I have maintained, for a long time, that privacy was long dead and I really don’t know why we spend so much time and effort to discuss privacy (the schoolbook type) when every corporation, individual or government is making all out efforts to know exactly what you are doing / wearing / thinking etc at any time of the day. Plus they are merrily sharing or selling the information they have collected.
Now the US government just broke open another Pandora’s box allowing ISPs to sell web browsing history. So, now it becomes easier to profile the users or find them and influence them. We knew that Google Maps tracks us but now other folks can also view us as we move, and I am sure we will be happy to share with the world. The iPhone was doing this long back and recently we learn about some cutting edge tools created by CIA to compromise iPhones and MacBooks.
A number of my esteemed lawyer friends argue about privacy and individual rights, and I always say, please be practical because they are also using smart phones and all smart devices assume they are smarter. So now we have a new nail hammered into the coffin of privacy!
When there is nothing sacrosanct, as in you cannot trust anything, it is time to build your own defenses and mistrust all that you install. What you do should ONLY be need based – the reason is that If your anti-virus can be turned against you, what hope do you have to safeguard your privacy!
IndiaWatch is working to put together a resource page with contact information about Cyber Cells and Banks. Please review and volunteer with information and to help. Hanubot, the information security comic has been launched (it is the first in India) – buy it for your kids, school or for your library.
- Courtesy @jnazario: The DEFCON CTF VM, 7 years of CTFs in one VM, playable at home (useful for training, team building, etc)
- How to write an information security policy Learn the critical first step, why consensus is key, what to cover and how make your information security policy — and program effective.
Makers For India
- My old friend and innovator, Raj has launched the first information security awareness comic book – Hanubot – its an activity kit focused on Sextortion and Online Blackmail attacks. Great move!
- CISCO launched it’s made in India router – this is good news, and one hopes that CISCO has not brought any of their global vulnerabilities to India.
- DefCom-2017 Govt to consider creating a separate category of Fast Track procurement for ICT equipment I see a big push for ICT indigenization, creation of the digital army, and more. While wishing all the best I must ask a question which remains unanswered since I first posed it 6 years back – how will an individual genius hacker get the opportunity to make a million bucks from cyber defence contracts? CII or any of these industry organizations are light years away from a “>23 year” old infosec cat/L33T/ genius.
Publications – Indian publications are coming up in the print space:
- Hanubot – the comic book is featured above!
- Digital 4n6 Journal, the Indian magazine focused on Digital Forensics – subscribe and pick up the previous issues from their website.
- DefCom2017 launched DEFCOM Journal, a compendium of technical articles from industry, academia and Services personnel was released at the DEFCOM 2017.
- Information Security Handbook – coming soon from the publishers of the Digital 4n6 Magazine.
Shape of Things to come – Opportunities and Threats
- Spy drone the size of a mosquito available for $ 119, funded by the US Government – it can be remotely controlled and can carry a camera and microphone. Will stick to your skin or clothes and follow you making sure your privacy goes down the drain!
- The Indian Government has replaced the Cyber Appellate Tribunal (CAT) (as proposed in the IT Act 2000), by merging it with the Telecom Disputes Settlement & Appellate Tribunal (TDSAT) via the Finance Bill 2017. From one dead zone to a clueless zone – how will TDSAT look at Cyber issues is the big Q. You can read some rational views by Naavi here and hope that better sense prevails.
- AI2 is here before we could digest AI – this is an amalgamation of AI with Human Intelligence and takes AI to the next level. We are really seeing Minority Report coming true so will we be seeing cyborgs too?
Crime and Crap…
- McDonalds India Allegedly Exposes Personal Data of 2.2 Million Indian Users – McDelivery app is vulnerable and the have not yet repaired the issue though they were informed on Feb 04, 2017 (they don’t seem to have filed a police complaint too).
- Aadhaar information is leaked – first it was Axis bank and it’s axis of evil that was storing aadhaar numbers, and now this.
- Report: Dark web vendor selling millions of Gmail and Yahoo accounts – According to the report, one of SunTzu583’s new listings is offering approximately 21.8 million compromised Gmail accounts for $450.48 – privacy is cheap!
- QR Codes are now under the scanner – ePayments scams reported in China QR code replaced and wallets and bank accounts are at risk.
- CVC data lost! – Of course Central Vigilance Commission (CVC) Govt of India has denied the report that its online data wiped out after server crash. The anti-graft body has told Outlook that there was no loss of data but “inability in reading certain files” due to platform migration.
- Maharashtra State takes the lead in formation of an IP Crime Unit to fight online piracy
- India working with 15 countries for cooperation in information exchange on cyber crimes – bilateral cooperation for exchange of information and data pertaining to cyber crimes and related cooperation in law enforcement.(we are yet to perfect information sharing among our own selves…. but that’s another story!)
- Women employees of Central Government who file complaints of sexual harassment at workplace now have option of getting 90 days paid leave during pendency of inquiry under Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013.
- I love Kerala Cyberdome ! An example of using public partnership going right – they responsibly discover and disclose bugs in three bank websites.
- Fake and Crap News – there is no dearth of fake or crap news. This week i was particularly hassled to see these articles (please do not visit these links and unnecessarily help them with some more ad views)
- This is the BS (and watch out for a hall of Sham
- UPI, BHIM apps hacked? Banks are witnessing breaches but some aren’t reporting them
- Govt Admits 29 Lakh Debit Cards Being Malware Infected; UPI, BHIM Data Compromised, But Are Banks Hiding it?
- Indian Govt Accepts 29 lakhs card infected
- This was the original news and the above guys just crapped around – Bank of Maharashtra UPI bug allows hacker to steal money from Bank’s pool account
- NPCI refuted the talk about vulnerabilities in BHIM and UPI – these started surfacing in the aftermath or BoM incident.
- Some more organizations to make the country secure (how many more do we need) Four sectoral CERTs for Power Sector
- CERT (Transmission)
- CERT (Thermal)
- CERT (Hydro)
- CERT (Distribution)
- Now where will you get the folks to do CERT duties, and welcome to four new ineffective entities. Will wait and watch to see how effective they are so that (at least) someone may say we are ok!
- Police excesses don’t seem to stop ! Who needs a 66A – when you can get bashed up for tweeting a complaint
The week has been as eventful as can be and if you reached here, reading my thoughts, I must say a very big thank you! Please do leave a comment and share your thoughts about the week; and, I shall welcome any feedback on the content of this Friday piece – have a nice weekend.