Monthly Archives: April 2015
Super flexible display
Super flexible display:
After LED & AMOLED now it’s time to have a look on mind blowing innovation in display technology that is super flexible screen .The latest flexible was displayed in Tokyo. It was develop by japans’ semiconductor energy laboratory. This technology is a fantastic piece of technology and also strong and durable, in test it was bend more than ten thousand times without a single damage.
The technology look like a fantasy but now some bended screen products are already in market. Some of the products like Samsung’s Galaxy note edge which was launched in December 2014. LG flex has a similar design, and both firms are pioneering curved television.
LG launches screen which is foldable. For now they have launched 18 inches screen and hoping to expand up to 60 inches displays in future. Plastic logic is developing similar flexible screen technology and unveiled its own paper tablet back in January 2013.
Arti Gupta,
Research Scholar,
MBA- IT Division
IT Vulnerability | B-Cognizance
Superfish Visual Discovery: Lenovo’s preloaded bloat ware
Lenovo, the Chinese laptop manufacturing group has recently come under the media scanner for preinstalling the ad-serving software Superfish into its laptops. Lenovo is the world’s largest vendor of personal computers and Superfish Visual Discovery vulnerability immediately harmed the consumer giant’s reputation in the global market.
What is Superfish?
Superfish is a third party software that came preloaded with Lenovo consumer laptops, which altered search results to show different advertisements than what one would usually see. In addition, Superfish had Microsoft level permission access that means it can snoop SSL level security such as entered online banking passwords or credit card details. Attackers could even tamper and snoop with the web browser’s security, no matter what browser was being used.
The threat:
Initially introduced as a ‘shopping aid’ to include more search results and enhance the shopping experience of users, Superfish Visual Discovery was found to cause problems with browser rendering and random pop-ups as early as September, 2014. However, it was the black hat hacking group, Lizard Squad, which hacked the Lenovo website in a revenge attack that finally brought this issue before the entire world in February, 2015.
The Superfish Visual Discovery was not created by Lenovo but instead by the third-party, Superfish and the data collected could be sent back to the third-party. There’s no indication as to whether either of Lenovo or Superfish did this intentionally but there is no denial that if a hacker were to get hold of the root certificate and the private key, they could have gained access to the user’s personal data. Also, the fact that Superfish used the same private key for all installations made it worse.
In January, 2015, Lenovo stopped preloading Superfish into its consumer systems. Simultaneously, it disabled existing systems from activating Superfish.
How to detect and remove Superfish?
Any laptop bought from Microsoft’s signature range of laptops are bloat free and do no come pre-installed with Superfish. Others can simply head on to the Superfish detection webpage, https://filippo.io/BadFish/ and the test site will simply tell the user if Superfish is preloaded on their system. The lastpass website, https://lastpass.com/superfish/ has a colourful step-by-step guide on how to detect and deal with Superfish. Microsoft too, released a critical security update which automatically removes Superfish. All the user needs to do is install the latest security updates.
The future?
Moving ahead, Lenovo should now be concerned about the long term implications of this incident. They need to rebuild customer trust and they have to be more transparent about their new policies regarding security and privacy. Consumers need to put their trust on their products especially in a device such as their laptop which stores all their critical personal and financial data. An in an era, which is digital, a lack of such trust can and will damage the brand of any well reputed company, even one such as Lenovo.
Siddharth Narayan
IMB2013027
MBA-IT 4th Semester,
IIIT Allahabad
WAKE UP CALL !!!!
The prognosis can be changed. It’s about the future of us, Indians. We must get enthralled about the present situation and do something about it. The situation mentioned is terrorism and about the torch bearers or cornerstone of it. These forces are rising unabated and curtailing the rights of ours. The terror spread by these particular religious community is an open secret. No one is unaware of their modus operandi in achieving their gory motives. 9/11 in U.S. & 26/11 Taj attack and the Pune bomb blasts, still speak of the aims they want to achieve .Other menaces and actions done by them are also partly not made public by the powerful media and the people behind it.
