Today, his son Siddhanath, also a poet and a musician, interestingly named after one of Goa’s hills Siddhanath, is fighting a similar battle. In 2012, the BJP came to power with Goans tired of Congress’s corruption. IITian Parrikar got a clear mandate, but for 5 years, Parrikar made Goans go through hell. Goa today has become the sleeze capital of India with lots of casinos, sex and drugs. Ironically Parrikar came to power on the promise of stopping casinos. The same story is with corruption. 

In this year’s assembly elections held earlier, Goans convincingly voted against the BJP, but using sly means, the Goa Forward party which won on the anti-BJP platform was allegedly bought and a government formed by Parrikar. 23 rd is the by election in Panjim constituency where Parrikar is pitted against a humble Congressman AICC secretary Girish Chodankar known for his integrity.

Siddhanath through this video 
https://www.facebook.com/samir.kelekar/videos/10155663967233656/
 

The post Music Against Sleaze and Corruption in Goa, Video goes Viral appeared first on SabrangIndia.

Meanwhile the Election Commission did not actually conduct the hackathon it promised last Saturday, June 3, as there were
no takers from the political parties. While the Aam Admi Party (AAP) and the Indian National Congress (INC) wrote in to
the EC objecting to the limited framework that the hackathon was being conducted in, the two parties CPI(M) and NCP
that registered, did not take part in the actual hacking of the machine citing one reason or the other. The EC on its part has now said
that the issue of EVMs and their one hundred per cent security, is now closed.

Today, June 6, an additional collector from Goa, Sabaji Shetye, was arrested by the Anti Corruption Bureau (ACB) Goa as he was caught
red handed taking a bribe of Rs. 25,000/- as advance towards sanctioning an explosive storage licence. There would be nothing unsual in this news
per se except that this man had been the Returning officer for the 2015 by-elections for the prestigious Panjim assembly constituency.

That election was held because the seat was vacated by the then Chief Minister Manohar Parrikar when he resigned to go to Delhi to join the
Central Cabinet to become the Defense Minister. The election was won with overwhelming majority by the BJP.

Those were the days when no one ever questioned the functioning of the EVM. Though there were doubts, people
were probably just learning about how the machines operated and were not confident of making statements about the
EVMs and their functioning with any certainty.

The EC, on its par,  has made statements saying EVMs are safe and that internal parts  in EVM  cannot be changed or manipulated as there
are administrative safeguards. However, they have not specified these administrative safeguards actually are.

As of now, it is not clear what due diligence tests the EC conducts so that a critical position such as that of a Returning officer is filled by
a person of integrity, a must to ensure free and fair elections.But now that an ex-RO has been caught red handed taking bribe, serious questions
arise.

Isn't it necessary to check and investigate all previous assignments of this ex-RO to ensure that he did not indulge in any hanky panky (read
corrupt practices) before?

And if a person of suspicious credentials is made RO, would EC's administrative safeguards not get undermined? Given the high level of corruption in
India and the huge stakes in the Indian elections, the EVM should be tamper proof and even if the most corrupt of guys tries any stunt, there ought to be
enough checks and balances there so that he cannot get away with tampering.

Today's arrest of an ex-RO raises serious questions that the EC would be compelled to answer.

Related Articles:

1. Election Commission transfers returning officer after complaint from Nationalist Student Congress
2. AAP shows live demonstration of EVM fraud in Delhi assembly
 

The post Can a corrupt returning officer undermine EC’s administrative safeguards? appeared first on SabrangIndia.

A security hole in Whatsapp allows anyone to go anynomous on Whatsapp in India. Whatsapp has two ways of verifying identity — either via an SMS or via a voice call, what is called the call me option.
 
By using the ubiquitous public pay phone which has no ownership associated with it, one can receive the OTP in voice on the phone and use it to verify one's identity. This associates the Whatsapp with the Public Pay Phone number which cannot be attributed to a particular owner and thus one can hide oneself.
 
Given the huge use of Whatsapp — Whatsapp is increasingly becoming the medium of communication and the assumption is that given that Whatsapp users usually are tied to a mobile number, their identity can be found.
 
Just as an example, radio stations receive messages from listeners on Whatsapp. The Bangalore airport authorities receive feedback or complaints on Whatsapp.
 
Imagine the potential of misuse when whatsapp can be used anonymously. Whatsapp has been informed of this security hole. They have refused to fix it. It is high time Indian law enforcements take action before this hole is misused.
 
 
The following youtube video illustrates the security hole.

 
What False and Vicious Whatsapps Can Do, Have Done: Take Lives
 
Social Disharmony Through Whatapp
 
Jharkand
 
Recently, in Jharkand, seven persons were lynched to death after scurrilous rumopurs of child kidnappings were spread on Whatapp. Too late,the local police sought to act on rumours that were being spread on What's App for over a month on alleged 'child kidnappers' on the prowl. Read more about this here
 
In October 2016, 22- year old Minhah Ansari was flogged to death in Jharkand after a false Whatsapp image of him behading a calf was circulated. Unbeknownst to the young men, Sonu Singh, the district head of the Vishwa Hindu Parishad's Jamtara unit, had complained to the police that Ansari had posted a photograph of himself with a calf on a WhatsApp group on October 2, followed by another of him posing with beef.
 
