Indian Visa Application Data Easily Accessible Using Old 'Change Number In URL' Trick

from the very-very-secure dept

Tue, May 15th 2007 7:53pm — Mike Masnick

The folks over at Daniweb have submitted their story about the online visa application system in India. Approximately a year ago, someone who was using the system ran into a problem, where all the work he had done in filling out the application seemed to disappear, and the back button wasn't work. So he tried making small changes to the URL... which gave him access to someone else's visa application. There are plenty of online systems that do this, but you would expect something a little more secure when it comes to government documents that include all sorts of personal info. The guy notified those responsible, and his alert was promptly ignored. It was only after they were contacted a second time, by the person writing the article about it, that they took it seriously enough to finally plug the hole. With governments leaking data all the time, is it any wonder that people don't feel particularly safe when the government wants even more data from us, while promising that there's no way it would ever be leaked?

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

4 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 15 May 2007 @ 9:02pm

Why do they bother making promises like that? It just makes us laugh to hear it.
[ link to this | view in thread ]
ConceptJunkie (profile), 15 May 2007 @ 9:11pm

Giving data to the government...
You should consider any data given to the government as secure as it would be on a billboard along I-95.

OK, I'm exaggerating. Let's say a billboard facing away from the highway... but it's got lots of neon on it.
[ link to this | view in thread ]
Anonymous Coward, 16 May 2007 @ 6:05am

Ahhhh....Would this system have been written by the highly skilled & talented people that we can't seem to find in this country and therefore need to outsource things to India?

Looks like they have programmers making the mistakes that most of the developers here got past in 1996.
[ link to this | view in thread ]
Wolf0579, 16 May 2007 @ 8:18am

Data leaks
It's getting to be pretty bad these days. Corporations that keep credit card info way past the transaction completion, whose data banks get hacked. Governments who are terribly inefficient with design and implementation of computer systems, asking for and keeping increasing amounts of personal data.
[ link to this | view in thread ]