Monday, September 29, 2008

Smoking Banned from October 2nd

If you're a chain smoker, you're in for some really rough time come October 2nd - the long gestating new rules for the ban of smoking will be implemented on Gandhi Jayanti.

The 'Prohibition of Smoking in Public Places Rules' by the Union health ministry kick starts in October 2 would ban tobacco consumption in all government or private buildings. Sweating over what 'public places' means? Keep sweating, for the list is this - small cafes, restaurants, schools, pubs or discotheques, stadia, airports, hospitals and bus stands.

In you're caught smoking in the above places, you'd have to to shell out Rs 200. And that's just the first few days, because the fine would later be revised to Rs 1,000.

And the public places that allow employees to smoke within their building premises would have to cough up Rs 5,000 per employee caught smoking.

Smokers' only refuge would be the road or parks.

Also, under the new rules, cigarette and bidi packs will feature either a glossy photo of infected human lungs or an X-ray plate of the chest of a cancer-sticken man. Packets of chewing and smokeless tobacco products will flaunt a graphic image of a scorpion that depicts cancer.

Smoking on the road or the park will save others from the wrath of passive smoking. 250-300 million Indians consume some form of tobacco. And around 14.1% of school-going children have started to smoke.

Health minister A Ramadoss said, "Research has shown that smoking would kill 10 lakh people in India annually from 2010. At present, we estimate that 40% of India's health problems stem from tobacco use. So a smoking ban is essential to save India's future. A similar smoke-free policy introduced by England and Scotland last year saw 45,000 people giving up smoking in just 10 months"

We completely agree with Mr Ramadoss. So if you're a smoker and you think Mr Ramadoss is merely blowing smoke, you can expect the Smokeys showing up in your face brandishing Rs 200 chalans as smoking guns.

-Abhiz

Monday, September 15, 2008

Security Incident Analysis Report

You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.

What matters the most to CXO's when dealing with Incidents:

1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.

The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.

There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.

So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.

-Abhiz

Security Incident Analysis Report

You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.

What matters the most to CXO's when dealing with Incidents:

1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.

The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.

There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.

So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.

-Abhiz

Security Incident Analysis Report

You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.

What matters the most to CXO's when dealing with Incidents:

1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.

The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.

There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.

So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.

-Abhiz

Security Incident Analysis Report

You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.

What matters the most to CXO's when dealing with Incidents:

1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.

The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.

There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.

So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.

-Abhiz

Security Incident Analysis Report

You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.

What matters the most to CXO's when dealing with Incidents:

1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.

The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.

There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.

So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.

-Abhiz

Security Incident Analysis Report

You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.

What matters the most to CXO's when dealing with Incidents:

1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.

The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.

There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.

So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.

-Abhiz

Security Incident Analysis Report

You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.

What matters the most to CXO's when dealing with Incidents:

1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.

The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.

There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.

So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.

-Abhiz

Security Incident Analysis Report

You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.

What matters the most to CXO's when dealing with Incidents:

1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.

The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.

There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.

So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.

-Abhiz

Security Incident Analysis Report

You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.

What matters the most to CXO's when dealing with Incidents:

1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.

The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.

There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.

So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.

-Abhiz

Security Incident Analysis Report

You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.

What matters the most to CXO's when dealing with Incidents:

1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.

The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.

There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.

So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.

-Abhiz

Security Incident Analysis Report

You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.

What matters the most to CXO's when dealing with Incidents:

1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.

The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.

There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.

So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz

Security threats of Biometric E - Passports in India

Mr Pranab Mukherjee, External Affairs Minister of India has declared that E-Passports and Biometric passports will be availiable and issued to general public by september 2009.

This will surely help the government to issue passports quickly but the problem lies in the technology, The Biometric passport experiment by the United States and other countries have already been under the ire of hackers.

It has been proved that the biometric passports have been cloned even while they were lying in the bag of the holder, no need to have the passport in your hand.

