Hello friends,
I am writing this post to draw your attention towards the pathetic situation of Indian Government websites with respect IT security. This post is not only for our readers making them alert when they do online transaction but also for all the admins of these websites who give no attention to IT security and choose not to answer if someone raises a concern.
This all started with my last week experience. I am a regular MTNL broadband user and somehow my account's subscription got expired. To recharge my account I tried logging in and as usual I was having no clue about my password. Being someone who has knowledge of IT security, my curiosity to check other possibility to login grew. I bypass login and guess what next !!!!!!!!!!!!
I was able to access my account without my password. The story did not end there. Out of my curiosity I tried logging access server through Some Code Injection and yes you all are guessing right!! I got an access to server as a administrator. Without any shell, Any mischievous user can Control whole server by using Remote Desktop Connection, And then one voice came out of me “IS THIS WHAT THEY CALLED A SECURED SERVER “?????????????
What happen next is something which is neither important nor in line with my purpose to write this post. But this experience had raised a lot of questions on our information safety. Urgent steps are required to draw everyone attention who collectively have to spread message so that it reaches the concerned authorities who are responsible for our safety.
I am writing this post to draw your attention towards the pathetic situation of Indian Government websites with respect IT security. This post is not only for our readers making them alert when they do online transaction but also for all the admins of these websites who give no attention to IT security and choose not to answer if someone raises a concern.
This all started with my last week experience. I am a regular MTNL broadband user and somehow my account's subscription got expired. To recharge my account I tried logging in and as usual I was having no clue about my password. Being someone who has knowledge of IT security, my curiosity to check other possibility to login grew. I bypass login and guess what next !!!!!!!!!!!!
I was able to access my account without my password. The story did not end there. Out of my curiosity I tried logging access server through Some Code Injection and yes you all are guessing right!! I got an access to server as a administrator. Without any shell, Any mischievous user can Control whole server by using Remote Desktop Connection, And then one voice came out of me “IS THIS WHAT THEY CALLED A SECURED SERVER “?????????????
What happen next is something which is neither important nor in line with my purpose to write this post. But this experience had raised a lot of questions on our information safety. Urgent steps are required to draw everyone attention who collectively have to spread message so that it reaches the concerned authorities who are responsible for our safety.
Credit :- Article Editor Chanpreet Singh, IIS Bangalore. Thank you bro.. :)
ReplyDelete