Web addresses put Indian govt at risk

Summary:Government's technology department lists Web-based GMail and Yahoo accounts as e-mail correspondence, which a security player believes can expose the Indian government to a significant security vulnerability.

India's technology department uses Gmail and Yahoo to host official e-mail corespondence, which one IT security vendor believes can expose the government to significant security vulnerabilities.

The Web site of the country's Department of Electronics and IT (DeitY), which lists the contact details of ministers and secretaries, reveals several e-mail addresses hosted on the popular, free Web-based e-mail services. Milind Deora, India's minister of state for communications and IT, has the address "m.deoraoffice@gmail.com", while his prevate secretary Dinesh Arora secured the more personal "dineshias@gmail.com". Private secretary D.K Rana can be e-mailed at "dinesh842@yahoo.co.in".

The minister did not respond to requests for comment about the potential security threat of using these Web-based services for official correspondence and listing these on the government's official Web site. The details remain on the site.

Screen Shot 2013-03-07 at 10.11.02 AM

In an interview with ZDNet, Pavan Thatha, founder of Chennai-based security startup Array Shield, said there were  risks in the government's use of Gmail addresses.

Hackers could crack the password using software tools, password databases, and social engineering techniques. One simple method would be to try and answer password reset questions, such as "what is your mother's maiden name?", commonly used to verify the user's identity.

"There are so many password databases that have been breached, and there is a huge dictionary of frequently used passwords  which can be used to compromise the account," Thatha said. "In that way, it can potentially be very dangerous."

However, he noted the e-mail accounts listed may not be used for official correspondence. 

Topics: Security, Government : Asia, India

About

Mahesh Sharma earned his pen licence in his homeland, where he covered the technology industry for ZDNet, SMH, Sky Business News, and The Australian--first as an FTE, and later as a freelancer. The latter fueled his passion for startups and empowered a unique perspective on entrepreneurs' passion to solve problems using technology. Armed... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.