Sunday 1 January 2017

inspirational stories

                             INSPIRING PEOPLE 

To choose the greatest Indian people is difficult. No country has such a long and rich history, stretching back into the Vedic times. There are a few difficulties in deciding what actually constitutes India. Since ancient times, the nation of India has been fluid with changing boundaries. I have chosen a liberal interpretation of what constitutes India and have included some of those who made India their adopted country. Ranking these inspirational people seems a little fruitless. You could easily argue for different people and a different order. But, these are some of the most inspirational Indians.Here through my small blog  I am giving a short bio on such people who insipre us.My first inspiration are my parents who taught me to be a good person.

indian1. Lord Buddha- Founder of Buddhism. Gave up the comforts of being a Prince in a palace to seek enlightenment in the forests. After gaining the experience of Nirvana, Lord Buddha spent many years travelling India teaching his philosophy of enlightenment and peace.
indian2. Sri Aurobindo- One of the key figures in the early Indian Independence movement, Aurobindo argued for nothing less than full independence. He retired from politics to devote the remainder of his life to spirituality in the French enclave of Pondicherry. Become one of the greatest poets, philosophers and Spiritual Masters of the twentieth century.
indian3. Swami Vivekananda-  The indomitable spirit of Swami Vivekananda awoke in his fellow Indians a renewed sense of pride and self-belief. Vivekananda embodied both the spirituality of ancient India and the dynamism of the West. He became renowned in the West after his inspirational message of Religious tolerance was heard at the World Parliament of Religions 1983.
indian4. Mahatma Gandhi-  The foremost political leader of the Indian independence movement. For over two decades, Ghandi strove for a peaceful overthrow of British rule. Inspired millions with his philosophy, resolve and commitment to independence and also to alleviating the plight of women and the 'untouchable' caste.
indian5. Sri Krishna-  The hero of India's classic - the Bhagavad Gita. It was Sri Krishna who taught to Arjuna the sublime philosophy of yoga contained in the Gita. It was Sri Krishna who brought religion and spirituality to everyone. Sri Krishna also developed a new path of yoga - bhakti yoga, the yoga of devotion.
indian6. Akbar-  The Great Moghul Emperor who united India and became a beacon for religious tolerance. Akbar took great ginterest in all aspects of his government and introduced laws which were very enlightened and progressive for his time.
indian7. Jawaharlal Nehru-  The first Prime Minister of an Independent India 1947. Nehru became a very well respected international statesman who steered his country through the difficult period following independence.
indian8. Rabindranath Tagore-  The Seer-Poet of modern India. Tagore, was the first Indian to be awarded the Nobel Prize for Literature in 1913. A consummate poet, composer and artist. Returned his knighthood in protest at mistreatment of Indians by the British.
indian9. Mother Teresa- Mother Teresa was born in Albania, but, she made her home in the slums of Calcutta. Her compassion and selfless service to the underprivileged of India and the whole world, slowly won the hearts of a her fellow Indians.
indian10. Ashoka-  One of the greatest Indian rulers of all time. Ashoka the Great ruled from 269 BC to 232 BC he embraced Buddhism after a bloody battle and became known for his philanthropy, and adherence to the principles of non-violence, love, truth and tolerance.

