Nettech :: Official Blog site :: Update on Ethical Hacking :: Cyber Crime :: Networking

Why Summer Training at Nettech!!

2010-04-10T14:43:00.000+05:30

1# We do only Networking!!

First and foremost; we specialise in computer networking. We do not offer any other course except Computer Network Management. As we conduct only one course, it gives us ample time and opportunity to make the course better and updated with relevant and latest networking technologies. Our faculty team has worked in various training assignments with some of the premier Institutions in India including IIM Calcutta, IIT Kanpur, IIT Kharagpur, BITS-Pilani, XLRI Jamshedpur, XIM Bhubaneswar, IMT Ghaziabad and many more. At Nettech you can be rest assured for a very focus and professional training environment on Networking.

2# Do it yourself approach!!

If you are coming for any of our program, don’t worry we will not bombard you with theories. We don’t deny that theories are important, one need to know the theory to understand things, why it works, and how it works. At Nettech we allow you to go through the theory component at your own space in your leisure time. We will put 100% focus on practical. It’s complete do it yourself approach, you need to try of your own to understand what it is. Round the clock lab and Nettech support staff will help you to do all your experiment of your own. At Nettech, if we mention a topic, be assured we will show you the same practically.

3# Best of the Best Infrastructure!!

If you are aware, we don’t have any infrastructure of our own (only one address for Demand draft collection and communication). That’s the only reason we associate with some of the Premier Institutes in India. Can you imagine in one computer lab (within four walls) 300 computers, please come to Nettech to experience the same. With our unique association with some of the best education brand in India, we are able to provide state-of-the-art labs for training programme.

4# All India Presence!!

Please note at Nettech you don’t have students from only one college, or from one city or from one University. You will have students from various IIT’s, NIT’s as well as private engineering colleges from across the Country. On an average we get students from more than 50 colleges in one of our venue. Students are able to mix with others, speak to others about their curriculum and exchange their views on an open platform at Nettech.

5# Faculty members!!

At Nettech we bring you the best of two worlds, academics as well industry. With our unique association we get access to the faculty pool of our partner Institutions and able to provide some of the best faculty to the students. For examples Dr. Gopal Nayak, Director, IIIT Bhubaneswar, and former Dean of XIMB will take few classes and interact with Nettech students at XIM Bhubaneswar. Similarly Dr. Poonam Garg, Chairperson Information system area, IMT Ghaziabad will interact with the students at IMT Ghaziabad. Then we have Swapan Purkait, Director Nettech Private Limited who will share his industry experience with the students. Mr Purkait has worked with ICNET, first commercial email company in India, Novell, the company known for his networking OS, Netware and he is also the founder director of Nettech Private Limited.

6# Our Grouping system!!

At Nettech we emphasize on team work. Students are asked to work in a group of six/eight members. No two students of the same college will be in the same group. There are group tests; the group gets 10 or 0, resulting all members getting 10 or 0. Our Binary marking system encourages students to come together and work as a single unit. At Nettech we are looking for a team who will unite against all odds and succeed not only in our course but in their future professional life.

7# T10 - Our Testing system!!

Its either you pass or you fail no fifty-fifty. We take pride on our testing system, it’s the backbone of Nettech. T10 – is Ten minutes – 10 marks. We have trained more than 5000 engineering students till date. Not a single student has ever asked us to stop the system. T10 – is all practical, in the lab, students will be given a practical problem, which they need to solve in 10 minutes. The best part there will be a 10 minute count down timer running on the LCD projector which will always create that extra pressure that you are racing against time. Think about the group test - 10 minutes – six students – one problem – 10 marks – and a count down timer, one need to be there to feel the excitement. Yes, we know its tough, it’s a stiff climb, but ask those students who have completed their task in less than 10 minutes, they will tell you – its worth the pressure. If you think you know it all, you are a brilliant trouble shooter, we will say come, take a T10 test, you will know where you stand.

8# Transparent Grading system!!

