Wake Up PTA Guys!! – Regarding 668 Service
Days back we seen PTA launched SIM Information System 668 service that can be used to check number of SIMs issued against one CNIC. Service can be accessed via PTA’s site but we seen other sites – Hamariweb.com using this service on their site maybe for promotion but using this PTA’s website may be flooded because PTA is not having any kind of captcha for each request.
Hamariweb.com is known as Pakistan’s leading web portal providing a lot of good services but this time we see Hamriweb providing the same 668 SIM Information System via this Link.
Basically Hamariweb is an ASP based site fetching SIM information directly from PTA’s database. This is easily possible in almost all programming languages, in PHP cURL can be used and in ASP we have WebClient and also others available in ASP Http library here.
One of the most easy and common method is direct API access but for sure neither PTA would t be giving API access of any of its service to anyone for site promotion as PTA’s all data is confidential nor a part of database can be shared with anyone by PTA so the only solution left behind is direct http get request.
But on PTA’s end we see PTA is not having any kind of captcha on 668 Sim Information System for each request so it can easily be accessed via any server request, while main purpose of captcha is to prevent non-human request.
A Captcha is a type of challenge-response test used in computing to ensure that the response is not generated by a computer. The process usually involves one computer (a server) asking a user to complete a simple test which the computer is able to generate and grade. Because other computers are unable to solve the CAPTCHA, any user entering a correct solution is presumed to be human. You have often seen captcha images like this:
With these non-human i.e. web server request, one can easily send large number of request per second to remote server ranging from one to thousands and so on. In this way a server can easily be flooded – what in other words may be regarded as DDos’d.
And here one can do so on PTA’s website.
PTA guys may not have in knowledge regarding the fetching issue of 668 service by other sites, so if possible it should be introduced, somewhat like captcha for human verification or PTA may reduce number of requests sent by a particular IP in a specified period of time.
This thing will surly add, though not alot but something, to the security of PTA’s site. Let’s wait and see when appropriate action is taken.
Related posts
- LHC Orders to Ban 9 Websites Including Google, MSN and Yahoo
- Chairman PTA Presented ICT Excellence Award
- Govt to Launch 3G & 4G Broadband Technology
- TeleCON 2011 Concludes - An Overview
- Regulatory Framework for Mobile Banking to be Finalized Soon
- LHC Orders to Lift Ban on Facebook
- PTA and SBP to formulate Third Party Mobile Banking Regulations
If you like this post then you may also like receiving latest interesting stories Every Morning in your email Click here to Subscribe
