Author Archive Jayanthi

ByJayanthi

Definition of the day: What is malware?

‘Malware’ is  short form for ‘malicious software’. ‘Malware’ encompasses viruses, worms, Trojan horse, ransomware etc

Examples of malware include: Wannacry ransomware

Destruction produced by malware: computers will freeze, the computer can be used to launch attacks, the computer will crash, your data will be maliciously deleted etc.

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA. She has written blogs for Simplilearn, Whizlabs software, InfoSec institute and Jigsaw academy. She has created e-learning videos for Whizlabs software and Twenty19.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

What is your social media personality?

 

With social media becoming a permanent feature of most of our lives, it has been  fun to observe the social media personalities of my world. By ‘social media personality’ – I mean, the ability to express ourselves online. Why, some of us are more social or and some of us are less social online, is very hard to pin point for me, for now, at least.

Our social media personality woven with existing relationships seems to be creating brand new ‘online personalities and relationships’!  While there is no right or wrong on this issue and it is only a matter of personal comfort, these are a few of the social media relationships that I have observed in a fun way!

  1. Sometimes, one spouse is more social than the other online
  2. Both spouses are equally social online
  3. There are also instances when the parents are more social than their grown children! 🙂 (how and why – I have never been able to understand this?!! :))
  4. When the entire family just absconds from the Internet and social media(though very, very rare – haven’t found any family that way! – though am sure somebody does exist! :))
  5. When the entire family is online and everything is expressed online in full public view!! 🙂
  6. When teenage kids are having a gala time on social media and the parents have no clue about their social media habits(or choose to ignore)
  7. When one parent or both parents are constantly tagging behind their teens online! 😉

Where do you belong in the above list?

I am sure there are many other variations too – but these are the personalities that I have observed! Is there are any other social media personality that I have missed? 

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA. She has written blogs for Simplilearn, Whizlabs software, InfoSec institute and Jigsaw academy. She has created e-learning videos for Whizlabs software and Twenty19.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

What is the CISSP certification?

No sooner do we start looking for jobs in the InfoSec industry, we encounter the question “Do you have any certifications?” This post will delve into the most popular certification – the CISSP.

Introduction:

As social media rages ahead so do other forms of sophisticated attacks. Information Security was a term that was barely used about 20 years ago. Yet, it has begun to play a major role today and will continue to do so in the future. The demand for Security professionals has also exponentially increased and the way to step into the most sought after career is to be certified.

Employers will look for a proper mix of certification and experience to short list prospective candidates. Employees will climb up the information security ladder faster if they are certified.  What is the CISSP certification? Let’s find out:

 

Upto 500 Rs off on Wonderla!

The CISSP certification

CISSP’ is ‘Certified Information Systems Security Professional. 

 (ISC)2 is the ‘International Information Systems Security Certification Consortium’ and is one of the most prevalent and widely accepted standards for Information Security certification. (ISC)2 delivers the CISSP certification.

Achieving the CISSP certification is the gold standard for all security professionals. It is the first credential accredited by the ANSI/ISO/IEC Standard 17024:2003. A person who has the achieved the CISSP certification will command international respect.

      The requirements for appearing for the exam are as follows:

  1. Have five years of demonstrated Information Security experience in two or more of the ten domains of the CISSP exam(However, if one does not have the required experience to take the exam, one can become an Associate of (ISC)2 and clear the exam after gaining enough experience to take the exam within 6 years)
  2. Subscribe to the (ISC)2 code of ethics
  3. Pass the CISSP exam and complete the endorsement process

     The different domains of the CISSP exam and their weightage are listed below:

Security and Risk Management16%
Asset Security10%
Security Engineering12%
Communications and Network Security12%
Identity and Access Management13%
Security Assessment and Testing11%
Security Operations16%
Software Development Security10%

 

The Exam:

Duration: 6 hrs

No. of questions: 250

Pattern: Multiple choice and “advanced innovative questions”

Passing grade: 700 out of 1000 points

Benefits of the CISSP certification:

Since the CISSP certification is what most employers look for in prospective employees of information security, it is “THE” certification to achieve. It is the most sought certification in an employee.

Since the field is a dynamically changing one unlike most other professions CISSPs must recertify every three years and maintain their certification too.

 For professionals, who have achieved the CISSP gold standard and are wondering “What next?”  there are  other CISSP concentrations like CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP.

Latest Update:

(ISC)2 is all set to introduce the CAT(Computerized Adaptive Testing ) for all CISSP English tests worldwide from December 18, 2017.  This is expected to reduce the exam duration from 6 hrs to 3 hrs. The total number of questions to be answered will also drop from 250 to 100.

