Bengaluru: In what can lead to possible compromise of information and threats to the owner of the Bangalore Development Site (BDA), the website security certificate has expired 40 days ago and information is fed to users and administrators no longer encrypted.
, According to cyber experts, hackers can suck user information and manipulate it.
According to BDA sources, as many as 2,000 people have paid their property tax online and their data is now under threat.
Once there is a website to make a payment, a message appears: “The attacker might try to steal your information from propertytax.bdabangalore.org (for example, passwords, messages or credit cards).” Advanced information shows, “The server cannot prove that it is propertitax.bdabangalore.org; the security certificate ended 40 days ago.
This might be caused by configuration errors or attackers who intercept your connection.” A senior official BDA told toi that payment for Companies that maintain a website have not been made and therefore there is no website increase.
Ehraz Ahmed, a Cyber security researcher is valued by several institutions to identify deficiencies in web applications and networks, say, “After the SSL Certificate (Secure Sockets Layer) ends, users will no longer communicate through encrypted HTTPS connections.
Users who search the site with no connection Safe vulnerable to MAN-IN-THE-MIDDLE attacks (MITM).
Evil users can intercept and view the information transferred between users and sites.
“This will allow the attacker not only to retrieve user data that includes IDs, passwords and other credentials, But also manipulate the same, he added.
Vineet Kumar, Founder, and President of the Cyber Peace Foundation, explained, “At present, the website uses the Transport Layer Security (TLS) to ensure users (especially user names and passwords) Include safely reach the server and not intercepted by each attacker in the way .
For this, they use the SSL certificate to encrypt data on the way to the server.
This certificate has a deadline for them and after that they need to be updated.
“” …
it is recommended that users do not have details on the website and wait until the developer updates the license.
, “he added.
A senior official BDA said that the administration was not aware of this problem and would overcome it.
The official admitted that the vendor was not paid for months and there were several irregularities in communication, which is now being sorted.
BDA failed to update the website security license
