Sunday, December 30, 2012

List Of Companies With SSL Expertise


This list was compiled by me for the purpose of my Cryptography and Network Security Assignment. So, here's the list.

1) Symantec Corporation
Consists of VeriSign, GeoTrust & Thawte. Symantec has the maximum market share in
Certificate issuing. Along with being a root CA it has other products in the area of Network
Security. For normal users it has the Norton Antivirus and Internet security. It has specialised
products for Small and Medium Industries as well as for Large businesses. Symantec is what
it is today because of a lot of acquisitions and partnerships with some of the best known
companies in Network Security domain.

2) Comodo Group, Inc.
Comodo is a privately held group of companies providing computer software and SSL digital
certificates. The Comodo companies offer many free products through their website,
available for public download. Comodo also offers many business products. Most notable of
these being : Comodo Backup, Comodo SSL, Secure Email Pro, Comodo SSL Certificates


3) Go Daddy Group Inc.
Go Daddy is a privately held company that is primarily an internet domain registrar and web
hosting company. Along with this go daddy also provides Website Management & Security.
This involves SSL certificates, Website Security Scanner and Code signing certificates.


4) GlobalSign
GlobalSign is a WebTrust certified certificate authority. It also provides products for Mobile
Authentication, Cloud Security, Secure e commerce and Document Security.


5) Entrust Inc.
provides identity-based security software and services in the areas of public key
infrastructure (PKI), multifactor authentication, Secure Socket Layer certificates, fraud
detection, digital certificates and mobile authentication.


6) StartCom
is a company based Israel that has three main activities: StartCom Linux Enterprise (Linux
distribution), StartSSL (Certificate Authority) and MediaHost (Web hosting). StartCom
offers the free (for personal use) Class 1 X.509 SSL certificate "StartSSL Free", which works
for webservers (SSL/TLS) as well as for E-mail encryption (S/MIME). It also offers Class 2
and 3 certificates as well as Extended Validation Certificates.


7) CyberTrust
was a security services company formed as a result of a merger of
the TruSecure and Betrusted security companies. Cybertrust acquired a large stake in Ubizen,
a European security services firm based in Belgium to become one of the largest information
security firms in the world. CyberTrust is now owned by Verizon.


8) DigiCert Inc
is a privately held, US based X.509 SSL certificate provider. As a trusted third party,
DigiCert verifies the authenticity of secure websites on behalf of a web browser for the
purpose of preventing online phishing scams. DigiCert was a founding member of
the CA/Browser Forum, DigiCert assisted in the development of the Extended Validation
Certificate. DigiCert also worked in conjunction with Microsoft to develop and promote the
use of subject alternate names in SSL certificates, for use with Microsoft Exchange Server


9) SECOM Co., Ltd.
is the largest security company in Japan. It has several products like Secom Information
Security, Secom Certifying Agency among others.


Saturday, December 29, 2012

Everything You Wanted to Know About Phishing


INTRODUCTION

Phishing refers to the process where a targeted individual is contacted by email or telephone by someone posing as a legitimate institution to lure the individual into providing sensitive information such as banking information, credit card details, and passwords. The personal information is then used to access the individual’s account and can result in identity theft and financial loss.
Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies.

HISTORY OF PHISHING

The first time that the term “phishing” was used and recorded was on January 2, 1996. The mention occurred in a Usenet newsgroup called alt.online-service.america-online. Although phishing scams originated sometime around the year 1995, they did not become commonly known by everyday people until nearly ten years later. A phishing technique was described in detail, in a paper and presentation delivered to the International HP Users Group, Interex.
The first way in which phishers conducted attacks was by using algorithms to create randomized credit card numbers. The random credit card numbers were used to open AOL accounts. Those accounts were then used to spam other users and for a wide range of other things. This practice was put to an end by AOL in 1995, when the company created security measures to prevent the successful use of randomly generated credit card numbers.
With their random credit card number generating racket shut down, phishers created what would become a very common and enduring set of techniques. Through the AOL instant messenger and email systems, they would send messages to users while posing as AOL employees. Those messages would request users to verify their accounts or to confirm their billing information.



