It is a development that is sure to have far reaching ramifications on the credibility of the organisations concerned. It was recently revealed that an unauthorized individual had succeeded in gaining access to the administrator control panel of the Thinkdigit.com site. The site in question is the online face of the Digit magazine, a popular and quite easily the highest selling Technology-oriented magazine in India. The ownership of the magazine had recently taken over by 9dot9 Media, a relatively new media group headed by Dr. Pramath Raj Sinha.
His achievement was helped by shoddy implementation of code on the recently revamped website. According to him, the poor coding skills exhibited by the site’s designers left it vulnerable to such exploits as SQL injection, XSS attack, Full Path Disclosure among others. Using one of these (or some other - he has not revealed his technique) methods he was able to break into the site. Proof of the achievement - screenshots posted on his site showing the various db entries that could have been taken only if you had admin access to it.
If you are yet to fathom the enormity of his achievement - after gaining access to the site’s Administrator control panel he could have run absolute riots with the site’s setup. Some examples - he could have re-directed the site to some other unmentionably illegal site, he could have deleted the all the site’s databases including that of its hyper-active forum or gathered the personal informations of all the forum members, among others. Instead, in following the ways of the highest principles of the purest of hacker ethics, he promptly reported the matter to the site’s Webmaster. He received a reply from them thanking him for bringing the vulnerabilities to light. Incidentally, he himself is a regular and respected member of the aforementioned forum. A Biology professor and a polite and well-spoken member, who at no point has ever indulged in flames and fanboyisms - an activity many forum member there participate with absolute glee and enthusiasm.
The task of re-designing the site had been entrusted upon Indus Net Technologies who claim,
"Indus Net Technologies is a premier Internet Consulting company offering diverse tailor made solutions to help organizations around the world gain an edge over competitors. We adhere to highest international standards and deliver visually appealing and technically perfect websites that exceeds your expectation......"
Well in face of this recent egg that has landed on their faces, they might want to re-think their future course of action and take a long hard look their company’s actual expertise (or lack of it).
Well one thing is for sure - the reputations of both companies is bound to take a major hit. Things may be even worse for Digit. There is a deluge of Technology-oriented magazines in India - T3, PC World, PC Quest, IC-Chip etc, all engaged in a cut-throat battle to reign supreme over the tech-fanatic Indian reader. Digit will have to go into some serious damage control mode to ensure that its advertisers aren’t turned off by this latest news and more importantly, its readers continue to remain loyal to it and not switch allegiance to a different publication.
As of now EPL (Arsenal notwithstanding) and the Champions League (semifinals notwithstanding) is all but forgotten for me. This development is faaaaaaar more interesting and gripping and I will be following with eager enthusiasm.