undefined | Better HN

0 pointspritambaral7y ago0 comments

Please read TFA: "The patch lets a user bypass critical security features such as biometric authentication of enrolment operators to generate unauthorised Aadhaar numbers."

The client here is the enrollment software, not "Aadhar" (whatever you meant by that). The Aadhar service should haven been authenticating enrollment operators on the server side, instead of relying on the enrollment software to verify identity (that too by via biometrics, which is NOT authentication).

0 comments

kcsomisetty7y ago

Then why does the article claim that aadhar is hacked. why not just call it as aadhar enrollment hacked (which is more appropriate title).

pritambaralOP7y ago

While more specific titles are better for descriptive purposes, the title as it is is not wrong. The name "Aadhaar" does not unequivocally mean "The Aadhaar service backend".

j / k navigate · click thread line to collapse

0 pointspritambaral7y ago0 comments

Please read TFA: "The patch lets a user bypass critical security features such as biometric authentication of enrolment operators to generate unauthorised Aadhaar numbers."

0 comments

kcsomisetty7y ago

Then why does the article claim that aadhar is hacked. why not just call it as aadhar enrollment hacked (which is more appropriate title).

pritambaralOP7y ago

While more specific titles are better for descriptive purposes, the title as it is is not wrong. The name "Aadhaar" does not unequivocally mean "The Aadhaar service backend".

j / k navigate · click thread line to collapse