Category Archive Information Security

ByJayanthi

Face app

Reading Time: 3 minutes

It seems the online world is embroiled in some sort of controversy or the other giving me plenty to write about!! 😉 Jokes aside – have you downloaded and used the currently viral ‘Face app’?   If you have or have not yet done so, read on…

What is ‘Face app’?

‘Face app’ – the AI , face editor is a freely downloadable app for both Android and iOS platforms and is owned by a Russian company Wireless Labs. It is available both on Google Play and Apple App store. I downloaded it and it was really fun to try the different looks(with a smile, without a smile, with makeup, without makeup) and the younger version and older version of oneself are phenomenal too…For a moment, I threw all my security caution to the wind and dissolved into it and enjoyed it!! 🙂 But, not for long… 

The ‘Face app’ asks for your permission to access the pictures from your ‘Gallery’ and no sooner, do you give it the permission – it takes your ‘face’ from a picture and performs a lot of magic to it. It definitely keeps you enthralled and even has options to use your pictures from social media platforms such as ‘Facebook’.

What is all the noise about ‘Face app’ now?

On the face of it, ‘Face app’ seems to be another app for everyone to have a bit of fun online, but there is more to what meets the eye. Your pictures are all uploaded to the cloud which itself is unnerving from a privacy standpoint. Along with this, there is another problem that has been reported widely which is in the ‘Terms and conditions’ of the viral app. The ‘Terms and conditions’ state this:

“You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you..”

While you own your “face” content, you are giving the app exclusive rights for your “face” content to be stored perpetually and be used for other derivative works and display it anywhere!! (yikes) I cannot imagine my face being stored on some strange servers in some part of the world and being used for strange purposes!! 

This is the part of the ‘Faceapp’ that is deeply troubling for all users of the Internet community today.

What is being done then?

  1. US Senate minority leader, Chuck Schumer has called on the FBI and Federal Trade Commission to look into the privacy issues with ‘Faceapp'(Source: economictimes.com)
  2. In the wake of privacy concerns, the CEO of Faceapp has stated that most of the pictures are deleted within 48 hours(Source: https://techcrunch.com/2019/07/17/faceapp-responds-to-privacy-concerns/)
  3. User data is definitely not transferred to Russia
  4. Users can requests their data to be deleted
  5. Only the selected picture is uploaded and not all the pictures from the ‘Gallery’ are uploaded

The net result of heavy outburst on social media unfortunately or fortunately, the downloads for ‘Faceapp’ have supposedly increased by 500% in the last six days(Source: https://www.forbes.com/sites/johnkoetsier/2019/07/18/controversy-good-for-business-faceapp-downloads-jumped-561/#759ad9c3577c)

My take on the whole Faceapp drama:

While privacy issues constantly rake the online world, this is probably one of the few times that even non-serious security individuals have woken up to security and privacy thoughts. While our entire online data(conversations, payments, locations, group pictures, events, gatherings) is always moving silently behind the computer screen, a picture of a “face” moving around has really shaken everybody up( A picture is definitely worth a thousand words 🙂 !! ) More people are questioning the privacy behind the fun which is definitely a good thing.

We will see how the ‘Faceapp’ drama unfolds further but for now it is good to see ‘Faceapp’ has definitely woken up the sleeping privacy giant in all of us!!

Cheers!

 

ByJayanthi

Are you a “Cyberchrondriac?” or a “Script kiddie?”

Reading Time: 2 minutes

Cyberchrondriac:

I am sure most of us have heard of the term “hyperchrondriac”. A “hyperchrondriac” is a person who is excessively worried about their health and imagines any minor ailment as a major health concern. Combine this feeling with today’s Internet usage and we have a “cyberchrondriac”!

A “cyberchrondriac” is a person who is guilty of combing the Internet for any or more information about their health concerns. They read various things on the Internet about the minor symptoms that they may have and imagine that they have a terrible disease. With more and  more medical terms and information freely available on the Internet, we all become “cyberchrondriacs” at one time or the other. Their medical ailments may be unfounded or real – but they definitely add to the misery of doctors who are trying to diagnose the real problem. Best option for all “cyberchrondriacs” is to seek medical advice right away and not do a lot of medical research on the Internet…

Script kiddies:

The Internet is our oyster now. We can do anything and everything with its might.We can crack, cook, code, learn and more with the Internet… then why not “hack”? Those looking to hack into websites can learn a great deal by a single minded effort to learn malicious things online. This is where “script kiddies” step in…

‘Script kiddies’ is the name given to newbie hackers. These newbie hackers are not professional hackers and have not perfected the art of ‘hacking’. ‘Script kiddies’ are those who have learnt to hack by reading various articles and publications and watching several online videos on hacking. They also steal other people’s code as they lack enough programming knowledge to wield an attack. In spite of the fact that they are “professional hackers” in the making, their attacks still do affect the majority of users in an equally harmful way. ‘Script kiddies’ do all this and more for the excitement of it and to get joyous bragging rights.

