CBSE OSM whistleblower Nisarga Adhikary hired by IIT Kanpur with ‘decent salary’ but…
Nisarga Adhikary, a 19-year-old ethical hacker from West Bengal, has been hired by the Indian Institute of Technology Kanpur after independently uncovering multiple security vulnerabilities
Nisarga Adhikary, a 19-year-old ethical hacker from West Bengal, has been hired by the Indian Institute of Technology Kanpur after independently uncovering multiple security vulnerabilities, although the offered salary was lower than he had expected, according to a report by Hindustan Times. Also Read | CJP launches nationwide stir against Dharmendra Pradhan from Pune “The salary is decent, but I was expecting a bit more. I’m used to working on projects and with companies based in the US, and I do miss the financial advantage that comes with earning in dollars because of the USD-INR conversion,” he told HT. Among the issues he reported were critical flaws that enabled OTP bypass, unauthorised access to examiner accounts through a hardcoded master password, and the possibility of gaining access to millions of students’ answer sheets.
What is his job? At IIT Kanpur, Nisarga Adhikary will be responsible for analysing publicly available information and uncovering security weaknesses in websites and applications, assisting organisations in identifying and mitigating potential cyber threats, as reported by HT. He has joined the institute’s cybersecurity team on a contractual appointment. OSM portal was not "thoroughly" tested for functionality: IIT panel The On-Screen Marking (OSM) portal, which is used to evaluate the Class XII answer sheets of lakhs of students, was not subjected to comprehensive testing or an adequate assessment of its functionality, security weaknesses, and potential risks before being deployed, according to a member of the Indian Institute of Technology panel reviewing the Central Board of Secondary Education post-result ecosystem, who spoke to ANI.
The IIT panel, formed in response to the controversy surrounding the OSM portal, is expected to submit its findings and recommendations to the Ministry of Education within the next few days. Also Read | HC seeks response from Centre, CBSE on plea highlighting OSM discrepancy "It was not thoroughly tested. It is not like it (the portal) was not tested, there was an auditor hired by CBSE who tested it and gave its go ahead and everything. But a through analaysis was not done, that should have been done. The auditing was not suficient," the member of the IIT panel told ANI on the condition of anonymity. The member also clarified that while the ethical hacking incident exposed serious vulnerabilities, there was no evidence to suggest that student records had been leaked or misused.
The BriefWire