The new version of passports were released by British government which said was said to be "FakeProof" even that was not of any use, the FakeProof Passports were cloned in minutes of launch.

If the biometric e-passports launched by India are cloned, it can be misused and that can lead to bad consequences like identity theft, flee from one country to other and sky is limit to do frauds with these cloned passports.

Now with the growing threats of Cybercrime, Hacking incidents from China and other countries, Terrorists using Open Wifi and Governments dependence on technology is not going to be easy.

Indian government needs to think about how they are going to do it and no matter how foolproof and secure the technology is we know it can be breached. There is major challenge for the government in so agressive adoption of technology and with the technology even the law needs to be updated because the IT Act 2000 is quite outdated the recent amendments are not enough to cover the new threats and challenges standing ahead of us.

-Abhiz

Security threats of Biometric E - Passports in India

Mr Pranab Mukherjee, External Affairs Minister of India has declared that E-Passports and Biometric passports will be availiable and issued to general public by september 2009.

This will surely help the government to issue passports quickly but the problem lies in the technology, The Biometric passport experiment by the United States and other countries have already been under the ire of hackers.

It has been proved that the biometric passports have been cloned even while they were lying in the bag of the holder, no need to have the passport in your hand.

The new version of passports were released by British government which said was said to be "FakeProof" even that was not of any use, the FakeProof Passports were cloned in minutes of launch.

If the biometric e-passports launched by India are cloned, it can be misused and that can lead to bad consequences like identity theft, flee from one country to other and sky is limit to do frauds with these cloned passports.

Now with the growing threats of Cybercrime, Hacking incidents from China and other countries, Terrorists using Open Wifi and Governments dependence on technology is not going to be easy.

Indian government needs to think about how they are going to do it and no matter how foolproof and secure the technology is we know it can be breached. There is major challenge for the government in so agressive adoption of technology and with the technology even the law needs to be updated because the IT Act 2000 is quite outdated the recent amendments are not enough to cover the new threats and challenges standing ahead of us.

-Abhiz

Security threats of Biometric E - Passports in India

Mr Pranab Mukherjee, External Affairs Minister of India has declared that E-Passports and Biometric passports will be availiable and issued to general public by september 2009.

This will surely help the government to issue passports quickly but the problem lies in the technology, The Biometric passport experiment by the United States and other countries have already been under the ire of hackers.

It has been proved that the biometric passports have been cloned even while they were lying in the bag of the holder, no need to have the passport in your hand.

The new version of passports were released by British government which said was said to be "FakeProof" even that was not of any use, the FakeProof Passports were cloned in minutes of launch.

If the biometric e-passports launched by India are cloned, it can be misused and that can lead to bad consequences like identity theft, flee from one country to other and sky is limit to do frauds with these cloned passports.

Now with the growing threats of Cybercrime, Hacking incidents from China and other countries, Terrorists using Open Wifi and Governments dependence on technology is not going to be easy.

Indian government needs to think about how they are going to do it and no matter how foolproof and secure the technology is we know it can be breached. There is major challenge for the government in so agressive adoption of technology and with the technology even the law needs to be updated because the IT Act 2000 is quite outdated the recent amendments are not enough to cover the new threats and challenges standing ahead of us.

-Abhiz

Security threats of Biometric E - Passports in India

Mr Pranab Mukherjee, External Affairs Minister of India has declared that E-Passports and Biometric passports will be availiable and issued to general public by september 2009.

This will surely help the government to issue passports quickly but the problem lies in the technology, The Biometric passport experiment by the United States and other countries have already been under the ire of hackers.

It has been proved that the biometric passports have been cloned even while they were lying in the bag of the holder, no need to have the passport in your hand.

The new version of passports were released by British government which said was said to be "FakeProof" even that was not of any use, the FakeProof Passports were cloned in minutes of launch.

If the biometric e-passports launched by India are cloned, it can be misused and that can lead to bad consequences like identity theft, flee from one country to other and sky is limit to do frauds with these cloned passports.