This post saw a definition of a few terms on the Information security front…Stay tuned for more technical updates..

 

 

ByBala Manikandan

ArrayLists: Dynamic Arrays in Java (Part 2)

Reading Time: 3 minutes

Here is the second post on ArrayLists which is a continuation from part 1 . Here are some points covered in the first part:

  • Main advantage of ArrayLists over arrays
  • Creating an ArrayList
  • Adding elements to ArrayLists
  • Iterating through the elements
  • Modifying and deleting elements

In the next section, we will deal with some methods commonly used to query an ArrayList.

Querying ArrayLists:

The following example demonstrates the usage of some more ArrayList methods:

//Other methods of ArrayList

package codingexamples;

import java.util.*;

 

public class ArrayListExample3 {

     public static void main(String[] args){

        ArrayList<String> list = new ArrayList<>();

        list.add(“Apple”);

        list.add(“Banana”);

        list.add(“Grapes”);

        list.add(1, “Watermelon”);

        list.add(“Apple”);       

        System.out.println(list);       

        String val = list.get(3);     //retrieve element at index 3

        System.out.println(val);

          int sz = list.size();

        System.out.println(sz);

       

        System.out.println(list.contains(“Banana”));

        System.out.println(list.contains(“String”));

        System.out.println(list.indexOf(“Apple”));

        System.out.println(list.indexOf(“String”));

        System.out.println(list.lastIndexOf(“Apple”));

     }

}

The output of the code is:

[Apple, Watermelon, Banana, Grapes, Apple]

Grapes

5

true

false

0

-1

4

The methods get() and size() used above are self-explanatory, which is evident from the first three lines of output (remember that index 3 is the fourth element). The method contains() returns true if the specified item is present in the list and false otherwise. In this case, the list contains “Banana” but does not contain “String”. And last, the indexOf() and lastIndexOf() methods return the indices of the first and the last occurrences of the specified object, respectively, or -1 if the object is not present. This is consistent with the above output.

The next section deals with a slightly more advanced concept related to ArrayLists.

Role of the equals() method in results of ArrayList methods:

The equals() method of class Object is inherited by all the classes in Java. But by default, it only checks whether the references of the invoking object and the method parameter are the same, or in other words, it returns true only if they refer to the same object. However, classes may override this method and define a new “equality” condition, which usually involves comparison of the instance variables of the objects.

Some of the methods in the ArrayList class, such as remove(), contains(), indexOf() and lastIndexOf() use the equals() method to check if an object is present in the list or not. Thus depending on whether the equals() method is overridden or not, the results of these methods may differ. This is demonstrated in the following code:

//Demonstrating effects of overriding equals() in classes used as the

//element type in an ArrayList

package codingexamples;

import java.util.*;

 

class Person1{

    private String name;

    Person1(String nm){name = nm;}

    public String getName(){return name;}

    //no equals() override

}

class Person2{

    private String name;

    Person2(String nm){name = nm;}

    public String getName(){return name;}

   

    //Override equals(), returns true if the names are equal

    public boolean equals(Object obj){

        if(obj instanceof Person2){

            Person2 other = (Person2)obj;

            boolean isEqual = this.name.equals(other.name);

            return isEqual;

        }

        else

            return false;

    }

   

}

public class ArrayListExample4 {

    public static void main(String[] args){

        ArrayList<Person1> list1 = new ArrayList<>();

        Person1 p1 = new Person1(“John”);

        Person1 p2 = new Person1(“Roger”);

        list1.add(p1);

        list1.add(p2);

       

        System.out.println(list1.contains(p2));                     //prints true

        System.out.println(list1.contains(new Person1(“Roger”)));   //prints false!

        list1.remove(new Person1(“John”));                      //doesn’t remove John!

       

        for(Person1 p : list1)

            System.out.print(p.getName() + “:”);

        System.out.println();

       

        ArrayList<Person2> list2 = new ArrayList<>();

        Person2 p3 = new Person2(“John”);

        Person2 p4 = new Person2(“Roger”);

        list2.add(p3);

        list2.add(p4);

       

        System.out.println(list2.contains(p4));                    //prints true

        System.out.println(list2.contains(new Person2(“Roger”)));  //also prints true!

        list2.remove(new Person2(“John”));                         //removes John

       

        for(Person2 p : list2)

            System.out.print(p.getName() + “:”);

        System.out.println();

    }

}

The output of the code, as it turns out, is:

true

false

John:Roger:

true

true

Roger:

The above code defines two almost identical classes, Person1 and Person2, both of which have a single instance variable, name. But Person1 does not override equals(), whereas Person2 does. In case it is tough to understand the code in the equals() override of class Person2, for now just remember that the new definition returns true if the names of the two Person2 objects are the same.

