Well, that might have been an interesting read .... but Engadget's site just keeps permanently refreshing, and/or presents me with a solid black block where text should be. So after 10 minutes wasted, I gave up.
Oh well.
India's government Aadhaar database, which holds personal information of over one billion Indian citizens, was allegedly breached, BuzzFeed News reports. Along with demographic info, the database also contains biometric data like fingerprints and iris scans. Indian publication The Tribune reported earlier today that it was able to access any registered citizen's demographics after it was granted admin access by an anonymous individual. In just 20 minutes, a reporter was given an administrator ID and a password after contacting the individual through WhatsApp and transferring what amounted to less than $8. Afterwards, the reporter was able to plug in anyone's Aadhaar number and get their name, address, postal code, photo, phone number and email. For an additional $5, the reporter was also able to get software that allowed them to print an Aadhaar card with anyone's number.
An officer with the Unique Identification Authority of India (UIDAI), the government authority that runs Aadhaar, initially told The Tribune, "Except the Director-General and I, no third person in Punjab should have a login access to our official portal. Anyone else having access is illegal, and is a major national security breach." However, it later released a statement denying a breach, saying The Tribune's article was "a case of misreporting" and assured that "there has not been any Aadhaar data breach." But in the same statement it admitted that The Tribune report was an "instance of misuse of the grievance redressal search facility," suggesting that sensitive data was in fact accessed. India's Bharatiya Janata Party, one of the country's two major political parties, called The Tribune's report "fake news."
BuzzFeed News got in touch with the person who allegedly sold The Tribune the admin access. The person said that they had paid around $95 for access themselves through a WhatsApp group and was told that they could then create as many usernames and passwords as they wished. Becoming an Aadhaar admin appears to allow you to create other admin accounts, a feature that seems like a fundamental flaw of the system. The person admitted to selling access to seven other people over the last week but said they didn't know they were breaking the law or compromising data security by doing so.
Many have been critical of the database, data from which has been exposed before, for its lack of security and this alleged breach has just added fuel to the fire. Meghnad S, spokesperson for India's online SpeakForMe.in movement, told BuzzFeed News, "In its hurry to make Aadhaar mandatory and not ensuring data safety, the government has allowed shady vendors to exploit this data for their own gains."
Saracen (09-01-2018)
Considering this is India where half the government is incompetent and bribery and corruption are everywhere this is par for the course. I wish they would catch up to us.
hexus trust : n(baby):n(lover):n(sky)|>P(Name)>>nopes
Be Careful on the Internet! I ran and tackled a drive by mining attack today. It's not designed to do anything than provide fake texts (say!)
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
Here you go Saracen - how about a guardian link?
https://www.theguardian.com/world/20...online-aadhaar
Saracen (09-01-2018)
[rem IMG]https://i69.photobucket.com/albums/i45/pob_aka_robg/Spork/project_spork.jpg[rem /IMG] [rem IMG]https://i69.photobucket.com/albums/i45/pob_aka_robg/dichotomy/dichotomy_footer_zps1c040519.jpg[rem /IMG]
Pob's new mod, Soviet Pob Propaganda style Laptop.
"Are you suggesting that I can't punch an entire dimension into submission?" - Flying squirrel - The Red Panda Adventures
Sorry photobucket links broken
not sure whether we still do it or not but http://www.telegraph.co.uk/news/heal...-to-India.html some of the NHS was sending some data to india to be processed back in 2010.
*last year in this case being 2009The possible risks of transferring patient data abroad were exposed last year when undercover reporters from ITV’s Tonight programme were able to buy health records which were processed in India from a private hospital in London
so its happened before, happened again, and 'maybe' will happen again in the future.
Thanks to Hoonigan and B0redom for the quotes. I guess I was being a lazy bleep, but truth is, time got me. Had to go out.
So thanks.
What, catch up to us by sending most of it on unencrypted CDs thtough the post, or having military "intelligence" people leave it in a cab.
Yup, if they caught up to us, that'd reassure me loads. Gross incompetence is, I guess, better than corruption, but the end result is the same.
More serioulessly, it's not just massive government ID databases that worry me, though any such system needs to be designed and implemented so that NOBODY can access data they're not entitled to, and those authorised staff CANNOT do so without leaving an audit trail over which thdy have NO access. Such access levels would be a good use of biometric ID.
What worries me more (much more) is corporate security. There, where security has a cost implication, there's a built-in motive to only do the minimum, not everything possible.
For instance, earlier today I was reading Specsaver's Privacy Policy. Pretty inoccuous, right? Except that they database info you "volunteer", INCLUDING medical info. I always get asked if I have any medical conditions, and /or taking medication. Well, it gets databased.
Next, they not only can share it with "partners" (which, IMHO, might have legitimate need), but can transfer it outside the UK, EU and EEA, and therefore outside Data Protection laws.
But that's "okay" (HAH) because they do so with an "agreement" limiting usage.
Then the kicker .... while they take security seriously, no security is perfect, and if it happens ..... 'we aren't liable'.
So, they can record medical details provided for medical purposes, ship it all over the damn planet and aren't liable if they lose it?
Well, wonderful. And Specsavers are hardly a corporate Satan.
And people wonder why privacy is a hot button for me? :;
You're fast converting me Saracen
lolz
hexus trust : n(baby):n(lover):n(sky)|>P(Name)>>nopes
Be Careful on the Internet! I ran and tackled a drive by mining attack today. It's not designed to do anything than provide fake texts (say!)
Well, my concern is that many people sleepwalk into loss of privacy.
I hope that by getting on my hobby horse from .... ahem .... time to time, people reading this will think about it. If they do, then I regard that as a result.
Whether they agree, or actually do anythjng diferent, is up to them.
Of course, most regulars here will have heard me say it before, and probably already have thought about it. It's just possible, however, that as the number of stories about data gathering like this, go up and we get a regular drip of corporate data cockups, people may realise that this is a ticking timebomb, and that before long it may be too late to do much.
It may already be too late.
It is certainly the case that nobody in the developed world, with the exception of the seriously rich, can entirely avoid leaving a digital footprint. All I can do is take every reasonable step to minimise mine.
There are currently 1 users browsing this thread. (0 members and 1 guests)