Saturday 22 October 2016

IP SPOOFING

                                      IP SPOOFING


IP spoofing, also known as IP address forgery or a host file hijack, is a hijacking technique in which a cracker masquerades as a trusted host to conceal his identity,spoof a Web site, hijack browsers, or gain access to a network. Here's how it works: The hijacker obtains the IP address of a legitimate host and alters packet headers so that the legitimate host appears to be the source.When IP spoofing is used to hijack a browser, a visitor who types in the URL (Uniform Resource Locator) of a legitimate site is taken to a fraudulent Web page created by the hijacker. For example, if the hijacker spoofed the Library of Congress Web site, then any Internet user who typed in the URL www.loc.gov.com would see spoofed content created by the hijacker.If a user interacts with dynamic content on a spoofed page, the high jacker can gain access to sensitive information or computer or network resources. He could steal or alter sensitive data, such as a credit card number or password, or install malware . The hijacker would also be able to take control of a compromised computer to use it as part of a zombie army in order to send out spam.Web site administrators can minimise the danger that their IP addresses will be spoofed by implementing hierarchical or one-time passwords and data encryption/decryption techniques. Users and administrators can protect themselves and their networks by installing and implementing firewalls that block outgoing packets with source addresses that differ from the IP address of the user's computer or internal network.
Technical Discussion
To completely understand how these attacks can take place, one must examine the structure of the TCP/IP protocol suite. A basic understanding of these headers and network exchanges is crucial to the process.
Internet Protocol – IP
Internet protocol (IP) is a network protocol operating at layer 3 (network) of the OSI model. It is a connectionless model, meaning there is no information regarding transaction state, which is used to route packets on a network. Additionally, there is no method in place to ensure that a packet is properly delivered to the destination.
Examining the IP header, we can see that the first 12 bytes (or the top 3 rows of the header) contain various information about the packet. The next 8 bytes (the next 2 rows), however, contains the source and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses – specifically the “source address” field. It's important to note that each datagram is sent independent of all others due to the stateless nature of IP. Keep this fact in mind as we examine TCP in the next section.
Transmission Control Protocol – TCP
IP can be thought of as a routing wrapper for layer 4 (transport), which contains the Transmission Control Protocol (TCP). Unlike IP, TCP uses a connection-oriented design. This means that the participants in a TCP session must first build a connection - via the 3-way handshake (SYN-SYN/ACK-ACK) - then update one another on progress - via sequences and acknowledgements. This “conversation”, ensures data reliability, since the sender receives an OK from the recipient after each packet exchange.
As you can see above, a TCP header is very different from an IP header. We are concerned with the first 12 bytes of the TCP packet, which contain port and sequencing information. Much like an IP datagram, TCP packets can be manipulated using software. The source and destination ports normally depend on the network application in use (for example, HTTP via port 80). What's important for our understanding of spoofing are the sequence and acknowledgement numbers. The data contained in these fields ensures packet delivery by determining whether or not a packet needs to be resent. The sequence number is the number of the first byte in the current packet, which is relevant to the data stream. The acknowledgement number, in turn, contains the value of the next expected sequence number in the stream. This relationship confirms, on both ends, that the proper packets were received. It’s quite different than IP, since transaction state is closely monitored.
Consequences of the TCP/IP Design
Now that we have an overview of the TCP/IP formats, let's examine the consequences. Obviously, it's very easy to mask a source address by manipulating an IP header. This technique is used for obvious reasons and is employed in several of the attacks discussed below. Another consequence, specific to TCP, is sequence number prediction, which can lead to session hijacking or host impersonating. This method builds on IP spoofing, since a session, albeit a false one, is built. We will examine the ramifications of this in the attacks discussed below.
Spoofing Attacks
There are a few variations on the types of attacks that successfully employ IP spoofing. Although some are relatively dated, others are very pertinent to current security concerns.
Non-Blind Spoofing
This type of attack takes place when the attacker is on the same sub net as the victim. The sequence and acknowledgement numbers can be sniffed, eliminating the potential difficulty of calculating them accurately. The biggest threat of spoofing in this instance would be session hijacking. This is accomplished by corrupting the data stream of an established connection, then re-establishing it based on correct sequence and acknowledgement numbers with the attack machine. Using this technique, an attacker could effectively bypass any authentication measures taken place to build the connection.
Blind Spoofing
This is a more sophisticated attack, because the sequence and acknowledgement numbers are unreachable. In order to circumvent this, several packets are sent to the target machine in order to sample sequence numbers. While not the case today, machines in the past used basic techniques for generating sequence numbers. It was relatively easy to discover the exact formula by studying packets and tcp sessions. Today, most of the implement random sequence number generation, making it difficult to predict them accurately. If, however, the sequence number was compromised, data could be sent to the target. Several years ago, many machines used host-based authentication services. A properly crafted attack could add the requisite data to a system (i.e. a new user account), blindly, enabling full access for the attacker who was impersonating a trusted host.
Misconceptions of IP Spoofing
While some of the attacks described above are a bit outdated, such as session hijacking for host-based authentication services, IP spoofing is still prevalent in network scanning and probes, as well as denial of service floods. However, the technique does not allow for anonymous Internet access, which is a common misconception for those unfamiliar with the practice. Any sort of spoofing beyond simple floods is relatively advanced and used in very specific instances such as evasion and connection hijacking.
Defending Against Spoofing
There are a few precautions that can be taken to limit IP spoofing risks on your network, such as:
Filtering at the Router - Implementing ingress and egress filtering on your border routers is a great place to start your spoofing defense. You will need to implement an ACL (access control list) that blocks private IP addresses on your downstream interface. Additionally, this interface should not accept addresses with your internal range as the source, as this is a common spoofing technique used to circumvent firewalls. On the upstream interface, you should restrict source addresses outside of your valid range, which will prevent someone on your network from sending spoofed traffic to the Internet.
Encryption and Authentication - Implementing encryption and authentication will also reduce spoofing threats. Both of these features are included in Ipv6, which will eliminate current spoofing threats. Additionally, you should eliminate all host-based authentication measures, which are sometimes common for machines on the same sub net. Ensure that the proper authentication measures are in place and carried out over a secure (encrypted) channel.
Conclusion
IP Spoofing is a problem without an easy solution, since it’s inherent to the design of the TCP/IP suite. Understanding how and why spoofing attacks are used, combined with a few simple prevention methods, can help protect your network from these malicious cloaking and cracking techniques.
Matt Tanase is President of Qaddisin. He and his company provide nationwide security consulting services. Additionally, he produces The Security Blog, a daily weblog dedicated to network security.