Now an ArrayList of Person1 objects is created and two Person1 objects with names John and Roger are added to it. If the ArrayList is queried whether it contains the object referenced by p2 (that is, ‘Roger’), it results in true. But if instead you pass a new object whose ‘name’ is also Roger to the contains() method, it results in false! Why? Because Person1 did not override equals(), and thus only object references were compared all along! Similarly, the next line demonstrates an unsuccessful (for the very same reason) attempt to remove ‘John’ from the list. This is demonstrated in the third line of output, which displays the ‘names’ of all the elements in the list.

The same things are done for another ArrayList of Person2 objects, and a significant change is observed in the output, only because Person2 overrode equals(), and so names instead of object references were compared! Thus the second call to contains() on the second list also produced true, and this time John was successfully removed from the list.

We have seen how to use ArrayLists in Java in this post – stay tuned for more technical posts!

ByBala Manikandan

ArrayLists: Dynamic Arrays in Java (Part 1)

Reading Time: 3 minutes

Before beginning this post, I would like to state that this post assumes some prior knowledge of Java (particularly arrays, classes and objects, and overriding)

The main limitation with arrays (groups of elements of the same datatype that are referenced by a common name) in Java is that they have a fixed size, and cannot shrink or grow in size. To overcome this, the ArrayList class can be used, which offers the functionality of a dynamic array. This class implements the List interface, which itself defines the methods used to manipulate ArrayLists. Both the class and the interface reside in the java.util package. This post deals with the functionality of various methods in the ArrayList class.

Adding elements to ArrayLists and Iterating through them:

The following example shows how to add elements to an ArrayList and iterate through them.

//Adding elements to an ArrayList and iterating through them

package codingexamples;

import java.util.*;

public class ArrayListExample1 {

    public static void main(String[] args){

        List<String> list = new ArrayList<>();    //works in Java 7 and above

        list.add(“Apple”);

        list.add(“Banana”);

        list.add(“Grapes”);

        list.add(1, “Watermelon”);              //insert “Watermelon” at position 1       

        System.out.println(list);               //prints out names of elements

        System.out.println();

               //iterate through elements using enhanced for loop

        for(String s : list)

            System.out.println(s);

            System.out.println();

            //iterate through elements using ListIterator

        ListIterator<String> itr = list.listIterator();

        while(itr.hasNext())

            System.out.println(itr.next());

        }   

}

The output of the code is:

[Apple, Watermelon, Banana, Grapes]

Apple

Watermelon

Banana

Grapes

Apple

Watermelon

Banana

Grapes

The first line marked in bold shows how to create an ArrayList. Note the use of angle brackets in this line. ArrayList can work with multiple object types (it is a generic collection), and the type to be stored (in this case String) must be specified in the angle brackets, making ArrayLists type safe. Also, as mentioned earlier, ArrayList implements the List interface, and all the methods commonly used with ArrayLists are defined in this interface itself. So, a List reference may be used to store an ArrayList object, as shown in this line. As of Java 7, the angle brackets on the right side of the ‘=’ sign can be left empty. So prior to Java 7, you would have had to write,

List<String> list = new ArrayList<String>();

The next few lines add elements to the ArrayList. While the elements “Apple”, “Banana” and “Grapes” are added to the end of the list each time (using the single argument add() method), the element “Watermelon” is inserted at position 1 (so that it is the second element, as the numbering starts from 0), using the two-argument add() method. The remaining elements are shifted ahead by one position when this happens.

In the next line, the list is passed to the println() method, which shows the elements of the ArrayList in order, in agreement with the add() method calls. And finally, the elements of the ArrayList are iterated through, using an enhanced ‘for’ loop and a ListIterator (observe the syntax when using ListIterator).

