• Security trends for 2018!

    With the New Year upon us, it is but natural to write about my thoughts on the security trends that might shape 2018! 🙂 So, here goes:

    1. Overall, security trends will closely follow technical trends for a particular year. If AI(Artificial intelligence) , ‘Data analytics’ and IoT(Internet of things) are said to be game changers in the technical industry for 2018 – Infosec trends will definitely exploit the security issues with the mentioned concepts. 
    2. ‘Expect the unexpected’

    This might be life’s greatest quote but it holds good for the Infosec industry as well. Equifax, eBay, Uber, University of  Oklahoma, Washington State University were all victims of data breaches of 2017.

    These data breaches compromised personal data and 2018 will be yet another year, which steals more personal data. More organizations will lose their precious data or the data will be at the mercy of yet another ingenious way to grab it!

    3. ‘Bitcoin’ and other cryptocurrencies:

    Will ‘Bitcoin’ hold its sway and continue its meteoric rise? From a humble value of 1000$(for 1 Bitcoin) in the beginning of 2017 to a massive rise of 15,000$(for 1 Bitcoin) by the end of 2017, Bitcoin sure did raise a few eyebrows.  It is quite a possibility that the rise will continue and ‘Bitcoin’ and other cryptocurrencies will be a game changer in the Infosec industry in 2018.

    4. Ransomware, fileless malware… what next?

    Viruses,phishing emails,Trojan horse were already on the prowl than, that new attacks came to the fore in 2017. We heard new security jargon like ‘ransomware’ and ‘fileless malware’ in 2017 and were scrambling to read all about it , understand it and see if were affected by it in any way. 

    2018 will continue to see newer types of attacks and newer security lingo thrown around as hackers get smarter. The more a technology or product is used – the higher the possibility it will be exploited in a novel manner for personal gains. 

    5. Data privacy 

    Data privacy continues to be a lost issue with every new device monitoring our conversation, location, likes, dislikes. There is a huge electronic virtual  dictionary being built on us with the digital footprint that we are constantly leaving. This will continue into 2018 and beyond!

    These are the five points that I think might shake the InfoSec world in 2018!

     

  • Role of Computer Simulations in Design

     

    Introduction – reasons for good design:

    When we buy a new car, we may have a number of expectations. e.g. We would like the car to be fuel efficient, comfortable in the cabin, be able to ride well in all kinds of roads, provide us a safe ride. When an airline buys an aircraft, they have expectations. e.g. Trouble free operation with minimal down time, integrity of the structure of the airplane, comfort of passengers in the cabin, reliable operation of the engine (from taxi, take off, ascent, cruise, descent and landing). When the government has a power plant commissioned, they would like to ensure that the plant delivers the required power, has the infrastructure to meet environmental emission standards and has good efficiency (conversion of energy into electricity). When an appliance manufacturer designs a washing machine, they would like to ensure that the system ensures good mixing of the water and detergent, proper agitation to remove dirt from the clothes and good ability to remove water from the clothes during the spin cycle.

    All these examples show that a good design is needed for efficient functioning of the appliance/airplane/power plant etc

    Methods of good design:

    There are two principal methods for ensuring a good design:

    a) Testing of Prototypes and the Final Product
    b) Performing virtual simulations using a computer.

    a. Testing:

    The traditional method of design predominantly involved testing. Testing was considered to be the only fool proof method of ensuring a good design. However testing is expensive, time consuming, sometimes not possible in hazardous environments, and has difficulty to replicate all real-world operating scenarios.

    b. Virtual simulations

    Computer Simulations (also known as Virtual Simulations or Numerical Simulations) provide an attractive alternative. Instead of performing a physical test in a lab, one can perform a virtual test on a computer. The virtual test of course needs to be validated against physical tests (or experiments) to build confidence in the computer simulation. The cost involved for performing Virtual Simulations (typically computer hardware, software license and a trained engineer) is a lot cheaper than the cost involved for performing a physical test.
    With the ever increasing power of computing, virtual simulations have become a cheaper and time efficient alternative to physical testing.

    Now, there are two classes of problems. A) Problems that have an analytical solution b) Problems that do not have an analytical solution. The second class of problems involve modelling assumptions, and the results need to be interpreted carefully, keeping in mind the modelling assumptions. For both class of problems mentioned above, companies have been making a conscious shift from Physical Testing towards Virtual Simulations over the last 15 years.