Now with the growing threats of Cybercrime, Hacking incidents from China and other countries, Terrorists using Open Wifi and Governments dependence on technology is not going to be easy.

Indian government needs to think about how they are going to do it and no matter how foolproof and secure the technology is we know it can be breached. There is major challenge for the government in so agressive adoption of technology and with the technology even the law needs to be updated because the IT Act 2000 is quite outdated the recent amendments are not enough to cover the new threats and challenges standing ahead of us.

-Abhiz

Security threats of Biometric E - Passports in India

Mr Pranab Mukherjee, External Affairs Minister of India has declared that E-Passports and Biometric passports will be availiable and issued to general public by september 2009.

This will surely help the government to issue passports quickly but the problem lies in the technology, The Biometric passport experiment by the United States and other countries have already been under the ire of hackers.

It has been proved that the biometric passports have been cloned even while they were lying in the bag of the holder, no need to have the passport in your hand.

The new version of passports were released by British government which said was said to be "FakeProof" even that was not of any use, the FakeProof Passports were cloned in minutes of launch.

If the biometric e-passports launched by India are cloned, it can be misused and that can lead to bad consequences like identity theft, flee from one country to other and sky is limit to do frauds with these cloned passports.

Now with the growing threats of Cybercrime, Hacking incidents from China and other countries, Terrorists using Open Wifi and Governments dependence on technology is not going to be easy.

Indian government needs to think about how they are going to do it and no matter how foolproof and secure the technology is we know it can be breached. There is major challenge for the government in so agressive adoption of technology and with the technology even the law needs to be updated because the IT Act 2000 is quite outdated the recent amendments are not enough to cover the new threats and challenges standing ahead of us.

-Abhiz

Security threats of Biometric E - Passports in India

Mr Pranab Mukherjee, External Affairs Minister of India has declared that E-Passports and Biometric passports will be availiable and issued to general public by september 2009.

This will surely help the government to issue passports quickly but the problem lies in the technology, The Biometric passport experiment by the United States and other countries have already been under the ire of hackers.

It has been proved that the biometric passports have been cloned even while they were lying in the bag of the holder, no need to have the passport in your hand.

The new version of passports were released by British government which said was said to be "FakeProof" even that was not of any use, the FakeProof Passports were cloned in minutes of launch.

If the biometric e-passports launched by India are cloned, it can be misused and that can lead to bad consequences like identity theft, flee from one country to other and sky is limit to do frauds with these cloned passports.

Now with the growing threats of Cybercrime, Hacking incidents from China and other countries, Terrorists using Open Wifi and Governments dependence on technology is not going to be easy.

Indian government needs to think about how they are going to do it and no matter how foolproof and secure the technology is we know it can be breached. There is major challenge for the government in so agressive adoption of technology and with the technology even the law needs to be updated because the IT Act 2000 is quite outdated the recent amendments are not enough to cover the new threats and challenges standing ahead of us.

-Abhiz

Security threats of Biometric E - Passports in India

Mr Pranab Mukherjee, External Affairs Minister of India has declared that E-Passports and Biometric passports will be availiable and issued to general public by september 2009.

This will surely help the government to issue passports quickly but the problem lies in the technology, The Biometric passport experiment by the United States and other countries have already been under the ire of hackers.

It has been proved that the biometric passports have been cloned even while they were lying in the bag of the holder, no need to have the passport in your hand.

The new version of passports were released by British government which said was said to be "FakeProof" even that was not of any use, the FakeProof Passports were cloned in minutes of launch.

If the biometric e-passports launched by India are cloned, it can be misused and that can lead to bad consequences like identity theft, flee from one country to other and sky is limit to do frauds with these cloned passports.

Now with the growing threats of Cybercrime, Hacking incidents from China and other countries, Terrorists using Open Wifi and Governments dependence on technology is not going to be easy.