If you have given a test this morning, the result will be out by the evening or latest by next day morning. And it will be out on the intranet, where each and every student can see their as well as others marks. We encourage students with different grade colours. TOP 10 will be in blue colour, so you will always know, who to catch for that crucial tips. Then there will be colours like green, red and black. Don’t get scared its for your benefit only. We have seen students who have come from red to BLUE and topped the batch. And yes there is this extra certificate for your extra effort, we will give and extra certificate to the top 10 students saying that they are the top ten out of a batch of 200 students. So get ready for a tough competition.

9# Lucrative incentives!!

If you are ready to put your best for the program, don’t worry you will be well rewarded. Depending upon venues, we give lucrative incentives, for example in our Sikkim program top 3 students gets a Helicopter ride. In some centre we give prizes as books, in some cases we provide free hosting space as well as free database and email support for one year. There is also the opportunity to join the Nettech Team for the next program.

10# Continuous feedback process!!
Its YOU who is important, without you the program cannot be successful, that’s the only reason we have a continuous feedback process. We try to adapt the pace of the program depending upon your feedback. You will be requested to give your feedback on a regular basis, formally – informally, on the class or off the class. The best part of Nettech, as we always say we live in a democratic country named INDIA, we are not a Taliban run state, in our country we the people decide - what need to be done. At Nettech, you can change the topic, reschedule a class, change anything that you want just ask 51% of the total students to support your view and we will do it as you want. – So enjoy !!!

Look forward to meet you this summer.

wap.nettech.in / nettech.mobi activated : useful WML tips for begineers!!

2010-02-05T22:03:00.003+05:30

There are more mobile phones in the world than televisions and PCs combined. And millions of people are using those mobile phones to connect to the Internet. IDEA cellular has already started m-commerce (you can buy fish and transfer money from your mobile to the fish vendor). Today you can by railway ticket, air ticket as well as shares. Trust me a day will come you will have more mobile sites or “wap” sites then the “www” sites (unless you configure your www to cater to wap also). On an average any household in urban India will have minimum 4 mobile connections. It’s a huge market or the opportunity that we are looking at.

I take immense pleasure to inform you that, we have also started our wap site this month. Now you can get information about Nettech and its upcoming programs in a wap enabled mobile phone or smart phones. Visit wap.nettech.in or nettech.mobi from your wap enabled mobile phone.

Now students can track their application status for Nettech program in a mobile phone. (I am looking forward to starting the program registration also very soon). Do let me know what else we should add in our wap site.

For all those who doesn’t understand the difference between wap and www sites. WML (Wireless Markup Language) is the new programming language for mobile communication devices of any kind. The language is strongly similar to HTML and can be learned fairly quick in you understand basic HTML. WML has been developed especially for devices with limited memory and low graphic ability, like cell-phones or PDAs.

To read WML-pages you need a WAP-browser, you will not be able to view a WML page from your regular browser like IE or mozilla. WML-pages are black and white because colors would need too much memory.

If you want to see WML-pages in your computer you need to have a WML emulator you can visit the following web site to check your WML-pages online.

1. http://emulator.mtld.mobi/emulator.php
2. http://tagtag.com/site/info/emulator

If you want to have something in your desktop which can be used offline, you can download winwap browser from http://winwap.com very handy tool, if you are looking ahead for WAP development, winwap is must.

Now if you are seriously looking forward for WML but not sure where to start, please visit the following websites.

1. http://www.w3schools.com/WAP/
2. http://www.ccwap.com/wap_express.htm
3. http://www.developershome.com/wap/wml/
4. http://www.sourcecodeonline.com/list?q=wml_sample_codes

If you have any plan or looking forward for developing application in WML, please do keep in touch. All the best.

Summer Program 2010

2010-01-20T10:41:00.001+05:30

We have started the online registration for our Annual Summer Program – “Summer Program 2010”.

We have not included any new venue this year, but I am very sorry to inform that this year we will not visit Sikkim. We tried our best to make it happen but the frequent political disturbance in the region forced us to withdraw the venue this year. I am looking forward for returning to Sikkim in next year or if possible for Winter 2010.

Schedule for Summer 2010 as follows: First we head for IMT Ghaziabad, like last year IMT is the first program for summer 2010, starts on 15th May. Though we don’t have any exclusivity for any program or any quota system, we will request all students from IIT, NIT, ITBHU, BITS-Pilani, BITS-Mesra & IIIT to register for this venue.

The second in line is BITS-Pilani Goa Campus starts on 29th May, last year our water sports got spoiled because of rough sea condition, hope the same will not be the case for this year. In any case we have kept back-ups – (sorry I can tell you what that’s the back-up plan you know). I am looking forward for a high-voltage party on Santa Monica.

After the IMT Ghaziabad first program team will head for LNMIIT Jaipur campus (12th June). It’s the third year in a row for LNMIIT campus. Looking forward for lots of excitement (let me confirm Jaipur is Santu sir’s favorite venue). I am sure this time also Jaipur will be the first venue to get filled up, I don’t know the chemistry that’s what it is. I am personally looking forward for the trip to Choki Dhani, Rajsthani foods at its best.

Next the jewel, XIM Bhubaneswar, it’s the 7th year in a row for the venue. Personally my favorite not for any adventure sports or party or anything – it’s simply Dr. G. K. Nayak, my mentor, my guide, 5 minutes with him, trust me its more than a course. Let me give you guys a little secret, Nettech today, whatever it is – credit goes to Dr. Nayak. Nettech is a result of all those discussion I had with Sir, during my stay at XIMB. (2005 I have passed out from XIMB). Timing for the XIM Bhubaneswar is changed this year, we had problems with BPUT dates for last couple of years, so we scheduled our XIMB program dates such, BPUT will have less influence on the same. It starts on 22nd June. For the record XIMB used to be the first program for our summer season once upon a time. If I can recall correctly we started once as early as 27th April. Only hope that the university will be able to maintain their schedule in future.

Next is IMT Ghaziabad again, this time it’s a non-residential program starts from 8th July just after the LNMIIT campus.

And last but not the least we will be back in Kolkata for a non-residential program at Birla Institute of Technology, Kolkata Extension Centre. The program starts from 16th of July. Lost of Rasogolla and a fun trip of city of joy to sign-out summer 2010.

Looking forward to meet some of the best brain in the country, and some of the best times of my life.

2010-01-07T23:16:00.001+05:30

A Classic example of T10 (ten minutes – ten marks). I know lot of you will still say it’s harsh on students. 10 minutes is too less a time to solve – but what happened today will help you to change your view a bit.

This is the true story of the topper of the batch, Utsav Basu, IEM, Kolkata. Topper of winter 2009 Nettech Kolkata program. For all of you who think 10 minutes is too less, this guy got 10 out of 10 in all lab tests till yesterday, then this happened. Trust me, getting 10 in all the tests, where Santu sir is ever-ready with his Bam___ its tough, I know it, I can vouch for it. I really feel sorry for Utsav, it should have been a 100% record in all lab test (a record of its own).

The test paper was relatively easy, it was an individual test, create 3 users with your loginid as aloginid, bloginid and cloginid. Then create a folder dataloginid in “/” inside the data folder create another folder driver. Now allow all there users to access dataloginid where they can view files but can’t create or delete. Inside driver aloginid and bloginid can create and delete where as cloginid can only view and read. Design the file structure and share the same on Samba for windows access.

Utsav did everything right, all permission, user, password, samba share. But the group name he used was 1 and 2 for the job.

I give below, sequence of commands he used for the user and group creation.

groupadd 1
groupapp 2

useradd –G 1,2 aloginid
useradd –G 1,2 bloginid
useradd –G 1 cloginid

There was no error. He never checked the /etc/group file or never used the groups command to check the group membership, as he was sure he was right.

But useradd command took the group name 1 and 2 as the groupid instead of group name. So according to those ids the groups are bin and daemon respectively. So aloginid and bloginid became member of bin and daemon rather than the group 1 and 2.

His group permission was correct (chgrp) his samba share was also precise, but he ignored the quality control and as a result 100% record marks also went with those two bin and daemon group.

I am sure, he can forget us, forget Nettech but bin and daemon and the groupid he will never forget. I will say T10 has served its very purpose.

2009: Looking Back

2009-12-31T08:00:00.004+05:30

2009: Positives

We conducted our first program at NCR (National Capital Region), it was at IMT Ghaziabad May - June 2009. We followed the same with another program at Greater Noida during July 2009.

For the first time, we conducted 6 programs in one summer, CHEERS to SUMMER 2009.

Designed two new programs/course: Enterprise Resource Planning (ERP) & Technology for e-Business (TEB).

Lots of social networking, trust me we never thought we will do all these, were against to the idea for a long time but 2009, here we are. [ORKUT is still a big NO!! – don’t ask me why??]. As far as the photographs for Picasa is concern, 1GB is too less to keep all of you together, so 2010 we will have 20 GB space for Picasa. If required we will get more, so if you have something to put in Nettech photo album, do send us the same.

Facebook fan page: http://facebook.com/nettech.in
YouTube page: http://www.youtube.com/user/nettechteam
Twitter page: http://twitter.com/nettech_in
Picasa Web Album: http://picasaweb.google.co.in/photos.nettech

Worked with some of the best, the list is long; please allow me to mention at least these four, Lester, Ayush, Thomas and Priyanka. Looking forward to putting them together to make a dream team for 2010.

2009: Will never forget

Went for Delhi tour twice, never could enter the Famous (infamous) Lotus Temple, & will never forget the argument we had with the Security Guard during the tour with IMT batch.

Will never forget the Pizza party (138 + pizzas) at India Gate, Delhi during the Delhi tour with Greater Noida Program Students.

I am sure some of you will feel jealous now but can’t help – the DJ party on board Santa Monica on River Mandovi during our Goa program, was just a Awesome!!.

2009: When things goes wrong

Lets start with the worst, I bet you can’t beat me on this, we took a train from Allhabad to Sealdah, the train was late & it was only for 22 hours. (Yes we reached Sealdah next day same time)

This one will not be that bad, we were grounded in Ahmedabad for more than 8 hours. We were traveling by spicejet from Goa to Jaipur with a schedule stop over for 30 mins at Ahmedabad, which stretched to 8 hours. The bad part was next day the Jaipur Program was schedule to start, so there was always this tension. Good part Spicejet offered us complementary food in one of the restaurant upstairs – we reciprocated our feelings with more than Rs. 3000/- bill. I know if the Jaipur tension wasn’t there, this could have been a very happy moment.

We all went to Sikkim all set to start our in-campus program, SMIT campus gave us very warm (read hot) welcome, it was Tear-Gas and lots and pots of bricks and stones everywhere (literally flying from every direction). There was this disturbance between (I don’t have any authority to say anything more than this) some students & the college authority evicted all the students from the hostel. So – we head back for Kolkata.

After the Sikkim fiasco we went to Goa for our in-campus, at BITS-Goa campus, we sacrificed our Durga Puja (don’t ask a Bengali to leave Kolkata during the Durga Puja, if you have to ask at least wear helmet, you know safety first) and went to Goa (Goa – is after all Goa so actually we shouldn’t complain). Tragedy came on the second day of the program this time it was Jaundice, College remained closed for two weeks. We decided enough is enough not going back this time (you will say “Goa boss – why complain” – but you know “Durga Puja” – anyway you will not understand, let it be). Bought those 20 liters bisleri jars for drinking purpose. As said – things goes wrong, as they will, one need to take a decision. Good thing – we continued our program after a 15 days break. We completed what we started.

2009: Bitter moment

We had to ask four students to leave from BITS-Goa Campus and One from SMIT Sikkim campus during our program (Lets not dig into the reason and all). Trust me, it was a tough decision to take, professionally we did well, took our steps, every team member supported. Personally I was upset, I spoke to some of the parents personally but I couldn’t tell them that I also feel sorry. You know no Host will want their guest to return back with bitter taste. No body wants that, my hands were tied. I had to take a decision; I only hope that I don’t have to take a similar decision again in my life.

Something to Cheer, two students whom we asked to leave from Goa, came back at Greater Noida to complete the course. They completed what they started!!

Movies you must see !!!

2009-10-30T19:46:00.001+05:30

Next time if you get some free time please watch the following movies. Just watch, don’t think too much.

1. WarGames
2. Hackers
3. The Net
4. The Net 2.0
5. Entrapment
6. Takedown
7. Swordfish
8. Firewall
9. Die Hard 4
10. Recruit
11. Antitrust
12. Pirates of silicon valley
13. Untraceable
14. Sneakers
15. Eagle Eye
16. Enemy of the State
17. The Italian Job
18. Freedom Downtime
19. In the Realm of the Hackers
20. Mission Implossible 1,2,3

Password: Your key to the networked world

2009-09-30T09:47:00.000+05:30

I receive more than 10 calls (SOS) every month from my students, saying that someone has hacked their email password or some other password. It is a genuine problem. Before I start with the problem, I would like to ask you few questions (list is long, please take your time). My honest request to you all, please answer these questions seriously, don’t just think, don’t take more than a second, just answer – “yes” or “no” .

Let’s begin.

1.Your password is less than 6 characters.
2.Your password is nothing but a dictionary word. (A word which is listed in a dictionary)
3.Your password is your boy friend’s/ girl friend’s name.
4.Your password is your date of birth / date of the first DATE that you had / date of the first kiss (you know what I mean).
5.Your password is all small letters, you don’t use any capital letter or any numbers or any special characters in your password.
6.You haven’t changed your password in last one month.
7.You use the same password for more than one of your login id (for example your password is same for yahoo and gmail or orkut and facebook).
8.You have told your password to that special friend that you have.
9.You have kept a note of your password in your Cell phone, laptop. (you know, we are not the good in remembering things, so keep a note, anyway I don’t give my cell phone to anybody you know).
10.You were filling up a registration form for an event in your college fest, and the password you have given is the same of your gmail or yahoo account.
11.Your password is the phrase that you use very frequently, or its there everywhere, like your status message in Orkut, or your wall paper and so on.

Let us understand the serious implications of all these questions that I have posted.

1.Your password is less than 6 characters.

# If it is less than 6 characters, its vulnerable, its weak. It is all about permutation and combination. There are so many third party softwares available, which can keep on changing the permutation of the letters or the position of the letters and keep on trying till it gets it right. Now if you have a long password the probability of getting it right will be very low. (Please read Digital Fortress by Dan Brown)

Another case can be, you are not that good/fast at typing. There is always this friend of yours who is always standing on your head when you are typing the password. There is a chance that he/she can memories the keystroke. I am sure you would not want to take a risk like that.

Counter measures: Please use a long password. If the website asks you to have a password of 8 – 12 characters, try to go for the 12 instead of bare minimum 8. Practical example will be, if you want to buy a lock for your room/house you will buy a 4 lever or a 7 lever lock? I leave it to you to answer the same. If the hacker is a committed one and he will try, no matter what the password length is, he is going to try it anyway. Don’t make his life or work simple by keeping your password small. What is the password length I use, no I am not going to answer that. But I know a student of mine who has a password length of 32 characters. Hope you got the message.

There are lot many websites as well as OS which will not allow you to give password less than 8 Characters.

2.Your password is nothing but a dictionary word. (A word which is listed in a dictionary)

# This is more dangerous than having it small. There are thousand password cracking software available in Google search, which will be a dictionary based tool. How it works? Very simple, the program will take the first word from the dictionary and try if he is not lucky will get the second word from the dictionary and try. The program is nothing but an “IF & ELSE” loop, so he is going try all possible words available in a dictionary and will not stop until there is a positive match. Now a powerful computer dedicated only for this work can actually crack it in no time. As I said, a committed hacker has all time in is life to wait for that positive match. Please do some research for the term called “BRUTE-FORCE”.