Read more about this here
 
Maharashtra
Barely a few months ago, a professor was beaten up, arrested, and suspended in the climax of a grand, long war waged against him.“I had never imagined that a WhatsApp forward would cost me my job, my dignity, and everything that I have loved”, said Professor Sunil Waghmare, worriedly. “I want my life back. I have had no experience of fighting injustice of this scale before” he says, referring to the mob that humiliated and slapped him within the campus premises, in public view. He was forced to leave his small room in Khopoli after the incident, and left for his village along with his family.
 
Read more about this here
 
 
Haryana

And in Mewat, a doctored video on Whatsapp School attendance in this Haryana district fell to as low as 5% after a doctored video began to do the rounds on social media. Mewat fathers are standing guard outside schools after rumours about injections causing sterility
 
In February, the Union health ministry had launched a campaign to administer the measles-rubella vaccine to children between the ages of nine months and 15 years. The campaign started with the states of Tamil Nadu, Puducherry, Karnataka, Goa, and Lakshadweep. The campaign was yet to reach Haryana.

The first half of the ABP News programme summarised the rumours that had spread in Karnataka and Tamil Nadu, while the second half featured experts, including doctors, debunking them. Only the first half of the programme circulated on WhatsApp in Mewat.
Read more about this here
 
And the story begins with the Muzaffarnagar violence opf September 2013 when vicious Whatsapp messages were used to spread hatred and vitriol against Muslims living in four districts of western UP.
Why are the Indian authorities not acting against this loophole that allows instigators and abettors of crimes to go scot free?
 

The post A Security Hole in What’s App Can Allow ‘Anonymous’ Posts That Spread Lies, Venom & Vitreol: Fix It! appeared first on SabrangIndia.

 
Senthil from Chennai has tweeted the following about Bhim app and I, Samir Kelekar, a software professional tested it.
 
Last week, Kelekar had written exclusively for Sabrangindia saying, how in a hurry to present one more sop before the coming crucial 2017 elections in five states, the Bhim APP has been released without even the basic functionality testing
 
 
St_Hill on Twitter

 
This is highly interesting.
 
When one uses the Request Money feature in Bhim, and inputs a mobile number, in the next screen Bhim reveals the name of the person from whom money is requested provided of course
he/she is also a Bhim user. There is no need to send any money to the person. This has huge implications.
 
By writing a bot ( automated program)  that continuously loops through one number at a time sequentially, one could actually  make a reverse directory listing of all Bhim users ( currently more than 3 million users).
 
The reverse listing can then be reversed to make a regular listing. The reverse listing is exactly what TrueCaller provides as a service. True Caller however has some protection to protect itself from bots. True caller also used to allow one to remove one's  name from its list. This was as of a few years back.
 
So, if you are a Bhim user, and are concerned about your number being leaked out, sorry hard luck. Obviously getting a bot working is not a trivial job, but for professional hackers this is all in a day's work.
 
I tried to confirm what Senthil wrote, and input my friend Dinesh Bareja's number in Bhim app, and this is what I got. (The number is redacted for privacy purposes).

 
So, what then is the real story with Bhim?
 
For one, if you are concerned about your number getting leaked, you should uninstall Bhim till this issue is fixed.
 
Incidently,Paytm also has a similar functionality of sending money  based on mobile numbers.
 
While I havent tested Paytm, I believe ( prima facie) the name of the person is revealed only after the money is sent.
 
The question also arises whether all the payment functionalities in the Bhim App are in order.
 
While one cannot definitively say anything at this point, the sloppy testing that has gone behind Bhim revealing the two bugs (see my earlier article  Cashless disaster: Bhim App Released Without Basic Security Measures in Place) should be a huge sign of caution to all security conscious users.
 
 (The author is a security professional based in Bangalore)
 
 

The post Many Security Holes: BHIM APP appeared first on SabrangIndia.

एक इंटरनेट सिक्यूरिटी प्रोफेशनल होने के नाते जब भी कोई नया ऐप या कोई गैजेट लांच होता है तो मैं इसकी सिक्यूरिटी की खामियों को जांचने की उत्सुकता रोक नहीं पाता हूं। लिहाजा यह स्वाभाविक था कि कैशलेस ट्रांजेक्शन के लिए मोदी सरकार की ओर से हाल में लांच हुए भीम को भी मैंने इसी मकसद से डाउनलोड कर लिया।

लेकिन इसे काम शुरू करने में दो दिन लग गए। पहले तो यह कनेक्ट ही नहीं हो रहा था। फिर एमपिन जेनरेट करते वक्त इसमें एरर आने लगे। आखिरकार किसी तरह  यह चालू हुआ। चूंकि मेरे पास एक ही मोबाइल नंबर है और मेरे सभी अकाउंट नंबर इसी एक नंबर से जुड़ा है लिहाजा मैंने अपने ही नंबर से अपने अकाउंट में पैसा भेजना चाहा। ऐसे में इसे काम नहीं करना चाहिए था। लेकिन उस वक्त मैं भौचक्का रह गया जब उसने दो अलग-अलग एंट्री दर्ज कराई। 10 रुपये डेबिट में 10 रुपये क्रेडिट में। एक ही अकाउंट से डेबिट और उसी से क्रेडिट भी दिखाया गया था। हद हो गई!