Indian government needs to think about how they are going to do it and no matter how foolproof and secure the technology is we know it can be breached. There is major challenge for the government in so agressive adoption of technology and with the technology even the law needs to be updated because the IT Act 2000 is quite outdated the recent amendments are not enough to cover the new threats and challenges standing ahead of us.

-Abhiz

Security threats of Biometric E - Passports in India

Mr Pranab Mukherjee, External Affairs Minister of India has declared that E-Passports and Biometric passports will be availiable and issued to general public by september 2009.

This will surely help the government to issue passports quickly but the problem lies in the technology, The Biometric passport experiment by the United States and other countries have already been under the ire of hackers.

It has been proved that the biometric passports have been cloned even while they were lying in the bag of the holder, no need to have the passport in your hand.

The new version of passports were released by British government which said was said to be "FakeProof" even that was not of any use, the FakeProof Passports were cloned in minutes of launch.

If the biometric e-passports launched by India are cloned, it can be misused and that can lead to bad consequences like identity theft, flee from one country to other and sky is limit to do frauds with these cloned passports.

Now with the growing threats of Cybercrime, Hacking incidents from China and other countries, Terrorists using Open Wifi and Governments dependence on technology is not going to be easy.

Indian government needs to think about how they are going to do it and no matter how foolproof and secure the technology is we know it can be breached. There is major challenge for the government in so agressive adoption of technology and with the technology even the law needs to be updated because the IT Act 2000 is quite outdated the recent amendments are not enough to cover the new threats and challenges standing ahead of us.

-Abhiz

Security threats of Biometric E - Passports in India

Mr Pranab Mukherjee, External Affairs Minister of India has declared that E-Passports and Biometric passports will be availiable and issued to general public by september 2009.

This will surely help the government to issue passports quickly but the problem lies in the technology, The Biometric passport experiment by the United States and other countries have already been under the ire of hackers.

It has been proved that the biometric passports have been cloned even while they were lying in the bag of the holder, no need to have the passport in your hand.

The new version of passports were released by British government which said was said to be "FakeProof" even that was not of any use, the FakeProof Passports were cloned in minutes of launch.

If the biometric e-passports launched by India are cloned, it can be misused and that can lead to bad consequences like identity theft, flee from one country to other and sky is limit to do frauds with these cloned passports.

Now with the growing threats of Cybercrime, Hacking incidents from China and other countries, Terrorists using Open Wifi and Governments dependence on technology is not going to be easy.

Indian government needs to think about how they are going to do it and no matter how foolproof and secure the technology is we know it can be breached. There is major challenge for the government in so agressive adoption of technology and with the technology even the law needs to be updated because the IT Act 2000 is quite outdated the recent amendments are not enough to cover the new threats and challenges standing ahead of us.

-Abhiz

Security threats of Biometric E - Passports in India

Mr Pranab Mukherjee, External Affairs Minister of India has declared that E-Passports and Biometric passports will be availiable and issued to general public by september 2009.

This will surely help the government to issue passports quickly but the problem lies in the technology, The Biometric passport experiment by the United States and other countries have already been under the ire of hackers.

It has been proved that the biometric passports have been cloned even while they were lying in the bag of the holder, no need to have the passport in your hand.

The new version of passports were released by British government which said was said to be "FakeProof" even that was not of any use, the FakeProof Passports were cloned in minutes of launch.

If the biometric e-passports launched by India are cloned, it can be misused and that can lead to bad consequences like identity theft, flee from one country to other and sky is limit to do frauds with these cloned passports.

Now with the growing threats of Cybercrime, Hacking incidents from China and other countries, Terrorists using Open Wifi and Governments dependence on technology is not going to be easy.

Indian government needs to think about how they are going to do it and no matter how foolproof and secure the technology is we know it can be breached. There is major challenge for the government in so agressive adoption of technology and with the technology even the law needs to be updated because the IT Act 2000 is quite outdated the recent amendments are not enough to cover the new threats and challenges standing ahead of us.