THE EVOLUTION OF PHISHING

Phishing hasn’t changed a lot since its AOL heyday. In 2001,  phishers turned their attention to online payment systems. Although the first attack, which was on E-Gold in June 2001, was not considered to be successful, it planted an important seed. In late 2003, phishers registered dozens of domains that suggested legitimate sites like eBay and PayPal. They used email worm programs to send out spoofed emails to PayPal customers. Those customers were led to spoofed sites and asked to update their credit card information and other identifying information. By the beginning of 2004, phishers were riding a huge wave of success that included attacks on banking sites and their customers. Popup windows were used to acquire sensitive information from victims. Since that time, many other sophisticated methods have been developed.

PHISHING TECHNIQUES

1) Email / Spam
Phishers may send the same email to millions of users, requesting them to fill in personal details. These details will be used by the phishers for their illegal activities. Phishing with email and spam is a very common phishing scam. Most of the messages have an urgent note which requires the user to enter credentials to update account information, change details, and verify accounts. Sometimes, they may be asked to fill out a form to access a new service through a link which is provided in the email.
2) Web Based Delivery
Web based delivery is one of the most sophisticated phishing techniques. Also known as “man-in-the-middle,” the hacker is located in between the original website and the phishing system. The phisher traces details during a transaction between the legitimate website and the user. As the user continues to pass information, it is gathered by the phishers, without the user knowing about it.
3)Instant Messaging
Instant messaging is the method in which the user receives a message with a link directing them to a fake phishing website which has the same look and feel as the legitimate website. If the user doesn’t look at the URL, it may be hard to tell the difference between the fake and legitimate websites. Then, the user is asked to provide personal information on the page.
4)Trojan Hosts
Trojan hosts are invisible hackers trying to log into your user account to collect credentials through the local machine. The acquired information is then transmitted to phishers.
5)Link Manipulation
Link manipulation is the technique in which the phisher sends a link to a website. When the user clicks on the deceptive link, it opens up the phisher’s website instead of the website mentioned in the link. One of the anti-phishing techniques used to prevent link manipulation is to move the mouse over the link to view the actual address.
6)Key Loggers
Key loggers refer to the malware used to identify inputs from the keyboard. The information is sent to the hackers who will decipher passwords and other types of information. To prevent key loggers from accessing personal information, secure websites provide options to use mouse click to make entries through the virtual keyboard.
7)Session Hacking
In session hacking, the phisher exploits the web session control mechanism to steal information from the user. In a simple session hacking procedure known as session sniffing, the phisher can use a sniffer to intercept relevant information so that he or she can access the Web server illegally.
8)System Reconfiguration
Phishers may send a message whereby the user is asked to reconfigure the settings of the computer. The message may come from a web address which resembles a reliable source.
9)Content Injection
Content injection is the technique where the phisher changes a part of the content on the page of a reliable website. This is done to mislead the user to go to a page outside the legitimate website where the user is asked to enter personal information.
10)Phishing through Search Engines
Some phishing scams involve search engines where the user is directed to products sites which may offer low cost products or services. When the user tries to buy the product by entering the credit card details, it’s collected by the phishing site. There are many fake bank websites offering credit cards or loans to users at a low rate but they are actually phishing sites.
11)Phone Phishing
In phone phishing, the phisher makes phone calls to the user and asks the user to dial a number. The purpose is to get personal information of the bank account through the phone. Phone phishing is mostly done with a fake caller ID.
12)Malware Phishing
Phishing scams involving malware require it to be run on the user’s computer. The malware is usually attached to the email sent to the user by the phishers. Once you click on the link, the malware will start functioning. Sometimes, the malware may also be attached to downloadable files.
Phishers take advantage of the vulnerability of web security services to gain sensitive information which is used for fraudulent purposes. This is why it’s always a good idea to learn about the various phishing techniques, including phishing with Trojans and Spyware.



