Skip to main content

Posts

Showing posts from January, 2018

Loopholes in Aadhaar authentication API services

Loopholes in Aadhaar authentication API services Aadhar Logo Using this loophole anybody can use Aadhaar demographic authentication API by piggybacking my requests through NSDL servers and bypass the checks at place by UIDAI.  This story is going to be about how just about anyone can access the API that Aadhaar provides to third party services. What is Aadhaar? Aadhaar is the world’s largest  biometric ID system , with over 1.19 billion enrolled members as of 30 Nov 2017. As of this date, over 99% of Indians aged 18 and above had been enrolled in Aadhaar. What is Aadhaar API? UIDAI  (Unique Identification Authority of India) provides different APIs (application programming interface) which can be used to perform various actions like authentication (demographic and biometric), e-KYC (know your customer), e-sign etc. We are discussing about   Aadhaar Authentication API  for now. Going further, you have to know what AUA and SA are Authenticat

Meltdown and Spectre

Meltdown and Spectre Vulnerabilities in modern computers leak passwords and sensitive data. Meltdown and Spectre exploit critical vulnerabilities in modern  processors . These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents. Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers. Lets go in details of each one  by one. Meltdown The Exploit In short:  It is possible to exploit the speculative execution of x86 process