Thiruvananthapuram

29°C

Partly cloudy

Enter word or phrase

Look for articles in

Last Updated Sunday October 21 2018 11:51 AM IST

Tech education board ignores hacking threat to its site

Text Size
Your form is submitted successfully.

Recipient's Mail:*

( For more than one recipient, type addresses seperated by comma )

Your Name:*

Your E-mail ID:*

Your Comment:

Enter the letters from image :

Tech education board ignores hacking threat to its site Though the state government had asked the board to temporarily take down the website till the security issues are resolved, it has been learned that board officials are adamant to retain the website as it is.

Thiruvananthapuram: The Kerala State IT Mission has found serious security flaws on the website of the Board of Technical Education. It has been found that the website www.tekerala.org is vulnerable to severe breach of data involving vital information pertaining to the students.

With the current system in place, hackers can easily gain access to the website. Student data can be passed on without encryption and the passwords demanded on the site can be easily guessed by anyone. The IT mission claimed that all the vital information on students can be downloaded with just two clicks.

Shockingly, no steps have been taken by the authorities concerned to rectify the technical issues even 10 days after the flaws were highlighted by an 'ethical hacker' on a dedicated Facebook page called the Cyber Sword. Earlier, in January the IT Mission officials had also provided the security audit report on the website.

Though the state government had asked the board to temporarily take down the website till the security issues are resolved, it has been learned that board officials are adamant to retain the website as it is. Citing exams, the board said that it cannot down the site at this juncture.

The ethical hacker, who pointed out the security issues on the Facebook page, has also put up a detailed video showing how to edit the information provided by students after getting into the site.

Security flaws found by IT Mission

SQL Injection (SQLi)

SQL Injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements that control a web application’s database server.  On the website, www.tekerala.org,  SQL Injection was carried out 20 times using eight links.

Cross-site scripting (XSS)

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. Two links were found in the website exploiting this vulnerability.

Prone to password-guessing attack

Password-guessing attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works. The website lacked any security features to prevent this threat.

Lack of encryption

Encryption is the most effective way to achieve data security. To read an encrypted file, one must have access to a secret key or password that enables you to decrypt it. The website used unencrypted data, i,e,, plain text.

Insecure root folder

An attacker can make use of this vulnerability to step out of the root directory and access other parts of the file system. Just by couple of clicks all information can be downloaded.

Read more: Latest Kerala news

The opinions expressed here do not reflect those of Malayala Manorama. Legal action under the IT Act will be taken against those making derogatory and obscene statements.

Email ID:

User Name:

User Name:

News Letter News Alert
News Letter News Alert