BUG BOUNTY

                                                  BUG BOUNTY

bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. These programs allow the developers to discover and resolve bugs before the general public is aware of them, preventing incidents of widespread abuse. Bug bounty programs have been implemented by Facebook Yahoo!

History 

The original "Bugs Bounty" program was the creation of Jarrett Ridlinghafer while working at Netscape Communications Corporation as a technical support Engineer.
Netscape encouraged its employees to push themselves and do whatever it takes to get the job done and, in early 1996, Jarrett Ridlinghafer was inspired with the idea for, and coined the phrase, 'Bugs Bounty'.
He recognized that Netscape had many enthusiasts and evangelists for their products, some of whom to him seemed even fanatical, particularly for the Mosaic/Netscape/Mozilla browser. He started to investigate the phenomenon in more detail and discovered that many of Netscape's enthusiasts were actually software engineers who were fixing the product's bugs on their own and publishing the fixes or workarounds:
  • In the news forums that had been set up by Netscape's technical support department to enable "self-help through collaboration" (another one of Ridlinghafer's ideas during his four-year stint at Netscape); or
  • On the unofficial "Netscape U-FAQ" website, where every known bug and feature of the browser was listed, as well as instructions regarding workarounds and fixes.
Ridlinghafer thought the company should leverage these resources and sat down and wrote out a proposal for the 'Netscape Bugs Bounty Program', which he presented to his manager who in turn suggested that Ridlinghafer present it at the next company executive team meeting.
At the next executive team meeting, which was attended by James Barksdale, Marc Andreessen and the VPs of every department including product engineering, each member was given a copy of the 'Netscape Bugs Bounty Program' proposal and Ridlinghafer was invited to present his idea to the Netscape Executive Team.
Everyone at the meeting embraced the idea except the VP of Engineering, who did not want it to go forward believing it to be a waste of time and resources. However, the VP of Engineering was overruled and Ridlinghafer was given an initial $50k budget to run with the proposal and the first official 'Bugs Bounty' program was launched in 1995.
The program was such a huge success that it is mentioned in many of books about Netscape's successes.