RECENT ADVANCEMENTS IN PHISHING

1)Tabnabbing

Tabnabbing is a computer exploit and phishing attack, which persuades users to submit their login details and passwords to popular Web sites by impersonating those sites and convincing the user that the site is genuine. The attack takes advantage of user trust and inattention to detail in regard to tabs, and the ability of modern web pages to rewrite tabs and their contents a long time after the page is loaded. The exploit employs scripts to rewrite a page of average interest with an impersonation of a well-known website, when left unattended for some time. A user who returns after a while and sees the rewritten page may be induced to believe the page is legitimate and enter their login, password and other details.
A practical implementation of Tabnabbing can be found in this webpage : http://isis.poly.edu/~eitan/tn-poc/goog.html
2) Evil twin
Evil twin is a term for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up by a hacker to eavesdrop on wireless communications among Internet surfers. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider.
Wireless devices link to the Internet via "hotspots" – nearby connection points that they lock on to. But these hotspots can act like an open door to thieves. Anyone with suitable equipment can locate a hotspot and take its place, substituting their own "evil twin".
This type of evil twin attack may be used by a hacker to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent Web site and luring people there.



PRECAUTIONARY MEASURES AGAINST PHISHING


Although complete prevention is virtually impossible, mentioned below are some logical precautionary measures that both consumers and corporations can take in an attempt to reduce the potential of being conned by phishing scams.
1. Never Click on Hyperlinks within emails
Hyperlinks within emails are often cloaked, or hidden. The text you see as a hyperlink may not be where the hyperlink takes you. If you are unsure of the source of the email, you should not click on hyperlinks within emails that are apparently from a legitimate company. Instead, directly type in the URL in the Internet browser address bar, or call the company on a contact number previously verified or known to be genuine.
2. Use Anti-SPAM Filter Software
Some studies have shown around 85% of all email sent is SPAM, with a majority fraudulent. This can be costly and time consuming to end users who receive them. Effective SPAM filters can reduce the number of fraudulent and malicious emails consumers are exposed to.
3. Use Anti-Virus Software
To protect against Trojan and worm attacks, anti-virus software can detect and delete virus files before they can attack a computer. It is important to keep all anti-virus software up to date with vendor updates. These virus programs can search your computer for personally sensitive information and pass this information to fraudsters.
4. Use a Personal Firewall
Firewall's can monitor both incoming and outgoing Internet traffic from a computer. This can protect the computer from being hacked into, and a virus being planted, and can also block unauthorized programs from accessing the Internet, such as Trojans, worms and spyware.



5. Keep Software Updated (Operating Systems & Browsers)
Fraudsters and malicious computer hackers are continually finding vulnerabilities in software operating systems and Internet Browsers. Software vendors are constantly updating their software to fix these vulnerabilities and protect consumers.
6. Always look for "https" and a padlock on a site that requests personal information
Information entered on an Internet Web Site can be intercepted by a third party. Web Sites that are secure protect against this activity. When submitting sensitive financial and personal information on the Internet, look for the locked padlock on the Internet browser's status bar or the “https://” at the start of the URL in the address bar.
7. Keep your Computer clean from Spyware
Spyware & Adware are files that can be installed on your computer, even if you don't want them, without you knowing they are there! They allow companies to monitor your Internet browsing patterns, see what you purchase and even allow companies to inundate you with those annoying "pop up" ads!
8. Educate Yourself on Fraudulent Activity on the Internet
Internet Fraud methods are evolving at a rapid rate. Consumers need to be aware they are vulnerable as fraudsters are persuasive and convincing; many victims thought they were too smart to be scammed. Consumers should educate themselves on Internet Fraud, the trends and continual changes in fraudulent methods used.



This was my Data communication and Networking Assignment. 


 References :


Thursday, November 15, 2012

Mumbai Dabbawalas : A Case Study


Each day throughout the city of Mumbai, India, 5000 individuals called dabbawalas deliver
some 130,000 dabbas (lunchboxes filled with home-cooked food) to offices throughout the metropolis. In the nearly 120 years of this service, Mumbai has changed enormously, becoming, India’s financial and commercial capital, housing some 10.5 million people. Yet the dabbawalas’ approach had remained consistent: a semi-literate work force (the dabbawalas) picked up the filled dabbas from the households that prepared them and delivered the boxes to the requisite offices; they then retrieved the empty dabbas from these delivery points and returned them to the originating households, in order to begin the process again the next day.
This case study  describes the Mumbai-based Dabbawala organization, which achieves very high service performance (6 Sigma equivalent or better) with a low-cost and very simple operating system. The case explores all aspects of their system (mission, information management, material flows, human resource system, processes, etc.) and the challenges that the Dabbawala organization faces in a rapidly changing environment.


