---

New Versions of Naavi's E books Available in PDF format at affordable prices

---

Gmail Vulnerability..found..and plugged

October 28: A mathematician has unveiled a recent security weakness in the Domian Identification Encryption system used by Google to ensure that emails originating from their domain are properly  identified in the headers. He has indicated that the key could be cracked and spoofed mails could be sent from the google.com domain. After he sent a spoofed mail to the founders of Google, it is reported that the 512 bit key has been changed to 2048 bit key making it more secure. The mathematician however says that other major domains including yahoo and Paypal continue to use the 512 bit key for domain identity and hence continue to be vulnerable. Report

"Total Identity Theft" emerging head ache under aadhar regime

October 28: India is just entering the "Identity" regime for residents in the form of "Aaadhar". Though a proper legal base has not yet been set up either for Privacy or UIDAI, Mr Nandan Nilekani claims that there have already been registrations to the tune of 50% of the population. There have been many issues on security, umpteen number of loss of data (reported and hidden) and several threats that services will be curtailed if people donot get the registration done. In the meantime this reported incident in USA where an immigrant stole the identity of another individual and maintained it for 10 long years is an eye opener. In India illegal immigrants are available in plenty and are the backbone for the political leaders to win elections. Now that "Aadhar" is available it is most certainly will be used by the political leaders to give legitimacy to their support base. While issue of ID to persons who are not legitimate citizens is one problem, if the illegal immigrants try to take over the identity of a living legitimate Indian, the problem will be higher. In USA it is stated that such cases may be around 12%. In India if it reaches even half this number, we will be dealing with millions of legitimate Indians who will find their identity being misused. UIDAI needs to explain if they are alive to this issue since Mr Nandan has always maintained that since only one biometric ID can be tagged to a person there is no risk of impersonation. This is an unacceptable argument since we have seen that nearly 10% of the population have been declared as not having proper finger prints and Aadhar cards are still being issued to them. When the type of ID theft reported here is uncovered in India, Mr Nandan should take personal responsibility for the damages that may be caused to the victim. Report

More Danger in Store for Bankers

October 27: Insecurity in E Banking arising out of the use of browsers has been a topic of discussion for some time in India. Naavi.org had highlighted the risks demonstrated by a security research person in Bangalore which was pursued with RBI and CERT without adequate response for hardening the E banking security systems. Now another researcher in Hungary has announced that a "Remote Controlled Browser Extension Malware" will be unveiled in the next hacker's conference. The researcher has provided advanced information to the anti virus companies and hopefully they will find a solution and update their products before the researcher releases the information to the public. We cannot however rule out the possibility of the code being used by malicious persons with or without some modification and successfully hack E Banking systems. Indian Banking clients need to be prepared for this new threat that is lurking on the horizon. Report

Naavi.org demands a response from RBI, IBA and IN-CERT on how they are responding to this threat. If they remain silent as is more likely, they would be guilty of facilitating a free rein for fraudsters to carry on their activities.

As an immediate risk mitigation measure, we demand that RBI  instruct all Bankers to set a low daily limit for Internet Banking transactions at around Rs 25000/- and introduce a mandatory alert for all transactions through multiple channels.

Insecurity in Banking Portals

October 25: A security researcher explores the status of security on the portals of some of the Indian banking companies. Article

Behind the Scene Moves for Internet Censorship

October 23: The approach of the Indian Government to Internet Censorship has been visible in the last few months. It started as an attempt to muzzle Anna Hazare movement and gained momentum to a stage where we recognize that we are presently nearly in a state of "Emergency" in India. It therefore does not come as a surprise that the Government of India is reportedly working with other totalitarian countries to develop a control mechanism that controls the Internet by a group of Government servants from different countries with no participation from civil society. Increasingly Internet is becoming a controlled tool in the hands of the political masters. The days of free internet appear to be numbered. Article in dailymail

Cyber Crime Insurance in Australia

October 21: Cyber Crime insurance is a long pending demand in India to which the Insurance Companies have failed to respond despite statutory support. It is reported that Insurers in Australia have are excited about the data breach laws since it can generate more business for this sector. Hopefully Insurance companies in India will also realize the enormous potential that beckons them in this sector. Report

Political Affiliation should be Sensitive Personal Information

October 22: In discussing "Privacy Rights" the definition of what is "Sensitive Personal Information" is an important issue. Currently the definition is contained in the Section 43A notification. This does not include "Political Affiliation" as "Sensitive" as in Data Protection Act.

If we observe the current Indian political scene where the political opponents are harassed by Government agencies with false cases, where as ruling party politicians are allowed to indulge in , threats and defamation of opposing politicians, there is a need to protect the political affiliation information of a citizen as "Sensitive Personal Information".