Incidents

In August 2013, a Computer Science student named Khalil used an exploit to post a letter on the Facebook timeline of site founder Mark Zuckerberg. According to the hacker, he had tried to report the vulnerability using Facebook's bug bounty program, but because of the vague and incomplete report the response team told him that his vulnerability was not actually a bug.
India, which has the second largest number of bug hunters in the world,tops the Facebook Bug Bounty Program with the largest number of valid bugs. "Researchers in Russia earned the highest amount per report in 2013, receiving an average of $3,961 for 38 bugs. India contributed the largest number of valid bugs at 136, with an average reward of $1,353. The USA reported 92 issues and averaged $2,272 in rewards. Brazil and the UK were third and fourth by volume, with 53 bugs and 40 bugs, respectively, and average rewards of $3,792 and $2,950", Facebook quoted in a post.Facebook started paying researchers who find and report security bugs by issuing them custom branded “White Hat” debit cards that can be reloaded with funds each time the researchers discover new flaws. “Researchers who find bugs and security improvements are rare, and we value them and have to find ways to reward them,” Ryan McGeehan, former manager of Facebook’s security response team, told CNET in an interview. “Having this exclusive black card is another way to recognize them. They can show up at a conference and show this card and say ‘I did special work for Facebook.’”[11] In 2014, Facebook stopped issuing debit cards to researchers.
Yahoo! was severely criticized for sending out Yahoo! T-shirts as reward to the Security Researchers for finding and reporting security vulnerabilities in Yahoo!, sparking what came to be called T-shirt-gate. High-Tech Bridge, a Geneva, Switzerland-based security testing company issued a press release saying Yahoo! offered $12.50 in credit per vulnerability, which could be used toward Yahoo-branded items such as T-shirts, cups and pens from its store. Ramses Martinez, director of Yahoo's security team claimed later in a blog post that he was behind the voucher reward program, and that he basically had been paying for them out of his own pocket. Eventually, Yahoo! launched its new bug bounty program on October 31 of the same year, that allows security researchers to submit bugs and receive rewards between $250 and $15,000, depending on the severity of the bug discovered.

Notable programs

In October 2013, Google announced a major change to its Vulnerability Reward Program. Previously, it had been a bug bounty program covering many Google products. With the shift, however, the program was broadened to include a selection of high-risk free software applications and libraries, primarily those designed for networking or for low-level operating system functionality. Submissions that Google found adherent to the guidelines would be eligible for rewards ranging from $500 to $3133.70.
Similarly, Microsoft and Facebook partnered in November 2013 to sponsor The Internet Bug Bounty, a program to offer rewards for reporting hacks and exploits for a broad range of Internet-related software. The software covered by the IBB includes Adobe Flash, Python, Ruby, PHP, Django, Ruby on Rails, Perl, OpenSSL, Nginx, Apache HTTP Server, and Phabricator. In addition, the program offered rewards for broader exploits affecting widely used operating systems and web browsers, as well as the Internet as a whole.
In March 2016, Peter Cook announced the federal government's first bug bounty program, the "Hack the Pentagon" program. The program ran from April 18 to May 12 and over 1400 people submitted 138 unique valid reports through HackerOne. In total, the US Department of Defense paid out $71,200. In June, the Secretary of Defense, Ash Carter, met with two participants, David Dworken and Craig Arendt, to honor them for their participation in the program.
















Thursday 31 December 2015

web hosting

                                        Web Hosting

web hosting service is a type of Internet hosting service that allows individuals and organizations to make their website accessible via the World Wide Web. Web hosts are companies that provide space on a server owned or leased for use by clients, as well as providing Internet connectivity, typically in a data center.

Web hosting is a place where individuals or organizations place their websites.
Normally when we talk about a web hosting, it means a company that provides space on a computer (server) to *host* the files for your website, as well as providing Internet connectivity so that other computers can access to the files on your website.
Normally when we talk about web hosting, the term “web hosting” refers to the server that host your website or the hosting company that rent that server space to you; when we talk about data center, we mean the facility that is used to house the servers.
A data center could be a room, a house, or a very large building equipped with redundant or backup power supplies, redundant data communications connections, environmental controls (e.g., air conditioning, fire suppression) and security devices

                          Types of web hosting

Generally, there are four different types of web hosting: Shared, Virtual Private Server (VPS), Dedicated, and Cloud Hosting. While all types of hosting servers will act as a storage centre for your website, they differ in the amount of storage capacity, control, technical knowledge requirement, server speed, and reliability. Let’s dig in and look at the main differences between a shared, VPS, dedicated, and cloud hosting.
Shared Server Hosting
What Is Shared Hosting?
Introduction
In shared hosting, one’s web site is placed on the same server as many other sites, ranging from a few to hundreds or thousands. Typically, all domains may share a common pool of server resources, such as RAM and the CPU. As cost is extremely low, most websites with moderate traffic levels running standard software are hosted on this type of server. Shared hosting is also widely accepted as the entry level option as it requires minimum technical knowledge.
Disadvantages
No root access, limited ability to handle high traffic levels or spikes, site performance can be affected by other sites on the same server.
 Recommended shared hosting services: iPage, WebHostingHub, A2 Hosting, and Hostgator.

Virtual Private Server (VPS) Hosting

What Is VPS Hosting
Introduction
A virtual private server hosting divides a server into virtual servers, where each websites is like hosted on their own dedicated server, but they’re actually sharing a server with a few different other users. The users may have root access to their own virtual space and better secured hosting environment with this type of hosting. Websites that need greater control at the server level, but don’t want to invest in a dedicated server.

Disadvantages
Limited ability to handle high traffic levels or spikes, your site performance can still be somewhat affected by other sites on the server.
 Recommended VPS hosting services: InMotion HostingRose Hosting, and A2 Hosting.
Dedicated Server Hosting
What Is Dedicated Hosting?
Introduction
A dedicated server offers the maximum control over the web server your website is stored on – You exclusively rent an entire server. Your website(s) is the only website stored on the server.
Disadvantages
With great power comes… well, greater cost. Dedicated servers are very expensive and it’s only recommended to those who need the maximum control and better server performance.
 Recommended dedicated hosting services: InMotion HostingRose HostingA2 Hosting, and Hostgator.

Cloud Hosting

What Is Cloud Hosting?
Introduction
Cloud hosting offers unlimited ability to handle high traffic or traffic spikes. Here’s how it works: A team of servers (called a cloud) work together to host a group of websites. This allows multiple computers to work together to handle high traffic levels or spikes for any particular website.
Disadvantages
Many cloud hosting setup do not offers root access (required to change server settings and install some software), higher cost.

What Is A Domain Name?

Before you can run a website, you will need a domain name.
A domain is the name of your website. A domain name is not something physical that you can touch or see; it is merely a string of characters that give your website an identity (yes, a name, like human and businesses).
Now, here are some quick examples: Google.com is a domain name; so are Alexa.com, Linux.org, WebRevenue.co,  eLearningEuropa.info, as well as Yahoo.co.uk.
To have your own domain, you will need to register your domain with a domain registrar.

The difference between web hosting and domain name

It is very common for newbies to get confused between a domain name with a web hosting. However, it is very important to be crystal clear on the differences between the two before you move on to your first website.
To simplify: A domain name, is like the address of your home; web hosting on the other hand, is the space of your house where you place your furniture.
Instead of street name and area code, set of words or/and numbers are used for the website’s naming’. The same goes with hosting, computer hard disk and computer memory are used instead of instead of wood and steel for storing and processing data files. The idea is presented clearer with the diagram below.
Domain vs Web Hosting






.

Wednesday 30 December 2015

KEVIN MITCNIK


                                       KEVIN MITNICK



Kevin Mitnick (born August 6, 1963) is an American computer security consultant, author, and hacker. In the mid nineties, he was “The World’s Most Wanted Hacker”. Since 2000, he has been a successful security consultant, public speaker and author. Kevin does security consulting for Fortune 500 companies, performs penetration testing services for the world’s largest companies and teaches Social Engineering classes to dozens of companies and government agencies. His last book Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker’ was a New York Times best-seller.

