"This included full credit reports, prescription history, payroll statements, partial SSNs, credit card statements, and canceled checks. Web servers are supposed to send a Cache-Control: no-store header to prevent this, but many of the sites are sending non-standard headers recognized only by Internet Explorer, and others are sending no cache headers at all. While browsers were once cautious about writing content received over SSL to the disk cache, today, most do so by default unless the server specifies otherwise."This is ridiculous. This is lawsuit material.
Thursday, June 20, 2013
Misc
Financial sites store private information in disk cache for all to read.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment