Go Back   Maryland Shooters > Gun Rights and Legislation > Maryland 2A Issues

Notices


Reply
 
Thread Tools Display Modes
Old September 10th, 2013, 08:22 PM #1
occbrian's Avatar
occbrian occbrian is offline
Senior Member
 
Join Date: Jan 2013
Location: in a cave
Posts: 4,789
occbrian occbrian is offline
Senior Member
occbrian's Avatar
 
Join Date: Jan 2013
Location: in a cave
Posts: 4,789
MSI UPDATE

As you are aware, the Maryland State Police have enlisted the help of multiple non-MSP agencies and tasked up to 200 employees with entering Personal Identifying Information (PII) for the MSP in order to reduce the current backlog. In their Press Release, the MSP assured us that the information was secure and that we have nothing to worry about

MSI has spoken to multiple sources within these agencies and confirmed that this is not the case. There are serious concerns and issues that need to be addressed.
Employees are accessing a searchable database of 77R forms.
The web portal to that database is insecure, does not use SSL, has an expired security certificate and is accessible from anywhere on the Internet. It is not contained within Maryland Government networks.
All of the employees were given the same login and password.
The database is searchable. You can search by name and even enter partial searches.

From what we understand, the original 77R’s have been scanned in .TIF format and placed on encrypted disks. The employees are accessing the data from the disk and entering it through the insecure web portal.

However, since they all use the same login, it will be virtually impossible to know who accessed what information and when. It also means that if the login information is shared with an outside source, the MSP would have no way of tracking down the source of the leak and enforcing their “confidentiality agreement.”

This information is accessible from anywhere if you have the login information. You can even access it from a smartphone.

Martin O'Malley and the Maryland General Assembly spoke at length about how they want to make Maryland safer through strict gun control. It is UNFATHOMABLE that people who claim to be proponents of making our state safer could allow such a grievous breach of security. Not only did MSP allow unauthorized persons to view and input this information, they now are allowing it to be transmitted online without any encryption into a database where everyone shares the same account.

Understand in very simple terms: Your recent order with Amazon.com is FAR more secure than your personal identifying information with the Maryland State Police.

As of right now MSI is working with some of our 2A friendly delegates to find out these answers but we believe that you should know exactly what is going on at this moment.

Delegate Mike Smigiel has submitted two PIA requests to the MSP. You can read the requests here. http://delegatemike.com/pia-request/

We will update you with any information as it develops and we appreciate your support. Without you and your support, efforts such as these would not be possible.
occbrian is offline   Reply With Quote
Old September 10th, 2013, 08:26 PM #2
DC-W's Avatar
DC-W DC-W is offline
¯\_(ツ)_/¯
 
Join Date: Jan 2013
Posts: 17,408
DC-W DC-W is offline
¯\_(ツ)_/¯
DC-W's Avatar
 
Join Date: Jan 2013
Posts: 17,408
Ho lee FUK
This is worse than I think anyone could imagine.
DC-W is offline   Reply With Quote
Old September 10th, 2013, 08:26 PM #3
DEX's Avatar
DEX DEX is offline
scruffy-lookin nerfherder
 
Join Date: Aug 2013
Location: Glen Burnie, MD
Posts: 336
DEX DEX is offline
scruffy-lookin nerfherder
DEX's Avatar
 
Join Date: Aug 2013
Location: Glen Burnie, MD
Posts: 336
DEX is offline   Reply With Quote
Old September 10th, 2013, 08:27 PM #4
csanc123 csanc123 is offline
Senior Member
 
Join Date: Aug 2009
Location: Montgomery County
Posts: 3,083
csanc123 csanc123 is offline
Senior Member
 
Join Date: Aug 2009
Location: Montgomery County
Posts: 3,083
Ok...I thought I was pissed before. No words to describe my anger now...that site needs to be shut dafuq down. Please tell me it is not still up and running!!!
csanc123 is offline   Reply With Quote
Old September 10th, 2013, 08:28 PM #5
occbrian's Avatar
occbrian occbrian is offline
Senior Member
 
Join Date: Jan 2013
Location: in a cave
Posts: 4,789
occbrian occbrian is offline
Senior Member
occbrian's Avatar
 
Join Date: Jan 2013
Location: in a cave
Posts: 4,789
Quote:
Originally Posted by csanc123 View Post
Ok...I thought I was pissed before. No words to describe my anger now...that site needs to be shut dafuq down. Please tell me it is not still up and running!!!
It is. We have the URL, but we will not share it given the major security concerns.
occbrian is offline   Reply With Quote
Old September 10th, 2013, 08:30 PM #6
DC-W's Avatar
DC-W DC-W is offline
¯\_(ツ)_/¯
 
Join Date: Jan 2013
Posts: 17,408
DC-W DC-W is offline
¯\_(ツ)_/¯
DC-W's Avatar
 
Join Date: Jan 2013
Posts: 17,408
Well if there weren't blatant grounds for lawsuits...
There are now...
DC-W is offline   Reply With Quote
Old September 10th, 2013, 08:31 PM #7
dfens42's Avatar
dfens42 dfens42 is offline
Publius
 
Join Date: Jun 2012
Location: Free America-WV Province
Posts: 2,306
dfens42 dfens42 is offline
Publius
dfens42's Avatar
 
Join Date: Jun 2012
Location: Free America-WV Province
Posts: 2,306
Wow...as a security professional...this is just inexcusable.

**** me sideways.
__________________
Sons of the American Revolution, Tygart Valley, WV Chapter Member
MSI Member
SAF Member
NRA Member
MD Designated Collector

Si vis pacem, para bellum.

Malo periculosam, libertatem quam quietam servitutem.
dfens42 is offline   Reply With Quote
Old September 10th, 2013, 08:33 PM #8
dlmarion dlmarion is offline
Member
 
Join Date: Feb 2013
Location: Carroll County
Posts: 483
dlmarion dlmarion is offline
Member
 
Join Date: Feb 2013
Location: Carroll County
Posts: 483
Are they obligated by law to safeguard our information?
__________________
U.S. Navy Veteran
NRA Life Member
Baltimore Rifle Club
dlmarion is offline   Reply With Quote
Old September 10th, 2013, 08:33 PM #9
ibang1's Avatar
ibang1 ibang1 is offline
Senior Member
 
Join Date: Jan 2011
Location: Perry Hall
Posts: 1,865
ibang1 ibang1 is offline
Senior Member
ibang1's Avatar
 
Join Date: Jan 2011
Location: Perry Hall
Posts: 1,865
Funny how the place I work have fired people for sharing their computer accounts. Sound like a huge compromise on system access. Maybe it's time to submit a lawsuit.
__________________
Andy Andrews, "The most dangerous thing any nation faces is a citizenry capable of trusting a liar to lead them."
ibang1 is offline   Reply With Quote
Old September 10th, 2013, 08:34 PM #10
DEX's Avatar
DEX DEX is offline
scruffy-lookin nerfherder
 
Join Date: Aug 2013
Location: Glen Burnie, MD
Posts: 336
DEX DEX is offline
scruffy-lookin nerfherder
DEX's Avatar
 
Join Date: Aug 2013
Location: Glen Burnie, MD
Posts: 336
Quote:
Originally Posted by dfens42 View Post
**** me sideways.
Apparently there was more security on that word than our personal info...
DEX is offline   Reply With Quote
Old September 10th, 2013, 08:34 PM #11
TopShelf's Avatar
TopShelf TopShelf is offline
@TopShelfJS
 
Join Date: Feb 2012
Posts: 1,654
Images: 2
TopShelf TopShelf is offline
@TopShelfJS
TopShelf's Avatar
 