  

A Brief History
It all started because in 1885, a banker in Mumbai really loved his wife. The banker had to work far from home and so could not return home to eat the lunch prepared by his wife. He decided instead to hire a man to pick up the packed lunch from his home and have it delivered to his office. Others started imitating him. Then one day, Mahadev Haji Bache, a farmer from Pune, saw an opportunity and created a delivery business- this is how the Dabbawalas system was started.

Motivation:
In recent years, the dabbawala system began to generate worldwide news, attracting the attention of royalty like Britain’s Prince Charles, famous industrialists like Sir Richard Branson of the Virgin Group, and of executives from sophisticated delivery companies like FedEx. It motivated a plethora of books, TV documentaries, and articles. People interested in how the system worked trooped to Mumbai to chronicle the dabbawalas in action celebrating more than “supply chain efficiency”. The error rate of dabawallas is about 1 in 16 million.They believe in  work is workship and their motto is 100% customer satisfaction.
This inspired us to study the Dabbawals of Mumbai.

Management Lessons learnt from the Mumbai Dabbawalas:
1        Build your organisation around people:
    
2        Commitment and attitude trump qualifications - Educate employees about the importance of what they do.Once they know they will make sure that errors are minimized and even in the absence  of a code of conduct they will strive to deliver better results for their customers – internal or external.

3        Give employees a sense of purpose -
4        Stay true to your core purpose
5        Recruit carefully
6        Don’t be too lean, build in buffers
7        Encourage self discipline - It is important to  promote self discipline rather than discipline among your employees and don’t be shy when it comes to penalizing wayward behavior. Bad behavior gets imbibed faster  remember no one taught you smoking but you picked it up just by looking at your friends.
8        Create a sense of ownership
9        Maintain a flat organisation - Various Hierarchies in the organisation can boost egos not the business.Let your people take their own decisions as far as possible.
10    Abandon bad customers - hard to admit but a reality of life.If you have bunch of bad customers who bring down your efficiency, dump bad customers before the good ones dump you.
SWOT Analysis 
Strengths
  • simplicity with innovative service
  • coordination, team spirit
  • Customer satisfaction
  • Low Cost

Weakness

  • Depend on local trains
  • Funds left for the organisation is very less.
  • Caste-based
  • Customer satisfaction
  • Low Cost

Oppurtunities

  • Low operational cost
  • Publicity

Threats
  • Direct competition from other caterers
  • Indirect competition from other food joints.
  • Office canteens


The Problem:
The problem with the Mumbai dabbawals is their aversion towards technology. They have an English-language website which has successfully garnered media, corporate and academic interest, leading to speaking assignments and attracting small donations. But the site had not substantially increased the delivery service’s customer base because the inquiries received were passed on informally by word-of-mouth and there was no system in place to monitor whether an inquiry reached the appropriate dabbawalas and whether conversion to sales materialized. The “technology aversion” among most dabbawalas has compounded their challenges. A more cutting-edge approach to technology could help overcome the current limitations, but the organization is sceptical.
These could be summed up by a comment by the leader of the Dabbawalas recently made: “What can technology do when we don’t have even regular electricity supply? We are not educated so we don’t know how to use technology. Our philosophy is that serving food is like serving God. We should just focus on delivering dabbas.”
As mentioned earlier, the dabbawalas have very low error rate (about 1 in 16 million). Their delivery system was operational even during the floods/rain. One serious problem that the MTBS Association is facing is that the employees (dabbawalas) are  quiting the organisation and opting for other empolyement means like taxi driving etc. This is mainly because of the low salary they are paid(about 3000-5000). Also the organisation is very particular about the employees they recruit.


