Thursday, 26 April 2007

Amazing MTAS - even greater depths plumbed

Dr Crippen has been emailed by a junior doctor who incredibly has found another glaring security fault in MTAS, you would thought that following yesterday's blunders the numpties would have made sure that all the personal information was secure by now, wouldn't you?

But no, there are still gaping holes in their security.

Any candidate can easily access another candidates personal emails by simply changing the digits of his/her own inbox URL. Obviously many of these emails contain deeply personal information that candidates would be shocked to find were freely accessible to other candidates.

It doesn't stop there, I have also learnt that you do not even need to be logged in to access these emails. Incredibly the URL on its own is enough to see the inbox of anyone without any password or log in! It basically means that all correspondence that has taken place is sitting on the Internet completely unprotected, all you need is the URL. Once the inbox URL is known you can even send emails for that person.

This is in addition to the fact that anyone can register for an MTAS account by simply using an anonymous email account, that's all you need. It is entirely possible that there are people with MTAS accounts who have no medical training, and they would be able to access all the correspondence very easily indeed.

My jaw is on the floor. I cannot believe the rank incompetence of those behind MTAS and MMC. Their true muppetry is out in the open for all to see, quite literally.

Spare a thought for the juniors caught up in this, not only are they stressed at having to go through the most drawn out and shambolic application process ever while fearing for their livelihoods, but they are having to cope with all their confidential personal data being freely accessible to all and sundry.

I keep on thinking things cannot get worse, but MTAS keeps proving me wrong.

It is about time MTAS was blown to smithereens.

post scriptum- it seems someone is trying to cover their greasy footprints, closed for 'essential maintenance work'- my arse:

post post scriptum - Channel 4 has now covered events tonight, while even the BBC are stepping up a gear.