-Abhiz

Security threats of Biometric E - Passports in India

Mr Pranab Mukherjee, External Affairs Minister of India has declared that E-Passports and Biometric passports will be availiable and issued to general public by september 2009.

This will surely help the government to issue passports quickly but the problem lies in the technology, The Biometric passport experiment by the United States and other countries have already been under the ire of hackers.

It has been proved that the biometric passports have been cloned even while they were lying in the bag of the holder, no need to have the passport in your hand.

The new version of passports were released by British government which said was said to be "FakeProof" even that was not of any use, the FakeProof Passports were cloned in minutes of launch.

If the biometric e-passports launched by India are cloned, it can be misused and that can lead to bad consequences like identity theft, flee from one country to other and sky is limit to do frauds with these cloned passports.

Now with the growing threats of Cybercrime, Hacking incidents from China and other countries, Terrorists using Open Wifi and Governments dependence on technology is not going to be easy.

Indian government needs to think about how they are going to do it and no matter how foolproof and secure the technology is we know it can be breached. There is major challenge for the government in so agressive adoption of technology and with the technology even the law needs to be updated because the IT Act 2000 is quite outdated the recent amendments are not enough to cover the new threats and challenges standing ahead of us.

-Abhiz

Wednesday, September 10, 2008

Top Network Security Test To Business

This report was released targeting SMB's but I would say these threats are very prominent in Big Organizations also. The threats fall into the same category but the only variation is the method of exploitation.


The 10 network security threats can be found below:

10) Insiders
- In many SMBs, business records and customer information is often entrusted to a single person. Without adequate checks and balances, including network system logs and automated reports, data loss from within can stretch over long periods of time.

9) Lack of Contingency Plans - One of the biggest threats to SMBs relates to the business impact of post-hack, intrusion or virus. Many SMBs lack a data loss response policy or disaster recovery plan, leaving their business slow to recover and restart operations.

8) Unchanged Factory Defaults - Hackers publish and maintain exhaustive lists of default logins (username and password) to nearly every networked device, and can easily take control of network resources if the default factory configuration settings are not changed.

7) The Unsecured Home - In many small businesses, employees often take laptops home to work. In an unsecured home network environment, a business laptop can be dangerously exposed to viruses, attacks and malware applications.

6) Reckless Use of Public Networks - A common ruse by attackers is to put up an unsecured wireless access point labelled, "Free Public WiFi" and simply wait for a connection-starved road warrior to connect. With a packet sniffer enabled, an attacker stealthily sees everything the employee types, and is then able to utilize that data for personal gain.

5) Loss of Portable Devices - Much SMB data is compromised every year due to lost laptops, misplaced mobile devices and left behind USB sticks. Although encryption of mobile device data and use of strong passwords would mitigate many of these losses, many SMB users simply fail to secure their mobile devices and data.

4) Compromised Web Servers - Many SMBs host their own websites without adequate protection, leaving their business networks exposed to SQL injections and botnet attacks.

3) Reckless Web Surfing - Now more than ever, malware, spyware, keyloggers and spambots reside in innocuous looking websites. Employees who venture into ostensibly safe sites may be unknowingly exposing their business networks to extreme threats.

2) Malicious HTML E-mail - No longer are attackers sending e-mails with malicious attachments. Today, the threat is hidden in HTML e-mail messages that include links to malicious, booby-trapped sites. A wrong click can easily lead to a drive by download.

1) Unpatched Vulnerabilities Open to Known Exploits - More than 90 percent of automated attacks try to leverage known vulnerabilities. Although patches are issued regularly, a short staffed SMB may likely fail to install the latest application updates and patches to their systems, leaving them vulnerable to an otherwise easily stopped attack.

WatchGuard Technologies has released the above findings..

-Abhiz

Google can be bad for you company - Tech and Security Flaws

An error in Google News index service which is fully automatic and no manual labor is involved in screening it. Caused an error due to which a old news (2002 article) was treated as a latest news item and this was included by a investor news service in their daily news letter which said the United Airlines has filed for bankruptcy. Which was a fear in the minds of the investors due to the history of United Airlines.