Computer hacking

At age 13, Mitnick used social engineering and dumper diving to bypass the punch card system used in the Los Angeles bus system. After he made a bus driver tell him where he could buy his own ticket punch "for a school project", he was able to ride any bus in the greater LA area using unused transfer slips he found in a dumpster next to the bus company garage. Social engineering later became his primary method of obtaining information, including user-names and passwords and modem phone numbers.
Mitnick first gained unauthorized access to a computer network in 1979, at 16, when a friend gave him the phone number for the Ark, the computer system Digital Equipment Corporation (DEC) used for developing their RSTS/E operating system software. He broke into DEC's computer network and copied their software, a crime he was charged with and convicted of in 1988. He was sentenced to 12 months in prison followed by three years of supervised release. Near the end of his supervised release, Mitnick hacked into Pacific Bell voice mail computers. After a warrant was issued for his arrest, Mitnick fled, becoming a fugitive for two and a half years.
According to the U.S. Department of Justice, Mitnick gained unauthorized access to dozens of computer networks while he was a fugitive. He used cloned cellular phones to hide his location and, among other things, copied valuable proprietary software from some of the country's largest cellular telephone and computer companies. Mitnick also intercepted and stole computer passwords, altered computer networks, and broke into and read private e-mails.
Kevin Mitnick was once known as the ‘World’s Most Wanted’ social engineer and computer hacker. One doesn’t acquire a title like that – nor an accompanying prison sentence – for vanilla exploits. While in Federal custody, authorities even placed Mitnick in solitary confinement; reportedly, he was deemed so dangerous that if allowed access to a telephone he could start a nuclear war by just whistling into it.
From the 1970s up until his last arrest in 1995 Kevin Mitnick skillfully eluded and bypassed corporate security safeguards, penetrating some of the most well-guarded systems, including, amongst countless others, the likes of Sun Microsystems, Digital Equipment Corporation, Motorola, Netcom, and Nokia. He has even had to go on record and deny hacking into the Department of Defense’s North American Aerospace Defense Command (NORAD) and wiretapping the Federal Bureau of Investigation.
At a recent app-enabled cloud network performance and security briefing hosted by Citrix and Palo Alto Networks in Washington, DC, Mitnick opened up about his former life and introduced himself to the Washington crowd accordingly.
“I assume there are a lot of Federal agencies here so we may know each other from a past life,” Mitnick said in a devious, yet still tempered tone.
With the bylines of “Most Wanted” and “Infamous” and a laundry list of corporate names etched onto his belt of exploits, it’d be fair to assume that Mitnick’s hacking masterpiece evolved from one of his more high profile penetrations. That assumption, however, couldn’t be further from the truth.
Actually, the seminal stunt of his hacking career is much more puerile but nonetheless humorous. As Mitnick explained, “My favorite hack was actually when I was a kid.”
Mitnick hacked the frequency of a local McDonald’s drive-through ordering system and took control over the drive-through speaker, relishing the consequential bewilderment of unsuspecting McDonald’s employees.
“I would sit across the street from McDonald’s and I would take their order and tell them they were the 50th customer so your order is free. Please drive through your order is free,” Mitnick reminisced. “People would drive up to the window and I would say, ‘Our weight detection system detected your car is a little heavy so we recommend the salad instead of the Big Mac’.”
“It got to the point that the manager of the McDonald’s was wondering what the heck was going on and he walked outside and looked in the cars and around the parking lot, but he could not see anything because I was across the street. He even walked up to the drive-through speaker and looked at it and then stuck his head inside to see if there was actually someone inside and I yelled, ‘What are you looking at?!’”