The Amarnath Shrine Board issue and the final answer to that just want is known to everybody. In this democratic and republic country where every religion finds a place, it is still dominated and occupied by Hindus, but such incidents of such big scale speak the other side of the picture. We in our country are not even able to find a little space for us. These forces are accruing and the time is not far when they will have the lion’s share in everything they want. The situation is still not immutable and some audacious steps can still mitigate the situation. A solemn assurance will have to be granted by every youth of our group to prove a deterrent .One can contribute in any other way towards this cause. We must not squander our energy but we should contribute in one way or the other. As the days are passing on, we are becoming more and more inept and pressed and simultaneously they are becoming our nemesis. So, let’s stop this ongoing process and turn the tables and show them that we too have something in us. We need astute and prudent personalities especially youth to carry out this process.
RSS (Rastriya Swayamsevak Sangh) is one such organization which provides a platform to us to work in the required direction.VHP (Vishwa Hindu Parishad) & ABVP are two amongst many of its branches of this silent organization which is working in background since many years against the ugly forces. Its action and modus operandi is very simple but has been in much negative in media. This again is media’s concocted views for it. It’s not so intricate policies and deeds are not imbibed by all. 1992 Kar Seva and many more activities are some of its events which shows that though silent, we can show our concern and power when water rises above the danger level. RSS is a self organism in which individuals meet in a day once or twice and just assemble to play few indigenous games and discuss on few regional or national matters. The working of this organization is in much contrast to one which is practiced by the other mentioned terrorist groups. There, even in places of worship, a feeling of hatred and terrorism is injected or installed by the religious leaders. Forget about the special camps where handling and use of arms and ammunition is taught in open air. They are filled with the thought of dislike and religion which outbursts in many forms and this action of theirs brings no reaction as they don’t react in anyway.
So, all and sundry should wake up and do something for ourselves and our religion. Joining the process or passing the ordeal can only prove us.
Bhartrihari Pandiya
RS178
HYPE OF ACHE DIN
814.5 million voting population, 8251 candidates and the so called theme “ACHE DIN”. The image of developed India was well depicted by now prime minister Mr. Narendra Modi. But has the picture been delivered right, are the promises come true, does he have a magic wand in his hand ?
As soon as the budget came out the tax payers were happy as the tax slab was reduced . establishing 4 AIIMS is a big step towards better medical treatments. 10,000 crore fund for soft loans was a good scheme. Swachch Bharat abhiyan must be implemented decades ago but no issue. 100 smart cities was a intriguing idea which no one has ever thought of. Though the ideas are big enough but in a country like India where everyone is pulling your leg ideas alone cannot bring down miracle.
The philosophy of minimum government and maximum governance must be shown to others , though we know ROME WAS NOT BUILT IN A DAY but it has been built in a week, so in order of that were the promises nothing but a mere mirror to voters that you have been fooled again or Mr. Prime minister can bring the change which he is talking about. Though we can no change can be brought so soon but its been over 8 months and no such significant change is seen. Nothing which Mr. Narendra Modi claims can be seen no Gujrat model in India nothing.
May be its time that he has to show the change he is talking about, may be the time has come for rigorous action plans. High inflation, no jobs , slow down in economy , falling price of rupee should be the main concern of government not the holidays of opponent leader Rahul Gandhi. If you can’t deliver what you promise than you should not comment on others’ failure too. There is been much said about UPA government and there failures but Dr. Manmohan Singh has improved out foreign relations to such extent that all other foreign countries are now eager to invest in India. Creating jobs for local workers. Having a plan on paper and having the same in reality are two different issue and in my opinion the time has come that the theory must be implemented in reality.
“CHANGE MUST COME.”
Shubhranshu Agarwal
IMB2014023
WHAT ARE WE HEADING TOWARDS?
INDIA’S GAY DAY
It was a big day for India on July 2nd 2009. India took a giant, although belated, step towards globalization when Delhi High Court, in land mark ruling said ‘Homosexuality not a crime’. This was a historic judgement to amend 149 old colonial era law Section 377 of IPC and decriminalize private consensual sex between adults of the same age. It is the biggest victory yet for gay rights and major milestone in the country’s social evolution. India became the 127th country to take the guilt out of homosexuality.