References:

https://www.isc2.org/Certifications/CISSP

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA. She has written blogs for Simplilearn, Whizlabs software, InfoSec institute and Jigsaw academy. She has created e-learning videos for Whizlabs software and Twenty19.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

Of Mothers and Daughters/Fathers and sons!

Just a few years ago(or must have been many,many years ago! :)) , I remember being mesmerized by my father.  It was like I was in a trance and there was an invisible magic wand giving me directions to do or not do things!  Such was our relationship, it seemed to resemble a Pied piper and his followers!! 🙂

I am sure we see this in many houses – fathers being extra special to the little or(big!) girl in the house and the mother going the extra mile for the son in the house! Traditional thinking has it that daughters have a magnetic attraction towards their fathers(and vice versa) and sons are more inclined towards their mothers(and vice versa here too!) But is it really true that way or is it that we are brought up thinking that way?

While it may be true in many cases, not all relationships work that way. What will happen where when it is an all girl household or an all boy household? Will all the girls be clinging to the father leaving the mother alone or will all the boys be clinging onto the mother,leaving the father alone? It doesn’t sound fair, does it?

As I have grown and matured in parenting, I have seen many mothers being close to their daughters and many sons being close to their fathers as well. It really is up to each parent and their eagerness to take part in the parenting challenge. 

Mother-daughter:

Mothers and daughters relationship will continue to evolve over the years. As the girl transitions from a little girl into a teenage beauty and beyond, there are quite a number of things that can be taught only by a mother. Teenage years, ’empathy'(word picked from Satya Nadella’s ‘Hit Refresh’ :)) cooking, handling family relationships,finances may be some of things that the mother can share her expertise with her daughter. 

Father-sons:

Father and sons might not come off as the giggly, fun relationship but they will mature over the years provided there is ample input from the father’s  side. Finances, business and professional attitudes,care may be some of the things that a father can share with his son. 

But again, there is no hard and fast rule as to what is to be taught by a father and what is to be taught by a mother. 

Whether it is a son or a daughter, it might be quite fair to say, as parents – we all have the responsibility to bring them up well as we can. No passing the buck to mothers for sons and fathers for daughters!

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA. She has written blogs for Simplilearn, Whizlabs software, InfoSec institute and Jigsaw academy. She has created e-learning videos for Whizlabs software and Twenty19.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

Did you know?

‘Whatsapp’  is India’s largest and most convenient chat app. The anonymity to send messages without the whole world to view it and the instantaneous way to communicate made the chat app a total winner. 

But the chat app had  one uncomfortable feature – for the multitude of messages sent across different groups and individuals, there was always that one message that was sometimes sent by mistake. It would always land in a group with 10-50 participants who would all be equally puzzled! 

 

 

Whatsapp has solved the unintended message dilemma by enabling a new feature:

  1. You can delete an unintended message from all group members (or individuals)
  2. The unintended message should be deleted within 7 minutes of sending it
  3. In order to make it work , the message to be deleted has to be “tapped, held and deleted” from groups or individuals
  4. Once the messages are deleted, a message “This message was deleted” will appear in the appropriate group. 
  5. In order for the ‘Delete’ feature to work, all users should have the latest version of Whatsapp installed for their phones or desktops. 
  6. If the deletion is not successful for all members of the group, there will not be a separate notification informing of the same.

Note: There is a possibility that a message will be viewed by the recipient before the sender deletes it.

What do you think of this new feature? 

 

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA. She has written blogs for Simplilearn, Whizlabs software, InfoSec institute and Jigsaw academy. She has created e-learning videos for Whizlabs software and Twenty19.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

Missing India?

I write and write about Indian and US life and I never get tired! 🙂 Here is one more…

Most of us who move to foreign lands to pursue different interests, try and re-create the Indian magic in different ways. We miss India in more ways than one as we adjust to a new life in a new country. Having lived for almost 14 consecutive years in the US, and having seen numerous families, students, couples move abroad, I can recount  a few of things that one misses sorely about India:

  1. The beautiful social life 

          Going from a country of billion people – we see people everywhere in India. That might not be the case particularly in a foreign country  and that too if you are in a cold place. We seek solace in online relationships which keeps us going.

   2. The festive season

         The festive season is particularly hard because of the authentic way of celebrating it seems to be missing in the new land. This can only be replaced by replicating the exact things that were done in India(for example, for Diwali – get together with other Indian families are arranged and the culture of the Indian festivals is passed onto newer generations)

 

 

3. Missing Indian values and trying to pass them on

This is probably one of the toughest things to do in a foreign country, at least in my view.  Raising kids in a new land brings with it, its own challenges.

We do not want our kids to lose our own Indian values and heritage but at the same time, we want them to blend well with the foreign country’s values and habits too. Shuttling from ‘Bala vihar’ class and Bharatnatyam classes to soccer practices is the new norm for Indian kids growing abroad. 

