Monthly Archive April 2019

ByJayanthi

Project Zero

Reading Time: 2 minutes

Security has become an important component of every business. Many(if not all) organizations are choosing a proactive approach to security rather than a reactive one. It is better to deal with bugs and flaws in any software, before the malicious elements manipulate the same flaws for personal and monetary gains. 

Project Zero:

It is with this same thought that Google created ‘Project Zero’ in 2014. ‘Project Zero’ was also termed as the ‘Cybersecurity dream team’!! The primary aim of this project is to find flaws and vulnerabilities not only in Google products but in other products, operating systems and software. The goal is to detect “zero day vulnerabilities” which are mostly exploited by criminals, state sponsored hackers and intelligence agencies and make the Internet a safe place for all. 

Once a bug was discovered by the ‘Project Zero’ team, it was intimated to the manufacturer directly. Only when a patch was released, was the bug disclosed to the public. However, if a patch was not released by the manufacturer within 90 days, then again it was released to the public. 

Zero-day vulnerabilities are those bugs or loopholes that are known to a hacker but not to the vendor of the product. How do you feel when you have created a product, but do not know the bugs or drawbacks in it but somebody else knows it and is misusing it? This is exactly what was happening with a number of products – hackers were making use of vulnerabilities and exploiting it to the maximum but the vendors were clueless about what was happening. 

The team:

The team included New Zealander Ben Hawkes, Tavis Ormandy, an English researcher , American hacker prodigy George Hotz, Switzerland-based Brit Ian Beer. All of the professionals were extremely good at bug hunting(finding flaws in software) and hacking. 

Is ‘Project Zero’ still hiring?

The good news is ‘yes’! πŸ™‚ Google is still hiring for its ‘Project Zero’ team. Good coding skills and the ability to do vulnerability research and exploit development are crucial skills that are needed. In addition, if you have publicly reported vulnerabilities, you have a brighter chance of getting in! For more details on joining ‘Project Zero’ visit this link.

Latest findings by ‘Project Zero’:

As early as October of last year, a security hole was plugged in for Facebook owned ‘Whatsapp’ which was discovered by Project Zero. 

In March of this year, Google disclosed a flaw in the MacOS kernel. 

Let’s hope Google’s ‘Project Zero’ helps in the betterment of the netizen’s Internet experience without offending anyone… πŸ™‚

Written for the letter ‘Z’ for #BlogchatterA2Z challenge. The previous post can be found here.

It has been a pleasure writing about Information security and proverbs this entire month! I hope you enjoyed reading them as much I did writing them! See you next year!! πŸ™‚

 

ByJayanthi

YouTube security

Reading Time: 2 minutes

There must not be a soul in this planet who has not watched YouTube videos in this age! From small babies to older adults we all watch them. There are cooking videos, educational videos, entertainment videos, cartoons and name a topic and you can find a video on the same. The business has grown so much that there are many who have made a fine career by making YouTube videos and are known as ‘YouTubers'(not an easy one though, atleast initially) 

With so much riding on YouTube are there any security problems? Of course, for any social media that is used billions of people there is bound to be a few(or more!)security hiccups here and there. The problem is identifying it first and then closing it. 

Comments:

If you have watched a lot of videos that have children in them, you might have noticed that many of them(though not all) have their comments section disabled currently. Why did this happen? In February this year, video creator, Matt Watson found a “pedophilia wormhole ring” which was being facilitated by the comments in the YouTube videos.  I know, I feel disgusted too… πŸ™ How did this happen? Pedophiles were meeting through the comments section on YouTube videos which feature children. They exchange their contact information, pass lewd comments and do other disgusting things! For more information visit this link.

What is being done after this discovery?

It is safe to say, that YouTube has disabled the comments section of many videos featuring children. It has also removed thousands of “inappropriate” comments and terminated hundreds of viewer accounts. Though many YouTuber creators might be offended that this might be eating into their advertising and marketing, I think this is a good move to keep children safe online. 

What else can be done by us?