But let’s stop and have introspection of ourselves and of our victory. Is this right? What are we heading towards then? Perhaps a world whose not only homosexuality but also coitus between an individual and an animal i.e. between any two forms of nature is ethical. Isn’t this against the law of nature? Perhaps it is. My personal views suggest the same. I am ably supported by various leaders of religious communities, preachers, Sadhu’s and many others. Not orthodoxy but may be a long term vision is the basis of theirs for such a stand. Baba Ramdev, the spiritual and yoga guru also asserts that pollution, deforestation, etc are still harming the world then again this homosexuality is adding to the woes, especially in the spiritual and religion country like India. Is this what we are presenting to the new generation? This will surely create an illusion in their minds and lead them nowhere. This is not the way in which our civilisation should have headed.
This historic judgement was given by a bench comprising Chief Justice AP Shah and Justice S Muralidhar. The petition was filed in the year 2001 by NGO Naz foundation seeking a reading down of section 377. The matter was dismissed on the ground by Delhi High Court in Sep 04 that no cause had been made out. The former didn’t surrender and moved to the Supreme Court, the apex court in India against the HC order. The apex court in a dramatic action sent back the issue to the High court in April 06. After a long time, in July 2, 2009, the historic judgement came in which Delhi HC legalised gay sex among consenting adults. Points supporting this discussion are that almost unanimous medical and psychiatric opinions that homosexuality is not a disease or a disorder and is just another expression of human sexuality. Also, the LGBTs (lesbian, gays, bisexuals and transgender) can also enjoy equality and forget discrimination.
This verdict trigged protests from religious leader across the country, claiming that this world lead to ‘ruining’ of society and family values. On the other hand, as mentioned, workers and psychologists welcomed the order, describing it as “scientific and humane” .Political parties were divided in their approach. The CPM welcomed the judgement, while Samajwadi Party said it totally opposed it. Both Congress and BJP said they would have to study the order first.
Earlier, Sec 377 of IPC imposed a maximum penalty of life sentence on anybody who has ‘carnal intercourse‘against the order of nature, with any man, woman or animal. But since the 150 year old law in acted by British was overturned, it says that the act violates articles 21, 14 and 15 of the constitution. Article 21 deals with personal liberty, 14 with right to equality, and 15 is the right against discrimination (on ground of sex). The main benefit of the judgement to homosexuals is psychological as it reduces scope for their harassment. It may also over time reduce the social stigma. The verdict applies to the entire country according to the Supreme Court.
The final note according to me is that we, Indians, the torchbearers of civilization can’t afford to have this in our culture. We have to present a better and congenial world to our offsprings and this is certainly not an ingredient of it. Many people may term this thought or action plan as a reaction by an orthodox but that’s a different thing. Culture and civilization stand where they should be.
Thus, we should discourage ongoing process so that we get a better place to live in. Emotions and liberty can’t be extended to such a range by which others may suffer.
Bhartrihari Pandiya-
RS178
AU REVOIR SECTION 66A
Article 19 of Indian Constitution States ‘Protection of rights regarding Freedom Of Speech’. Undoubtedly Article 19 was traduced by Section 66A of Information Technology Act. There were slew of cases wherein the individuals have been incarcerated. The arrests of the cartoonist Aseem Trivedi on sedition charges ; the cases against two girls who argued for Mumbai shutdown after Bal Thackeray’s demise ; the arrest of a UP boy after his post on Facebook against Azam Khan, a Cabinet Minister of UP triggered immense outrage.
Shreya Singhal,a free speech activist and a petitoner clamouring for the repeal of Section 66A got a ruling in her favour by the Honourable Supreme Court of India. She grittily batted for ‘Abhivyakti Ki Azaadi’ and what beleaguered her the most was that anyone could allege anything on television or media and nobody would excoriate you and on the contrary if you have asseverated the same thing online and ended up enkindling another person you can be prosecuted.
The IT Act which was implemented in the year 2000 encompassed Section 66 which solely dealt with cyber crimes. Section 66A being a subsection of Section 66 was a deterrent to scurrilious contents which are posted online against the assailable sections of the society. However,the court didn’t shrugged off the prosecution of the pertinent hooligans in cases related to cyber crimes under Indian Penal Code (IPC).
Justice Nariman and Justice Chelameshwar gave a landmark judgement on 24th March,2015 by scrapping Section 66A of IT Act and consequently rebuffing all the cases in this regard and granting the malefactors a sedate ‘Ghar Wapsi’. The judges gave their assent that Section 66A hits hard at the roots of freedom and is seemingly vague. It’s a brazen attack on the liberty of individuals. The Apex Court was of the view that Section 66A is untenable.
