Pennsylvania took down its online voter registration Wednesday after
discovering it failed to protect personal data, and the vulnerability
was apparently caused by a programming error.
A Digg user reported earlier this week that Pennsylvania's online voter registration Web site exposed voters' personal information.
"This was discovered after filling out a registration myself,"
the Digg contributor wrote. "Being a security conscious programmer, I
decided to test."
The programmer said that the printable voter application --
which users could fill out online, print out, and mail to election
officials -- was not protected by authentication or validation.
Before the site shut down, PDFs containing names, dates of
birth, and portions of Social Security numbers of some voters could be
accessed through the state's servers.
Full story at informationweek.com