मेरा हैकर दिमाग अब तुरंत दूसरे स्टेप के बारे में सोचने लगा।

अगर मैं एक ऑटोमेटेड स्क्रिप्ट लिखूं (एक तरह का कंप्यूटर प्रोग्राम) जो एक रुपया या संभव हो तो इससे भी कम रकम काट कर जिस अकाउंट से काटे उसी में जमा करना शुरू कर दे तो?

अगर कोई इस तरह के कुछ सौ बोट्स (कंप्यूटर प्रोग्रामिंग से जुड़ा एक शब्द) चलाना शुरू कर दे तो वह भीम के सर्वर को हर समय व्यस्त रख सकता और अंततः ठप भी कर सकता है। किसी दूसरे के लिए इसे इस्तेमाल करना नामुमकिन हो जाएगा। कंप्यूटर या इंटरनेट सिक्योरिटी की भाषा में इसे डीडीओएस अटैक कहा जाता है। दरअसल किसी भी अकाउंट से उसी अकाउंट में पैसा भेजना किसी ऐप से संभव नहीं होना चाहिए। ऐप की सिक्यूरिटी के लिए यह बेहद बेसिक क्वालिटी होनी चाहिए। एप बगैर इस बेसिक फंक्शन के जांच के जारी कर दिया गया।

यह बेसिक फंक्शन भी नहीं है। सिक्यूरिटी टेस्टिंग की तो बात छोड़ ही दीजिये। एक ऐप को इसके बेसिक फंक्शन को भी जांचे बगैर भी कैसे जारी किया जा सकता है। हर दिन हम हजारों ऐप लांच कर रहे हैं ( हर दिन कई ऐप) और कैशलेस इकोनॉमी की ओर बढ़े जा रहे हैं।

आखिर हम इस बेवजह की दौड़ के पहले थोड़ा रुक कर इसके बेसिक सिक्योरिटी को क्यों नही जांच सकते ताकि हमेशा यह ठीक से काम करता रहे।

(लेखक इंटरनेट सिक्यूरिटी फ्रोफेशनल हैं और बेंगलुरू में रहते हैं)

The post एक और कैशलेस हादसा – बगैर सिक्योरिटी इंतजाम ही भीम ऐप रिलीज appeared first on SabrangIndia.

 
As a security professional, it is always a curiosity to test for security holes when something new and important has been released. 
 
With the big hype around cashless transactions, and the release of apps such as Bhim with a lot of media attention, it was natural that I downloaded Bhim to play around with it.
 
It took two days to get it working. First, it wouldn’t connect and then it would give error generating an MPIN. But finally it worked. And since I have only one mobile number and all my accounts are linked to just one number, I tried to send money from my mobile number to itself.
 
This shouldn’t work, but imagine my surprise when I saw two different entries — a debit of Rs. 10/- and a credit of Rs. 10/- from and to the same account! This was incredible.
 
My hacker mind immediately thought of the next step.
 
What if I write an automated  script ( a computer program ) that keeps deducting Rs. 1/- or even smaller amounts if possible and crediting to the same account?
 
If one runs a few hundred such bots, one could keep the Bhim servers busy and in fact down (!) or make it useless for others to use! In security terminology, this is called a dDOS attack.
 
The fact that money can’t be sent to the same account from itself should be part of basic functionality of any app.
 
This is not even security testing. How come an App has been released without even doing such basic functionality testing?
 
And here we are launching a thousand Apps (a few every day!) and going into a cashless economy.
 
Let us not get carried away unnecessarily; we need a halt to all this and ensure that we put together some basic secure, functionality systems to ensure seasoned functioning. And some sanity here.
 
(The author is a security professional based out of Bangalore)
 

The post Cashless disaster: Bhim App Released Without Basic Security Measures in Place appeared first on SabrangIndia.

Whether due to the above reason or not, it is not clear (fear of protests and opposition) but the foundation stone laying ceremony was held in Bambolim close to Panjim, which is 45 kilometers from the airport.
 
This would be surely a case for an entry into Ripley's Believe it or Not: During the ceremony, Goa CM Parsekar was given the cold shoulder by Modi.
 
Before his ‘Emotional Address to the Nation’!
 
We really don’t know what is the reason for this royal ignore: But the below video clearly illustrates it !

The post Before Narendra Modi’s ‘Emotional Outburst to the Nation’, He Cold Shoulders CM Parsekar appeared first on SabrangIndia.