undefined | Better HN

0 pointsn_t7y ago0 comments

Isnt that true for every system?

0 comments

When a system is shown to have fundamental security flaws — this one uses client-side validation to authenticate biometric operators — it is natural one's trust in the system's robustness would drop low.

Like when Intel's chips were shown to completely disregard security when speculatively executing instructions, it wasn't just a new vulnerability; it was a whole class of vulnerabilities that was now open

kcsomisetty7y ago

Aadhar is not a client side authentication, what is client side even mean in this context ?

pritambaral7y ago

Please read TFA: "The patch lets a user bypass critical security features such as biometric authentication of enrolment operators to generate unauthorised Aadhaar numbers."

The client here is the enrollment software, not "Aadhar" (whatever you meant by that). The Aadhar service should haven been authenticating enrollment operators on the server side, instead of relying on the enrollment software to verify identity (that too by via biometrics, which is NOT authentication).

1 more reply

j / k navigate · click thread line to collapse

0 comments

pritambaral7y ago

kcsomisetty7y ago

Aadhar is not a client side authentication, what is client side even mean in this context ?

pritambaral7y ago

Please read TFA: "The patch lets a user bypass critical security features such as biometric authentication of enrolment operators to generate unauthorised Aadhaar numbers."

1 more reply

j / k navigate · click thread line to collapse