Modifying and Deleting Elements:

The following example shows how to modify and delete elements from an ArrayList:

//Modifying and deleting elements of an ArrayList

package codingexamples;

import java.util.*;

public class ArrayListExample2 {

    public static void main(String[] args){

        ArrayList<String> list = new ArrayList<>();

        list.add(“Apple”);

        list.add(“Banana”);

        list.add(“Grapes”);

        list.add(1, “Watermelon”);

        list.add(“Apple”);

       System.out.println(list);

     

        list.set(2, “Pomegranate”);      //modify element at index 2

       

        System.out.println(list);

       

        list.remove(2);                 //remove element at index 2

        list.remove(“Apple”);           //remove first occurrence of “Apple”

       

        System.out.println(list);

       

        list.clear();                   //clear the ArrayList

       

        System.out.println(list);

    }

}

The above code outputs:

[Apple, Watermelon, Banana, Grapes, Apple]
[Apple, Watermelon, Pomegranate, Grapes, Apple]
[Watermelon, Grapes, Apple]
[]

The first line of output shows the initial contents of the ArrayList. Then the set() method is used to modify the element at index 2 (that is the third element), which is reflected in the second line of output. After this, the element at index 2 and the element “Apple” are removed using the remove() method. But since the element “Apple” occurs twice in the ArrayList, only the first occurrence of the element is removed. The effect of this is shown in the third line of output. Finally the clear() method is used to clear the ArrayList, which is shown in the fourth line of output.

With this we come to the end of Part 1 of this post. For more information on ArrayLists, please do read Part 2 of this post which will be published on Friday, July 5th, 2019…

ByJayanthi

‘Sharenting’

Reading Time: 3 minutes

‘Sharenting’ – “What is that?” might be the thought for many of us…it was the same thought for me too and soon I was researching more and more into the topic…here are a few of my findings and thoughts…

Social media personalities:

As discussed in another post, all of us have different social media personalities when we are online. While some of us feel comfortable sharing only our achievements online, many of us share a whole lot of other personal things  and there are yet others who totally shun social media! All of us have different takes and views on sharing information online. While there is no perfect right or wrong here and each person is entitled to share what they want,just knowing the risks empowers us.

The “star” subject:

These days there are videos for every type of content….

“You need to bake a cake?”  “Just go to YouTube” might be a popular retort…

“You want to paint?” “Just head to YouTube too”…

“You want to learn Java?” “Head to YouTube – there are plenty of live coding examples that make coding much more easier to learn…..”

While the subject in the above example is “cake”,”paint brush” and “code”, there are numerous videos where the subject is “children”. Children growing, talking about everyday activities with children, children,children and more children…most of the times the author talks about their own children in great detail. Not only videos, there are blog posts and other means of sharing which feature one’s own children.

Some times, some children’s digital identities are fixed from the time they are in their mother’s wombs!! The more we share information about them, the more views, likes, shares and subscribers we get…We think we are helping other people out there in the same boat(and we might be helping somebody I am sure) -but I am not sure if that is always the case…in the corner of my mind there comes a faint thought if we are exploiting the children in any way because they cannot say anything…

This is “sharenting” which is talking excessively about them and recording every minute detail in full public view….

I admit I am also guilty of a few posts about my grown children as well! 🙂 But all my posts are reviewed by the star of the post – as all of them are old enough to make that decision. Some times, they are amused and sometimes they are not so amused but I hit “publish” only after the final assent…

I think most of us do not have that luxury as most of our child subjects are too young. We assume that we do not have to take their permission and yes, if they are too young – we cannot and we do not have to….

But apart from the privacy thought,the multi-million dollar sharenting question is what will the child think of all this sharing and “sharenting” when they grow up?

As you might be knowing, children grow up fast and it will be just be another 4-5 years before they assert their online identity.

Will they say “Stop, mom and dad, why did you have to record me so much?”or will they share your happiness in all the recording and sharing? Only time will tell…

Conclusion:

So, where are you on the “sharenting” spectrum? Do you share a little about  your kids or do you share a lot about them? What do you think they will think of this in the future?

What is my final take on “sharenting”? Take “sharenting” with care and balance – let us not embarass our future social media citizens!! 🙂

All thanks to Cybermum_India and Cybermum_AU for this thought that transformed into a complete blog post! 🙂

ByBala Manikandan

Anonymous Inner Classes and Lambda Expressions in Java

Reading Time: 6 minutes

Before beginning this post, I would like to state that this post assumes some prior knowledge of Java (particularly inheritance, using interfaces and overriding methods)

Most classes we have seen have their own name and exist on their own (outside any other class or method). But anonymous inner classes can exist inside another class/method, and do not have a name (hence the name ‘anonymous’). These classes must either extend another (named) class or implement an interface. When the interface being implemented has only one abstract method, the anonymous inner class can be converted into a special expression called a lambda expression (as of Java 8), which simplifies the code. This post talks about anonymous inner classes and lambda expressions in detail.

Anonymous Inner Classes

As mentioned above, anonymous inner classes do not have a name, can exist within another class/method, and must extend another class or implement an interface.

