[Owasp-delhi] [OWASP-Bangalore] Rediff Astrology

Neelu Tripathy neelu.tripathy at tcs.com
Fri Jun 18 05:01:13 EDT 2010


For the government sites .. :) It should be made mandatory for them to 
comply with respective regulatory (security) requirements. Also there 
should be an independent body for security audit and monitoring(for both 
applications and networks). This is not easy for the government 
considering budget bottlenecks, but sooner or later has to be implemented. 

'Security' once in a while.. not enough (for the Govt) cause there might 
be thousands out there waiting for that one moment when we(govt) are not 
alert.

Regards,
Neelu Tripathy
Security Analyst, TCS




From:
"Suryavanshi, Rajesh" <rajesh_suryavanshi at uhc.com>
To:
"Neelu Tripathy" <neelu.tripathy at tcs.com>, <nileshkumar83 at gmail.com>, 
<owasp-delhi at lists.owasp.org>, <owasp-mumbai at lists.owasp.org>, 
<owasp-bangalore at lists.owasp.org>, <owasp-delhi-bounces at lists.owasp.org>
Date:
06/18/2010 01:38 PM
Subject:
RE: [Owasp-delhi] [OWASP-Bangalore]  Rediff Astrology



What about the government sites..  there are many sites are vulnerable to 
SQL injection, XSS, Parameter Manipulation.. 
 
Do not want to specify any one of them.. but still there are no security 
measure and controls in place.. 
 
Hope so once in a while government realize the importance of information 
and will take Preventive Action to mitigate risk...
 
 
Regards,
 
RS
 
 

From: owasp-delhi-bounces at lists.owasp.org [
mailto:owasp-delhi-bounces at lists.owasp.org] On Behalf Of Neelu Tripathy
Sent: Friday, June 18, 2010 12:26 PM
To: nileshkumar83 at gmail.com
Cc: owasp-delhi at lists.owasp.org; owasp-mumbai at lists.owasp.org; 
owasp-bangalore at lists.owasp.org; owasp-delhi-bounces at lists.owasp.org
Subject: Re: [Owasp-delhi] [OWASP-Bangalore] Rediff Astrology


>From one perspective this is illegal while from another 'service done for 
FREE'. Though for the latter, there must be responsible disclosure of 
vulnerabilities. 
 
Regards, 
Neelu Tripathy
Security Analyst,  TEG
Tata Consultancy Services


From: 
nileshkumar83 at gmail.com 
To: 
owasp-bangalore at lists.owasp.org 
Cc: 
owasp-delhi at lists.owasp.org, owasp-mumbai at lists.owasp.org 
Date: 
06/15/2010 06:43 PM 
Subject: 
Re: [Owasp-delhi] [OWASP-Bangalore]  Rediff Astrology 
Sent by: 
owasp-delhi-bounces at lists.owasp.org




I think ringing the only door bell is not illegal, until unless you do 
something that can harm them financially. I have several times informed 
them about various vulns but they took action after a very long time.

On Tue, Jun 15, 2010 at 5:32 PM, Vikram GR <grv.567 at gmail.com> wrote: 
Is it legal to hack websites without any authorization from the owner? If 
you hack sites like rediff/indiatimes, they might take legal action 
against you right? Even you inform them about vulnerabilities, will this 
kind of act be legal or illegal? Could you throw your opinions.

Thanks and Regards,

VIKRAM.G.R
Information Security Consultant,
Paladion Networks. 
http://www.paladion.net/
http://www.linkedin.com/in/vikramgr
Ph: +91-916-486-3322


On 15 June 2010 09:34, <nileshkumar83 at gmail.com> wrote: 
Rediff had several vulnerabilities at many pages. I had informed them last 
year itself. They didn't care until some senior guy from Rediff asked them 
to fix them. So its old trend in Rediff. Similar is the case of 
Indiatimes.

-- 
Thanks & Regards,
Nilesh Kumar,
Engineer-Security| Honeywell Technology Solutions
www.nileshkumar83.blogspot.com
www.linkedin.com/in/nileshkumar83
Mobile- +91-9019076487


_______________________________________________
OWASP-Bangalore mailing list
OWASP-Bangalore at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-bangalore



_______________________________________________
OWASP-Bangalore mailing list
OWASP-Bangalore at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-bangalore




-- 
Thanks & Regards,
Nilesh Kumar,
Engineer-Security| Honeywell Technology Solutions
www.nileshkumar83.blogspot.com
www.linkedin.com/in/nileshkumar83
Mobile- +91-9019076487
_______________________________________________
Owasp-delhi mailing list
Owasp-delhi at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi


=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you



This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20100618/f14cffed/attachment.html 


More information about the Owasp-delhi mailing list