[Fsf-friends] Hall of Shame
Ajay Pal Singh Atwal
ajaypal@[EMAIL-PROTECTED]
Mon Mar 12 11:44:57 IST 2007
Did someone forgot to mention Election Commission of India running on Windows Server using ASP.NET
On 9th March 2007 Election Commission of India Fixed (disabled parts of) their website to avoid XSS and SQL injection vulnerabilities after intervention of CERT-IN. The vulnerabilities were reported on 2nd of March to ECI and on 4th March to CERT-IN, for the following URL:
http://search.eci.gov.in/maps/eci_se2007/detailResult.asp
Still a bit of usually harmless data insertion is possible. The above script is used to display detailed results of a given constituency. It may have been running unprotected for maybe few months.
Had the ECI made the code GPLed, the vulnerabilities would have been detected much earlier.
Even if these acts are shameful, I still do not support the "Hall of Shame" rhetoric, but if the Govt Departments are working for Public they must open their code using General Public License.
Real Hall of shame is when Punjab Govt. spends lakhs on purchase of MS software for use in education at 10+1 and 10+2 level, where FLOSS would have been equally good (and same also for Sarv Sikhya Abhiyan).
----- CK Raju <ckraju68 at yahoo.co.in> wrote:
> http://puggy.symonds.net/pipermail/fsug-kochi-discuss/2003-August/000712.html
> "Sanghamitra ?!"
> CK Raju
>
> Anilkumar K V <achu.kulangara at gmail.com> wrote: On 11/03/07, CK Raju,
> Thrissur wrote:
> >
> > ATPS's contribution to Financial services are
> > in public memory domain.
> >
> > [I don't have any - and don't feel sorry about it.]
>
>
> Raju,
>
> It is not clear what you are trying to convey. Can you please
> elaborate,
>
> - Anil
--
Sincerely
Ajay Pal Singh Atwal
Dept of CSE & IT
BBSBEC, Fatehgarh Sahib
Punjab, INDIA
--------------------------------
http://www.bbsbec.ac.in
http://www.ajaypal.com
--------------------------------
ajaypal[at]bbsbec.org,
ajaypal[at]acm.org
More information about the Fsf-friends
mailing list