Let us see the various examples that can be used to work with anonymous inner classes:

  1. The following example uses an anonymous inner class to extend another class and create an object of it on the spot. Observe the syntax carefully:

//Using anonymous inner classes to override methods of an existing class

package codingexamples;

class Sample{

    public void display(){

        System.out.println(“Sample”);

    }

}

public class Example1 {

    public static void main(String[] args){

        Sample s1 = new Sample();

     

        Sample s2 = new Sample() {                //line 1

            public void display(){

                System.out.println(“Sample 2”);

            }

        };                            //this semicolon is very important

       

        useSample(s1);

        useSample(s2);

    }

    static void useSample(Sample s){

        s.display();

    }

}

The output of the above code is:

Sample

Sample 2

Observe the bold section of the code carefully. Note that the first line of code in this region ends in a curly brace, not a semicolon. This line declares a reference variable of type Sample, and initializes it with an object whose type is not Sample, but an anonymous subclass of Sample. The curly brace at the end of the line is the start of the anonymous inner class body.

The next three lines of code, as we can see, are overriding the display() method in the class Sample. This is, of course, the reason behind creating anonymous inner classes. The last line of (bold) code requires some attention. The closing curly brace marks the end of the class, but that’s not all – there is also a semicolon to end the statement started on line 1! As it is unusual to see semicolons after closing braces, this is very easy to miss.

On the whole, the code creates two Sample references, one holding a Sample object, and another holding an object of an anonymous subclass of Sample (which overrides display()). These variables are then passed to the useSample() method which calls their respective display() methods. This leads to the output mentioned above.

 

2. Anonymous inner classes implements an interface in the second example:

//Using anonymous inner classes to implement methods of an interface

package codingexamples;

interface Movable{

    void move();

}

public class Example2 {

    public static void main(String[] args){

      Movable m1 = new Movable(){

            public void move(){

                System.out.println(“m1 is moving”);

            }

        };

       

        useMovable(m1);

    }

    static void useMovable(Movable m){

        m.move();

    }

}

 

The output of the above code is, as expected:

m1 is moving

This code is very similar to the first example. Note that even though the syntax used is ‘new Movable()’, the code is not instantiating the interface (it’s not legal to do so). The variable m1 refers to an anonymous implementer of Movable.

3. Anonymous inner classes can extend/implement classes/interfaces having more than one method as well. They can also be used as method arguments (watch the syntax again). The following example illustrates these two points:

//Another example of anonymous interface

package codingexamples;

interface Bounceable{

    void bounce();

    void jump();

}

public class Example3 {

    public static void main(String[] args){

        /* Create an anonymous implementer of Bounceable in the argument list of useBounceable() */

       useBounceable(new Bounceable(){

            public void bounce(){

                System.out.println(“Anonymous object bouncing”);

            }

            public void jump(){

                System.out.println(“Anonymous object jumping”);

            }

        });

    }

    static void useBounceable(Bounceable b){

        b.bounce();

        b.jump();

    }

}

 

The output of the above code is:

Anonymous object bouncing

Anonymous object jumping

Observe how the object of the anonymous inner class is created right inside the argument. Also note that in this case, the statement ends with a closing curly brace, a closing parenthesis and then a semicolon.

Lambda Expressions

Now we will move onto Lambda expressions. Consider the following scenario. You have a class Student, which stores some details of a student such as name, marks etc. You also have an interface Check, as shown below:

interface Check{

    boolean test(Student s);

}

This is meant to create multiple custom ‘checks’ on the attributes of each student (for example, ‘name’ starts with ‘A’, ‘marks’ >= 95 and so on). For each such test condition, prior to Java 8, it would be necessary to define a class that implements the interface. Of course, it would be inconvenient to define multiple such implementers with names such as ‘CheckName’, ‘CheckMarks’ etc. (as one can see, it is repetitive). Another approach is to use anonymous inner classes as implementers of interface Check (already discussed above), which removes the problem of repetitive names. However, each anonymous implementer, as we have seen already, spans at least five lines of code.

Java 8 allows you to create ‘instances’ of functional interface ‘implementers’ through the use of lambda expressions (a functional interface is one that contains exactly one abstract method). These can, in certain cases, replace anonymous inner classes and simplify the code. The following example defines the class Student, interface Check and makes use of the interface through lambdas:

//Demonstrate the use of lambda expressions

package codingexamples;

class Student{

    private int marks;

    private int grade;

    private String name;

    public Student(String n, int m, int g){

        name = n;

        marks = m;

        grade = g;

    }

    public String getName(){

        return name;

    }

    public int getMarks(){

        return marks;

    }

    public int getGrade(){

        return grade;

    }

}

//Check is a functional interface (one abstract method)

interface Check{

    boolean test(Student s);

