The NIC is one of the select few authorized entities can issue digital certificates and signatures that are at the core of secure Internet transactions. On 25 June, the hackers were able to break their safety and access to all the data in your home directory that hosts your most sensitive data. They published several false digital certificates that was not detected for several days.
Digital certificates help authenticate users and allow them to securely connect into emails, make payments and perform sensitive transactions. A fake certificate can compromise critical data such as passwords, and personal information of Internet users, as well as cause massive financial fraud if not detected.
With NIC not detect this failure, the matter would have been buried, but the alarms raised by global IT majors such as Google, Bing and Yahoo. Most Internet traffic passes through their browsers and search engines and a false certificate undetected could have resulted in major fraud and loss of sensitive data.
Since then, the NIC has tried to downplay the incident. "Our site was attacked from outside India. Auditors investigated between 4 and 7 July and urgent measures have been taken to mitigate the vulnerabilities," NIC CEO Ajay Kumar told Hindustan Times.
But on July 25, Matt Thomlinson of Microsoft, VP of security services wrote to the authorities controller TA Khan and RS Sharma, secretary in the technology department, certifying that expresses its deep concern about the lack of cooperation in addressing the violation of security. The ministry has also submitted misleading information to Parliament last week when questions were raised about the incident.
"They have been disappointed with the reluctance of your organization to share with us the research report," Thomlinson wrote.
"The current situation poses risks to consumers and businesses around the world ... (and) the attacker can alter based network audit logs and erase the evidence of the certificates being issued."
According Thomlinson, failure "raises serious concerns about the reliability" of the entire certification process safety in India.
"Microsoft supports an open, competitive certification authorities (CA) market. Each CA included in the trusted root store of Windows must meet certain requirements. Constantly monitor the threat landscape and respond when necessary to help protect our global customers, "he told HT.
Microsoft and Google were also upset with the government's investigation of India. IAS said on July 7 that there were only four false certificates. But two days later, Google found a fifth false certificate issued by the NIC. An internal investigation also revealed that the hacker had managed to break into the home directory of the root of the NIC to access all your data.
In a curious move that the government has restored the authority of the NIC to issue certificates, but also forbade them to do so for at least six months. Companies like Google and Microsoft have refused to accept certificates NIC and have stated many government websites certified by them as unsafe. Ironically, many key Indian websites and the website of the tax authority to enable the transfer of sensitive data are now dependent on foreign companies to certify their safety.
Apply Online Digital Signature Certificates through 'Digital Signature Mart ' Digital Signature Certificate in Delhi, India at very competative rates.
15:15
Share:
About 
0 comments: