• stumble
  • youtube
  • linkedin

Archives for : September2017

Endosulfan dumped in well to stop Dalits from drawing water #WTFnews


  • The well is about 200 metres from the village and is the only source of drinking water for Dalit families in the village
  • The seven other wells in the village are used by upper caste people

DySP Hullur said the water was tested and found to be contaminated with endosulfan.DySP Hullur said the water was tested and found to be contaminated with endosulfan.

KALABURAGI: Dalits of Channur village in north Karnataka’s Jewargi taluk are mortally afraid after an upper caste person allegedly tried to kill them by pouring endosulfan into an open well. The village is about 640km from Bengaluru.

The well is about 200 metres from the village and is the only source of drinking water for Dalit families in the village. The seven other wells in the village are used by upper caste people.

The farmland is owned by a Dalit, but the land was leased by an upper caste person four years ago. For the past four years, Gollalappagouda Kallappagouda Kukanur, has not allowed Dalits to draw water from the well. A pumpset has been fixed to the well to draw water and it supplies water to the Dalits’ Colony. On August 31, Mahantappa, a Dalit, went to the well to get water because there was no supply to the colony for two days due to a power cut. But he thought the water smelt different and informed residents of the colony not to drink it.

Kalaburagi Rural DSP S S Hullur said the water was found to be contaminated with endosulfan. The well was immediately emptied twice in three days. Jewargi tahsildar Ellappa Subedar made alternative arrangements to supply drinking water through tankers. Despite the crisis, upper caste people didn’t allow Dalits to use other wells in the village.

Mallanna Kodachi, a Dalit leader, told TOI that untouchability is still practised in the village and Dalits have been regularly harassed. After a complaint was filed against Gollalappagouda, he has been threatening Dalits that before going to jail, he would kill one Dalit in the village.

It’s alleged that Gollalappa gouda would throw dead dogs, cats and snakes into the well to prevent Dalits from drawing water. But Dalits would clean the well and use the water.

Related posts

In Death, A Star’s Dawn – #GauriLankesh on Com Saketh Rajan

Noted journalist Gauri Lankesh wrote on an article on Com Saketh Rajan which appeared in Tehelka.-

Extracts follow below
In Death, A Star’s Dawn

It all began with the killing of two Naxalites by the police in the Western Ghats on February 6. As news trickled in, it became clear that one of the Naxalites killed in the “encounter” was the cpi (Maoist) state secretary, Prem. But the fact that Prem was none other than Saket Rajan shocked many. From the colleges of Mysore to Delhi’s jnu campus, people started speaking of the intellectual brilliance of Saket whom they had known nearly two decades ago before he went underground.Even as the police gloated over the prize ‘catch’, people from various fields mourned Saket’s demise. Above all, many spoke gloriously about the two books he had authored as ‘Saki’. The two volumes of Making History are remarkable for looking at Karnataka’s history from ‘below’. In fact, some portions are prescribed texts at a couple of universities in the state. Even Karnataka Chief Minister Dharam Singh said on record that he was “feeling terrible that such a brilliant man had been killed”.

The Guerrilla Martyr: Saket Rajan was underground for about two decades photo by gauri lankesh
It was as if in death, Saket had begun to
shine as the new star on the Karnataka
sky. The mapping of the intellectual and
activist in one person has stirred the hope
and imagination of a people who had
looked around for some ideal in vain

It was as if in death, Saket had begun to shine as the new star on the Karnataka sky. The mapping of the intellectual and activist in one person — a rare combination in the recent political culture of Karnataka — has stirred the hope and imagination of a people who looked in vain for some ideal. That such a man had been brutally felled by police created a sympathy wave for the Naxal cause. It was then that the police panicked.There is a personal touch to the story that follows. I knew Saket when he was my senior at Bangalore University and at the Indian Institute of Mass Communication. He went underground sometime later.

After two decades, he resurfaced in June last year when I was one of the few handpicked journalists to attend the Naxalites’ first press conference. It was then that I met Saket again who had now taken the alias of Prem. The press meet shattered a few myths being spread by the police. For one, they were not Naxalites from Andhra Pradesh but were born and bred in Karnataka. Secondly, that they were not some ragtag gang of misguided youth but a political party that had taken up the cause of tribals in the Kudremukh National Park. In their briefing, they said that they were ready for talks but would look forward to the government first meeting some adivasi demands.

Soon after this press conference, the chief minister reacted positively saying the Naxal issue was not a law and order problem, rather it was a socio-economic issue. It was in this background that the Citizen’s Initiative for Peace (cip) was formed. Our intention was to create a climate where the government and the Naxals could initiate talks in the larger context of people’s longstanding needs and development issues. It is important to note that the adivasis had been fighting against their eviction in the name of a national park and for their traditional rights. But successive governments had not addressed them.

While we appealed to the Naxals to lay down arms, we also appealed to the government to cease combing operations as the first step towards holding talks. We were worried that the police, who had killed two women Naxals in November 2003, would end up killing more. If that happened, there would certainly be a Naxal backlash. Saket’s death triggered what we had feared for so long.

Soon after Saket and his colleague were killed, the cip approached the government with some demands. We sought an inquiry into the ‘encounter’; appealed once again to stop combing operations; demanded a second post-mortem according to nhrc guidelines and Supreme Court ruling. Finally, we said if no one claimed Saket’s and the other youth’s bodies, we would give them a decent funeral. Though the cm agreed to hand over the bodies to us, the police and the administration put up legal blocks. They said only the immediate kith and kin would be given the bodies. There was another problem. Since no one knew the young man who had been killed with Saket, his identity was yet to be established. Some suspected it was Shivalingu, from Bellary, and his parents had been sent word to come and identify him.

That was when Saket’s aged mother came into the picture. Only after I gave her the assurance that we would not take Saket’s remains to Mysore, she said the government should hand over his body to us. While the police assured her that the chief minister had agreed to hand over Saket’s body to us, they made her sign a letter saying the government should dispose off the body. On the basis of this letter, dgp SN Borkar announced the police would themselves perform the last rites.

On television, Saket’s mother vented her fury against the police for deceiving her. She faxed a letter to the cm saying her son’s body should be given to the cip. By then the second post-mortems were completed and we were on our way to collect the bodies. It was then that we got word that the police had left with the bodies to an unknown destination. Some activists at the morgue were brutally beaten up when they tried to block police vehicles. We were told the police had taken them to the crematorium at Wilson Garden. We again got in touch with the chief minister who in turn tried to get in touch with the dgp. When we reached the crematorium, we couldn’t find them. We came to know that the bodies had been taken to a crematoria at the other end of town and that, finally, the police themselves had conducted the last rites.

This high drama showed that the chief minister had no control over his police force. And the specious excuse he gave was that there was a communication gap between him and the police chief. Imagine, communication gap in Bangalore that claims to be the technology capital.

In between, the police ensured that Shivalingu’s poor and illiterate parents could not get in touch with us at all. To begin with, they were detained at a police station near Raichur and brought to Bangalore only at our insistence. They were kept at the police commissioner’s office so that they could not get in touch with us. Even after the cm ordered they should meet us, the police whisked them away to an unknown destination. To this day, no one knows where they are. And no one knows for certain about the identity of the other man killed in the encounter.

Though the cip had tried to create an atmosphere for talks between the government and Naxals, and had tried to ensure a decent burial for the Naxals, the Sangh Parivar started baying for our blood for “supporting Naxals”. Around the same time, the newspapers reported that the home department and the police were contemplating filing charges against us and would soon arrest us.

Related posts

Asserting the Right to #FOE : Gauri Lankesh #Video

Noted journalist and activist Gauri Lankesh was shot dead at her residence in Rajarajeshwarinagar in the city on Tuesday night. Unidentified assailants shot her dead at her residence, according to the initial accounts by the police. She was 55 years old.

Coming from an eminent family of journalists and theatre persons, she was the daughter of the legendary P Lankesh, who started the influential Lankesh Patrike, the first Kannada tabloid. Her siblings, Kavitha and Indrajit are also films and theatre.

Gauri Lankesh was running a weekly tabloid Gauri Lankesh and was a fierce activist when it came to rights of dalits or the poor. Earlier, she was involved in the rehabilitation of Naxals who were attempting to return to mainstream life.

An anti-establishment figure, she was recently found guilty of defamation against two BJP leaders in Hubballi.

Her killing by shooting is reminiscent of the killings of rationalists M M Kalaburagi in August 2015 and Narendra Dabholkar in August 2013.

In March of this year, Yogesh Master, known as a progressive writer was blackened in the face by right wing activists at a function organised by Gauri in memory of her father.


National Convention of Human Rights Defenders on “Reclaiming Rights and Asserting Freedom” during March 22-23, 2017 in Delhi

Related posts

Why is PIL against Isha Foundation’s illegal construction in TN not being heard ?

Still waiting for hearing on Isha Foundation’s illegal construction in TN: Activists

The Foundation has been embroiled in a controversial legal battle over its compound in Coimbatore since 2012 and has even received demolition notices from the state government in the past.

KV Lakshmana
Hindustan Times, Chennai
The 112-feet statue of Adiyogi Lord Shiva that was unveiled by Prime Minister Narendra Modi at Isha Foundation in Coimbatore on the occasion of Maha Shivratri on February 24, 2017.
The 112-feet statue of Adiyogi Lord Shiva that was unveiled by Prime Minister Narendra Modi at Isha Foundation in Coimbatore on the occasion of Maha Shivratri on February 24, 2017.(PTI File Photo)

Activists fighting the alleged illegal constructions by Isha Foundation of spiritual guru Jaggi Vasudev in an environmentally sensitive area in Coimbatore in Tamil Nadu have said the delay in the hearing of the litigation seeking their demolition is frustrating.

M Puruthothaman, lawyer for the Vellingiri Hill Tribal Protection Society that filed the public interest litigation against unauthorised structures on the wet lands at Ikkarai Poluvampatti, told the Hindustan Times they are “still waiting for the matter to come up for hearing” in the Madras high court after filing the PIL in March.

A few days before the PIL was filed, Prime Minister Narendra Modi unveiled a 112-feet bust of Lord Shiva on Mahasivaratri at the Isha Yoga Centre in Coimbatore on February 24. Activists asked Modi not to preside over the unveiling of the statue alleging a violation of environmental norms by the Isha Foundation.

The Foundation has been embroiled in a controversial legal battle over its compound in Coimbatore since 2012 and has even received demolition notices from the state government in the past.

Besides the PIL filed by the society, another application claimed before the southern bench of the National Green Tribunal (NGT) it is located in Velliangiri foothills, which is a man-animal conflict area.

Purushothaman said the deputy director of town and country planning of the Coimbatore region also admitted the Foundation built structures without any permission in a counter affidavit filed in the Madras high court.

The villages, where the Isha Foundation’s centre has come up, are located within the jurisdiction of Hill Area Conservation Authority (HACA) from where it must get clearances for erecting any structures.

Activists have also questioned Coimbatore’s district collector decision to allow Isha Foundation to carry out the constructions after objections were raised by the district forest officer and allowed the foundation to construct in six acres of wet lands.

Isha Foundation denied all the allegations and said it had the necessary permissions.

“Isha Foundation has not grabbed any forest land as was being alleged. Forest officials have surveyed the area and inspected the entire area. They are in the process of submitting a report to the Madras high court, clearly stating this. The forest officials are also pointing out to the presence of fruit bearing trees, some over 30 years old, in the region to prove that it was not forest land, but agricultural land,” Swami Rahul told the Hindustan Times.

The forest department report will also puncture the allegations that the Isha Foundation structures are in the elephant corridor, Swami Rahul said adding “some temporary structures were constructed for the Mahashivaratri celebrations, which we are now in the process of demolition.”

The dismantling of the temporary structures was to be completed last month, but the rain came in the way. “We will soon complete the dismantling of temporary structures,” Swami Rahul said.

“We have been time and again instructed by Sadguru to abide by the law of the land,” he added.

Related posts

Senior Journalist Gauri Lankesh Shot Dead At Her Residence In Bengaluru

Gauri Lankesh: ‘Modi Bhakts and the Hindutva

brigade want me in jail’in an interview last year

Gauri Lankesh had been under attack from people with ideological differences.
BENGALURU: Gauri Lankesh, a senior journalist in Bengaluru, has been shot dead at her residence in Rajarajeshwari Nagar.

According to The News Minute, the assailants allegedly knocked on the door of her residence, and shot her as soon as she opened the door. The shots penetrated her chest and she was killed on the spot, reports said.


She ran the weekly Gauri ‘Lankesh Patrike,’ a Kannada tabloid, and had been under attack from people with ideological differences.

Gauri Lankesh: ‘Modi Bhakts and the Hindutva

brigade want me in jail’

One of the few women editors in language press was convicted on charges of defamation for writing a story against BJP workers. She says the case has more to do with her politics than the story her magazine published.

 By Manisha Pande | Nov 30, 2016


In 2005, Gauri Lankesh started her own weekly tabloid magazine. She named it Gauri Lankesh Patrike (GLP) and in the past decade, it’s grown to employ 50 people and has a healthy subscription. Earlier this week, one of the stories that had been published in GLP earned Lankesh not just notoriety, but also a jail term.

On November 28, Lankesh, one of the few women editors in language press, was convictedin two cases of criminal defamation filed against a story she’d published back in 2008. The Court of Judicial Magistrates of First Class in Hubballi, Karnataka, imposed a fine of Rs 10,000 on her along with a six-month jail term.

Soon after the verdict, Lankesh applied for bail and is now free. She will be appealing against the verdict in a higher court.

The story from 2008 that earned Lankesh this sentence alleged that three Bharatiya Janata Party (BJP) workers claimed had duped a jeweller of Rs 1 lakh. The incident, Lankesh says, was published in many local dailies, but her tabloid was the only one to name those involved.

According to Lankesh, the report was based on sources within the BJP and the subsequent defamation cases filed by Dharwad Member of Parliament Pralhad Joshi and BJP leader Umesh Dushi are not so much about the story as they are about their dislike for her political worldview – one that is decidedly Left-leaning.

GLP is known for its anti-establishment flavour and reflects some of Lankesh’s concerns as an activist. The magazine does not take advertisements from either governments or corporations. It is run by a team of 50 regular employees and more than two dozen regular columnists and contributors. GLP is financially supported by Lankesh’s other publication firms — Lankesh Prakashana that publishes literature and Guide Prakashana, which concentrates on providing study material for competitive exams.

In an email conversation with Newslaundry, Gauri talks about her case.

Your first thoughts on the judgement? The court has stated that you published the news report against BJP leaders without proof…

Well, I am naturally disappointed with the judgement. The fact that the petitioners managed to cover their tracks and reached a compromise with their victim [the jeweller] does not mean that the attempt to cheat a man did not take place. My sources were from the BJP itself. But as a journalist, it is my right NOT to reveal the names of my sources

What course of action will you be taking next?

The law says I can avail of bail, which I have already done. As per law, the court has also suspended its sentence giving me 60 days time to appeal against the judgement before a higher court, which I shall be doing.

You have earlier come under attack for being a ‘Maoist supporter’ and a ‘Hindu hater’. How do you respond to such criticism?

Unfortunately, today anybody talking in support of human rights and against fake encounters is branded a Maoist supporter. Along with that, my criticism of Hindutva politics and the caste system, which is part and parcel of what is considered ‘Hindu dharma’, makes my critics brand me as a ‘Hindu hater’. But I consider it my constitutional duty to continue – in my own little way – the struggle of Basavanna and Dr Ambedkar towards establishing an egalitarian society.

You have said earlier that ‘certain people want to see you in jail’. Could you elaborate on who these people are?

In Karnataka today, we are living in such times that Modi Bhakts and the Hindutva brigade welcome the killings (as in the case of Dr M M Kalburgi) and celebrate the deaths (as in the case of Dr U R Ananathamurthy) of those who oppose their ideology, their political party and their supreme leader Narendra Modi. I was referring to such people because, let me assure you, they are keen to somehow shut me up too. A jail stint for me would have warmed the cockles of their hearts!

Anyway, last night when I was boarding the train back to Bengaluru someone called me and said that I was ‘trending’ on Twitter! (I did not know about this since I am not constantly hooked on to the Internet.) I was shocked by the ridiculousness of the whole thing. ‘Trending’ because of a defamation case? I burst into laughter.

When I looked at the tweets and the kind of comments that were made about me, I was alarmed. One, because the tweets showed the rabid hate the Hindutva brigade and Modi Bhakts have for its critics and naysayers. Two, most of the tweets were targeted against liberal/Left journalists/journalism. Both those factors made me fear for the freedom of expression of the fourth estate in our country today in a larger context and not just in the personal sense.

As a journalist currently fighting a defamation case, do you think criminal defamation laws in India are against the spirit of freedom of media?

Yes of course, I think criminal defamation laws should be scrapped.

Related posts

#Aadhaar – the Insecure App Making #biometrics

by- Anand Venkatanarayanan


The application eco-system built around Aadhaar is vulnerable to malware. In this article we will describe this vulnerability in detail and how the conflicting requirements between utility, security, delegation and profit making, created the perfect environment for this vulnerability to come about in the Aadhaar system, as acknowledged by Nandan Nilekani himself.

Security and Utility

The safest car is the one that is parked in a garage, as it can never be involved in an accident, but it also has zero utility. The same is true for “Aadhaar data”, the term which means a combination of Aadhaar number, Demographic information, Phone number, Email address and the biometric identifiers. If it is securely hosted and never leaves the central repository (CIDR), then it’s utility is very limited.

To increase utility, the Aadhaar system allows two uses:

  • Yes/No authentication, which allows residents to be verified with their Aadhaar number and biometrics or OTP delivered to their mobile.
  • KYC (Know Your customer) authentication, which returns demographic data to a service provider when they submit their Aadhaar number and biometrics or OTP.

The entities that allow such use are regulated by UIDAI and are referred as AUA (Authentication User Agency) and KUA (KYC User Agency). The regulations not only specify the security measures that they have to undertake but also financial eligibility constraints that they have to satisfy (for unregulated private entities referred as Category 3).

Since License keys of AUA/KUA/ASA’s can be suspended if financial norms are not adhered to, how can private entities cover their costs and run a viable business? It is through a combination of delegation and transaction costing.

Delegation and Security

  1. AUAs are allowed to enter into contracts with other entities (referred as sub AUA) through a MOU (NIC sample). The most important aspect of the MoU is the requirement that it is possible for the AUA to trace back every single sub AUA who made the authentication request for auditing and fraud prevention.

For each SUB AUA application, NIC will assign a unique code to be included in application’s request XML.

2. It can be confirmed that sub AUA’s are explicitly allowed by looking at the authentication specification (Page 11 of 33).

sa — (mandatory) A unique “Sub-AUA” code. AUAs are expected to manage these codes within their system and ensure uniqueness within their system. This allows auditing and business intelligence to be provided at SA level.

3. Sub AUA’s are a form of sub licensing, which is allowed by UIDAI regulations, but every licensee must be registered. In other words, sub licensing is a form of delegation.

4. The Aadhaar regulations (Regulation 15.2), however prohibit sub KUAs, while explicitly allowing sub AUAs.

A requesting entity may permit any other agency or entity to perform Yes/ No authentication by generating and sharing a separate license key for every such entity through the portal provided by the Authority to the said requesting entity. For the avoidance of doubt, it is clarified that such sharing of license key is only permissible for performing Yes/ No authentication, and is prohibited in case of e-KYC authentication.

5. It can be confirmed that sub KUAs are prohibited by looking at eKYC authentication specification and noting that it does not allow sub KUA fields.

Why would UIDAI prohibit sub KUA but allow sub AUA? It is to minimize abuse and to ensure traceability. Since eKYC is mandatory for SIM cards and is accepted as a valid form of providing identity and address proof for opening bank accounts, mutual fund accounts, allowing sub KUAs, enables abuse via delegation.

Delegation creates multiple layers of obscurity and hence it becomes difficult to investigate the true source of abuse, in the case of a fraud report. Hence banning it is the only possible and reasonable solution.

Utility and Transaction costs

The undisputable fact is that businesses in india do suffer from regulatory burdens which increase compliance cost. One of the requirements behind the India Stack initiative is to ameliorate the impact of the compliance cost for businesses. Aadhaar eKYC is a component of the stack. There are a few sandboxes listed on the page which are provided by:

  • Khosla Labs
  • eMudhra
  • AuthBridge
  • Handy Online
  • Quagga Tech
  • Digio Tech

For a non-technical user, a sandbox is a sanitised environment which allows experimenting with the eKYC functionality before going live. Since sub KUAs are prohibited by UIDAI regulations, it is possible to check the list of KUAsand find out that only the following providers, do have the KUA license.

  • Khosla Labs
  • eMudhra

The other sandbox providers hence are not KUA licensees, but since the law forbids sub KUAs, they can only be technology partners for other KUAs (This is legal). What would be the business model of these entities? (Only entities for which information is available is listed below)

It is obvious that the downstream cost model of the sandbox providers closely resemble the upstream financial requirements that are imposed by the UIDAI, which consists of

  • An upfront non-refundable license fees.
  • Charge for every transaction.

So in effect KUAs are buying a certain number of eKYC transactions from UIDAI at a wholesale price and reselling these transactions to others at a retail price. As the downstream costs are a fraction of the upstream costs, even to cover their costs, the sandbox providers must have several downstream customers.

Each of these downstream customers must of course be distinguished at the KUA level since the KYC APIs do not allow sub KUAs by design. So how do the sandbox providers distinguish between their downstream customers? There are two sources for understanding this in depth.

  • Service documentation.
  • Android applications which use these services.

Quagga Technologies

Quagga provides both eKYC and authentication services through a single service. They also provide an Android SDK (Software development Kit), which is only available after due diligence and verification. Their documentation specifies how they distinguish between various downstream users.

Every downstream user or entity is now assigned a QT_API_KEY, which is used by Quagga to distinguish them. This is required not only for verification but also for billing purposes as their pricing model indicates. And how hard is it for anyone to obtain the API Key without breaking into Quagga or the customers of Quagga?

We just need a disassembler and an android application that uses the Quagga APIs.


The development process that is followed in Android application development is shown below:

The reverse process of getting the source code and configuration from a released application is also possible via the disassembler tool chains such as dex2jarenjarify and apktool as shown below:

Sample Application

Usually development kits come up with a sample application (like a marketing sample). A google search reveals that there was a free Aadhaar verify application in the play store, which was been taken down.

The App was indeed available as on May 21st, as this quora post by Sanket Mehta indicates and was updated on July 27th and was cached by various mirror services.

We are now ready to check if it is possible to reverse engineer the QT_API_KEY from the sample application, using the disassembler.

Success! We are able to extract out the secret API Key from the Quagga sample application with just a decompiler. The method described above took just 5 minutes and can be done on any android application that uses the Quagga end point.

Quagga Response

An emailed questionnaire sent to both Quagga and UIDAI outlining the above issue elicited the following response from Quagga (UIDAI did not respond).

Regarding the API key in android app, please check our latest documentation. We discovered this vulnerability and removed the old SDKs from the system. Now our API keys can only be used at backend for generating a random access token and that token has to be passed through into the SDK to start the transaction at frontend. This makes the API keys secure and also the randomness of the token and expiry helps the any misuse of access.

The response assumes that it is not possible to reverse engineer the android app containing the SDK (Software development kit), which we successfully demonstrated in the previous section. A further query to Quagga outlining this issue was not replied to, though to be fair, it is a problem that plagues the entire android application ecosystem.

The statement that using a SDK secures the QT_API_KEY is inaccurate. It is very easy to reverse engineer android applications to get the QT_API_KEY (it must be stored somewhere). It is also easy to look at the AAR file to figure out what the activity does and emulate it. At that point of time, an attacker simply has to do what the SDK does without the SDK and I am sure all the SDK does is *hide the calling of some REST API*. In general security by obscurity is a terrible idea with the android eco system because of the capability to reverse engineer the source code.

You have to think about a better way to do this. Until then the vulnerability is not going away. The threat model here is someone using the SDK to figure out the actual REST API to use and calling the REST API w/o the SDK, thereby defeating the purpose of the SDK.

Making of a Malware

It is now trivial to design a malware which can use the above vulnerability and perform eKYC through an OTP in the background without either the user or the UIDAI being aware of it, if the following conditions are met:

  • An Aadhaar holder must be tricked into revealing their Aadhaar number to the malware. Given the recent push towards making Aadhaar mandatory for getting a SIM cards, it is quite possible to launch a phishing call, pretending to be a telco. agent to register the SIM with the Aadhaar number for verification purpose by downloading an app.
  • Public statements from UIDAI CEO that Aadhaar number is not a secret will ensure that the success rate of such phishing calls will be very high indeed.
  • The android app containing the malware must have “Read SMS” access to silently read the OTP and make the back end call using a stolen API KEY from any one of the SDK customers (API Keys are meant to be kept secret, but the right way to secure them is very hard in the android application ecosystem)

The malware could be made more silent and efficient, if one of the phone manufactures were tricked or persuaded into installing it as part of the base operating system, which could then silently delete the incoming OTP from ever reaching the SMS Inbox (Government of India seems to have woken upto this problem recently).


Securing the CIDR is a relatively easy problem for UIDAI but ensuring that every single android app. is not vulnerable to malware is a very hard problem because of the following:

  • Using OTP as a valid authentication mechanism is a design choice that cannot be reverted easily. Unlike a credit card PIN which is known only to the holder, an authentication attempt that only uses OTP can be defeated easily by automation as the above section indicates.
  • OTP is a reasonable choice for second factor authentication, but is usually a poor choice for first factor authentication, particularly in the indian context, since most users do not pay attention to android application permissions.
  • Any one of the 252 KUAs or their technology partners could design an API that is directly callable from an API Key which can be harvested from other applications in the play store. The capability to reverse engineer applications in the mobile application ecosystem would defeat the “Security by Obscurity” paradigm that UIDAI is comfortable with.
  • A few eKYC apps are pulled down from Play store last week. While the pulling down of these apps were not noticed, a quick analysis via the disassembler as described above did show that all of them are vulnerable to API Key harvesting techniques (Names available on request)


  1. The vulnerability described above was reported to both UIDAI CEO and Quagga over email on August 15th (Emails available on request)
  2. UIDAI CEO chose not to respond or acknowledge the email .
  3. Quagga responded to the all the emailed questions (except one as noted above) and it was clear from the responses they are fully in compliance with the Aadhaar regulations. (Emails available on request).
  4. It is unclear, if architecture issues (using OTP as a first factor authentication) should be reported to CERT.IN or NCI-IPC and hence were not reported.

View story at

Related posts

Over 1,000 killed in Myanmar violence, says UN Special Rapporteur

Yanghee Lee김상선

At least 20,000 displaced stuck on the border with Bangladesh, says UN Special Rapporteur Prof. Yanghee Lee

UN Special Rapporteur on the Situation of Human Rights in Myanmar, Prof. Yanghee Lee, has said that the number of people killed in the violence since August 25 in Myanmar has crossed 1,000. Excerpts from an interview:

What is the estimated number of people displaced in the ongoing conflict?

On Friday [September 1] I was informed that about 30,000 people had reached Bangladesh and about 20,000 could not. They are stuck between borders [of Bangladesh and Myanmar].

Or, in the river?

Yes, along the river and hills; that makes it 50,000 [displaced]. But now I’m receiving reports [of more being displaced]. It is not easy to verify the numbers.

So it could be more?

Yes. When the October [2016] attacks happened, about 70,000 to 75,000 crossed over to Bangladesh within a period of 2-3 months. Now, within a week at least 50,000 people have been displaced…perhaps the worst situation in Myanmar in a long time.

How many died in the violence?

We know that about 14-15 security force personnel were killed during the August 25 attack. We are also receiving reports from the Government [of Myanmar] that at least 150 Rakhine [community] people were killed. This is difficult to verify.

What about the Rohingya; though you may not be using the term Rohingya?

I call them Rohingyas as they have the right to identify themselves as such. I am getting [a figure] of around thousand and it is taking place in the entire north Rakhine and not [just] in a few villages.

More than a thousand dead?

I would say so. A recent Human Rights Watch video of satellite images indicate that villages are being torched along the 100 km border in Rakhine State. It is hard to believe that only a few have been killed. The Government gave a figure of 50 or 100 insurgents [who] have been killed and we don’t know if they are insurgents or civilians. I am also comparing [casualty figures] with October-November 2016 figures when about a thousand or so people got killed.

How many are children?

We are trying to find out.

The recent Kofi Annan Commission report on the crisis indicated that there is a possibility of “threat posed from potential radicalisation”, a new issue. How big is the threat?

Rakhine State is ripe for radicalisation. If you look at the kind of conditions that they lived in from 2012 with no freedom of movement or access to basic services [and] they lived with decades of discriminatory laws. The young people don’t see any future and in such a situation it is easy to cross the line.

One of the key recommendations of the Commission is to confer citizenship. Is there progress?

We have always emphasised that the 1982 Citizenship Law has to be amended to make sure that those who are living there for generations get their citizenship status as soon as possible….the other thing is that there were plenty of pilot projects [for] citizenship verification. The government says, people do not cooperate but the people are tired of processes, which are very slow. The government needs to speed up the processes.

Regarding the August 25 violence, when members of security forces and alleged Rohingya insurgents were killed, two interpretations surfaced. One, it was planned to suppress the impact of the Annan Commission report published on August 24. The other is that the attack on Rohingyas was planned. There are reports of a series of events which indicate that the attack was meticulously planned…what do you think?

Both interpretations are quite plausible. I would like to refer to something that I said in the past that in Myanmar nothing happens without a detailed master plan.

Before this operation food, water supply and other aid were cut off…is that correct?

That is correct. Everything was stopped recently. No international team was allowed to distribute aid. Media was stopped and the independent international community or UN was not given any access.

We observe for the first time that reports have surfaced of about 10 Hindus being killed and 500 fleeing to Bangladesh and the ethnic Mro community people killed as well. Is the violence spreading and no longer restricted between Buddhists and Muslims?

I do know that some people of the Mro community were killed. Recently we are seeing video clippings of Hindu families, who are now relocated in Cox’s Bazar, saying that their family members [Hindus] were killed.

Will you now say that other communities are being drawn into this conflict?

I hope not.

Regarding Bangladesh’s position, even if they are not keen to allow the Rohingyas to come in officially, they are actually allowing them on the ground.

What do you think about their gesture?

Bangladesh has been providing assistance for the last 20-30 years. The Secretary General has also requested it not to turn these people away. Many Rohingyas would have perished without the support of Bangladesh. It is very generous of them to allow the Rohingyas.

India said they will deport the Rohingyas. The case is being heard in the Supreme Court but how do you interpret India’s position?

My mandate does not allow me to comment on another Government.

Since you discussed Bangladesh, so I thought of asking you about India…

I understand. Right now people are going over to Bangladesh, rather than going to India. So…

In March, in the Security Council, China and Russia blocked a statement on Myanmar which was expected to be critical of the government. Now, that triggers a question. How far can the United Nations move forward to stop such violence?

How effective it [United Nations] is when powerful countries are blocking a move?

I do not have the details of the March session of the Security Council. But I do know that they had held a Security Council meeting a few days ago and that no joint statement could be issued – which is a bit disappointing.

Related posts

WSS Statement in Support of the Women Survivors in the Dera Sacha Sauda Case #Vaw

Image result for dera sacha sauda


We, the members of Women against Sexual Violence and State Repression (WSS), salute the courage of the two women complainants who stood up to sexual oppression and relentlessly continued their struggle for fifteen long years. That they stood up against the might of someone with millions of followers, money and political clout, and in the face of innumerable threats over the years, is nothing short of heroic. We hail the brave journalist Ramchandra Chhatrapati, who paid with his life for first publishing the anonymous letter written by one of the woman in his newspaper “Poora Sach”. We also applaud the activists of Jan Sangharsh Manch, Haryana, for standing quietly and firmly with the women complainants for all these years, despite facing physical and mental violence.

We welcome the CBI court’s decision to sentence the accused to 20 years’ rigorous imprisonment (10 years for each count of rape) and a fine of Rs. 30 lakh. It has also ordered for Dera property to be sold, if necessary, to pay for the damages caused by the rioting by the followers of the accused, over a judgement they were opposed to.


Sequence of events


In 2002, a ‘sadhvi’ serving in Dera Sacha Sauda, Sirsa (Haryana), wrote a letter anonymously addressed to the then Prime Minister of India, Atal Bihari Vajpayee, detailing the incidents of sexual violence meted out on the women by ‘Maharaj’, Gurmeet Ram Rahim Singh. These sadhvis who live like his bonded slaves owing to their families’ faith in him were, according to the letter, routinely sexually abused by him. Any voice raised against this abuse was met with coercion and threats of – or actual — violence on the women and their families.

In the given case, the girl was summoned, by Gurmeet Ram Rahim Singh to his private chambers. He used several ploys to coerce her including threats of murder for refusing to have sex with him and of burial of her body with impunity (her family’s faith in him would go against her in every way). He also talked about his considerable influence with the government of Punjab and Haryana and Central Ministers. The Dera head then raped her. In the letter, she also detailed cases of other women who had been raped and, after having left the Dera, were pressured and threatened by his followers to not reveal their ‘internal’ matters to the outside world. Over the past 15 years, some of those helping the sadhvis were killed and the women were continuously harassed.

Taking suo motu cognisance of the letter, on September 24, 2002, the Punjab and Haryana High Court referred the matter to the Central Bureau of Investigation (CBI) for an inquiry. In this connection, 18 sadhvis were questioned, one of whom told investigators that the Dera chief and his followers were “very dangerous people”. Two of the women accused the Dera chief of rape. One of them said she had been raped in order that she may be “purified”.


Justice and its aftermath


The CBI filed a chargesheet in July 2007. On August 25, 2017, the special CBI court in Panchkula convicted Gurmeet Ram Rahim Singh under Sections 376 (rape) and 506 (criminal intimidation) of the Indian Penal Code (IPC).

The rape conviction led to widespread rioting and rampant and open destruction of public and private property in Punjab and Haryana and parts of Delhi and UP by his followers. Reports indicate at least 35 people were killed in the ensuing violence and more than 200 were injured. However, in the majority of cases, it is unclear what the cause of death was and who the perpetrators were. The DIG has clarified that until the post-mortem is conducted, such information will remain unknown.

WSS does not believe that the state should deploy bullets to quell mass mobilisation (this also goes against international human rights Conventions) or file cases under the antiquated colonial sedition law. In this case, there were several measures the state could have taken leading up to the verdict that could have been more effective and ethical. The inability of the state and central government to control the building numbers of about one lakh followers of the Dera in public parks in Panchkula in the week prior to the verdict is reflective of the nexus of the “godman” and his henchmen with the state machinery. This, despite the police and the administration having been intimated at least one week in advance of the hearing, about the pile-up of petrol, diesel and assorted weapons by the Dera followers, and the impending violence that could be unleashed in case of a hearing that they would consider “unfavourable”. Why was no effective preventive action taken by the state government? Why did at least three Haryana ministers collectively donate Rs. 1.12 crore from their discretionary funds to the Dera chief since August 2016? What measures are going to be taken against those who actively encouraged the impunity of the sexual exploitation that went on within the Dera?

We stand with the women survivors who put the court process in motion and applaud their courage in face of violence and intimidation. We recognise faith-based collectives centred around a person considered ‘divine’ as spaces of control, coercion and violence on women’s bodies. The case also brings to the fore the absence of autonomy and voices that many of these women — despite being educated — lack in their natal and matrimonial homes, where the family will sometimes abet sexual violence. We also recognise that faith-based collectives provide a system of impunity that sexual and financial predators such as Gurmeet Ram Rahim Singh take advantage of, by feeding off the oppression of a largely dalit bahujan following. We condemn the way such predators hollow out the rhetoric of an anti-caste collective mobilisation and deploy their followers towards a goal of impunity. We denounce the fact that, through their open support of the Dera chief, elected state representatives of several political parties have furthered the twisted links between caste, religion, patriarchy and the state, and have turned a blind eye to the violence and sexual exploitation that went on within its walls. We understand this exploitation may not be happening only at the Dera Sacha Sauda, but may be more widespread than has been acknowledged. The rape conviction of Asaram (again set in motion by a young victim in her teens) is yet another a case in point.


In the face of this political chicanery, it is encouraging to see that the courts have condemned the non-action of the governments in Punjab and Haryana and the centre and that the sentencing of Gurmeet Ram Rahim Singh to 10 years for each rape case and monetary compensation for each of the women survivors proceeded as per law without further violence.


We demand:


  • That the Dera Sacha Sauda be shut down and all the people — especially women and children — still staying inside, be evacuated as soon as possible and be amply compensated.
  • An independent investigation to probe allegations of sexual assault on other women residents of the Dera.
  • Speedy closure and justice to the complainants who registered other cases against the Dera chief, including murder and forced castration of male followers.
  • An inquiry into the role of the state and central ministers who openly showed their support to the Dera chief accused of rape, among other crimes.



Related posts

Hotspot of debates, discussions in JNU being forced to down shutters

Yogesh Kant |

Hotspot of debates, discussions in JNU being forced to down shutters

NEW DELHI: Freedom of speech and expression is at the heart of Indian democracy. At Jawaharlal Nehru University, all students’ political groups – many affiliated to mainstream political parties –swear by this right, as they gather and discuss various issues at food joints across the campus at late hours.


However, since February 9, 2016, the University administration is quickly shutting down such spots, where debates and discussion thrive. “Since the establishment of the campus, we have had a culture of debate and discussion. But, it seems the administration is trying to curb such debates,” said Anirban Bhattacharya, a student activist of Bhagat Singh Ambedkar Students Organisation (BASO).