Proposed Solution:
To improve and develop the Dabbawala system, we propose the following changes in the organization.
1) Change Of Management Attitude
Management's attitude plays a huge role in employee motivation, over a period of time this translates into the culture of any organization.  This has been the case with the Mumbai Dabbawalas as well. The top management of the Dabbawalas are reluctant to changes and has been traditional in its approach. This has hindered the growth of the organization into higher scales. At this juncture where the Dabbawalas have carved a niche for themselves in Mumbai as one of the most innovative service providers, the change management in the organization plays an important role.
The important changes that are required in the organization are
1        Strategic changes
2        Technological changes
In terms of strategy, the problem has been that the organization has always under valued its true potential. The organization can expand its operations to other metropolins in India because the working class still prefers home cooked food.


Technological Changes
The aversion towards technology has been one of the reasons for Dabbawalas for not having grown in the scale as expected.   They have an English-language website which has successfully garnered media, corporate and academic interest, leading to speaking assignments and attracting small donations. But the site had not substantially increased the delivery service’s customer base because the inquiries received were passed on informally by word-of-mouth and there was no system in place to monitor whether an inquiry reached the appropriate dabbawalas and whether conversion to sales materialized.
The Dabbawalas can encourage people to register online if they wish to use the dabbawala service. Such a step would increase their customer base and  the employees may get more salary.
The organisation can introduce what is called as the SMS Updates system using many websites like www.Way2sms.com. Thus give the hungry customers, live updates of their tiffin/dabbas


Employee retention

Another major problem that the organization is facing is that many of the Dabbawalas are quitting their jobs for other jobs which pay more. Hence employee retention strategies are a key for the growth of this organization. Lessons have to be learnt from Organizational Behaviour concepts.  The Employer must create a  "win-win" situation. Valance and expectancy theories should be used as a guide to retain the employees.
Retention has a direct and causal relationship with employee needs and motivation. Applying a motivation theory model, such as Maslow’s Hierarchy of Needs, is an effective way of identifying effective retention protocol.

Thursday, December 29, 2011

Sandalwood goes Tech Savvy

This is a proud moment for Sandalwood.Pawan Kumar the director of the movie Lifu Ishtene movie has taken a brave step and has released the movie online for Non Indian residents. The movie has been uploaded to the director's official website http://pawantheactor.com and has had 2000+ views within 24 hours of it going public. This is a brave step taken by the Director. I hope more movies like this go online and put a full stop to piracy online. Right now the movie is available online only for Non Indian Residents. I hope the director or the digital content rights owner comes out with a business model which will enable even residents of India to view movies online for a decent price. BTW I myself have not seen the movie but the song Yaarig Helona was Kickass! and the scene where Diganth buys his first condom was hilarious! Here are those 2 videos

Saturday, November 26, 2011

A dummies guide to set up your RVCE mail

Yes, all students of RV College Of Engineering get a @rvce.edu.in email-id. Even I did not realize it till today. Now that I know there is such a facility, I'll describe how to get the id and change the default password and other stuff. Firstly you need to get the ID from the department. For the CS department it is put up near the Digital Electronics lab notice board. If you do not want to tire yourself to go there and find out yours here is a simple way to do so. Your ID is yourfirstname.cse(year of joining)at rvce.edu.in Example: vaishakh.cse09 at rvce.edu.in Step 2: Where to login? Now that you have a fair idea of where to get the e-mail id's the next step is where to log in? Visit www.rvce.edu.in and in the top right you find a box "RVCE MAIL" Click on that. You will be redirected to another webpage where you will be asked to give you log in credentials. I will not mention the default passwords here because of the obvious security reasons.(There is a default password too. If you want the default password mail me (Just to verify you are a legitimate student of rvce and I will send you the default password )) When you log in you you will see a page as shown in the below figure
Next step: Click on the "Email" button seen in the bottom right side of the webpage. You will now be redirected to your inbox with the default 2 e-mails from the gmail team. Click on the settings(seen in the red box in the figure below) and there click on account settings.
You will be redirected to the page as shown below
Change your password there and that's it! You now have an @rvce.edu.in account which can be used for the Microsoft Dreamspark for free usage of their premium softwares and loads of other things.