Personal tools

Number of visitors
since 27 March 2006
 
Document Actions

Hacking US Visa from visitors wishing to stay in US at resorts website

Click here to start saving with ING DIRECT!

Digg!

My in-laws have applied for US visitor visa and I am tracking their US Visa WebsiteVISA appointment to see if we can prepone it so that they can come early to the US. I was at first impressed with the VFS (http://www.vfs-usa.co.in) website that caters to the US Visa requests from India for the controls that they had in place to ensure correctness and security. It would have never occurred to me to test those as I would have expected that any government website would tested and re-tested against vulnerabilities. When you think of how many people enter the US every year, how many leave to vacation at Mexico all-inclusive resorts or come to work here after working at Barbados all inclusive hotels, it is surprising.

I guess I was wrong. All I did was to enter my father-in-laws details on the website. While doing so I somehow entered the last three digits of his visa fees receipt number wrong and VIOLA!!! I was presented with records of three apparently related people who were totally unrelated to me or my father-in-law. I could have canceled their appointment or done all kind of mischief. Needless to say, I closed the web-page promptly after taking this screen-shot. It appears that at some point RAID data recovery will be necessary for those victimized by hackers.

Whether I should inform the US Visa department or not, I am not sure. But I thought I should publish this.

Cloud VPS Hosting

Acronis True Image 2012 Special offer 125x125
iTunes, App Store, iBookstore, and Mac App Store