If I am not wrong we are now in the Kalyug age, but nowadays it seems more like Leak-Yug seeing the amount of data being hacked, leaked, stolen and conned. The other day I was wondering what will follow Kalyug and it seems that after this leaky yug will come the NagnYug (Nude-Yug)! Our personal information is already leaked and sold globally, all our moves are monitored and logged, so it seems silly to worry about privacy! We are all wearing the emperor’s robes – you, me, mankind have already handed over our everything and biometrics to state and non-state actors.
Even Tim Berners-Lee is worried and says we need to save the internet and that “We’ve lost control of our personal data”. There is more but we got to look at other things too.
In India data leaks don’t happen <LOL> it just doesn’t happen in India, period (It cant happen here because “Haamare paas Maa hai”). Every “report” is a rumor or a saajish by Pakistan or the Opposition party. So, custodians like UIDAI, IRCTC, NPCI, Banks, are all too strongly protected to allow anyone (or anything) within. Nothing reported outside is true.
For example, CERT-In site went down for a few hours, allegedly hacked or DOSsed, but the CERT boss maintains that it did not happen, and that he has the logs to prove it. No DOS, no downtime – the outside world was miraging!
Lets look at some good news…. RBI has been making the security moves for quite some time, moving ahead slowly and steadily. Now IRDA joins them in the quest for making the insurance domain secure – they have released a Cyber Security Framework – the draft is put out for public comments. Kudos! At the same time Min of IT has also put out a draft IoT Policy and Draft rules for Security of Prepaid Payment Instruments under provisions of IT Act 2000 inviting comment. Kudos once more!
And some crappy news… The elections in five states are over, but EVMs are making more news than the winners and losers are sore. Every party (except the winner) is accusing this dumb machine of being a BJP pawn and stealing their votes. Videos from 2010 have surfaced and the media is (as usual) going bonkers discussing the weaknesses. Much to be written, but, in the meanwhile enjoy this EVM Hack Video <LOL – I love the seriousness of the ‘research’ team – goras add so much more authenticity to any shit. My friend Samir has a well researched blog but …
My take is that this is really not possible, even though the weaknesses seem obvious – the reason is that the logistics of carrying out such a fraud / change / hack are too big to go unnoticed.
- CERT-In website was down for 3 hours, as per reports, but this is denied by CERT and they say they have the logs to prove it… Does Mr Bahl expect us to believe that we will EVER get to see the logs which he is flaunting – give me a break!
- Flushing Responsible Disclosure down the drain – A friend called to ask what to do with a discovery about a serious vulnerability in Canara Bank and Shoplclues – I advised that he should just shut up and let them get rogered, rather than him getting rogered, for doing a good deed. Indian business owners and CxOs are mostly stuck-up types and need to read (and re-read) the first lines of this blog. Then the CxO needs to thank God for the messiah who shared the vulnerability and saved his job. My apologies for this but nincompoops deserve no better.
- Whatsapp and Telegram are hugely popular and a critical vulnerability was disclosed that allows anyone to take over the account(s)
- Your Sex life is also not private – smart sex toy maker hit by a class action suit after it was disclosed that they were collecting usage information and more!
Troubles in Unicorn Land (very exciting place to be in)
The ecommerce domain continues to have a lot of issues – it was always about money, but now it is about fraud, boardrooms and bedrooms. Shopclues is in the news because the founder wife kicked out her founder husband ; and he has disclosed that she is in bed with the CEO. Stayzilla had shut shop and now the founder was arrested for some payment default and co-founder gets a death threat to his son’s life , it is high handed action and the police is facing flak for the same. Flipkart managed to get a billion dollars and may be out of ICU, they seem to be breathing ok , and their valuation is back at $ 15 billion. At the same time Roomstonite shut shop and Snapdeal loses two more senior executives. Some more dirt … TVF CEO Arunabh Kumar faces over 50 sexual harassment accusations
- A very smart SMS Fraud Fraudsters get sophisticated and the payload becomes better. Users have been getting an SMS, which is quite convincing, asking them to call a phone number for an apparent vishing attack.
- McDonalds India seems to have put their burgers out in the open and apparently compromises personal customer data. They say there is no payment data (so this is not sensitive.. LMFAO)
- Life may become a bit more difficult for cyber cops as Facebook changes their policy and prohibits the use of surveillance tools on the data on their site
- Security flaw found in Whatsapp and Telegram (mentioned above)
- ATM users beware of this pinhole camera – when using the ATM make sure you cover the pinpad.
- The positive moves by government and regulatory agencies to define cyber security policy by IRDA and DeiTY as discussed earlier
- Conversations with a number of government officials and academicians are very uplifting and a lot of work is being done all round to bring about a mature cyber security posture. Best wishes to all.
- Banks and eWallet companies have decided to charge for transactions. This is totally regressive considering the objective of demonetization and digital India. After being pushed into using digital tools, it is unfair to levy charges for digital transactions.
- Unicorn rider Vasupal (founder of Stayzilla) says he has made mistakes (in a nutshell – revenue based on GMV or discounts based growth is not the way to go). Remember Snapdeal founders also had contritely talked about having made errors when they announced zero paycheck and layoffs.
- Folks it is no rocket science – you run a business to make profit and not to spend someone else’s money.
- Me too want Cyberwar pie – Canada joins the cyberweapons development game and is developing an arsenal of cyber-weapons: National Defence documents state “cyber” becoming an increasing defense and security “challenge,” admit to developing weapons.
Concluding take: we already have IoT and a host of vulnerable technologies which are good enough to shoot ourselves, so why a new genre of cyber weapons!