Indian Visa Application Data Easily Accessible Using Old 'Change Number In URL' Trick

from the very-very-secure dept

The folks over at Daniweb have submitted their story about the online visa application system in India. Approximately a year ago, someone who was using the system ran into a problem, where all the work he had done in filling out the application seemed to disappear, and the back button wasn't work. So he tried making small changes to the URL... which gave him access to someone else's visa application. There are plenty of online systems that do this, but you would expect something a little more secure when it comes to government documents that include all sorts of personal info. The guy notified those responsible, and his alert was promptly ignored. It was only after they were contacted a second time, by the person writing the article about it, that they took it seriously enough to finally plug the hole. With governments leaking data all the time, is it any wonder that people don't feel particularly safe when the government wants even more data from us, while promising that there's no way it would ever be leaked?
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 15 May 2007 @ 9:02pm

    Why do they bother making promises like that? It just makes us laugh to hear it.

    link to this | view in thread ]

  2. icon
    ConceptJunkie (profile), 15 May 2007 @ 9:11pm

    Giving data to the government...

    You should consider any data given to the government as secure as it would be on a billboard along I-95.

    OK, I'm exaggerating. Let's say a billboard facing away from the highway... but it's got lots of neon on it.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 16 May 2007 @ 6:05am

    Ahhhh....Would this system have been written by the highly skilled & talented people that we can't seem to find in this country and therefore need to outsource things to India?

    Looks like they have programmers making the mistakes that most of the developers here got past in 1996.

    link to this | view in thread ]

  4. identicon
    Wolf0579, 16 May 2007 @ 8:18am

    Data leaks

    It's getting to be pretty bad these days. Corporations that keep credit card info way past the transaction completion, whose data banks get hacked. Governments who are terribly inefficient with design and implementation of computer systems, asking for and keeping increasing amounts of personal data.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.