The new draft of Privacy Act should therefore take this aspect into consideration.

A P Shah Committee on Privacy Submits Report

October 21: The Group of Experts on Privacy Constituted by the Planning Commission under the chairmanship of Justice A.P.Shah has submitted its report along with recommendations. Report

Cyber Crime at Goa Airport?

October 17: Here is a narration of what can be considered as a "Cyber Crime" because it involves a manipulation of information inside an electronic device which in this case is an electronic clock. The racket asnarrated in detail in this article (PDF). It appears that the airport authorities have fixed a free transit time of 5 minutes for dripping passengers. The time difference is calculated by two clocks one at the entry and one at the exit. It is reported by a passenger who has recorded his experience that the entry clock is set to be 4 minutes behind standard time and the exit clock is set to 2 minutes after the standard time. As a result every passenger would have completed not less than 6 minutes assuming that his transit travel time is for zero minutes. Since the two clocks have to be synchronized, and preferably with a standard clock, both the timers appear to have been tampered with. This is an offense under Section 66 of ITA 2008. While the operator is primarily responsible for the offense, the airport authorities are vicariously responsible. We will try to send a suitable notice to the Dabolim Airport Authority and demand suitable action. If any reply is received we shall report it through these columns. Original Report

P.S: A reply has been received on 19th October from Goa Airport authority stating that " the concerned agency has already been instructed for immediate action on introduction of an electronic time slip system with synchronization of time at entry and exit points". We thank the authorities for their prompt action and reply.

Report in targetgoa.com of October 19th:

Digital Society Day

October 16: Tomorrow is the "Digital Society Day of India". It was on October 17th, in the year 2000 that for the first time in India legal recognition was provided to Electronic Documents and Digital Contracts became a legal reality.  Hence it was on October 17, 2000, the "Digital Society of India" was first born. It is therefore necessary for all of us to remember this momentous day as an important milestone in the history of India. I urge Netizens to celebrate this year's Digital Society Day by such activities that bring focus of the society on any one cause which is of  relevance to Netizens.

Working Group on Cyber Crime Prevention

October 16: A new initiative to build Cyber Security skills in the country appears to be taking shape. According to one report, the Government is planning a working group under Public-Private partnership. It is stated that the target is to create nearly 5 lakh cyber security professionals. According to one report one of the strategies would be to create an all India institute such as Indian Cyber Security Institute on the lines of the Institute of Chartered Accountants. The idea of forming a national institute is to be welcome. Like all other initiatives, implementation is the key. Report

Mobile Application Behind Natwest Bank Frauds discovered

October 11: Natwest bank in UK has admitted that thousands of pounds of customer's money has been siphoned off by fraudsters using a mobile application "Get Cash" which allowed withdrawal of money without debit cards. The Bank has suspended the use of the application for now. As it happens in India bank has tried to accuse the customers that they have parted with passwords but has relented and paid back the money to some of the customers. Report

Indian Bank customers should also be wary of using any mobile application for Bank purposes. It is inherently unsafe.

Rs 260 crores Bank Frauds in Kerala admitted by RBI

October 11: RBI has admitted that over Rs 260 crores has been lost in 471 incidents over the last 5 years in an RTI reply. Of this only Rs 94 crores have been recovered. ICICI Bank and Federal Bank have been the banks where the damage has been the highest. Report

Philippines Supreme Court stays Cyber Crime Law

October 10: The new Cyber Laws introduced in Philippines has been widely criticized in the country. In a notable development the Supreme Court in Philippines has stayed the operations of the law and issued notices to the Government for debating the law. Report

Supreme Court pulls up Central Government

October 3: The apathy of the Central Government to appointment of Judges and providing necessary infrastructure to tribunals has come for heavy criticism from the Supreme Court. The Judges remarked during the discussions "If you don't want tribunals to function, scrap the statutes which provide for the appointment of judges to tribunals," The remark comes in at a time when notices have been issued to Central Government in a petition filed in Bangalore regarding non appointment of Chair person to Cyber Appellate Tribunal which has choked the legal remedies under ITA 2008 to many cyber crime victims.  Report

Knowing the way the Government functions, it may not be out of place to speculate if there is an undue influence on the Government not to appoint the Chair person so that the grievances of the victims remain unattended. The finger of suspicion obviously points to some of the litigants who are likely to benefit by this inaction.

Japan Passes Draconian Anti Piracy Law

October 1: Japan has passed an anti piracy law which imposes jail sentence on persons who download copyrighted materials. This supplements the present laws that makes uploading of torrents punishable with 10 years of imprisonment. The present laws makes downloading of torrents punishable with two years of imprisonment. Fine could be 2 million Yens. Report

For Articles of Earlier Date Browse through Archives