Rush to Put Death Records Online Lets Anyone be 'Killed'
Found on Security Week on Saturday, 08 August 2015
A fatal flaw in the system is that people can easily pose as real doctors and funeral directors, Rock demonstrated to a rapt audience.
Setting up accounts requires a doctor's name, address, and medical license number. A basic Internet search will turn up that information, which is publicly available for the well-intended purpose of letting people check that physicians are legitimate before seeking care.
Getting birth certificates for virtual babies was demonstrated to be even easier than killing off people in the digital world, because registering births online only involves doctors and parents.
Sweet digital world. Everything has to be done online and without any verification. Who came up with the idea to let anybody set up accounts like this? The first mantra you should always repeat is: "Don't trust user input. Never ever". Either keep it entirely offline, or make sure that the accounts are registered by the real individual via verifications.