Job board website vulnerable to hacking, data interception

A popular Yukon job board website is vulnerable to hacking because its managers have not put common security measures in place.

A popular Yukon job board website is vulnerable to hacking because its managers have not put common security measures in place.

YuWin.ca doesn’t use Secure Sockets Layer (SSL) that allows encryption of all the data exchanged between a client computer and the internet server hosting the website yuwin.ca

“It’s rare to see (no SSL) these days,” said Martin Lehner, an IT specialist and co-owner of Tangerine Technology in Whitehorse.

“It’s quite surprising they wouldn’t encrypt,” Lehner said. “They’ve had executive directors who have been from the IT industry.”

SSL is becoming ubiquitous as even Google now encrypts all searches by default.

“At some point the entire internet will be SSL (encrypted) anyways,” Lehner said.

Because the data exchanged is not encrypted, an attacker could intercept a user’s login information.

While YuWin doesn’t hold information, such as social insurance numbers, that could be used for fraud or identity theft, hackers could still make use of the passwords used for YuWin accounts.

That’s because people often reuse the same password for different services, Lehner said.

“I would say anybody who has an account on the job board … should know their internet password is viewable at a minimum by the YuWin staff or anybody who has access to the backend,” he said.

And an attacker wouldn’t even need to be on the same internet network to intercept passwords, Lehner said.

All he or she would need to do is capture data flowing between the Yuwin.ca’s server and other internet routers.

“Eventually if you wait long enough, you can pull traffic out,” Lehner said.

The lack of SSL also means an attacker could impersonate the website, and trick people into entering their login information.

It doesn’t matter that YuWin is a Yukon-based website, Lehner said, because hackers will scan the entire internet looking for vulnerable services.

Implementing SSL is neither expensive nor difficult, Lehner said.

“I would suspect that with the government who funds them, they probably expect the data is kept reasonably secure.”

YuWin chair Debbie Parent told the News the board was aware of the situation and working on it.

Parent asked the News to withhold publication of this story in exchange for first crack at a news release to be issued Tuesday. The News declined.

Contact Pierre Chauvin at pierre.chauvin@yukon-news.com

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Liberal leader Sandy Silver speaks outside his campaign headquarters in Dawson City following early poll results on April 12. (Robin Sharp/Yukon News)
UPDATED: Minority government results will wait on tie vote in Vuntut Gwitchin

The Yukon Party and the Liberal Party currently have secured the same amount of seats

Dawson the dog sits next to the Chariot Patrick Jackson has loaded and rigged up to walk the Dempster Highway from where it begins, off the North Klondike Highway, to the Arctic Circle. (Submitted)
Walking the Dempster

Patrick Jackson gets set for 405-kilometre journey

Yukonomist Keith Halliday
YUKONOMIST: The Neapolitan election

Do you remember those old bricks of Neapolitan ice cream from birthday… Continue reading

Chief Medical Officer of Health Dr. Brendan Hanley. (Crystal Schick/Yukon News)
Exposure notice issued for April 3 Air North flight

Yukon Chief Medical Officer of Health Dr. Brendan Hanley has issued another… Continue reading

Emily Tredger at NDP election night headquarters after winning the Whitehorse Centre riding. (Stephanie Waddell/Yukon News)
Emily Tredger takes Whitehorse Centre for NDP

MLA-elect ready to get to work in new role

Chief Medical Officer of Health Dr. Brendan Hanley. (Crystal Schick/Yukon News)
Two new cases of COVID-19 variant identified in territory

“If variants were to get out of control in the Yukon, the impact could be serious.”

lwtters
Today’s Mailbox: Rent freezes and the youth vote

Dear Editor, I read the article regarding the recommendations by the Yukon… Continue reading

Point-in-Time homeless count planned this month

Volunteers will count those in shelters, short-term housing and without shelter in a 24-hour period.

The Yukon’s new ATIPP Act came into effect on April 1. Yukoners can submit ATIPP requests online or at the Legislative Assembly building. (Gabrielle Plonka/Yukon News file)
New ATIPP Act in effect as of April 1

The changes promise increased government transparency

A new conservancy in northern B.C. is adjacent to Mount Edziza Provincial Park. (Courtesy BC Parks)
Ice Mountain Lands near Telegraph Creek, B.C., granted conservancy protection

The conservancy is the first step in a multi-year Tahltan Stewardship Initiative

Yukon RCMP reported a child pornography-related arrest on April 1. (Phil McLachlan/Black Press file)
Whitehorse man arrested on child pornography charges

The 43-year-old was charged with possession of child pornography and making child pornography

Most Read