Many famous eating joints, known mainly as space for debates, are being forced to shut down after 10 pm. “Only Ganga Dhaba is allowed to function till 2 am, which is strategically a Draconian step to suppress the debate culture of JNU,” said Apekhsha, a research student and BASO activist. Read This – 54-yr-old British man arrested for sodomising visually-impaired kids “I think there is an increasing narrowness in our public culture these days.

Young people are often told that they must focus on their studies and ‘not poke their noses into others’ business’. Studies seem to have become the be-all and end-all of everything,” said another student at Ganga Dhaba. He added: “I think it is absurd and certainly not the way to function in an educational space – whether it is a school or a university.”

A professor at the University, wishing to remain anonymous, says, “It worries us as educators, as young people will now be afraid to speak their minds. Curbing freedom of speech and the culture of debate is simply not on – not in the university, not anywhere at all. And to accuse those who are raising their voices in support of JNU of creating hatred and playing politics is to miss the point entirely.”


During the poll season, especially, the debates even reach into every hostel. “Things have drastically changed. Only three of the 15 hostels are allowed to conduct such debates in their premises,” Bhattacharya added.

Read more at:

Related posts

#RapistRamRahim jailed: Meet Sudesh Kumari, the woman who braved odds to get justice for a sadhvi

Sudesh Kumari travels in the general compartment. She is not a known face on TV channels, among champions of the cause for women. But she works quietly to make democracy tick. Kumari empathised with the two sadhvis who accused Baba Gurmeet Ram Rahim of sexual exploitation because “the matter was such, how could she not be with them”. It all began when she learnt about the anonymous letter written by the two women against the Dera head at Sachcha Sauda at Sirsa. “I continued to talk to her and felt her pain.”

In June 2002, the copy of the anonymous letter came to her, she was the convenor of Jan Sangharsh Manch (JSM), Haryana. Then on 10 July, the same year, the murder of Ranjit Singh in Khanpur Koliyan, a village close to Kurukshetra made her realise the gravity of the situation. She went to see the young sister of Ranjit Singh. The letter had made it clear that one of the sadhvis, who accused the Baba of rape was from Kurukshetra whose brother was a member of the powerful state committee member of the Dera, who later left it.

File image of Gurmeet Ram Rahim Singh. Wikimedia Commons

File image of Gurmeet Ram Rahim Singh. Wikimedia Commons

The young sadhvi was scared to death. She pleaded Kumari, “My father too would be killed. Please demand a CBI enquiry in the rape and murder of my brother. The Baba is too powerful.” Then in October 2002, the anonymous letter was published by Pura Sach, a local newspaper published from Sirsa. On 21 November 2002, Ramchandra Chhatrapati, the editor of the paper was also murdered. This confirmed beyond doubt who was behind the murders and why. The Dera wanted to silence the people fearing the contents of the letter would become public. When no media house published the letter, with the help of the Haryana Union of Journalists, Kumari and her friends observed a condolence meeting in honour of Chhatrapati and asked people to take an oath to help the victim’s family. People promised but things didn’t move.

Irked, they published a four-page pamphlet and distributed it in thousands to the general public. The pamphlet recounted circumstantial evidence of Baba’s involvement in rape and murder. Men arrested for both murders had guns registered in the name of Dera, one of the accused arrested in Chhatrapati’s murder was the body guard of Baba.

In December 2002, during Geeta Festival, when lakhs throng Kurukshetra, JSM decided to distribute pamphlets and present the demand for CBI enquiry from the visiting vice president Bhairon Singh Shekhawat in the sexual exploitation case of the sadhvis. Instead, the local police arrested the members of the Manch, headed by the JSM convenor, and didn’t let them come out till the vice-president was in town.

This incident made them aware of the might of the man they were fighting, he had the state in his pockets. They organised themselves and worked on a three pronged strategy; organise camps to take public signatures, put posters on buses and public places, distribute the pamphlets and organise protests. They organised signature camps at Pipli, Sonipat, Hisar, Kaithal, Jind, Rohtak etc., leaving Sirsa, where they were threatened for life.

On 5 February, 2003, when they were peacefully holding a camp in Fatehabad to collect people’s signatures a mob from the Dera attacked them, took away women’s chunnis, snatched their purses and earrings. Even the bus fare they had with them was taken away, the glue used for posters was smeared on their face. All the papers with public signatures were torn before them. When they called the police, the cops instead arrested all 14 members of JSM, nine women and five men, on charges of attempt to murder. Sections 307, 303, 149 and 148 were slapped on the peaceful team.

The charge was that they beat members of Dera with serious injuries to life, certified by a government doctor. They had no lawyer, but Harjit Sigh Sandhu and a few more lawyers fought their case without taking a penny for six long years.

“The Bar Association of Fatehabad and Kurukshetra demanded in one voice our release, still the charge sheet produced by police used section 307 against us. But people had seen what happened, they supported us. The young sadhvi, who was shaken after her brother’s murder, and was also facing problems in her personal life said when we were released, “Why did you go to jail for me?”

Harjinder Kaur was only a college student when she went to jail under 307 and Bhuvnesh was a student of class 11, now he is a doctor.

“Our courage gave her hope, she was wavering fearing for her father’s life, but after this incident, she stood firm like a rock. You know how difficult it is for an Indian woman to go to a police station under normal circumstances. She was standing against the might of a man supported by the state machinery,” the JSM convenor said.

“Wouldn’t I feel dead inside if I left her? I could never know what it’s like to be in her shoes. I could only walk with her,” Kumari said.

Related posts