What I’m trying to say there is that we’d make fun of it, of course we would. However, you’re right that we would probably want to help it, too.

Thanks.

Information security is something that is important to every citizen of Alberta and if Mack discovered something like this, good for him reporting it to the rest of us.

These things need to be made public so we can embarrass the government into protecting our information properly.

This time it was only the budget. Next time it could be enough information to steal your identity.

This isn’t the first time that websites are open to exploit, laptops are stolen, files are tossed into regular trash, etc.

FYI, there is a major difference between Mack trying THE most obvious hack ever and SQL attacks, and that is intent. I don’t believe for a minute there was any malicious intent on Mack’s part.

If you’re going to make accusations, why not sign your full name to them instead of hiding behind an initial or first name? Make me wonder about your intent.

Weak passwords aside, If you came public with this first before attempting to contact someone to fix it I hope there is some form of justice/punishment comes to you.

Again if you blogged about this without contacting someone first you just crave attention.

Find an exploit? Contact the admin to have it patched. You actions are no different than people trying to steal corporate secrets.

1) A site that hasn’t gone live yet shouldn’t default to a login screen. It looks bad, and invites visitors to try logging in.

2) A site should never have an account where “administrator” and “password” provides access.

Even though there was nothing really “there” once Mack got in, it still represents a breach.

Just bad luck/timing on us I guess!

Thanks Mack

The point is that they got lucky this time. We need to ensure this sort of mistake isn’t repeated!

You win.