ICERT had issued an advisory warning internet user about the bug and its solution
Praggya Guptaa | April 18, 2014
Believe it or not, government websites in India are less vulnerable to 'Heartbleed' bug. No, not because these websites have world’s best internet security protocols but because of the sluggish approach of government departments in the country. Yes, you read it right: sluggishness.
The Heartbleed bug exploits a flaw in the OpenSSL cryptographic software library. The vulnerability exposes sensitive information such as passwords, credit card numbers and other information to hackers by attacking the security certificates (SSL) of websites designed to protect online accounts for email, instant messaging and e-commerce.
According to experts, the bug has majorly attacked the sites that have updated their certificates. However, most of the Indian government sites are sluggish in updating their certificates, and therefore, the risk of getting affected is comparatively low. The two-year old bug has entered the system while updating these SSL certificates. “Generally government gives contract to vendors and they are less bothered about updating them,” said a security testing expert on the condition of anonymity.
It may be recalled that the Canadian revenue department had recently suspended its e-services for few days after being affected by the bug. The agency had reported that private information of about 900 people had been compromised as hackers exploited the Heartbleed bug. However, according to Indian Computer Emergency Response Team of India (ICERT) no such case has been reported so far in India.
ICERT had also issued an advisory warning internet user about the bug and its solution. “We have also written to large users and other organisations about the steps to be followed to mitigate the risk," said Gulshan Rai, director deneral, ICERT, to Governance Now.
According to some security experts, majority of the agencies and service providers might have already replaced the security certificates after the panic situation. Many experts and agencies are also advising internet users to change their passwords. ICERT’s advisory has also advised service provider to replace the certificate after moving to a fixed version of OpenSSL. It also advises users to change all sensitive credentials like usernames and passwords.
According to eScan MD and CEO Govind Rammurthy, “Since majority of websites are vulnerable to the Heartbleed bug mere changing a password will not help. Website would have to replace their OpenSSL software first in order to mitigate the threat.”
Commenting on the risks, Ajay Dubey, manager-south India, Websense, said, “Due to the nature of this bug data theft is of larger concern. We don’t know which all sites are compromised and what all data are with the hackers. Therefore, it is advisable that after replacing SSL certificate of sites, username and password must be changed.”
In an interview with Governance Now, Anil Kumar Jha, special DGP, CID, Assam, who is also nodal officer for the CCTNS project, speaks of what the system in its present form has helped his state achieve. What is the current status of CCTNS in Assam and its outcome?
A stand-off between the ministry of home affairs (MHA) and software development firm Wipro seems to have long held up the Rs 2,000 crore crime and criminal tracking network and systems (CCTNS) project, conceptualised ten years ago. The project aims to digitise and connect all police stations in the country
Questioning the development model pushed ahead for profit oriented growth, social and political activists, academicians, financial analysts and civil society organisations are holding a three day confluence of Peoples’ Convention on Infrastructure Financing in Mumbai. &nb
About one-fourth of India’s elderly face abuse at the hands of those they trust the most – the son (52%) followed by the daughter in law (34%),spouse/partner (14%), daughter(6%) grandchild (6%), son in law(3%), parent(1%) and care giver(1%), reveals a report by the HelpAge Ind
The official statistics provided by the department of industrial policy and promotion (DIPP) under the ministry of commerce and industry shows that between January 2000 and December 2017, India received $368 billion of foreign direct investment (FDI). It also says that Mauritius was the source of $125 bill
The declaration communicated through the director general of military operations (DGMO) of Pakistan and India on May 29, 2018, to implement the ceasefire agreement of 2003 between the two countries in “letter and spirit” has opened up an opportunity to restore peace in the disturbed Kashm