Indian Visa Application Data Easily Accessible Using Old 'Change Number In URL' Trick
from the very-very-secure dept
The folks over at Daniweb have submitted their story about the online visa application system in India. Approximately a year ago, someone who was using the system ran into a problem, where all the work he had done in filling out the application seemed to disappear, and the back button wasn’t work. So he tried making small changes to the URL… which gave him access to someone else’s visa application. There are plenty of online systems that do this, but you would expect something a little more secure when it comes to government documents that include all sorts of personal info. The guy notified those responsible, and his alert was promptly ignored. It was only after they were contacted a second time, by the person writing the article about it, that they took it seriously enough to finally plug the hole. With governments leaking data all the time, is it any wonder that people don’t feel particularly safe when the government wants even more data from us, while promising that there’s no way it would ever be leaked?
Comments on “Indian Visa Application Data Easily Accessible Using Old 'Change Number In URL' Trick”
Why do they bother making promises like that? It just makes us laugh to hear it.
Giving data to the government...
You should consider any data given to the government as secure as it would be on a billboard along I-95.
OK, I’m exaggerating. Let’s say a billboard facing away from the highway… but it’s got lots of neon on it.
Ahhhh….Would this system have been written by the highly skilled & talented people that we can’t seem to find in this country and therefore need to outsource things to India?
Looks like they have programmers making the mistakes that most of the developers here got past in 1996.
It’s getting to be pretty bad these days. Corporations that keep credit card info way past the transaction completion, whose data banks get hacked. Governments who are terribly inefficient with design and implementation of computer systems, asking for and keeping increasing amounts of personal data.