The founder of cyber security firm hacks and security, the expert guru Sunny Nehra with his team has been testing vulnerabilities of the govt. websites. Nehra with being in complete touch with the CERT-In ( Indian Computer Emergency Response Team), the nodal agency for responding to computer security issues and fixing them.
At least for decades the govt. websites haven’t been updated as stated by Mr. Nehra. The department only pays for hosting the domain and every single year the contract gets renewed for the same bidder and the ferocious cycle of outsourcing to the smaller firms at the lower costs are continuing.
Recalling such a chapter, Nehra stated at ET prime that once during the task he found out that bids worth crores of rupees were offered to firms without any complete background checks.
Just like Drupal, several government websites are still using outdated versions of content management software (CMS). Just as in our phones the apps required to be updated, timely updation to the most recent version of CMS is a vital part of basic cyber hygiene. A prime example related to this episode is the website of Haryana’s chief minister office, a government portal running on an outdated version of Drupal. The recent Indian Army’s website runs on an outdated version of Microsoft IIS when Mr. Nehra found out he tweeted to prime minister Narendra Modi.
The outdated versions of the software could help a threat actor to bypass IP and the restrictions of the domain. According to Nehra common, CMS platforms just like Drupal and WordPress have various loopholes in their outdated versions which are very known by the hackers. Nehra also added that prime minister Narendra Modi’s website has a consequential API ( application programming interface) problem, which has finally been fixed. Nehra stated that such loopholes should be assessed and fixed in a timely manner.