They are expected to speak, read, write their own mother tongue with ease as well study languages in the foreign country too.

4. Healthcare is not so complicated

I am not sure whether missing healthcare in India is the perfect way to say it – but suffice it to say that simple healthcare in India is not very complicated. We do not need to carry our health insurance card for every visit to the doctor.  The most important distinction between Indian and a foreign country’s health system is that we can choose our own doctor!!

The insurance does not dictate whom we should see for simple ailments. 

Simple medicines are relatively cheap too(A strip of paracetamol only costs 30 Rs. – that is just about 50 cents!!)

5. Higher education is not so expensive

Actually, this can be restated as “education itself is not so expensive” – at least not for the middle tier and upper middle tier population of India. While school education is easily affordable, college education is manageable too.

Parents are never advised to start saving for their child’s education from the day they are born! 😉

6. Cricket

There are very few individuals who don’t miss the gentlemen’s game in a foreign land. As it is said, cricket is a religion in India and even though other sports like basketball, ice hockey, baseball and American football are around us, the heart always seeks the religion that unites India! 

These are just a few ways that I have seen many families miss India. I am sure there are plenty more…

 

If you like this post buy my book from Amazon that has other popular blog posts on this very popular topic!

 

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA. She has written blogs for Simplilearn, Whizlabs software, InfoSec institute and Jigsaw academy. She has created e-learning videos for Whizlabs software and Twenty19.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

What is Zero day vulnerability?

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA. She has written blogs for Simplilearn, Whizlabs software, InfoSec institute and Jigsaw academy. She has created e-learning videos for Whizlabs software and Twenty19.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

Definition of the day: Trojan virus

The more connected we are with our tablets, mobiles, desktops, laptops, the more we are susceptible to an attack. The connected world boasts of different types of attacks. Some of them are viruses, worms, phishing emails, Trojans and so on. Malicious writers are constantly seeking new ways to exploit new vulnerabilities on new devices. We will explain the term Trojans in this post:

 

 

Similar to the fabled horse in the Trojan war (wherein the Trojan horse was used to stealthily get soldiers inside the enemy camp) –  in computer security,  a Trojan virus is a malware that disguises itself in everyday files. When an innocent user clicks on the file, the disguised Trojan virus with extraordinary capability is unleashed. Most common Trojan viruses are used to create back doors on systems, steal data from personal and business systems and remotely control a computer. 

They do not replicate themselves but propagate by common social engineering techniques thereby duping the innocent user. 

 

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA. She has written blogs for Simplilearn, Whizlabs software, InfoSec institute and Jigsaw academy. She has created e-learning videos for Whizlabs software and Twenty19.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

Anatomy of the Shellshock vulnerability

If you thought, remotely seizing a machine and making it obey your orders was what sci-fi movies were made of, think again! The Shellshock vulnerability or the Bash bug vulnerability discovered in September of 2014 by Stephane Chazelas, a security researcher at Akamai firm allowed hackers to do exactly that in reality!

 It was different from other vulnerabilities because it attacked Unix, Linux and Mac OS machines instead of the traditional Windows systems. NIST (National Institute of standards and technology) named the vulnerability as, CVE-2014-7169.  It is to be noted that the terms Shellshock and Bash bug will be used interchangeably in this article.

 Why is it so named?

It was so named because it exploited a vulnerability in the shell of the Unix, Mac OS and Linux operating systems. The Shell of the Unix and Linux environment is known as GNU ‘Bourne again shell’ which gives the vulnerability its name ‘BASH’. The vulnerability affected all versions of Bash from 1.14 to 4.3.

This shell is the command line interpreter (that which is used to run commands) which is the crucial component in the vulnerability. The critical point about the Bash bug or the Shell shock vulnerability is that the machine can be exploited remotely and can be brought completely under the control of the attacker.

Hungry? Order from Swiggy!! 🙂 

In a nutshell, how does it work?

The flawed design of Linux/Unix/Mac OS Bash shell executes code after definition of the environment variable, first. Web applications are particularly susceptible since they take user input and execute accordingly. For example, when setting environment variables

env e=’() { :;}; echo new command

The interpreter executes the malicious code ‘echo new command’ first, specified after the environment variable and then executes the environment variable.  

What happens if the vulnerability has been exploited on your machine?

If your machine has been compromised and the vulnerability has been exploited these are some of the things that the hacker can do:

  1. take complete control of the OS
  2. install backdoors
  3. view/change database usernames and passwords
  4. ruin the web server by modifying its contents
  5. deface websites(TrendLabs Security Intelligence blog, 2014)

Now let’s move onto the move onto the most important point of the article, the anatomy of the attack.