Join Date: Feb 2012
Posts: 1,654
Images: 2
unbelievable. If this is accurate, every but of your personal info was/is effectively published on the internet
__________________
MSI, SAF (Life), NRA (Life - Endowment), NRA-ILA (Sustaining Member), GOA, CCRKBA, MD Designated Collector, Utah (NR) CWP
Change Annapolis
TopShelf is offline   Reply With Quote
Old September 10th, 2013, 08:35 PM #12
csanc123 csanc123 is offline
Senior Member
 
Join Date: Aug 2009
Location: Montgomery County
Posts: 3,083
csanc123 csanc123 is offline
Senior Member
 
Join Date: Aug 2009
Location: Montgomery County
Posts: 3,083
Quote:
Originally Posted by dlmarion View Post
Are they obligated by law to safeguard our information?
Yes.
csanc123 is offline   Reply With Quote
Old September 10th, 2013, 08:36 PM #13
dfens42's Avatar
dfens42 dfens42 is offline
Publius
 
Join Date: Jun 2012
Location: Free America-WV Province
Posts: 2,306
dfens42 dfens42 is offline
Publius
dfens42's Avatar
 
Join Date: Jun 2012
Location: Free America-WV Province
Posts: 2,306
Quote:
Originally Posted by dlmarion View Post
Are they obligated by law to safeguard our information?

Yes, the only agency vetted to have access to the 77R was MSP. When you signed the form, they are the only ones you authorized.
__________________
Sons of the American Revolution, Tygart Valley, WV Chapter Member
MSI Member
SAF Member
NRA Member
MD Designated Collector

Si vis pacem, para bellum.

Malo periculosam, libertatem quam quietam servitutem.
dfens42 is offline   Reply With Quote
Old September 10th, 2013, 08:36 PM #14
montoya32's Avatar
montoya32 montoya32 is offline
Senior Member
 
Join Date: Jun 2010
Location: Fallston, MD
Posts: 10,558
Images: 22
montoya32 montoya32 is offline
Senior Member
montoya32's Avatar
 
Join Date: Jun 2010
Location: Fallston, MD
Posts: 10,558
Images: 22
Quote:
Originally Posted by dlmarion View Post
Are they obligated by law to safeguard our information?
Ask any banker/lender. They are required to use key FOBs that generate random codes each time they log into secure databases/sites. Your info is safer when applying for a mortgage than when buying a gun.
__________________
Words and opinions on this forum are mine and mine alone and do not represent the thoughts, stances or views of the company I am affiliated with.
Tim Montoya
Realtor
443-463-3592 cell
www.themarylandrealestateblog.com
www.allhomes4me.com
www.whatsupharford.com

<a href=http://www.facebook.com/timmontoyarealtor target=_blank>http://www.facebook.com/timmontoyarealtor</a>
montoya32 is offline   Reply With Quote
Old September 10th, 2013, 08:37 PM #15
dfens42's Avatar
dfens42 dfens42 is offline
Publius
 
Join Date: Jun 2012
Location: Free America-WV Province
Posts: 2,306
dfens42 dfens42 is offline
Publius
dfens42's Avatar
 
Join Date: Jun 2012
Location: Free America-WV Province
Posts: 2,306
Quote:
Originally Posted by ibang1 View Post
Funny how the place I work have fired people for sharing their computer accounts. Sound like a huge compromise on system access. Maybe it's time to submit a lawsuit.
I wrote someone up for it last week. By Federal law we can't use shared logins because we have to be able to produce paper trails for crap like Sarbanes/Oxley.
__________________
Sons of the American Revolution, Tygart Valley, WV Chapter Member
MSI Member
SAF Member
NRA Member
MD Designated Collector

Si vis pacem, para bellum.

Malo periculosam, libertatem quam quietam servitutem.
dfens42 is offline   Reply With Quote
Old September 10th, 2013, 08:38 PM #16
ShallNotInfringe's Avatar
ShallNotInfringe ShallNotInfringe is offline
Lil Firecracker
 
Join Date: Feb 2013
Posts: 8,246
ShallNotInfringe ShallNotInfringe is offline
Lil Firecracker
ShallNotInfringe's Avatar
 
Join Date: Feb 2013
Posts: 8,246
Thanks Brian for posting the update and following this so diligently.