The only thing that we can all do is to ensure that children get a YouTube account only when they are advised to do so – at age 13! After that, it is important for the parents and children to learn and know the risks associated with “broadcasting oneself” and then take the plunge.

I know many parents and children cannot wait to get an email account or YouTube account even at 8 or 9 years of age, but considering that the Internet is not such a safe place after all, isn’t it wise to just a few more years? After YouTube isn’t going anywhere and neither is the Internet. Maybe we will have something more exciting than YouTube too in the few years that they wait too… πŸ™‚

Here’s to keeping children safe online!

Written for the letter ‘Y’ for the #BlogchatterA2Z challenge. The previous post can be found here

ByJayanthi

Xmas is enjoyable, only if it comes once a year!

Reading Time: 2 minutes

As I was racking my brain for a post for the tricky alphabet ‘X’ , my eyes suddenly fell on this saying – “Xmas is enjoyable, only if it comes once a year” and I knew “this” was the one that I was going to write on!! πŸ™‚ 

I am sure it is not every difficult to understand this proverb as well…

  1. Summer vacations are on in most parts of India. We have children playing all the time. They are playing and playing from morning to night! What happens when a student is always having vacations and having fun the whole day? What if they are constantly playing, swimming, bicycling and in today’s age – sitting with the mobiles too!! πŸ™ Don’t we as parents get vexed with this non-stop entertainment? The children also get exhausted with too much fun that they get into other troublesome activities as well…
  2. The same  can be held true for adults as well. People who are working continuously for 5-6 days a week or all 7 days a week in today’s scenario, crave a vacation.  But after maybe a week’s of trying to stay away from work related activities – we get tired of vacations and would like to “get back to getting some work done”…
  3. I can say this from a personal experience too – after going on a vacation and trying to de-stress just a few weeks back, I was definitely looking forward to getting back to writing… πŸ™‚ the vacation is more enjoyable only when it comes once in a while…

We can appreciate and enjoy a vacation only if it comes once in a while…that my friends is what this proverb “Xmas is enjoyable, only if it comes once a year” illustrates…. I am sure you can agree with me as well…

This post is for alphabet ‘X’ for #BlogchatterA2Z challenge. The previous post can be found here.

ByJayanthi

Women in Cybersecurity

Reading Time: 3 minutes

A little girl always fiddled with her mother’s smartphone and tried to crack the passcode or the pattern on it. She knew exactly what her mother would use as passcode or pattern as she knew her mother inside out!! πŸ™‚ She will try and most of the times, she can crack the passcode within three tries!! How? she will use the concept of social engineering. She was always glued to her mother’s cybersecurity’s posts(whether she understood them fully or not)  – and she was constantly wondering if this can be “hacked” or if “biometrics” can indeed work!! πŸ™‚ Do you think this little girl will be a budding “white hat” hacker in the future and “another woman to reckon with in the cybersecurity domain”? Only time will tell and this mother is eager to know that… πŸ™‚

Now moving on from that little story to the real women who are rocking the InfoSec domain today… πŸ™‚

Introduction:

Women have stepped into all professions today. There were always women in engineering, medicine, marketing, art, management, research and more. But ‘Women in Cybersecurity’ has become a movement towards empowering women and trusting their inherent capabilities to beat the newer threats arising everyday.

Statistics about ‘Women in Cybersecurity’:

  1. The total number of cybersecurity openings is expected to be close to 3.5 million by the year 2021. However, the total number of women in the cybersecurity domain today stands at only 24% of the total workforce.
  2. However, more and more women are entering the cybersecurity workforce. 
  3. Pay disparity between women InfoSec professionals and their male counterparts is present as in the other professions(my guess, this is due to “family” breaks that most women end up taking)
  4. Men and women do identical cybersecurity duties in the industry(as an example, “threat detection/remediation”, “data security”, “network security architecture”)
  5. Women are getting a higher education in cybersecurity along with most sought after certifications(CISSP, CISM, CISA etc) too!

