India - Gmail Flaws Attract Hackers to .gov Sites
The main official organization on computer security has released an advisory that says Google products and its Blogspot have weak areas. CERT-IN (Indian Computer Emergency Response Team) operating under the Department of Information Technology has also warned that e-mail theft occurrence persistently affects the widely accepted Gmail service.
The advisory posted on the Website www.cert.in.org.in of CERT-IN comes after reports that there have been hacking attempts on e-mails of union ministers and senior government officials, and many Websites of government departments.
Gulshan Rai, the Director of CERT-IN, denied telling the specific factors that prompted the advisory but said there were valid reasons behind it. The Times of India reported this on October 8, 2007.
Rai said that his agency works by adhering to the principle of total confidentiality; therefore, he could not disclose anything beyond the advisory that is public sphere.
Google, however, said on September 7, 2007 that it had fixed the flaws in its Gmail service and other online tools on or earlier to September 27 when CERT-IN had issued another advisory reporting multiple flaws on the systems of the IT major.
Unfortunately, this important information was not put in the advisory for the benefit of the users, a spokesman representing Google said.
Lately, the Ministry of IT received about 100 complaints that e-mail accounts of private parties and government officials were being hacked. Mani Shankar Aiyar, Union Panchayats and Sports minister, was one of the victims, reliable sources in the central government told DNA.
Further, according to official sources, unidentified hackers had infiltrated numerous Gmail accounts of Indian citizens in August 2007. The sources did not say anything beyond this on the issue to maintain confidentiality of VIPs.
There have been compromises of personal Gmail addresses of several secretary-level officers as well, the official added.
According to CERT-IN, reports came in that cross-site scripting vulnerabilities of critical ratings were found in Google. XSS occurs when a Web program collects a user's malicious data in a hyperlink. The user is lured to click this link from an instant message, a Website, or by opening an e-mail, CERT-IN explained.
Related article: India Remains an Easy Target for Hackers in '06
» SPAMfighter News - 19-10-2007