True News India
  • Home
  • Politics
  • Economy
  • India
  • World
  • Opinion
  • Crime
  • Education
  • Entertainment
  • Tech News
  • Automobile
  • Science
  • Health
  • Sports
  • Islam
  • Diverse
Facebook Twitter Instagram
  • About Us
  • Privacy Policy
  • DMCA
Facebook Twitter Instagram
True News India
  • Home
  • Politics

    Hijab controversy: Karnataka government bans clothes which disturb equality

    06/02/2022

    Rajnath Singh blasts Rahul Gandhi over his Doklam statement

    05/02/2022

    ED arrests Punjab CM’s nephew in money laundering case

    04/02/2022

    U.S. “won’t endorse” Rahul Gandhi’s China-Pak comment

    03/02/2022

    After 10 cr cash recovery, Channi alleges “revenge”, opposition leaders accuse him of illegal sand-mining

    23/01/2022
  • Economy

    Despondency grips corporates in Punjab, youth losing jobs

    31/10/2021

    Centre stands by FCRA amendments for NGOs

    27/10/2021
  • India

    Harsha, a Hindu activist murdered by Muslims in Karnataka

    23/02/2022

    Retired cop Muhammad Mustafa swears by Allah and threatens Hindus: Booked

    23/01/2022

    India celebrates world’s largest vaccine drive

    17/01/2022

    Controversy over inviting Devdutt as speaker at 25th National Youth Festival

    12/01/2022

    NCW asks Maharashtra govt to take action against Siddharth for lewd comments against Saina Nehwal

    10/01/2022
  • World

    U.S. “won’t endorse” Rahul Gandhi’s China-Pak comment

    03/02/2022

    Refusing to take part in India’s meeting, Pak holds its own meet on Af

    11/11/2021

    Malala does ‘Nikah’: Netizens question her U-turn

    11/11/2021

    Modi once again tops global approval rating

    08/11/2021

    Muslim man identified for keeping Quran at Puja Pandal triggering riots

    21/10/2021
  • Opinion

    Karnataka Hijab row: learn from Dorsa Derakhshani and Heena Sandhu

    07/02/2022

    Falsifying History, Pakistani Style

    06/01/2022

    Busting the Myths of Santa Clause and Christmas

    25/12/2021

    Are protesting “farmers” transgressing the rights of others?

    31/10/2021

    Hinduphobic ads on the rise; but the pushback has started

    27/10/2021
  • Crime

    Harsha, a Hindu activist murdered by Muslims in Karnataka

    23/02/2022

    Hindu idol vandalised in Punjab: No outrage, no lynching

    06/02/2022

    Mohammad Hassanain arrested for attack on Sikh taxi driver

    17/01/2022

    Why do Criminals targeting dignity of Hindu women go scot-free?

    05/01/2022

    Delhi Police’s IFSO busted an online exam-solving module and arrested six people

    05/01/2022
  • More
    1. Education
    2. Entertainment
    3. Tech News
    4. Automobile
    5. Science
    6. Health
    7. Sports
    8. Islam
    9. Diverse
    10. View All

    Hijab controversy: Karnataka government bans clothes which disturb equality

    06/02/2022

    Don’t mix education and religion: Karnataka Home Minister on Hijab controversy

    04/02/2022

    The fall of Devdutt Pattanaik

    12/01/2022

    Tamil Youtuber Maridhas gets relief from High Court

    24/12/2021

    Munawar plays victim card after cancellation of his comedy show; netizens slam him

    30/11/2021

    Vir Das faces backlash, F.I.R., for his deplorable comments

    18/11/2021

    Sunny Nehra and his team found critical security flaws in Indian army websites

    01/01/2022

    Mahindra Autos XUV700 receives unprecedented response

    08/10/2021

    Experts claim Covishield and Covaxin are effective against Omicron.

    16/12/2021

    India beat Pakistan, claim bronze medal

    23/12/2021

    After losing, Pakistanis target Hasan Ali for being a Shia

    14/11/2021

    Rohit named T20 skipper; Kohli rested for T20 matches against NZ

    11/11/2021

    Hearts broken as India out of T20 World Cup

    07/11/2021

    Karnataka Hijab Controversy: Muslim girls refuse to comply with uniformity, approach court?

    02/02/2022

    After Kabir Khan, Naseeruddin tries to whitewash Mughal atrocities

    30/12/2021

    “Thook Jihad” decoded: Why Muslims Spit on food

    25/11/2021

    Aurat: Don’t use that dirty Islamic word for Woman

    22/11/2021

    Christian Missionaries strike widespread roots in rural Punjab

    02/02/2022

    Karnataka Hijab Controversy: Muslim girls refuse to comply with uniformity, approach court?

