I am as excited about the first ever presidential elections about to be held in Maldives. And like any other enthusiast, I regularly check the Election Commission website. Now there is this link in it which points to a site for checking the registry of eligible voters. At first it seems to be a simple search site which would be a typical web frontend and a database backend.
DNS lookup gave “205.178.152.25” as its IP which doesn’t seemed to look like a typical Dhiraagu or Focus IP. It was in fact allocated to the US based Network Solutions.
Then it came to mind about why the Government of Maldives is using a “.COM” domain instead of the more appropriate “.GOV.MV” hierarchy.
A registry lookup showed this:
To say the least, this is from the same Government which required me to submit in writing to query about what the national sport of Maldives is.
Somehow the Government doesn’t seem to think that its citizens’ information is worth shit. Even if the information available on this database can be used to get bank info from our state owned wonder bank too.
In this age of technology, where Identity Theft is the growing crime market, surely this is a stupid thing to do.
Hmmm... this could mean that Maldives is really running out of I.T. people. Wonder where they are... Wherever they are, surely not anywhere near where their advice can be heard by decision/policy makers.
DNS lookup gave “205.178.152.25” as its IP which doesn’t seemed to look like a typical Dhiraagu or Focus IP. It was in fact allocated to the US based Network Solutions.
Then it came to mind about why the Government of Maldives is using a “.COM” domain instead of the more appropriate “.GOV.MV” hierarchy.
A registry lookup showed this:
Domain Name: MALDIVESELIGIBLEVOTERS.COMSo what exactly is a Maldivian Government database doing in the hands of an India IT company? Outsourcing? Even this kind of information?
Registrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com
Name Server: NS85.WORLDNIC.COM
Name Server: NS86.WORLDNIC.COM
Status: clientTransferProhibited
Updated Date: 25-sep-2008
Creation Date: 25-sep-2008
Expiration Date: 25-sep-2009
Registrant:
Origin IT and Facility Solutions Pvt Ltd
Type II/1, Dr.V.S.I.Estate
Thiruvanmiyur
Chennai, Tamilnadu 600041
IN
Domain Name: MALDIVESELIGIBLEVOTERS.COM
Administrative Contact, Technical Contact:
Origin IT and Facility Solutions Pvt Ltd murali@originitfs.com
Type II/1, Dr.V.S.I.Estate
Thiruvanmiyur
Chennai, Tamilnadu 600041
IN
91-9940115895
To say the least, this is from the same Government which required me to submit in writing to query about what the national sport of Maldives is.
Somehow the Government doesn’t seem to think that its citizens’ information is worth shit. Even if the information available on this database can be used to get bank info from our state owned wonder bank too.
In this age of technology, where Identity Theft is the growing crime market, surely this is a stupid thing to do.
Hmmm... this could mean that Maldives is really running out of I.T. people. Wonder where they are... Wherever they are, surely not anywhere near where their advice can be heard by decision/policy makers.
9 comments:
The WebServer and Database Server does not necessarily have to be located in India. It could very well be located at a Dhiraagu server. Only that: The domain name could be bought from Network Solution and it could very well be a domain name transfer.
Your whois on domain name only shows the origin of its domain address, not the web server.
I never said that the servers were in India. Only that the registration of the domain was done by an Indian company. And was wondering why it was registered through an Indian company and why it had a .COM domain.
The location of the server can be found by doing a dns/whois and traceroute. I did include it's IP address. Check it yourself.
Good point that a Maldivian server might be holding the database. What difference does that make when it is allowed to be accessed by people from another country? If the database records can be accessed, then if also can be copied.
Note that this has data including National IDs, Names, Addresses of every Maldivian who is eligible to vote.
I understand what you meant to say; however, I believe you did not really understand my point. I do not assure and say it is hosted on Maldives owned servers. What i said is, Though the domain name is registered to a Indian company, it necessarily does not have to be hosted in Network Solutions.
" The location of the server can be found by doing a dns/whois and traceroute. I did include it's IP address. "
M, What i just said was it.
Name Server: NS85.WORLDNIC.COM
Name Server: NS86.WORLDNIC.COM
is only the Name Server. Where spool of domain names are cached. I could host a web server by installing an Apache Server on my personal PC, and yet register a domain and direct the URL to my server. Yet, it does not mean the content/database of the website is hosted on Network Solutions.
IF the Identity database is hosted in a Maldivian server, the way ASPx works, it cannot be accessed by Network Solutions. Which means, all parameters to the database would be passed from server side,(not client-ended). Something like a "sand box".
However, it does not guarantee a "Anti-Hack" site nor data could not be stolen.
Secondly, I really did not understand the issue about being accessible from other country. Because if that is so, they would host is via 'Intranet'. Maybe to all Government agencies.
But, I should say, I too agree that this is rather very sensitive information that is being released publicly.
good that u agree that they r sensitive information.
i was referring to the ip address of the web server: 205.178.152.25
the location of the webserver can be found by running a traceroute that ip.
i am not talking about the domain's authorised dns servers or who registered it.
while i agree that we can host that website even on my pendrive, that would mean to have elaborate intraneting and all that to just get this little thing done?
it is not about being accessible from another country. it is about being given that access in the first place, and with all the data that was made available.
my point is why the government allowed access to this data to the public and further more, to people outside the country.
and had u bothered to check the quality of programming on that site, u will see that the "sandbox" and all that mumbo jumbo security was not used at all. It was plainly sub-par programming and open for anyone to abuse it.
i think they use a Msaccess file. and even us can get all those data's. it is vulnerebal to sql injection.
i will say the database file is stored in that server.
i suppose this is what ppl refer to as secure remote database access with an intranet through a sandbox:
E:\0\1\3\49\1655375\user\1785038\htdocs\eligiblevoters\DBTOSEARCH.mdb
Great the database is now down
I agree to motion, my guess is too that it is access. I don't think they would after all do so much work in feeding all information from atolls to a SQL or Oracle database! We are more lazier, i ASSUME! hehe.
M, if you v refered anything about sandboxing,intranet stuff, please read up again. I just gave my opinion and assumptions on various points you v touched. However, the what i really insisted on was that it could v been possibly a domain transfer rather than database located in India.
exactly... u gave assumptions and opinions. what i wrote was fact after checking the stuff.
if u didn't figure out yet, i was being sarcastic in my last comment. :)
and maybe i'm not techie enough to understand those elaborate stuff either.
Post a Comment