Hacker News new | past | comments | ask | show | jobs | submit login

It wasn't encrypted. It was written using Base64 – the computer equivalent of the phonetic alphabet. Anyone can “decode” it by hand, like Morse code, and the practised can read it off directly.

This Base64 was placed inside an HTML document. That's a bit like a Word document, except the formatting (bold, underline, big, small, Comic Sans) is written next to the text, so the computer knows how to display it. HTML is designed to be human-readable; in fact, it's designed for humans to write directly, using a text editor.

Here's an example of an HTML document, and here's a Base64 decoding table. (There's also a printout from Wikipedia, if you want to know how people can do it in their heads.) The jury should be able to read this SSN off, with no prior experience, in about ten minutes.

This was sent, by the State's computers, to every user of the system, due to a programming error.

  <!DOCTYPE html>
  <html>
    <head>
      <title>My Webpage</title>
    </head>
    <body>
      <h1>This is an HTML document</h1>
      <p>
        It might not look like much, but it's a website!
        This is what they look like to computers, and
        web developers. There is usually other code behind
        the scenes, where sensitive data should be stored,
        but this is the public part.
      </p>
      <!-- Internal state (public component).
           Should not contain sensitive data! -->
      <input type="hidden"
             name="__VIEWSTATE"
             id="__VIEWSTATE"
             value="dDwxMjM7dDxwPGw8
                    U1NOOz47bDw5MTIt
                    MzgtNjU0Nzs+Pjs7
                    Pg==">
    </body>
  </html>



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: