India Infosec Concerns Report

Please feel free to submit your feedback in the comment section below

This is the first report from IndiaWatch, in partnership with ClubHack, and the first of it’s kind report as it is based completely on the submissions of InfoSec professionals in the country.

India Infosec Concerns Report

This is not your regular annual threat and risk report on Information Security but has gone further – we reached out to the IS professionals and got them to articulate the concerns that trouble them. Concerns about the government, about corporations and about you, me and the regular user. So we got a lot of emotional stuff which drowned us and has taken us a long time to put together  into a structural format which looks and feels reporty!

Our intention is to bring home truths home and while we are talking straight we are sure that you will appreciate honest opinion and criticism which has been presented with corrective information where possible. Of course, we do not claim this is the be all and end all as it is not possible to get all Infosec concerns into 20 odd pages. However we have made our best effort to identify the Top 5 and present them to you.

Feedback is requested and we also want more people to participate in our other research projects … so your support will be appreciated. If you want to join the movement you are welcome to drop us a mail.

If you have read this far, we thank you for your interest in the Top5-2013 report.

Once you have read the report we shall welcome your feedback via email or you can visit the URL printed on the back cover of the report.

May the force be with you!

FAQs
Wow! great news, but what about India. Are you closing operations here?
No, we aren’t closing our India operations, rather making them more stronger. Our Indian activities will continue but with little twist here and there

So are you going to have an event in India in 2013 
Oh Yes!, without any doubt, but not in Pune this time. ClubHack in partnership with other security events in India is putting up a mega conference in Delhi by November 2013 last week. This event will be known as GroundZero InfoSec Summit. Details about the same are at http://g0s.org

So what about Pune, will you abandon the Pune fans
Of-course not, Pune has been a huge support to us and has helped us reach where we are today. As the G0S is happening in the last week of November, having an event in December doesn’t make a lot of sense for many people (including our sponsors)

Then when do we see next ClubHack event in Pune
Tentative dates for next ClubHack in Pune is April 2014. Will send out updates on them as and when things take shape.

This is our effort to put together a risk and threat listing which will identify the top 5 for the nation (India), it’s people and it’s corporations.

We would like to invite you all to contribute to this effort and submit what you consider the top 5 in the three categories by filling in a brief submission form at http://goo.gl/O3lWF

The 2013 top-5 will be released in the first week of January and will be re-visited quarterly or half-yearly. We plan to keep this dynamic in nature and will update in case there are any earth shattering events at anytime in the interim.

Please spread the word to your friends and associates so we can get as many submissions as possible. Remember the link is http://goo.gl/O3lWF

Dinesh O Bareja (Open Security Alliance – Indiawatch)
Rohit Srivastwa (ClubHack)

ClubHack 2012 is four day conference which will be featuring 15 technical briefings, 4 workshops & Hacknight. Workshops are divided as pre conference & post conference which will allow geeks 7 professionals to attend more than one workshop.

On first day of event (November 30) pre conference workshops & Hacknight are scheduled.  Powershell for hackers by Nikhil Mittal & Securing Mobile applications – Exploits Demystified and Solutions Simplified by Dinesh Shetty & Ashish Rao are scheduled as pre conference workshops. Hacknight will be conducted at Amiworks Pvt. Ltd. on Senapati Bapat road at Pune. It will be start from 7pm of Nov 30^th to 8am of Dec 1^st. Hacknight is a complete night-out of making new products/plugins/modules/scripts, etc. With Hacknight hackers, developers will get a chance to work on project they always wanted to.

Event will be inaugurated on December 1^st & ClubHack will launch a surprise tool. Later on technical briefings will start till December 2^nd evening. Topics for technical briefings containing infrastructure security, smart grid security, legal nuances to cloud, hacking & securing iOS apps, information security, hacking using NFC into smart phones, content type attacks, demonstration of tools like Hybrid Analyzer for Web Application Security (HAWAS), XSS Shell, FatCat & real time recording system.

On last day of ClubHack 2012, post conference workshops will be conducted. Workshops are Putting application security maturity models in practice by Ketan Vyas & Hackers vs. Developers  by K.V.Prashant & Akash Mahajan.

ClubHack 2012 is powered by leading IT security Solutions Company – Quick Heal, global cyber intelligence firm – iSight Partners & Computer Society of India. Media partners for event are The Hacker News (internationally recognized news source), ISACA (Information Systems Audit and Control Association) & eHacking News (Information Security News portal).

Registrations for event are open till midnight before the workshops & technical briefings scheduled dates. On the spot registration facility is also provided. You can register to event by visiting this link http://www.clubhack.com/2012/registrations

Detailed Schedule:

Day 1, November 30^th, 2012:

-          Pre conference workshops -  Powershell for hackers by Nikhil Mittal & Securing Mobile applications – Exploits Demystified and Solutions Simplified by Dinesh Shetty & Ashish Rao

-          Hacknight at Amiworks, Pune

Day 2, December 1^st, 2012:

-          Inauguration, Keynote

-          Special tool Launch by ClubHack team

-          Technical Briefings

Day 3, December 2^nd, 2012:

-          Technical Briefings

Day 4, December 3^rd, 2012: Post conference workshop – Putting application security maturity models in practice by Ketan Vyas & Hackers vs. Developers by K.V.Prashant & Akash Mahajan.

As Indians, we are very cautious about our lives, even more cautious about our money. People were skeptical about the internet and the openness it brought with it. But boy, have we welcomed with open arms or have we really welcomed with open arms?

For a developing nation our internet usage statistics are really mind boggling. We have welcomed e-commerce, e-shopping with open e-wallets, and not just commerce but social networking too. Downloading, facebooking, googling are the verbs which are used frequently in our day to day lives.

But the questions I mentioned at the start do bother us, don’t they? Do you feel that your facebook account was probably accessed by someone else? Are there certain settings that have changed on your PC without you changing it? Are online transactions really all that safe?

ClubHack and Trak.in is here with a survey to understand your doubts regarding internet security, help us by filling out this simple survey. This survey doesn’t ask or record any private data, just simple question that ask you regarding your concerns about internet security.

The survey will take less than 1 minute to fill up, but it would give a great insight on how do we perceive online security and how secure we really are.

Click here to get registration details http://www.clubhack.com/2012/registrations/

ClubHack 2012 onwards, we will concentrate our energies in empowering innovation & leadership development. Having loved
our domain so much, we’d continue to do this in the domain of information security only. And that coins our new motto
line
““Empowering Innovation & Leadership in Information Security””

Visit http://clubhack.com/2011 for more details

In this 5th edition of ClubHack, we have Richard Stiennon as our invited guest & keynote speaker

Richard Stiennon, security expert and industry analyst, is known for shaking up the industry and providing actionable guidance to vendors and end users. He is the author of Surviving Cyberwar (Government Institutes, 2010) and is the founder of IT-Harvest, an independent analyst firm that researches the 1,200 IT security vendors. He was Chief Marketing Officer for Fortinet, Inc. the leading UTM vendor. Prior to that he was VP Threat Research at Webroot Software.