Skip to main content

Posts

Loopholes in Aadhaar authentication API services

Loopholes in Aadhaar authentication API services Aadhar Logo

Using this loophole anybody can use Aadhaar demographic authentication API by piggybacking my requests through NSDL servers and bypass the checks at place by UIDAI. 
This story is going to be about how just about anyone can access the API that Aadhaar provides to third party services. What is Aadhaar? Aadhaar is the world’s largest biometric ID system, with over 1.19 billion enrolled members as of 30 Nov 2017. As of this date, over 99% of Indians aged 18 and above had been enrolled in Aadhaar. What is Aadhaar API?UIDAI (Unique Identification Authority of India) provides different APIs (application programming interface) which can be used to perform various actions like authentication (demographic and biometric), e-KYC (know your customer), e-sign etc. We are discussing aboutAadhaar Authentication API for now. Going further, you have to know what AUA and SA are Authentication User Agency (AUA): AUA is an organization or an ent…
Recent posts

Meltdown and Spectre

Meltdown and SpectreVulnerabilities in modern computers leak passwords and sensitive data.


Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents. Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.
Lets go in details of each one  by one. Meltdown
The Exploit In short: It is possible to exploit the speculative execution of x86 processors in order to read arbitrary ke…

CBI techie nabbed over software that hacks Railways Tatkal ticket system

CBI techie nabbed over software that hacks Railways Tatkal ticket system 
  How do some travel agents manage to book confirmed railway tickets under Tatkal category, while thousands of passengers make unsuccessful bids on their computers or at reservation counters?
Well, it seems it is all programmed. A software programmer of the anti-corruption agency CBI is alleged to be the brain behind one such illicit software which subverted the Railways reservation system, allowing the agents to book hundreds of Tatkal tickets at a single click of the mouse, officials said on Wednesday in New Delhi.  
The Central Bureau of Investigation (CBI) has arrested its assistant programmer Ajay Garg and his front, Anil Gupta, for developing and distributing the software to agents for a price, agency spokesperson Abhishek Dayal said. Besides Garg and Gupta, the agency has booked 13 others, including Garg's family members and travel agents.
Garg's parents, wife, sister, and brother-in-law were alleged…

1.4 Billion Clear Text Credentials Discovered in a Single Database

A Massive Resource for Cybercriminals Makes it Easy to Access Billions of Credentials.

Now even unsophisticated and newbie hackers can access the largest trove ever of sensitive credentials in an underground community forum. Is the cyber crime epidemic about become an exponentially worse? While scanning the deep and dark web for stolen, leaked or lost data, 4iQ discovered a single file with a database of 1.4 billion clear text credentials — the largest aggregate database found in the dark web to date. None of the passwords are encrypted, and what’s scary is the we’ve tested a subset of these passwords and most of the have been verified to be true. The breach is almost two times larger than the previous largest credential exposure, the Exploit.in combo list that exposed 797 million records. This dump aggregates 252 previous breaches, including known credential lists such as Anti Public and Exploit.in, decrypted passwords of known breaches like LinkedIn as well as smaller breach…

Vault 8: WikiLeaks Releases Source Code For Hive - CIA's Malware Control System

Almost two months after releasing details of 23 different secret CIA hacking tool projects under Vault 7 series, Wikileaks today announced a new Vault 8 series that will reveal source codes and information about the backend infrastructure developed by the CIA hackers. Not just announcement, but the whistleblower organisation has also published its first batch of Vault 8 leak, releasing source code and development logs of Project Hive—a significant backend component the agency used to remotely control its malware covertly.
In April this year, WikiLeaks disclosed a brief information about Project Hive, revealing that the project is an advanced command-and-control server (malware control system) that communicates with malware to send commands to execute specific tasks on the targets and receive exfiltrated information from the target machines. Hive is a multi-user all-in-one system that can be used by multiple CIA operators to remotely control multiple malware implants used in different …

The IP Address ... Public VS Private...

IP Address.









Hey guys its been long time after my previous post, well today we will learn about The IP Address , Public vs Private. About IP addressesAn IP address (short for Internet Protocol address) is used to identify computers on the Internet. It works like a return address would on a piece of mail. How IP addresses workWhen your computer or device sends a request, like a search on Google, it tags the request with your IP address. That way Google knows where to send the response.
What an IP address looks likeYour IP address will be a number, like 172.16.254.1 or 2001:db8:0:1234:0:567:8:1.
Find your IP addressWhen you search what is my IP on Google Search, you’ll see the IP address of the computer or device where you did the  search You can even search more about your IP Address and ISP Information here. What are Private IP Addresses?An IP address is considered private if the IP number falls within one of the IP address ranges reserved for private networks such as a Local Area Networ…