The Stock of United Airlines fell 75% from $12.30 to less than $3.

A simple flaw in Google news index service caused a lot of pain not only for the company but even for the traders and investors.

Tip: Google news utilizes the Google Indexing Service which surely will be vulnerable to this current flaw and this can be used by SEO enthusiasts to get good placing in the search engine results.

The way Google is coming up with products which are always full of flaws, never polished and quietly labeled "Beta". Google is causing lot of problems for people. Google uses the Crowd Sourcing mentality in which everyone follows one stupid guy and due to one guy everyone suffers. It feels like a Sweet Poison.

Take recent security flaws discovered in Google :
1) Gmail session key hijacking
2) Recent Google Apps outage - 2 Times
3) Random deletion of emails in Gmail going on from long time
4) The famous Google Chrome Browser which is full of vulnerabilities.
5) Google updates Chrome browser without even asking users if they want to upgrade to the latest version. They install it silently.

It has become a Fashion statement to make fun of Microsoft and abuse Bill Gates but they are getting much better than what they were sometime back.

Google created a hype about Chrome Web Browser but it was ripped apart by Security researchers in no time.

Google should stop being irresponsible and take flaws (Security or Non-Security) very seriously.

Google surely has a lot of talented resources at disposal and they should be put to correct work, 20% time is not always a good idea.

-Abhiz

Sunday, September 7, 2008

Phishing: Security Alerts From HDFC Bank






There was a wave of emails coupled by phishing attacks for ICICI
Bank customers and it has considerable slowed down. Today I saw this
email in my inbox claiming to be from netbanking@hdfcbank.com - Which
says it is a Security Alert that I need to enter my Customer ID and
IPIN so that the technical Crew HDFC can perform a security upgrade.


You can see the actual Email below.

There are many mistakes in this email and I wonder why the AntiSpam didn't pick it up.

1)
The SPF test for this Email Server Fails, It is coming from
208.78.58.98 - host98.xicom58.juch-tech.com, Located in Canada where as
Hdfcbank.com is a different IP altogather.
2) The Link is pointing to http://hdfcsecuredataaccess.agilityhoster.com/ instead of HDFC Bank.
3) AnyBank will not send an email which such poor layout.
4) No Bank will send such an email to its customers to enter their Login details on a website.

This
kind of Phishing attack is nothing new, But looking at the recent
pattern's of growin phishing attacks and web malware there is lot more
of such Phishing scams to come with localised version, specially
targetted for Indians.

First it was ICICI Bank Now its HDFC and soon it might be AXIS or SBI.

Just
play safe, Don't click on any such links in email, your bank will never
ask you to verify your login details or credit card number(They already
have those details).


-Abhiz

Portable Google Chrome Browser Download

Google has unveiled a new browser Google Chrome with lots of features and is available for download - Portable Version

1) Simple UI - They didn't have good resources to do it.
2) Open Source - Candy for Tech Guys
3) Based on WebKit - Similar to Safari which makes chrome faster than IE and Firefox
4) Dynamic Tabs
5) Safe or Privacy mode browsing
6) Uses Less memory - We will see that in the near future when a full fledged version is out.
7) Sandboxed - So that a crash in tab 1 cannot crash the whole browser.

Everything
is right, What Google has done with Chrome is cool but again we cannot
ignore the security issues that will surface against the most advanced
browser :P

There are already Browser Crash issues being report
so there is no way you can say it is going to be a secure browser, I
had a test run but I am still not convinced about it. I will stick with
Firefox 3 for now.

Google wants to move everything to the web
hence they released this browser, this is for their own gain not for
community so anyways their focus will be more on Web Apps rather than
Security.

Google planned to sell Chrome by saying it is
Sandboxed and with full of security integrated but you can see it for
your self by clicking the link below with Chrome.

Click this link with Google Chrome for Magic

You can download the Portable version of Google Chrome from here

Abhiz