    02/02/2022

    Malayalam film director Ali Akbar is now Ramasimhan

    14/01/2022

    NCW asks Maharashtra govt to take action against Siddharth for lewd comments against Saina Nehwal

    10/01/2022

    Harsha, a Hindu activist murdered by Muslims in Karnataka

    23/02/2022

    Karnataka Hijab row: learn from Dorsa Derakhshani and Heena Sandhu

    07/02/2022

    Hindu idol vandalised in Punjab: No outrage, no lynching

    06/02/2022

    Hijab controversy: Karnataka government bans clothes which disturb equality

    06/02/2022
True News India
Home » Sunny Nehra and his team found critical security flaws in Indian army websites
Tech News

Sunny Nehra and his team found critical security flaws in Indian army websites

TNI DeskBy TNI Desk01/01/2022
Facebook WhatsApp Twitter Telegram Email
Sunny Nehra
Share
Facebook WhatsApp Twitter LinkedIn Telegram Pinterest

Cyber Expert, Sunny Nehra and his team recently detected multiple security loopholes in the official websites of Indian Army. Sunny Nehra from “Hacks and Security” detected critical vulnerabilities in the websites indianarmy.nic.in and joinindianarmy.nic.in. Nehra and his team reported their findings to CERT-In and the concerned authorities for patching.

They observed that the Indian Armed forces website was using highly outdated Lodash (a JavaScript Library). Affected versions of the package were vulnerable to Prototype Pollution. The function zipObjectDeep can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects.

Such a critical security issue, if exploited, could lead to severe threats, including the complete takeover of the webserver. Furthermore, these sites were using obsolete jQuery, Bootstrap, and several other aspects of the web applications. This made the sites susceptible to different types of attacks.

UHBVN and DHBVN

Apart from this, they found out that some other government websites were having some critical security vulnerabilities. These sites included the UHBVN (Uttar Haryana Bijli Vitran Nigam) and DHBVN (Dakshin Haryana Bijli Vitran Nigam) with data of so many users of Haryana state. One of the primary reasons for the security issues was failing to keep various critical components of the websites up to date.

Advertisment

The websites contain a number of out-of-date features, including an out-of-date Liferay portal. It can allow an attacker to exploit the Arbitrary File Upload Vulnerability. Attackers can exploit such vulnerability to upload or transfer dangerous files. Subsequently, such files can be automatically processed within the product’s environment. In layman terms, the hacker can effectively take over the entire webserver.

This is not the first time Hacks and Security have found critical vulnerabilities in government websites. Earlier in Aug 2021, Sanjeev Gupta (former Digital India CEO) had notified how some Pakistani hackers had hacked into some Indian news channels, and Hacks and Security helped them fix their security issues.

Nehra explains the Reason behind government websites being so insecure

One of India’s well-known and acknowledged Cyber Security Professional, Sunny Nehra, created a Twitter thread to explain the root cause behind government websites being so insecure.

Photo: Sunny Nehra

Government of India hosts its websites, including those of the Indian armed forces, on NICNET (National Informatics Centre Network) data centers. However, the respective departments mostly outsource their development to private firms. These firms have to adhere to some requirements, guidelines, and procedures that vary from department to department.

Where lies the problem?

A little scrutiny of the process of outsourcing gives an indication about the problem. The same happens in other tenders of government. Also, there is bidding-based outsourcing, the officials preferring their knowns and other political matters leading to this mess up.

Some private firms get the tenders, and they further outsource those to other smaller firms and save some funds as margin. To maximize the margins, some outsource to even the cheapest possible developers who have no idea about cyber security and don’t even bother to check critical updates. The authorities don’t do security audits for all the projects. When audits are carried out, connivance and rigging can not be ruled out.

He further explains that some cyber security researchers like him keep finding such flaws. Their aim is to detect them and inform the authorities. But, it is for the government to improve their policies and regulations for the development and audits of these tech projects. Aim of such researchers is to facilitate a secure infrastructure

Because at the end, it boils down to dedication and team work. If the developing team is not aware and dedicated every task is on ad-hoc basis. The employee of an outsourced firm will update it today. But, within a few days, another update will be required.

Updating is not the only issue. Administrators must take care of other aspects like implementation, logging, auditing etc also. Government of India must address these lapses on priority basis. Unless government gets its act together, such issues can have very serious implications.

Leave a Comment

Share. Facebook WhatsApp Twitter Telegram Email LinkedIn
Advertisement
Latest News

Harsha, a Hindu activist murdered by Muslims in Karnataka

23/02/2022

Karnataka Hijab row: learn from Dorsa Derakhshani and Heena Sandhu

07/02/2022

Hindu idol vandalised in Punjab: No outrage, no lynching

06/02/2022

Hijab controversy: Karnataka government bans clothes which disturb equality

06/02/2022
Advertisement

True News India provides you news from a perspective that is often overlooked or neglected in the mainstream news outlets.

We're social. Connect with us:

Facebook Twitter Instagram YouTube Telegram
Top Insights

Harsha, a Hindu activist murdered by Muslims in Karnataka

23/02/2022

Karnataka Hijab row: learn from Dorsa Derakhshani and Heena Sandhu

07/02/2022

Hindu idol vandalised in Punjab: No outrage, no lynching

06/02/2022
Advertisment
Facebook Twitter Instagram YouTube
  • About Us
  • Privacy Policy
  • DMCA
© 2022 True News India - All Rights Reserved.

Type above and press Enter to search. Press Esc to cancel.