    Companies and design:

    Most companies rely heavily on computer simulations at a very early stage of the design cycle to select a group of good designs. During the final stages of design, they test the good designs predicted by simulations. On successful confirmation of the designs, the product is released to the market. This approach enables companies to keep costs reasonable and also shorten the design cycle resulting in valuable time savings. In an evolving, demanding and competitive market environment, Virtual Simulations play a very important role.

    Types of simulations:

    Simulations themselves could either be 1D or 3D. 1D simulations are faster to run and enable system level simulations (e.g. Entire Powertrain of a Vehicle). 3D simulations take longer to run, but can provide three dimensional information about the system being analyzed (e.g. The temperature and pressure at every location within an Internal combustion engine). Companies typically use a combination of 1D and 3D simulation tools during the product design phase.

    Both domestic and multi-national automotive manufactures have traditionally used Wind Tunnels for drag reduction of their vehicles. Reducing drag improves the fuel economy of the car. The manufacturers now use computer simulations to simulate both wind tunnel as well as on-road driving conditions. A computer simulation can provide the manufacturer detailed pressure, temperature and flow distribution around the car (to the tune of several million locations). It would be prohibitively expensive to get the same information from a wind tunnel test (since pressure and temperature transducers and data collection systems are expensive). The computed data can be visualized on a computer.

    Conclusion:

    As the expectations from the market keep rising every year, Virtual Simulations are now playing a very important role to help companies to come up with designs meeting customer requirements.

  • Digital Detox

    With most of us(or is it ‘all’ of us?!) being being plugged onto electronic devices like cell phones, laptops, tablets, IPads all the time, it is but necessary that we need a ‘digital detox’ from time to time.  It will be one of my New Year resolutions for sure! What is a ‘Digital Detox’ you may ask…well, read on to find out more…

     

    What is ‘Digital detox’?

    ‘Digital Detox’ is when we divorce all our digital assets and keep away from it at least for a day in a month.

    Is anything even possible without our smartphone and the countless apps that are on it? From bill payments, to booking tickets and ordering groceries – there is an app for everything and we are completely dependent on them.

    Considering that social media rules our life, and we are always in a crouched position at any place in life(it maybe the grocery store, in the car, in India – we are in a crouched position even in our scooters!) it could also mean keeping away from Facebook, Whatsapp,Snapchat, Instagram, Twitter etc.

    It will also mean keeping away from emails and not responding to the millions of emails that clutter our office work space. 

    What are its simple advantages?

    Giving our self a ‘digital detox’ will definitely help us in the following ways:

    1. To sleep better
    2. To connect with people the old fashioned way
    3. The compulsive urge to ‘like’ and respond to queries immediately will diminish
    4. Kids will imitate their parents and they will be less digitally dependent too
    5. One will lead a much more healthier life without an app tracking every step of theirs
    6. Others will get used to the ‘digital detox’ routine too!

    How do we do it?

    1. Keep the smartphones away for a day
    2. Do not check messages or update statuses on any social media platforms
    3. Keep the laptops, tablets, iPads away for a day too
    4. Do not check email messages or respond to them under any circumstances

    Why not try it today? Happy New ‘digitally detoxified‘ Year, 2018!! 🙂

     

     

     

     

     

  • Best technical posts of 2017!

    As the year draws to a close, here are my best technical posts of 2017:

    1. Bitcoin and Blockchain: What next?

    2. Cyber diplomacy:

    3. What is ‘Deep web’?

    4. Conflict Resolution at the Work place:

    5. Java 8:

     

    Warm wishes for a great New Year!

  • Bitcoin and Blockchain: What next?

    It seems every other day has a new headline regarding ‘Bitcoins’. I am sure most of us give a casual glance at this word and wonder where it will go next. From a humble value of $1019 on January 1,2017 the value of Bitcoin has soared to $16,860 till date. This type of meteoric rise will obviously roll a few eyes! 🙂

    TicketNew – Get 50 Rs off tickets!

    I had already written about Bitcoins in my earlier post “Introduction to Bitcoins“. Let’s refresh briefly:

    1. ‘Bitcoin’ is a cryptocurrency
    2. It was created by a highly doubtful ‘Satoshi Nakamoto’ in January 2009
    3. It does not have any physical form
    4. It is largely based on ‘decentralised’ way of transacting business or the ‘blockchain'(no common authority to enforce regulation)
    5. It is accepted in a few countries and some goods can be bought with them
    6. Acceptance by different governments and countries is still an ongoing process
    7. In addition to its legal use,it is also used for illegal activities

    What is Blockchain?