Formely,it was like we were combating with our own Fundamental Rights tabled in the Constitution. This Act intented to swagger and browbeat the netizens over contentious issues. The Apex Court decision of Section 66A was also warmly welcomed by the political parties and partisans.
A petition filed by a young law graduate gave teeth for the crusade against Section 66A which later on brought other noted activists,advocates and journalists to bat for this atrocity. We are deeply overwhelmed by Supreme Court discernment.
Hail Honourable Supreme Court..!! Au Revoir Section 66A..!!
Utkarsh Jaiswal
IMB2013026
Advantages and disadvantages of rooting android OS devices
When we talk about rooting the first question that comes in our mind is what is rooting? And why do we need it . Rooting is basically a process of allowing users of android based smart phones, tablets and other devices to get privileged control i.e access over various Android’s subsystems. In other words we can say that rooting eliminates the limitation and allows full access. Rooting gives the capability to modify system applications and settings and helps in running some applications that need administrator permissions, which can’t be performed by normal users. Rooting can help in removing or replacing with different versions of android OS.
Disadvantages of rooting.
- Phone’s warranty voids: as soon as we root the android device its warranty voids .
- Bugs: device becomes more prone to bugs and viruses .many users flash their ROM’s with custom programs which increases the risk of virus.
Advantages of rooting.
- Access of special apps-rooting of devices helps in accessing of special applications which enhance the ability of android device .example super user app.
- Release memory- Rooting helps in releasing phone memory by moving the applications and additional files to external storage available in device like SD card..
3 ROM’s-Users by rooting device can enable to flash ROM’s with custom programs available. Which speeds up the processing speed of the device?
Thus before rooting the device one should know the pros and cons of it.
References:
Wikipedia , Thomas Phelps “to root or not to root”
Shrut Kirti Nandan
MBA –IT , IIIT-A
Deeper dive to Methods of Hacking
In the previous article, we have discussed about the basics of ethical hacking. In the current one,
we will dive little deeper into different methods used for the purpose of hacking. Recalling once
again, I should state that hackers are the persons who have deeper knowledge of programming
languages, operating system, and networking concepts. Not only knowledge of above mentioned
topics, they have keen interest in exploring different kind of things into learning anything to a
much deeper level.
There are various methods that are used for the purpose of hacking. Some of them are:
1. Digital Footprinting: Digital footprints, also called digital shadow are the track of all
the data that user leaves when he was online. Digital footprints can be Passive or Active.
a. Passive footprints are created when data are collected without letting user know.
When you come online then you might have noticed on different webpages that
they are showing ads of your choice. In fact they come to know about your choice
based on your browsing history, search history and cookies. Advertisers read data
from your browser and show you the relevant ad. None of the advertiser asks you
for the permission for showing their ad, it clearly means they do all these things
without letting you get noticed.
b. Active Footprints are created when user willingly release their data by sharing
their details on social sites or any other webpage.
2. Social Engineering: It’s a non-technical method used by hackers to intrude into
someone’s account. It relies heavily on the human interaction to break the normal
security procedure. It includes the process of guessing, and hence is performed on
someone about whom you know well. If you know anyone closely then you can guess
answer of security questions and recover his account.
3. Denial of Service: In DoS attack, some of the specific service is made unavailable from
target user. These attacks can have three types of targets:
a. Network connection that provides access to the service
b. Operating system that hosts the service
c. Application program that provides the service
4. Keyloggers: Keyloggers are the programs / device that keeps log of each keystroke in a
file. A keylogger can be software based or hardware based.
a. Software Based Keylogger: It is the software program that needs to be installed
on victim’s system. Attacker use to configure his email address on the victim
machine so as all these log files are sent to his email address. Not only the textual
log, but screenshot of the victim machine is also sent at particular time interval
that is being configured in the setting of keylogger.
5. SQL Injection: It’s a code injection technique that inserts some malicious SQL statement
into the entry field and executes them. In simple words, we can say SQL injection as
running my SQL statement on the target site. This technique is applied on the web-apps
and web-pages. It can reveal all data from the database of the website to the attacker,
even your username and password.
