Privacy

Never Post A Picture Of Your Boarding Pass On Social Media

Whenever I go on a trip I do the mandatory Check-in at Facebook, Twitter and Instagram, saying where I am going, who my travel-mates are, how many days I will be away and I post a picture of my Boarding-pass to prove it. I love doing it, its super cool for my friends and anyone who follow me! But sadly I am not aware of what an adversary can do with just my airplane boarding pass. ...

UTI ITSL – Data Disclosure through a single key

NSDL and UTI are two bodies under the Indian Government which are the official PAN Card service providers. Recently I had the privilege to take services for PAN Updation through UTI ITSL. After waiting for some time for the processing of my card, I went to the website of UTI-ITSL for checking the status. I entered the application number, and instantly got the status of my query. Cool! As a fuzzer, in the form-field for ‘Application Coupon Number’, I entered the next number (my application number + 1). And yes, it gave the results. Entered some more numbers in the sequence, got results for each query. I could get results for applications as early as 2011. This means that if someone runs a tiny script to scrape data of applicants for the last 8 years, they can easily get the details – Full name, PAN Number, Application Number. ...

Instagram - Your posts are not really private

You are using Instagram, right? And you might have kept your posts private, so that only your followers can view your posts. Yes, even I have ticked the option to allow only my followers to view my posts. That option works well if you are browsing through Instagram only. But what if you post your Instagram picture’s link like this: The post on your Instagram profile was limited only to your followers (maybe 150, 1500 or 150k), but now your tweet has made that picture available to millions of people who are on the Internet. Anybody can click on the link and see your picture. ...

Why is it necessary to keep your email secure?

Apart from the normal reasons for keeping our email accounts secure, there are many more which we try to ignore, or are not aware of the possibilities. Take this scenario – why to keep the work-related and social email accounts seperate and confidential (if possible): If someone knows the basic information about you, your social networking account can be hacked. The main ingredient is – your email id. Its better to keep the id secure which you are using for networking. If the work and social email ids are the same, there are more chances of people guessing-knowing your basic informations, providing more chance for your account to get compromised. ...