Where – exactly – was the United States Postal Inspection Service – the sworn, usually plain-clothed police (with arrest powers) investigatory component of the United States Postal Service in this? It took the quasi-governmental USPS over a year to catch this flaw? Astounding.
“A report published in October found that the IV systems suffered from some misconfiguration problems, but none of them referred to adding access controls for reading user data, which is a baseline in information security.” via Ionut Ilascu, writing in his outstanding news post at Bleeping Computer.
*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.infosecurity.us/blog/2018/11/26/usps-the-exposure