Counter measures: Simple, don’t use a dictionary word as your password. If you are attached to that word emotionally, please use the same differently. For example you are looking for the word “EVERGREEN” as your password, please use “SADABAHAR”. Some one using an English dictionary will never get that word.

For your information there are many OS which will not accept password based on a dictionary word.

3.Your password is your boy friend’s/ girl friend’s name.

# This is a kind of an open secret. 50 % of the students I have spoken to fall in this category. They are so much in love with each other, that they use the password also on their name. Now when I know you, there will be a chance that I will know him/her also. You will say, “Swapan, you don’t know him/her how can you know the name” – very simple, I will try Orkut, Facebook – you know there is this friends list available. Worse, there are people who publicly acknowledge their relationship and keep the password on their name. Why only special friends name, there are people use their spouse’s name as the password, or some other name, father, mother, brother, child the list is long. Not to forget – Pet’s name.

Counter measures: Don’t get emotionally carried away, we understand that you love the person so much but don’t use the password based on his/her name.

4.Your password is your date of birth / date of the first date that you had / date of the first kiss (you know what I mean).

# This is also a very common way how one’s account is compromised (very very dangerous as a PIN for your ATM card). You mention your password to be your date of birth or any other significant event in your life, people close to you might know about it (the date or the event) and they can discuss with their other friends so they also come to know about it. Students love to dwell in telling these events and word gets around through the social networking sites too. So mentioning your password as these examples are not very secure as one hint is enough for anyone to guess and have access to an email and get an access to it. For example if my close friend’s date of birth is 28th Feb 1984 and the password can be 28021984 which is 8 character and lot many websites will accept it as a password (Please note al the major websites will not allow to have all numeric as a password). Moreover this numeric password is applicable to your ATM pin no. as 2802 or any other combination of the same numbers.

Counter Measures: So stop using dates and events for your passwords use other numeric which are random and try always combining it with alphabets and special characters. If you are anyways going to use the dates or events then do not divulge it to anyone. And keep it away from the social networking sites

5.Your password is all small letters, you don’t use any capital letter or any numbers or any special characters in your password.
# Using all small letters for your password is not a good option for securing it. It is easy for any person or any software like (password recovery toolkit) to guess it. People knowing about you will easily guess it as you have, apart from using dates or events, are using all small letters and no capital letter or special character for the password. For example using ‘sumitacharya’ as a password is totally wrong a. it has all small letters, b. it starts with the users’ name, c. it is not combined with nos. or special characters

Counter Measures: Always use special characters and combine your passwords with Capital Letters and numeric with more that 12 characters to make it a strong password

6.You haven’t changed your password in last one month.
# Keeping the same passwords for your account for a prolonged period of time makes it easier for anyone to crack it and gain access to your account. One should make it a practice to change password on a regular basis so that the account is not compromised. Ones email account is of immense importance as people usually get important details in them like job related information for working professionals, campus recruitment's for undergraduate students.
For your information its statutory to change your password for all online trading site within 14days. Lot many OS has this options to ask user to change their password periodically. We can make it much stronger by adding an additional option that you can’t change your password to the old password or atleast to the last 3 old passwords.

Counter Measures: Make it a habit to change your password every month. You can take help from the Password Manager software that apart from protecting, if set then will help you give reminder to change your password by giving you warning of expiry. This feature can be found in popular anti-virus softwares.

7. You use the same password for more than one of your login id (for example your password is same for yahoo and gmail or orkut and facebook).

# This is the most common and grave mistake that account holders make because for convenience sake when someone uses same passwords for more than one account it is definite that if someone gets hold of one password then it is easy cracking password for the other account if given same. Same goes for giving password for your banking accounts or ATM pin numbers. Someone who knows you will definitely make use of this opportunity and try to create problems with it.