They need to shut this down now. How do we do this? Court, Feds? What's the fastest way to stop the bleeding? If we wait for the PIA and policitians, it's gonna take way too long.
ShallNotInfringe is offline   Reply With Quote
Old September 10th, 2013, 08:38 PM #17
HoCoShooter's Avatar
HoCoShooter HoCoShooter is offline
Senior Member
 
Join Date: Feb 2009
Location: Howard County
Posts: 3,229
HoCoShooter HoCoShooter is offline
Senior Member
HoCoShooter's Avatar
 
Join Date: Feb 2009
Location: Howard County
Posts: 3,229
Wonder what the username and password are?

Qwerty
Qwerty


Or perhaps something more secure like

Mary
Land
__________________
Member MSI, SAF, NRA.
HoCoShooter is offline   Reply With Quote
Old September 10th, 2013, 08:40 PM #18
tsmith1499's Avatar
tsmith1499 tsmith1499 is offline
Poor C&R Collector
 
Join Date: Jan 2012
Location: Southern Mount Airy, Md.
Posts: 3,828
tsmith1499 tsmith1499 is offline
Poor C&R Collector
tsmith1499's Avatar
 
Join Date: Jan 2012
Location: Southern Mount Airy, Md.
Posts: 3,828
So, since it's a searchable database I will assume that means that even if you filled out a 77r 2 years ago that they can find that information out given the right search words??????
Something has to be done on a higher level than the state. We'll just get the same old BS from within this state!! I hate to see what happens when the Federal level security people get this information. Thanks MARTY!!! You moron.
__________________
NRA Life Member
Monumental Rifle and Pistol Club
MD Designated Collector
MSI Member
MSRPA Member
C&R 03 FFL


"A citizen may not be required to offer a good and substantial reason why he should be permitted to exercise his rights. The right‘s existence is all the reason he needs."
tsmith1499 is offline   Reply With Quote
Old September 10th, 2013, 08:41 PM #19
dfens42's Avatar
dfens42 dfens42 is offline
Publius
 
Join Date: Jun 2012
Location: Free America-WV Province
Posts: 2,306
dfens42 dfens42 is offline
Publius
dfens42's Avatar
 
Join Date: Jun 2012
Location: Free America-WV Province
Posts: 2,306
Admin
Password
__________________
Sons of the American Revolution, Tygart Valley, WV Chapter Member
MSI Member
SAF Member
NRA Member
MD Designated Collector

Si vis pacem, para bellum.

Malo periculosam, libertatem quam quietam servitutem.
dfens42 is offline   Reply With Quote
Old September 10th, 2013, 08:42 PM #20
dfens42's Avatar
dfens42 dfens42 is offline
Publius
 
Join Date: Jun 2012
Location: Free America-WV Province
Posts: 2,306
dfens42 dfens42 is offline
Publius
dfens42's Avatar
 
Join Date: Jun 2012
Location: Free America-WV Province
Posts: 2,306
Quote:
Originally Posted by tsmith1499 View Post
So, since it's a searchable database I will assume that means that even if you filled out a 77r 2 years ago that they can find that information out given the right search words??????
Something has to be done on a higher level than the state. We'll just get the same old BS from within this state!! I hate to see what happens when the Federal level security people get this information. Thanks MARTY!!! You moron.
That's exactly what it means. These unvetted people who we cannot trace had access to the personal information of anyone who has filled out a 77R in Maryland.

__________________
Sons of the American Revolution, Tygart Valley, WV Chapter Member
MSI Member
SAF Member
NRA Member
MD Designated Collector

Si vis pacem, para bellum.

Malo periculosam, libertatem quam quietam servitutem.
dfens42 is offline   Reply With Quote
Reply

  Home Page > Forum List > Gun Rights and Legislation > Maryland 2A Issues


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 02:12 AM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
© 2016, Maryland Shooters, LLC