 

Anatomy of the Shellshock attack:

The shellshock or the Bash bug vulnerability can be exploited under three circumstances:

  1. Machines running HTTP server using CGI scripts(which require no authentication)
  2. Machines running SSH(which require authentication)
  3. Machines running DHCP server

 

 

     We will discuss the anatomy of the Shellshock attack on the HTTP server running CGI scripts.

As an example, let us consider two machines one running Kali Linux (which is the victim machine) and one running Ubuntu OS (which is the attacker machine) Our Kali Linux system will be using the Apache web server which will be victim server.

  1. Create a CGI script and save it with .cgi extension on the victim machine. For simplicity, place it in the root folder of the Apache web server.
  2. Make sure the CGI script is executable and Apache web server executes it.
  3. Start the web server and execute the CGI script to make sure that it works accordingly
  4. Go to the attacker machine and create a ‘reverse TCP payload’ by means of Metasploit. Metasploit being a bundle of payloads and exploits – it is wise to use the popular ‘msfpayload’ for this. Note: The “reverse shell” is used by the attacker to create a listener on his machine and the victim machine connects to it. The attacker then gets the shell code.
  5. Once the “payload” has been created, make sure to see that it is indeed there.
  6. The ‘curl’ command is then used to send the payload to the victim machine by making use of ‘Bash’ vulnerability. The ‘curl’ command is the command to send data to/from a server. This can be monitored by the listener on the attacker machine. By now, the victim machine is completely under the control of the attacker. (EXPLAINED: What is SHELL SHOCK or BASH BUG and How to EXPLOIT!)

This is the successful anatomy of the Shellshock attack. To protect oneself from the Shellshock vulnerability, it is necessary to apply regular updates as and when they are released.

Bibliography

EXPLAINED: What is SHELL SHOCK or BASH BUG and How to EXPLOIT! (n.d.). Retrieved from Youtube.com: https://www.youtube.com/watch?v=u1H12rMdLTg

TrendLabs Security Intelligence blog. (2014, September 25). Retrieved from TrendMicro: https://blog.trendmicro.com/trendlabs-security-intelligence/shell-attack-on-your-server-bash-bug-cve-2014-7169-and-cve-2014-6271/

 

 

 

 

 

 

 

 

 

 

 

 

 

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA. She has written blogs for Simplilearn, Whizlabs software, InfoSec institute and Jigsaw academy. She has created e-learning videos for Whizlabs software and Twenty19.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

The ‘Interview’….

Several years ago, a young lady wearing a salwar kameez, walked into a quiet place in a hesitant way. The environment was fairly formal and the people in the place made her feel quite warm and comfortable. This was the first time she was meeting them.

Her father had already hinted that this might not be the usual type of conversation. After the initial formalities, the conversation shifted its focus towards the real reason why she was there.

The interview process:

She was working in a computer training center then and the leading person in the situation asked a few questions along  these lines:

  1. “What computer language had she studied while she was in college?”
  2. ” What computer language did she teach now?”
  3.  “Was the concept of pointers in ‘C’ really hard?”

If you think, this was a technical interview, think again!

     There were also other non-technical questions such as:

  1. “Why was she not wearing any gold bangles – did she not like jewellery?”(all from first impression! :))(True – She had never liked gold jewellery!)
  2. “How would she like her future husband to be?”
  3. “Did she like to have an arranged marriage or love marriage?”

   I am not sure whether you are able to figure out the lead questioner in the above conversation…. it was a would-be father-in-law and a would-be daughter-in-law having a conversation! 🙂

 

 

 

How did it happen?

Contrary to most other ways of getting married in India, this couple got married in a novel way. The parents, sister and the girl were called for an appointment to meet the prospective groom’s family! By a strange turn of events, they marched right into their house without thinking twice(normally, it is the groom’s family that marches into the girls house!)  The would-be father-in law, mother-in-law and the groom’s grand mother were all present and the casual interview began!! 🙂

housejoy.in(40% cashback on all services )

Only one obvious  person asked the questions – while the two other members remained silent. A person of excellent mathematical and computer skills, it was not easy to get past the would-be father-in-law’s questioning. Word had it that he could crack integration problems with ease even at his age!

Most of the questions that he asked(like love/arranged marriage etc and the many technical computer questions absolutely threw the girl off! – who would go for a wedding discussion and answer questions about pointers in ‘C’?!! :)) It was the frankness and outspokenness of the father-in-law and the girl’s ability to answer them boldly that really sealed the interview. 

The girl did crack the interview because she did marry the boy just a few months later! 🙂

And no prizes for trying to identify the characters in the above story! 🙂

 

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA. She has written blogs for Simplilearn, Whizlabs software, InfoSec institute and Jigsaw academy. She has created e-learning videos for Whizlabs software and Twenty19.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