}

public class Example4 {

    public static void main(String[] args){

        Student[] students = {

            new Student(“John”, 90, 7),

            new Student(“Roger”, 70, 9),

            new Student(“Fred”, 88, 6),

            new Student(“Robert”, 60, 8)

        };

       //Lambda expressions

        Check seniorsChk = s -> s.getGrade() >= 9;

        Check toppersChk = s -> s.getMarks() >= 85;

       System.out.println(“Senior students:”);

        filterStudents(students, seniorsChk);

       System.out.println();

       System.out.println(“Toppers:”);

        filterStudents(students, toppersChk);

    }

    static void filterStudents(Student[] stu, Check chk){

        for(Student s: stu){

            if(chk.test(s))

                System.out.println(s.getName());

        }

    }

}

The output of the above code is:

Senior students:

Roger

Toppers:

John

Fred

Before going into the working of this code, let us observe the syntax of the lambda expression. The general syntax of a lambda expression is:

<Parameter(s)> <Arrow> <Lambda Body (must be an expression which evaluates to the abstract method’s return type)>

To understand better, keep in mind that the following expression:

s -> s.getGrade() >= 9

Is equivalent to (in this case):

new Check(){

     public boolean test(Student s){

            return s.getGrade() >= 9;

     }

}

Thus a lambda expression essentially just behaves like an anonymous inner class, with fewer lines of code. Now we can understand that the code basically creates two ‘test conditions’ on Student objects, using lambdas, and then filters a list (array) of Student objects using these ‘test conditions’ (implementers of interface Check). Walk through the lines of code to understand better. Here, Roger is considered a senior as he is in a grade higher than or equal to grade 9, and John and Fred are considered toppers as each of them has scored more than or equal to 85 marks each.

Before we end, let us rewrite the code in Example 2 using a lambda expression (interface Movable used in that example is also a functional interface). Old code is commented out:

//Example 2 rewritten using a lambda expression

package codingexamples;

//assuming interface Movable already exists

public class Example5 {

    public static void main(String[] args){

        /* Movable m1 = new Movable(){

            public void move(){

                System.out.println(“m1 is moving”);

            }

        };

        */

        Movable m1 = () -> System.out.println(“m1 is moving”);

        /* note that parentheses are needed when the method

                accepts zero arguments or more than one argument */

        useMovable(m1);

    }

    static void useMovable(Movable m){

        m.move();

    }

}

The output of the code remains the same as before. Note that examples 1 and 3 above cannot be rewritten using lambdas, as example 1 uses a class, and example 3 uses a non-functional interface (two abstract methods).

We have seen different types of anonymous inner classes and Lambda expressions in this post… stay tuned for more technical posts!

 

ByJayanthi

Offensive and defensive security

Reading Time: 2 minutes

Did you know that the words ‘offensive’ and ‘defensive’ can be used in the InfoSec domain as well? If you follow my writings on Information security – you might realize that the InfoSec domain itself feels different for one set of posts and different for another set of posts…The two distinct classifications are ‘offensive security’ and ‘defensive security’.

While which part of security interests you, depends on you and you alone, security might never be an independent task and it might be a combination of both that you might be facing at work everyday. Having said that, let us move onto to see what is meant by ‘defensive’ and ‘offensive’ security.

Defensive security:

Conventional security is mostly termed as ‘ defensive security’. ‘Defensive security’ deals with security mechanisms that defend the business/home environment like firewalls, VPNs, anti-virus definitions and more. Just like with other applications of the word ‘defensive’ – ‘defensive security’ is more of a reactive approach. We install anti-virus software to keep out viruses, firewalls to block intrusion attempts, work with business continuity and disaster recovery experts, draw security plans to protect the organization but we do not tear the system down to find the vulnerabilities in it.  This is ‘defensive security’.

Offensive security:

‘Offensive security’ on the other hand is the exact opposite of ‘defensive security’. It is like performing a root canal treatment on the business and personal systems to unearth the various vulnerabilities in systems to seal them effectively! Ethical hacking, pen testing,vulnerability assessments,  digital forensics, advanced attacks all come under the umbrella of ‘offensive security’.  Offensive security involves attacking and pen testing live systems. Offensive security mechanisms are much more intensive than defensive security tactics.

ISPO — home page wordle

There are numerous offensive security certifications but the ‘OSCP'(Offensive security certified professional) and the very popular CEH(Certified Ethical hacker from EC-Council) stand out. If you think hacking is your thing, become a white hat hacker and earn these precious certifications. These certifications however are not for the faint of heart. They involve more technical expertise and more hands-on experience. For example, the OSCP certification exam is conducted for a full 24 hours!(yes, you read that right!) 