Who are some of the women leading the cybersecurity domain?

This is a list of some of the top women in the field in no particular order:

  1. Ann Barron-DiCamillo  – is the Vice President Cyber Threat Intelligence and Incident Response at American Express.
  2. Niloofar Howe – is the Chief Strategy Officer at RSA
  3. Eleanor Dallaway – is the Editor of Infosecurity Magazine

Why should women enter the cybersecurity domain?

Apart from the cliched reason, that there is a huge gender gap and the profession needs more women to join the field, from a personal perspective, it is truly amazing to be in the field! πŸ™‚ When most people are just enjoying on the Internet, we can see the things underneath the Internet with a “magical lens” and we take it as a moral responsibility to catch the threats early.

Women also bring a totally new perspective to the field, thus motivating everyone in the board room to include them more!

Information security is not just programming, hunting for bugs, building firewalls – it encompasses all this and even more! And with the field constantly churning out new hacker avatars – there is never a dull moment!

So, what are you waiting for, ladies? πŸ™‚ Hop onto the InfoSec domain today…:) (and I will keep an eye on that little girl for you!! ;))

This post is for alphabet ‘W’ of the #Blogchatter challenge. The previous post can be found here.

 

 

 

ByJayanthi

Patience is a virtue!

Reading Time: 1 minute

Today’s proverb is a very simple one that most of us will surely like but difficult to follow in reality…’Patience is a virtue’!!

He was very hardworking. He would get up at the same time every morning(weekday, weekend – it didn’t matter) He could sit with his daughter and teach her softly and gently. If she couldn’t understand something – he could spend more time with her till she understood the whole thing. He will diligently teach his half-interested son how to ride a bike(no scoldings there) Both his kids could not understand that there could be a “strict” father in life… they thought all fathers were like “their” father..calm and composed!! πŸ™‚

Have you tried driving in India and particularly Bangalore? Well, he could do that too and without losing his temper!! There are always cars, bikes, autos, buses flying from haphazard directions on Bangalore roads – but he could somehow manage to drive through it all unfazed(let us not worry about the time it takes to commute, though!! πŸ™‚ :)) 

He could be as cool as a cucumber and he might give a tough competition to Dhoni under most circumstances…… πŸ™‚  well, if you are wondering who is this person who is blessed with a such a patient personality – try guessing, it is not so hard!! πŸ™‚

‘Patience is indeed a virtue’…written for alphabet ‘V’ for the #BlogchatterA2Z challenge. The previous post can be found here.

ByJayanthi

Use it or lose it!

Reading Time: 2 minutes

After a series of technical posts, here is a proverb that I had heard of before, but understood its significance only a few years back.

What happens when you don’t walk for a prolonged period of time? What happens when you stop moving your finger for a prolonged period of time? What happens when you stop learning something new over a period of time? What happens when you stop teaching for prolonged period of time? The answer to all these questions is just a simple one – ‘You just lose the skill to do it”!! Whether body or mind, once you stop doing something(for whatever reason) – it is very hard to re-train the body and mind to try doing it again!

Both the body and mind becomes rusty once we stop doing it. So, unless you are advised by doctors not to do something – it is good to keep going on!

Sheetal had undergone a nasty foot surgery that did not allow her to walk for almost a month. At the end of the month, when she tried to walk, she could not walk normally for obvious reasons. But even beyond a 3-4 months, when the doctors had given her the “medically fit” certificate, she was in no mood to walk a lot as the “not moving” rust had settled on her! When she finally mustered the courage to walk, she could not do the normal walks and was mentally exhausted. Finally, her father pointed out that since she had not used her walking ability, she was finding it hard to get back to complete normalcy! She had to use every ounce of her physical and mental strength along with a deep religious penance to get her walking back!

Don’t let this happen to you…continue doing what you are doing, if you love it!

Cheers!

This post is for alphabet ‘U’ of the #Blogchatter challenge. The previous post can be found here.

