Mak Man, a Lahore-based hacker, gave a virtual scare to Gaana.com Thursday by executing a Proof of Concept (POC) hack on the Indian streaming music site. After a stand-off that lasted several hours, the matter was resolved late Thursday evening. In an exclusive chat, Mak Man answers Business Standard queries over Facebook Messenger. Edited excerpts:
Can you explain in layman terms what exactly did you do? What did you plan to demonstrate by this act?
I just highlighted an issue in a very controlled environment. The issue was that an end user had the privileges to execute SQL commands on their back end server, giving him/her access to all the details stored in their database including user details.
Q: Are you satisfied with Gaana.com’s response?
A: Yes, I’m totally satisfied with the response.
Q: How did you choose Gaana.com?
A: It was a targeted hack.
Q: Are other Indian e-commerce sites that are similarly vulnerable?
A: I’m not sure.
Q: Will you take the offer given by Satyan?
A: Why not ..
