state, the voter instead registered at Digg with a username of "mtg169" and posted a message about the exploit. The person also posted at least six comments that gave even more information about the extent to which the site could be exploited.

The state of Pennsylvania reportedly didn't shut down the site until it was notified by a news agency about the vulnerability. At the time of this writing the site was still unavailable other than to display a message that reads, "The Commonwealth of Pennsylvania web site that you are trying to reach is either not available or is undergoing maintenance. Please try back later. Thank you for your patience."