OSCP certification:

  1. Candidates taking the grueling OSCP certification must first take the ‘Pen testing with Kali Linux’ online course before attempting the examination
  2. The cost of course and the exam is 800$ which involves 30 days lab access
  3. “The OSCP examination consists of a virtual network containing targets of varying configurations and operating systems”
  4. The candidate is expected to research the network, find vulnerabilities and execute attacks.
  5. Successful OSCP holders can conduct remote and client side attacks, deploy tunneling attacks to bypass firewalls and more! 

More information about OSCP certification can be found here

Which type of security are you more aligned to? Defensive or Offensive? Does it fascinate you? 

 

ByJayanthi

Careers in Information security

Reading Time: 3 minutes

The ‘Information security’ domain is growing by leaps and bounds today. While it was in a negligible state of growth even 5 years back, it has grown exponentially over the years. Schools have started introducing small bits of Information security concepts into the curriculum. Colleges in India and abroad have started introducing Information security specializations at the undergraduate and graduate level. So, what are the different career choices that are available for students who graduate with a degree in Information security and for professionals who move along their Infosec careers?

This is a list of career options that are available for professionals who are in the InfoSec field with the description of the various career choices:

  1. Security analyst

       Experience – Atleast 5 years of relevant experience

      Certifications – CISSP, CCSP, CEH, OSCP and other certifications are always preferred.

       Job description – 

     The security analyst is expected to:

  • Monitor & optimize security monitoring and assessment solutions/tools to efficiently identify the most concerning security gaps.
  • Capture, prioritize and efficiently escalate to appropriate internal teams any security incidents identified from security tools or from correlation with other sources.

2. Network Security Engineer

Experience – 6 or more years of relevant functional experience in network architect role or equivalent

Job description –

  • Designing, Implementation and integration of networking equipment routers, switches, firewalls, proxies and security appliances
  • Troubleshoot, resolve and find out root cause of network and security issues.
  • Prepare network documentation such as network diagram, network design with rationale of design, implementation plan and power point slides on proposals for new features to address network issues.

3. Information security analyst – Pen tester

         Experience – 3-5 years experience as pen tester or Information security specialist with pen testing acumen.

        Certifications such as CISSP, CEH will always be preferred.

        Job description – The Information Security Analyst will be responsible for performing penetration tests on IT Solutions created in house as well as commercial off the shelf. The analyst will be responsible for creating external security testing requirements, coordination of tests performed by contracted 3rd parties and evaluation of the reports. 

4. IT auditor

      Desired skills – A degree in Computer Science with  6+ years of experience in IT and Operations auditing, risk management, IT Compliance, Information Security, IT program or project management,

      Certifications – CISSP, CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager ) are some of the preferred certifications to secure a job as an IT auditor.

      Job description – The role of an IT auditor involves developing, implementing, testing and evaluating audit review procedures. He/She will be responsible for conducting IT and IT-related audit projects using the established IT auditing standard in their organization. The audit process can extend to networks, software, programs, communication systems, security systems and any other services that rely on the company’s technological infrastructure.

5. NOC engineer

   Desired skills and experience – 3+ years’ experience with MS SQL, VMware, and IIS including related technologies and standards such as DHCP, DNS, DFS, LDAP, IPSEC, CIFS, SMB, etc.

      Job description –

  • Periodically check application and system health to support NOC Technicians.
  • Day to day administration of a 1000+ Windows/Linux servers, including related applications.
  • Manage and support local site VMWare multi-cluster environment.

6.  SIEM – Security Information Event Management-Consultant

        Mandatory skills – SIEM

       Desired skills – Application Security Code Review – SAC-L1, Big Data-L1

       Desired work experience – 5-8 years

      Job description – The job requires the candidate to have in-depth knowledge in any one technological or industry practice / functional area and overview of 2-3 other areas. The candidate should be able to handle solution definition/ fitment for a small sized project with a medium complexity. The candidate should also be able to build a custom Function Module with medium complexity program logic.

7. Network Security Administrator

    Desired skills – Experience in network configuration and administration including VLANs, ACLs, switches, routers, ISPs and firewalls (i.e. Cisco, HP, Palo Alto, SonicWALL) would be good along with other skills with Linux OS, Azure, switches, routers, firewalls

Job description –

  • Design, implement and manage a foolproof network security policy
  • Implement and configure security software and tools such as anti-virus, firewall, intrusion detection and more
  • Identify known and unknown network vulnerabilities and ways to counteract them

 CISO(Chief Information Security Officer) and CIO(Chief Information Officer) are the professionals who have reached the pinnacle of the IT security profession!