Mitnick didn’t only revel in the joy of trolling individual customer orders, though. He went on to explain, “But my favorite was when the police drove up and I would say, ‘Hide the cocaine, hide the cocaine!’” Alas, the theater of the ensuing build-up and moment when the unsuspecting employee met the suspicious glances of the police would befit any comedic late night show.
McDonald’s, when reached for comment, was less than amused by Mitnick’s claims. As all Fortune 500 companies take hacking very seriously, Danya Proud, Director of Media Relations, McDonald’s USA stated, “We are not aware of this matter; however, security of our business, information and systems remains a top priority.”
No word yet if McDonald’s plans to hire Mitnick to consult on the protection of the integrity of their drive-through ordering process. One can only hope that measures to counter such nefarious hacks have been implemented.
At any length, look across the street if you ever encounter a problem during a wee-hours drive-thru run to Mickey D’s. The world’s once most wanted and infamous Mitnick may be enjoying a little bit of reflective levity at your expense, especially if you’re the 50th customer.
Could you hack into the New York Times best-seller list and change the ranking of your new book, Ghost in the Wires?
Probably. These days companies hire me to break into their systems to find their security vulnerabilities. I don't know if I could compromise the New York Times network, but I think it's likely. Of course, I would only do it with authorization.
Your first crime involved fake bus transfers. Do you think if somebody had cracked down on you earlier, your life might have gone a different way?
I think it goes back to my high school days. In computer class, the first assignment was to write a program to print the first 100 Fibonacci numbers. Instead, I wrote a program that would steal passwords of students. My teacher gave me an A.
What made you a good hacker was less the coding skills and more the social-engineering skills. What were they?
Social engineering is using deception, manipulation and influence to convince a human who has access to a computer system to do something, like click on an attachment in an e-mail. Most of the computer compromises that we hear about use a technique called spear phishing, which allows an attacker access to a key person's workstation. It's extremely difficult to defend against.
Has social networking changed hacking?
Made it easier. I can go into LinkedIn and search for network engineers and come up with a list of great spear-phishing targets because they usually have administrator rights over the network. Then I go onto Twitter or Facebook and trick them into doing something, and I have privileged access. If I know you love Angry Birds, maybe I would send you an e-mail purporting to be from Angry Birds with a new pro version. Once you download it, I could have complete access to everything on your phone.
How easy was it for those tabloid reporters to hack into celebrities' phones?
This kind of boggles my mind. A lot of the cellular operators would create a default PIN for people's voice mail as 1111 or 1234. It doesn't take a hacker to guess a PIN like that.
What is the perfect PIN then?
The perfect PIN is not four digits and not associated with your life, like an old telephone number. It's something easy for you to remember and hard for other people to guess.
What do you think of people like Julian Assange and the WikiLeaks crowd?
It's more Bradley Manning who was responsible for all of that. Here's an enlisted guy who's able to dump secret documents from SIPRNet to CDs. It is a huge security failure on the part of the U.S. government--the worst that I know of.
Which of your hacks are you most proud of?
I think when I hacked into Pac Bell Cellular to do traffic analysis on the FBI agents who were tasked with capturing me--not for hacking into Pac Bell but for how I leveraged that information to stay one step ahead of the government.
You used Money's rankings of the 10 most livable cities to find places to hide. Should the FBI monitor that list?
No, it was just allowing Money to randomize my choice. If I had my own choice, somebody might have figured it out.
You served five years. How do hackers get treated in prison?
Pretty well. A Colombian drug dealer offered me $5 million to hack into the Bureau of Prisons network to get him an early release date. I said, "Let's talk."