Think about it, your house has four entry points, you have protected all of them with steel doors and a 7 lever lock, but what you have done is the key is same for all the four doors. I get hold of one – I get all. Its like “ek ke sath ek free”.

Counter Measures: DO NOT USE SAME PASSWORDS AT ALL! for your email, bank accounts. Even though you have more than two accounts do not give them same password, it is good to have great memory so always have different and unique passwords for all your email and online banking accounts. You will say I don’t have good memory, I will forget my password. Ok – then try something smart. Its easy to forget words but not any phrase – or an happy moment, make that a password. For example – you can make a password from a phrase like “I saw her first at the coffee shop” – this can be “ishfatcs” – now we can make that as “1shfatcS”. If you want more help, you have to pay me for the consultancy :).

8. You have told your password to that special friend that you have.

# Please! password is your very personal thing more than the special someone so letting them know your password is a very bad idea. That special friend can also become a not so special friend someday then your account will be definitely in jeopardy if the password has not been changed. Your information in the mailbox or your bank account details can be tampered by other if told to others, they might unknowingly make some changes without your knowledge which can/may cause trouble for you or your data may get deleted or even your account emptied of your money by just click of a button by that special someone.

Counter Measure: Its plain and simple just do not tell your special friend your password and try to keep to your self no matter how close that special friend is to you.

9. You have kept a note of your password in your Cell phone, laptop. (you know, we are not the good in remembering things, so keep a note, anyway I don’t give my cell phone to anybody you know).

# This is another serious mistake that people make after giving passwords to their account. You just can’t store your passwords in Cell phones or Laptops because if anyone gets an access to them, then your account is not safe. And you should always be careful while giving you laptops, external drives and cell phones to service centers because if your data still present in them and there is chance that data theft can occur and your account also might get hacked with the password info that they get from it. You might have heard the recent news of Famous Sitar player Anoushka Shanker’s account getting hacked where her pictures were stolen and for that the hacker was demanding for money. It is believed that she had given her Laptop to service center and someone had stolen info from there and hacked her account. There was another incidence where one of my acquaintances’ special friend had access to her cell phone where she had stored her ATM pin number, when she had gone out of sight the money was also gone from her account which was around Rs.40,000/-

Counter Measure: Do not save your passwords or pin nos. in your cell phone or PC’s and try remembering them. And while giving your PC’s, External Drives, Cell phones to service stations please do not have any data in them first back it up and remove [remove it – means complete erase – how to do that – ok some time next] it and then give it up for servicing.

10. You were filling up a registration form for an event in your college fest, and the password you have given is the same as your gmail or yahoo account.

# Doing this can again put you into problems. Most of the cases these sites are developed by the colleges students (don’t take is an offence – but these students are not that Professional – still on the learning stage). There are chances that the registration site will have lots pots of bugs and errors. Which some other (unholy) student will exploit and get access to your password. Now if your password are the same as you have given it to any of the other mail site – you are asking for trouble. No – names, I know a college where a student hacked into their fest registration site and showed us live in one of our workshop. Secondly, these site managers are your friends, and you know they would also like to know your password (may be only for fun). Small changes in the registration database and they can read your password as clear text – PROBLEM.

Counter Measures: Do not give the actual details while registering for some sites if it is absolutely not necessary. In case of Password always use something different and unique and definitely not your gmail or yahoo account password.

11.Your password is the phrase that you use very frequently, or its there everywhere, like your status message in Orkut, or your wall paper and so on.

# Nothing much to say on this, please watch the movie “AJNABI” where Mr. Boby Deol (our hero) tries to access the Mr. Akshay Kumar’s (the con guy) online bank account. Oh oh – the password “ every thing is planned”. – enjoy the movie.

