Has the govt implemented Aadhar safely?

I have a different take on this. Take this as you will. Do not ask for source.

The system is sound. They key vault solutions for this are also excellent or above industry standards. We Indians do know software after all. However, the SOPs for the entire system is a giant pile of shit. The solution architects wrote excellent SOPs and gave to the government employees(are they government employees?) and they lost track of how many times it was rewritten.

I wont give much examples but one I would like to put across. So as all the systems of such scale, there is an admin group that holds the tokens/certificates etc. They are engineers. Of course you have any type of work to be done, you put them in loop and they do the required stuff for you. Pretty boiler plate. NOPE. NOT HERE. The entire SOP was rewritten. Each sub group had multiple admin groups. They do whatever the **** they want. They are their own admin group. I mean what the ****. And here, the admins are not engineers. Normal government employees with no grasp of data security.

And the approval matrix is also weird. multiple mandatory approvals for access. Instead of streamlining the process.
 
6pack said:
i bet all the admin groups have one password - admin/admin123 or pass or some such known password.
Click to expand...

One of my IT support chaps did this, and got a severe lashing from me. He is pretty lucky I did not give him the chop. And the excuse is even sillier - I don't need to give my domain admin password to anyone, so I am safe :facewall: . Oh boy.

We (that forest only) got screwed twice with ransomware.
 
m-jeri said:
The system is sound. They key vault solutions for this are also excellent or above industry standards. We Indians do know software after all. However, the SOPs for the entire system is a giant pile of shit. The solution architects wrote excellent SOPs and gave to the government employees(are they government employees?) and they lost track of how many times it was rewritten.

I wont give much examples but one I would like to put across. So as all the systems of such scale, there is an admin group that holds the tokens/certificates etc. They are engineers. Of course you have any type of work to be done, you put them in loop and they do the required stuff for you. Pretty boiler plate. NOPE. NOT HERE. The entire SOP was rewritten. Each sub group had multiple admin groups. They do whatever the **** they want. They are their own admin group. I mean what the ****. And here, the admins are not engineers. Normal government employees with no grasp of data security.

And the approval matrix is also weird. multiple mandatory approvals for access. Instead of streamlining the process.
Click to expand...

That simply means that the system is not sound. Regardless of how well the solutions and processes put on paper, it doesn't mean jack after its compromised the way you described.

Same thing about UPI too. When they make a so called white hat hacker cum cyber security expert certify that the system is unbreakable, it tells me that the person making the claims may not be the skilled expert they claim to be and that the system is not secure. Arrogance and misplaced confidence is the biggest foe to security. No system is unbreakable. When you are in the security business, a healthy dose of paranoia is essential. You have to keep working with the mentality that your system would be broken into any time.
 
This is it. Terrific. Data security my ass.


20apbmp.jpg


https://twitter.com/SkochSameer/status/834330813315563521
 
Nice. So all our biometric data can get out in the wild for anyone to use (replay) to make authenticated transactions?
 
vishalrao said:
Nice. So all our biometric data can get out in the wild for anyone to use (replay) to make authenticated transactions?
Click to expand...

Wasn't this one of the first concerns when aadhar was first launched itself and they had those huge camps everywhere getting people to sign up?
 
Which is why stuff like biometric data should only be used for authentication (identification only) and not authorisation of transactions. But then anyways identity theft is easy now.
 
Those half-educated sales guys standing outside the jio stores with the fingerprint scanner hooked up to their mobiles, what's to stop them from saving your data ? Say with a rogue app on the same mobile.
 
Two-factor authentication (2FA) should be used everywhere (sending OTPs or using a OTP app like Google/MS Authenticator) to alleviate the risks. I hope they implement this quickly for Aadhaar. Would help with peace of mind.
 
Why we should blame only the bank?
Who is making scams easy for the scammers?
What if an FIR has been filed?
Anyone can guess who will be punished. No one!

Basically, this adhaar scheme is itself flawed. Insecure, unnecessary, unconstitutional, anti-people.
 
swatkats said:
For others.. some clarity: http://postcard.news/read-shocking-history-axis-bank-scams-genes/
Click to expand...
While I can't speak for the whole scam, I love how the socialist agenda rears it head. "it crashed within one year of liberalization". I mean really? Asset quality going to shit doesn't happen in a year. It happens because of mis management over many years. Specially given the "time bound" promotion and not meritocracy based one, which means the previous heads could be simply 45-50 year old people with no idea how to manage fund money.
That is not to say private companies are great but they don't parade the moral integrity as the public institutions do. People are very quick to point out the MD in case of private institution failures but never heard of a MD or higher ups being implicated because of failure in a public company.
I am sure once the SBI merger will happen, the shit quality of assets from subsidiaries will drown the whole SBI and people will come out in droves to point this out. And they already are, moaning about how SBH, I guess, had to post losses after so many years.

That said, I remember a post from the previous threads on Aadhar:
https://www.techenclave.com/community/threads/aadhaar-card.144127/page-15#post-1936492

The infallibility of "finger print" scanning. While this a case of compromised data, things could take a darker turn too.
 
Back
Top