 

ByJayanthi

Two factor authentication

Reading Time: 2 minutes

Recall the ‘Authentication‘ post for alphabet ‘A’? Now we deal with two-factor authentication which is an extension to that post.  Authentication in the information security realm is the process of identifying yourself to the system. The most popular way of authentication is the classic ‘username-password’ combination. This is one aspect of Information security that touches us all the time.  From email logins, social media logins, we may have to enter and re-enter our passwords everyday.  We thereby implement the concept of authentication all the time in our lives! Now let us see what is  ‘two factor authentication’ and see what role it plays…

Two-factor authentication:

Do you think the common username and password is totally safe? Is your account totally hack-proof with just a password? Nope – think again… the common username-password combination might be easily cracked by a determined hacker.

Two factor authentication is an additional layer of security for your account. In addition to the username and password combination, one way of establishing two factor authentication is to enter a code that is sent to the user’s phone via a SMS or a voice call. Some other ways of performing two factor authentication are tokens, RFID cards and smartphone apps.

Example of two-factor authentication:

Facebook two factor authentication:

  1. You will enter your username
  2. You will enter your password
  3. You will also additionally be asked to enter a code sent to the phone(assuming you have chosen text messages as your two factor authentication)
  4. Once you enter the correct password and code, you will be logged in successfully

 Example of Google two factor authentication or Google two step authentication can be found here

Now if the hacker intends to hack you account, he has to pass through two layers of security. He has to crack the username/password combination first  and then figure the code that is sent to the phone. Two factor authentication might not be the magic bullet to prevent attacks on any account,but since it involves more work, it might stop the hacker from getting into your account. This is the concept of ‘two factor authentication’. 

Another trivia related to passwords: Did you know the most common passwords all across the world was “123456”, “123456789”, “qwerty”, “password” and “1111111”? If you have any of these passwords for any of your accounts please do change them as you run a high risk of getting hacked! πŸ™‚

This post is for alphabet ‘T’ for #BlogchatterA2Z. The previous post can be found here.

 

 

ByJayanthi

SOC

Reading Time: 2 minutes

‘SOC’ is the acronym for ‘Security Operations Center’. The 2018 Verizon DBIR (Data breach investigations report) states that there were 53,308 security incidents and there were 2,216 data breaches in the year 2018. It also states that the 68% of the breaches took months or longer to discover! Isn’t it amazing – there is a  breach in your organization and you don’t have any idea about it till your customers let you know about it or a third party lets you know about it! That is probably the sad truth in the industry!!

SOC:

Keeping that in mind, the SOC is a team that has been informed whose sole purpose is to monitor and analyze the security of an organization. As with other things in security, a SOC team must be formed only after the formal assent from senior management. For any security program to be successful, the senior management in an organization must always be in tune with the goals of the Information security team.

Since security is mostly a reactive approach for most organizations, the SOC team is trained to detect security incidents within an organization and pass the control onto the ‘incident response team’ if an incident occurs. 

The SOC team consists of security engineers, SOC managers and security analysts along with other security professionals. The SOC team will hopefully reduce the time needed to respond to a cyber attack – since a team is always there to detect attacks as early as possible.

The SOC team must be up 24 hrs a day, 7 days a week, 365 days a year! There might never be a dull moment in the SOC team. The day may start out calm and before long alarm bells might be ringing detecting a security incident.  The SOC infrastructure involves the defensive security mechanisms of firewalls, IDS/IPS, breach detection solutions and more. 

Responsibilities of a SOC:

A professional in the SOC team is expected to be able to perform these tasks:

  • network analysis
  • IDS monitoring and analysis
  • malware analysis and forensics
  • The SOC team should also be in tune with the emerging trends and threats in the cyber security landscape. 

What are the skills to be a member of the SOC team?

You may need to have:

  • a Computer Science degree
  • 1-3 years of work experience related to SQL, TCP/IP, IDS/IPS, C, C++, Java, PHP, OS(like Linux, Unix, Windows)
  • Certifications such as GIAC, CISSP, CEH

These are some skills that are suggested to become a member of the SOC. There are other ways if you have the passion for joining a very happening team in the InfoSec domain!!