These are some of the career choices that are available in the area of Information security. Almost all jobs will need a degree in Computer Science or related area along with certifications such as the CISSP or CEH or other appropriate certifications.

References:

  1. indeed.co.in
  2. Linkedin.com
  3. naukri.com

 

ByJayanthi

Reflections – A2Z19

Reading Time: 2 minutes

The month of April is always a busy one for me. Two grown kids at home(oh, they are work too!! :)) , schedules all over the place, travelling, business work – all start running riot in April… 🙂 And in the midst I really wanted to do the #BlogchatterA2Z challenge as I had enjoyed doing it so much last year … so, how did I manage? Here goes the report card and my reflections on the whole journey:

Report card:

My idea was to write posts in Information security(in tune with my blog’s primary objective) and proverbs.. and I did manage to complete them very well… Actually, I had a lot of Information security thoughts in my head, which got shape and a final form once I started writing… Given a deadline to finish one post per day motivated me to stay on track and write about all about what I wanted to do!! 🙂 

My Information thoughts just flowed and flowed!! 🙂

What was the hard part?

Being both a technical and a personal blogger, I always wonder what is the hard part of blogging? Sometimes, it is just getting started…other times, it is just the content and yet, at other times, the flow just doesn’t seem right…but most times for me, it is just the ‘title’ of the blog topic which is the challenging part… once a suitable and interesting topic arises, everything falls into place miraculously!! 🙂

Here are my InfoSec posts which I managed to write making it both understandable and techy at the same time…

Authentication

Cyber-bullying!

Digital forensics

‘Everyday’ security

GIAC certifications

Identity chaos

Identity management

OWASP Top 10 vulnerabilities

Is ‘Privacy’ a myth?

Red Team – Blue Team

SOC

Two factor authentication

Women in Cybersecurity

YouTube security

Project Zero

All of the posts were something that I enjoyed writing, but I particularly enjoyed researching and writing about Project Zero, YouTube Security. OWASP top 10 vulnearabilities the most!! I hope my writing shed light on some topics that you were vague about and motivated you to stay on top of Cybersecurity as well!

Until next year from A2Z…. Ciao!!  🙂

 

 

 

 

 

ByJayanthi

Project Zero

Reading Time: 2 minutes

Security has become an important component of every business. Many(if not all) organizations are choosing a proactive approach to security rather than a reactive one. It is better to deal with bugs and flaws in any software, before the malicious elements manipulate the same flaws for personal and monetary gains. 

Project Zero:

It is with this same thought that Google created ‘Project Zero’ in 2014. ‘Project Zero’ was also termed as the ‘Cybersecurity dream team’!! The primary aim of this project is to find flaws and vulnerabilities not only in Google products but in other products, operating systems and software. The goal is to detect “zero day vulnerabilities” which are mostly exploited by criminals, state sponsored hackers and intelligence agencies and make the Internet a safe place for all. 

Once a bug was discovered by the ‘Project Zero’ team, it was intimated to the manufacturer directly. Only when a patch was released, was the bug disclosed to the public. However, if a patch was not released by the manufacturer within 90 days, then again it was released to the public. 

Zero-day vulnerabilities are those bugs or loopholes that are known to a hacker but not to the vendor of the product. How do you feel when you have created a product, but do not know the bugs or drawbacks in it but somebody else knows it and is misusing it? This is exactly what was happening with a number of products – hackers were making use of vulnerabilities and exploiting it to the maximum but the vendors were clueless about what was happening. 

The team:

The team included New Zealander Ben Hawkes, Tavis Ormandy, an English researcher , American hacker prodigy George Hotz, Switzerland-based Brit Ian Beer. All of the professionals were extremely good at bug hunting(finding flaws in software) and hacking. 

Is ‘Project Zero’ still hiring?

The good news is ‘yes’! 🙂 Google is still hiring for its ‘Project Zero’ team. Good coding skills and the ability to do vulnerability research and exploit development are crucial skills that are needed. In addition, if you have publicly reported vulnerabilities, you have a brighter chance of getting in! For more details on joining ‘Project Zero’ visit this link.

Latest findings by ‘Project Zero’:

As early as October of last year, a security hole was plugged in for Facebook owned ‘Whatsapp’ which was discovered by Project Zero. 

In March of this year, Google disclosed a flaw in the MacOS kernel. 

Let’s hope Google’s ‘Project Zero’ helps in the betterment of the netizen’s Internet experience without offending anyone… 🙂

Written for the letter ‘Z’ for #BlogchatterA2Z challenge. The previous post can be found here.

It has been a pleasure writing about Information security and proverbs this entire month! I hope you enjoyed reading them as much I did writing them! See you next year!! 🙂