    ‘Blockchain’ is the underlying technology that supports Bitcoin. In simple terms, blockchain is a global ledger. Sending and receiving bitcoins are some example of transactions. A group of transactions will be considered as a ‘block’ which when approved is added to the ‘chain’. This chain cannot be deleted or changed. It is continously added and maintained by all nodes in the network.

    Without a regulating authority like a bank, ‘blockchain’ has kept the Bitcoin journey alive for the past 8 years!

     

    Future of Bitcoin:

    I am no Bitcoin analyst and I do not have the crystal ball, but I can certainly state a few things! 🙂

    1. ‘Bitcoin’ and other cryptocurrencies will continue to hold people’s imagination and urge to invest for at least a certain period of time
    2. Since it is a completely volatile currency, it is not for the faint hearted
    3. Since it is not regulated, people with disposable income are the best individuals to invest in Bitcoin
    4. Even if one would like to invest in Bitcoin, good to start with a small amount
    5. Since the technology itself is evolving and nobody understands its implications fully, better to wait and watch and understand the nitty gritty details of ‘Bitcoin’.

    Whether the cryptocurrencies will stand the test of time, the underlying blockchain technology will definitely shake things up in the technology world and will most likely outlive ‘Bitcoin’!

    Most of the world’s top universities including Stanford university, Princeton university and e-learning portals like udemy, Coursera have taken notice and started courses in Blockchain. 

     

     

     

  • Definition of the day: What is malware?

    ‘Malware’ is  short form for ‘malicious software’. ‘Malware’ encompasses viruses, worms, Trojan horse, ransomware etc

    Examples of malware include: Wannacry ransomware

    Destruction produced by malware: computers will freeze, the computer can be used to launch attacks, the computer will crash, your data will be maliciously deleted etc.

  • What is your social media personality?

     

    With social media becoming a permanent feature of most of our lives, it has been  fun to observe the social media personalities of my world. By ‘social media personality’ – I mean, the ability to express ourselves online. Why, some of us are more social or and some of us are less social online, is very hard to pin point for me, for now, at least.

    Our social media personality woven with existing relationships seems to be creating brand new ‘online personalities and relationships’!  While there is no right or wrong on this issue and it is only a matter of personal comfort, these are a few of the social media relationships that I have observed in a fun way!

    1. Sometimes, one spouse is more social than the other online
    2. Both spouses are equally social online
    3. There are also instances when the parents are more social than their grown children! 🙂 (how and why – I have never been able to understand this?!! :))
    4. When the entire family just absconds from the Internet and social media(though very, very rare – haven’t found any family that way! – though am sure somebody does exist! :))
    5. When the entire family is online and everything is expressed online in full public view!! 🙂
    6. When teenage kids are having a gala time on social media and the parents have no clue about their social media habits(or choose to ignore)
    7. When one parent or both parents are constantly tagging behind their teens online! 😉

    Where do you belong in the above list?

    I am sure there are many other variations too – but these are the personalities that I have observed! Is there are any other social media personality that I have missed? 

  • What is the CISSP certification?

    No sooner do we start looking for jobs in the InfoSec industry, we encounter the question “Do you have any certifications?” This post will delve into the most popular certification – the CISSP.

    Introduction:

    As social media rages ahead so do other forms of sophisticated attacks. Information Security was a term that was barely used about 20 years ago. Yet, it has begun to play a major role today and will continue to do so in the future. The demand for Security professionals has also exponentially increased and the way to step into the most sought after career is to be certified.

    Employers will look for a proper mix of certification and experience to short list prospective candidates. Employees will climb up the information security ladder faster if they are certified.  What is the CISSP certification? Let’s find out:

     

    Upto 500 Rs off on Wonderla!

    The CISSP certification

    CISSP’ is ‘Certified Information Systems Security Professional. 

     (ISC)2 is the ‘International Information Systems Security Certification Consortium’ and is one of the most prevalent and widely accepted standards for Information Security certification. (ISC)2 delivers the CISSP certification.

    Achieving the CISSP certification is the gold standard for all security professionals. It is the first credential accredited by the ANSI/ISO/IEC Standard 17024:2003. A person who has the achieved the CISSP certification will command international respect.