This post is for alphabet ‘S’ for #Blogchatter challenge. The previous post can be found here.

ByJayanthi

Red Team – Blue Team

Reading Time: 2 minutes

“Red team – Blue team” is a popular parlance in the Information security domain. It actually imitates military tactics, ” red teams” and “blue teams” who work in offensive and defensive positions. Protecting the infrastructure of an organization and ensuring the complete security of an organization is the ultimate goal of every security program.

Every organization wants their precious data to be safe, for their data not to fall into wrong hands, not to have any of their client’s passwords stolen, not to have any of their private conversations being snooped on and more…How do we achieve this in the Information security domain? By forming two teams – the ‘Red Team’ and the ‘Blue Team’.

Red Team:

The ‘Red Team’ is:

  • The offensive team or the attacking team
  • It consists of team members who perform duties similar to pen-testers who will attack and test an organization’s defenses
  • It may consist of team members from outside the organization 
  • The Red team will have skills pertaining to performing the attacks like phishing, social engineering, masquerading like employees and more
  • The ‘Red Team’ will attack an organization’s defenses and find loop holes in the system that might be potentially attacked by hackers

Blue Team:

The Blue Team is:

  • The defensive team
  • Will erect all defenses by ensuring that necessary software (such as firewalls, anti-virus definitions) have been installed and all patches are downloaded as and when they are released
  • They will also ensure that all loopholes in the security program are sealed
  • The ‘Blue team’ will have to keep up with all the new security threats and bugs in the Information security landscape and mitigate them accordingly
  • The ‘Blue team’ will have to re-group and re-strategize once the threat of attacks looms

Who is more important? (Red Team or Blue Team?)

Both the teams are equally important as both of them work for the betterment of an organization. While one team erects defenses and makes sure everything is secure, the other team attacks it and shows the vulnerability of defenses. The best way to work  of course, is for the “Red team” to think like the “Blue team” and attack the defenses and for the “Blue team” to think like the “Red team” and create good defenses!

This way, the organization can try to be as secure as possible!

There is also a ‘purple’ team but that will be for another post… πŸ™‚

This post is for alphabet ‘R’ for the #Blogchatter challenge. The previous post can be found here.

 

 

 

 

 

ByJayanthi

Winners are not people who never fail, but people who never quit…

Reading Time: 2 minutes

Next in my series of loved proverbs and quotes is this saying “Winners are not people who never fail, but people who never quit”. There must not be one successful person in the world who has not failed at anything. It is also said that “Failure is the stepping stone to success”. If you have not failed in anything in life, success will definitely take longer to reach you. Luckily for me, I have failed a few times here and there and I don’t quit that easily either – hope lady success finds me soon! πŸ™‚

Here are a few people who had to take a few misses initially but made sure they didn’t quit to reach their successful state today:

  1. Bill Gates the creator of Microsoft stumbled with his first start-up and dropped out of Harvard to start his most successful company. 
  2. J.K. Rowling, author of the Harry Potter series of books, faced rejection of her manuscript 12 times before finally being accepted. 
  3. Steven Spielberg, director of extremely popular movies such as ‘Saving Private Ryan’, ‘Jurassic Park’, ‘BFG’, ‘ET’, ‘Schindlers list’, ‘Jaws’ was rejected twice by the ‘University of Southern California’s School of Cinematic Arts.’!!
  4. Albert Einstein’ – the brainy man born in 1879 was considered as a major failure by his father. He did not talk till he was 4 years old. He also joined college but almost dropped out. This is the person, who taught us the theory of relativity and more ground breaking work in Physics.

All the personalities listed suffered initial setbacks in their current glorious career. But it was their inherent trait to never quit that got them to the level they are today!

‘Winners are not people who never fail, but people who never quit’…

Cheers! πŸ™‚

 

This post is for alphabet ‘Q’ for the #BlogchatterA2Z challenge. The previous post can be found here.