The RCMP alleges that 19 year old security “enthusiast” Stephen Arthuro Solis-Reyes took advantage of the recently disclosed Heartbleed TLS vulnerability to steal 900 social insurance numbers from a government website. The publication The Financial Post made the aforementioned claims in a recent article on their website. I strongly suspect given the large number of individual records collected that another vulnerability – such as a database with a weak or default password or the lack of input sanitation allowing the alleged attacker access to generate his own queries and that the Heartbleed angle has been tacked on erroneously. Others may disagree but I believe the aforementioned attacks are far more likely when all of the information in the public eye is assessed.
Mike the Crypto Goat
Exploring Internet security, crypto and civil liberties.
Mike the Crypto Goat 