6. XSS (Cross Site Scripting): XSS vulnerabilities can also found in the web applications.
Hackers use this to intrude some script to the webpage, and security risk varies
significantly depending on the nature of script. Various threats may be:
a. Cookie stealing: Cookie stores user data in the browser. Stealing cookie will
definitely led to data theft.
b. Session hijacking
c. DoS attack
7. Spoofing: Spoofing is the process of falsifying data and gaining benefits of the same.
Various techniques that are covered under spoofing are:
a. Email spoofing: It includes sending mail from anonymous email.
b. Call spoofing: It includes making fake phone calls. One can use this trick to call
you with your own number too.
c. IP address spoofing: It involves changing the IP address of your computer.
d. GPS spoofing: It attempts to deceive a GPS receiver so as to deliver wrong
location.
e. DNS spoofing: It’s a trick where data is intruded to the DNS resolver’s cache that
cause the name server to return an incorrect IP address which further leads to
divert all traffic to the attacker’s computer or any other computer.
8. Steganography: It’s the process of masking a file into other. File may be text, image,
audio or video. They are treated as normal file by the victims, but hackers unmask them
to reveal hidden data from it. Main advantage of the steganography is to transfer secret
messages. Again, steganography can be of different type:
a. Text steganography: Hiding messages inside the texts, it is not to be confused
with cryptography.
b. Email steganography: Similar to the text steganography, it is also used to deliver
short messages. Original message is masked and a fake message is displayed
which can later be unmasked.
c. Audio / Video steganography: Hiding data in the audio and video files
d. Image steganography: Hiding data behind the image files
9. Man in the Middle: When we open any webpage then the corresponding request is made
to the server, in the form of packet. MITM attack is used to capture these packets while it
travels through the network. Once the hacker intrudes into the packet, he can easily
extract data from it.
10. Trojans and bombs: These are the malicious programs that when executed performs
some action depending on the type of Trojan, which led to system harm and data theft. To
access victim’s system remotely, hackers may use trojans as backdoor, and after gaining
access hacker can perform any action including:
a. Formatting hard disk
b. Crashing computer
c. Corrupting data
d. Data theft
e. Keylogging
f. e-Money theft
g. Controlling system remotely
h. And many others…
Kamal Nayan
Shadow IT
Shadow IT, once confined to unapproved macros in MS Excel has now grown exponentially over the
years becoming a major part of IT firms and introducing new security risks arising from unsupported
hardware or software.
What is Shadow IT?
It is any hardware or software inside the organisation which hasn’t yet been approved by the IT
department of that organization, thus, information technology projects managed without the
knowledge of the IT department.
The rise in Shadow IT and its increased usage was due to desire of the employees to get direct and
instant access to any software or technology without the need to go through any corporate
channels. Recently, this has spread to the need to use their own personal technology at work (such
as BYOD).
A McAfee sponsored study brings out 6 key points on Shadow IT and its true nature.
1. More than 80% of the surveyed respondents admitted using it.
2. The biggest users are not the general users, but they are in fact the… IT employees!
3. There is no clear communication or rules regarding SaaS policies.
4. Employees do not want to put their organisation at any risk, they just want to get their work
done comfortably.
5. Web based analytical tools, word processing/spreadsheet tools and even web conferencing
platforms are the most common types.
6. Around a half of the surveyed individuals recognize the risks of Shadow IT but even this
sense of risk is not stopping these employees from deterring from its usage.
By 2020, 40% of the IT budget will be spent outside the IT department according to estimates. With
this widespread use to Shadow IT, the risks it brings along has become quite obvious. It can easily
become a barrier to an enterprise’s IT compliance, such as when a user is using Google Drive for
storing company data in place of the company provided cloud storage service(s). It can also impact
the experience of other employees in the organisation. Free flow of data across the organisation
may be hampered and monitoring of such data flow can become a concern.
But, even with the severity of the risks involved, it is necessary to understand that the world will not
recognize a ban of Shadow IT, if ever there is going to be one. It is here to stay, that’s for sure.
Employees will not stop bringing or using their own personal cloud services or their mobile phones
or tablets at work. The best IT organisations can hope for is to embrace Shadow IT and create
restrictions at proper junctions. After all, Shadow IT is making employees more innovative at their
work and making their jobs a little more likeable, thereby, increasing the overall productivity.
Arshad Ahmed
IIIT Allahabad,
MBA-IT/Semester: 04, IMB2013023