          The requirements for appearing for the exam are as follows:

    1. Have five years of demonstrated Information Security experience in two or more of the ten domains of the CISSP exam(However, if one does not have the required experience to take the exam, one can become an Associate of (ISC)2 and clear the exam after gaining enough experience to take the exam within 6 years)
    2. Subscribe to the (ISC)2 code of ethics
    3. Pass the CISSP exam and complete the endorsement process

         The different domains of the CISSP exam and their weightage are listed below:

    Security and Risk Management16%
    Asset Security10%
    Security Engineering12%
    Communications and Network Security12%
    Identity and Access Management13%
    Security Assessment and Testing11%
    Security Operations16%
    Software Development Security10%

     

    The Exam:

    Duration: 6 hrs

    No. of questions: 250

    Pattern: Multiple choice and “advanced innovative questions”

    Passing grade: 700 out of 1000 points

    Benefits of the CISSP certification:

    Since the CISSP certification is what most employers look for in prospective employees of information security, it is “THE” certification to achieve. It is the most sought certification in an employee.

    Since the field is a dynamically changing one unlike most other professions CISSPs must recertify every three years and maintain their certification too.

     For professionals, who have achieved the CISSP gold standard and are wondering “What next?”  there are  other CISSP concentrations like CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP.

    Latest Update:

    (ISC)2 is all set to introduce the CAT(Computerized Adaptive Testing ) for all CISSP English tests worldwide from December 18, 2017.  This is expected to reduce the exam duration from 6 hrs to 3 hrs. The total number of questions to be answered will also drop from 250 to 100.

    References:

    https://www.isc2.org/Certifications/CISSP

  • Of Mothers and Daughters/Fathers and sons!

    Just a few years ago(or must have been many,many years ago! :)) , I remember being mesmerized by my father.  It was like I was in a trance and there was an invisible magic wand giving me directions to do or not do things!  Such was our relationship, it seemed to resemble a Pied piper and his followers!! 🙂

    I am sure we see this in many houses – fathers being extra special to the little or(big!) girl in the house and the mother going the extra mile for the son in the house! Traditional thinking has it that daughters have a magnetic attraction towards their fathers(and vice versa) and sons are more inclined towards their mothers(and vice versa here too!) But is it really true that way or is it that we are brought up thinking that way?

    While it may be true in many cases, not all relationships work that way. What will happen where when it is an all girl household or an all boy household? Will all the girls be clinging to the father leaving the mother alone or will all the boys be clinging onto the mother,leaving the father alone? It doesn’t sound fair, does it?

    As I have grown and matured in parenting, I have seen many mothers being close to their daughters and many sons being close to their fathers as well. It really is up to each parent and their eagerness to take part in the parenting challenge. 

    Mother-daughter:

    Mothers and daughters relationship will continue to evolve over the years. As the girl transitions from a little girl into a teenage beauty and beyond, there are quite a number of things that can be taught only by a mother. Teenage years, ’empathy'(word picked from Satya Nadella’s ‘Hit Refresh’ :)) cooking, handling family relationships,finances may be some of things that the mother can share her expertise with her daughter. 

    Father-sons:

    Father and sons might not come off as the giggly, fun relationship but they will mature over the years provided there is ample input from the father’s  side. Finances, business and professional attitudes,care may be some of the things that a father can share with his son. 

    But again, there is no hard and fast rule as to what is to be taught by a father and what is to be taught by a mother. 

    Whether it is a son or a daughter, it might be quite fair to say, as parents – we all have the responsibility to bring them up well as we can. No passing the buck to mothers for sons and fathers for daughters!

  • Did you know?

    ‘Whatsapp’  is India’s largest and most convenient chat app. The anonymity to send messages without the whole world to view it and the instantaneous way to communicate made the chat app a total winner. 

    But the chat app had  one uncomfortable feature – for the multitude of messages sent across different groups and individuals, there was always that one message that was sometimes sent by mistake. It would always land in a group with 10-50 participants who would all be equally puzzled! 

     

     

    Whatsapp has solved the unintended message dilemma by enabling a new feature:

    1. You can delete an unintended message from all group members (or individuals)
    2. The unintended message should be deleted within 7 minutes of sending it
    3. In order to make it work , the message to be deleted has to be “tapped, held and deleted” from groups or individuals
    4. Once the messages are deleted, a message “This message was deleted” will appear in the appropriate group. 
    5. In order for the ‘Delete’ feature to work, all users should have the latest version of Whatsapp installed for their phones or desktops. 
    6. If the deletion is not successful for all members of the group, there will not be a separate notification informing of the same.

    Note: There is a possibility that a message will be viewed by the recipient before the sender deletes it.

    What do you think of this new feature?