Saturday, December 15, 2007

Bad Security Programming

I am often amazed on how much privacy and security violation that often times appear on
websites.

Here the latest one i notice just a few days back. It not an actual programming problem but more on common sense privacy violation.

Goto : www.pizzahut.com.my

Goto "Register", enter any phone number of a person that you know of, and chances
is the Pizza hut will show you the "address" where that person is staying or last used to order
pizza. Yes, this means you can get the address of anyone who happen to have registered with
PizzaHut EVEN if that person ordered via the PHONE last time.

What does this tells you?
Anyone can locate your house address and other information if you have ordered anything from Pizza Hut via phone or online.

Conclusion : Call up pizza hut to remove your information on their database, or if you havent registered or ordered via phone, DONT.