Sunday 27 December 2015

DHIRU BHAI AMBANI : A TRUE STORY

                           DHIRUBHAI AMBANI 


The story of Reliance Industries (RIL) is almost folklore in India. It was founded in the late 1950s by the late Dhirubhai Ambani, a former petrol-pump attendant, who even in the 1960s lived in a one-room chawl in Mumbai with his wife and children.
The group’s interests now include the manufacture of synthetic fibres, textiles and petrochemical products, oil and gas exploration, petroleum refining, besides telecommunications, media, retail and financial services.
Dhirubhai showed he had that street smarts and a nose for profit early. While working in Aden, he spotted that local coins had a face value less than the value of the silver from which they were made. So he bought every coin he could, melted them down and pocketed the difference. “I don't believe in not taking opportunities,” he said, according to his unofficial biographer, Hamish McDonald.


Published in 1998, the book is still not available in Indian bookshops because the Ambanis have threatened legal action for anything they perceive as defamatory in the book.
But, truth to be told, it took a lot more than just opportunity to turn Reliance into a Rs 75,000-crore (Rs 750-billion) colossus by the time Dhirubhai passed away in 2002. It took a rare kind of genius to succeed where so many others have tried and failed.

Humble Beginnings 

Dhirubhai, born on 28 December, 1932, was the the third son of a school teacher in Gujarat. No one could have imagined then that the student of Junagadh’s Bahadur Kanji High School – who stopped studying after the tenth standard to join his elder brother, Ramniklal in Aden – would one day claim a rightful place among the richest men in the world.
In 1957, Dhirubhai arrived in Mumbai after spending 8 years in Aden (Yemen), he had only Rs 500 in his pocket. Now Rs 500 wasn't a pricely sum even back then but it had value and it allowed Dhirubhai to take his first steps in the world of business.
By 1958, when he started his first small trading venture, his family used to reside in a one room apartment at Jaihind Estate in Bhuleshwar. After trading in a range of products, primarily spices and fabrics, for eight years, Dhirubhai managed to become the owner of a small spinning mill at Naroda, near Ahmedabad. This was a turning point for him.

Blast Off



By 1976-77, Reliance had an annual turnover of Rs 70 crore (Rs 700 million). For many that would have been enough. But Dhirubhai was just getting started.
In 1977, Reliance Industries went public and raised equity capital from 58,000 investors, many of them located in small towns. From then onwards, Dhirubhai started extensively promoting his company’s textile brand name, Vimal. The story goes that on one particular day, the Reliance group chairman inaugurated the retail outlets of as many as 100 franchises.
But the deal-breaker in the eyes of his critics was how he managed to cultivate favours among the politicians. Indira Gandhi returned to power in the 1980 general elections and Dhirubhai shared a platform with the then prime minister of India at a victory rally. He had also allegedly become very close to the then finance minister Pranab Mukherjee, not to mention the prime minister’s principal aide R.K. Dhawan.

Negotiating Success



If you want to succeed in business, especially in India, your networking skills need to be simply superb. You need to have the right contacts to push your projects through and Dhirubhai had them. 
His admirers say that Ambani’s success came down to his financial acumen, innovations in marketing and technology, and project execution skills. But his critics will say that the consummate skills with which he could win friends and influence people were just as criticial. They say, that is what allowed him to bend and twist the license-permit system to his advantage.
As Dhirubhai once said: “We cannot change our rulers, but we can change the way they rule us.”

His rivals

Of course, success is never a one-way street. Dhirubhai Ambani had his rivals and they tried to bring him down in every way possible. This Rediff article sheds light on the rivalries:
“There is the fight-to-the-finish battle with Ramnath Goenka -- the fiery and fearless proprietor of the Indian Express; then the war with industrialist Nusli Wadia of Bombay Dyeing; the much publicised allegations against some Ambani staffers over a plot to murder Wadia; Reliance's travails during the V P Singh government, which almost brought the business house to its knees, and sundry other controversies over licensed capacities, export manipulation and share switching.”

But he survived all that – despite suffering a stroke in 1986 – and his company continued to grow. In the 1990s he turned aggressively toward petrochemicals, oil refining, telecommunications and financial services. When he breathed his last in 2002 – he was ranked by Forbes as the world’s 138th-richest person, with an estimated net worth of $2.9 billion.

How big are Reliance now?

India is home to 56 of the world’s 2,000 largest and most powerful public companies, according to the Forbes’s annual list and the Mukesh Ambani-led Reliance Industries Ltd leads the pack with a rank of 142 -- with a market value of $42.9 billion and $71.7 billion in sales. Their revenues are roughly equal to 2.8% of India’s GDP. It also contributes 8.2% of India’s total exports, 8% of the Government of India’s Indirect tax revenues. RIL is India’s largest exporter with exports constituting nearly 37% of its revenues.
Dhirubhai had a dream; he dreamt of India becoming a great economic superpower and through his life, he showed the country that nothing was impossible if you set your mind to it. If that isn't inspiration then nothing ever will be.