Nettech Summer Program – 2009

2009-09-03T09:56:00.001+05:30

Looking back – Some interesting figures

3 - No. of students left behind for being late during adventure activities/ sight seeing
5 - No. of students expelled from the program
5 - No. of dance parties during the program
6 - No. of Program venues across India
6 - No. of Days spent for adventure activities / sight seeing
15 - No. of Tata Sumo booked for the trip to Nathula Pass
27 - No. of Team members for Summer Program 2009
66 - No. of students couldn’t qualify (Received Participation Certificate)
78 - No. of Days of non-stop activity
85 - No. of days Santu Sir worked non-stop, without a single holiday
130 - No. of Pizzas ordered from the Dominos for the Pizza party at the India Gate
226 - No. of Pepsi bottle (300ml) ordered for the Pepsi party at Red Fort
1093 - No. of students participated in the summer program 2009
1152 - No. of theory and lab hours (all 6 venue put together)
21034 - No. of Kilo Miters traveled by Swapan during the summer program

Email Hacking:

2009-05-16T22:35:00.000+05:30

Its our aim to generate Information Security awarness among students so they can participate and build a secure and reliable internet community. My sincere request to all students will be please do not use any of our suggestion or tips for a wrong or unethical reason. All the best !!!

Mr. Patjoshi (named changed) is an eminent Professor in the field of Physics. He teaches in a well known Govt. University in Kolkata. He is a frequent flier; he travels to across the nation as well as abroad to attend various National & International Seminars. He is also respected & well connected in the corporate sectors in the country.

January 2008 when he was in Nigeria to attend an International Conference, he lost his handbag which had his passport, money & very important papers. He was virtually left with no money. Under this circumstances he sent an email to one of his close friend Mr. Dey, Managing Director of ABC Ltd. back in Kolkata & requested him to send him some money on urgent basis. Mr. Dey on receiving the email requested one of his colleague Mr. Som (who was in South Africa during this period) to enquire & help Mr. Patjoshi. Mr. Som sent an email (cc to Mr. Dey) to Mr. Patjoshi & requested him to provide him the Name & Address so he could moneygram the requested money. Mr. Patjoshi requested him to send the money in the name George Pent, Manager XYZ Hotel, Nigeria. Same evening Mr. Som sent Rs. 2500/- US$ through moneygram to the address mentioned in the email.

After a week Mr Dey met Mr. Patjoshi in a rotary club meeting in Kolkata, & asked him about his trip to Nigeria. Mr. Dey was in a complete shock when he was told the Mr. Patjoshi was in Kolkata last week & he has never visited Nigeria in his life time. Apparently Mr. Patjoshi Informed Mr. Dey that the email account is in question has got some problem. For last 10 days, he is not able to login to the same account, some password problem, even the forgot password option is also not working.

After investigation it was found that all the email received by Mr. Dey or By Mr. Som was originated from IP addresses which belong to Nigeria.

Status: Investigation is on

Email Hacking:: inside

How could someone know Patjoshi’s password?

Situation 1: Mr. Patjoshi has told someone his password, someone very close to him. That some one has used the opportunity to rob Mr. Patjoshi.

# Never disclose your password to anybody, there is always a possibility that person will misuse the same. Never write down your password in any place. Don’t have same password for more than one account. Is same as having 4 different locks & but one key for all.

Situation 2: Mr. Patjoshi may have accessed his email account from a public computer (cyber café, office common area). Computer he used could have stored his password on the local browser, so someone who accessed that computer after he left will be in a position to access Patjoshi’s email account with auto complete/fill up option of the browser.

# Always make sure that the auto save option / remember password option in the local browser is switched off. Make sure that you clear your browsing history & also delete all cookies from the computer that you have used in public places.

Situation 3: The computer Mr. Patjoshi used to access his email account may have been affected with a Trojan (a tiny software code which can record all the proceeding & work of your computer & then email it to a predefined destination).

# Usage of original antivirus & regular update of the same along with regular scan of the computer for all these malicious code could prevent such thing.

Situation 4: Mr. Patjoshi may have downloaded some third party software from the net or installed some third party games without proper checking, which may have infected a Trojan or installed some key-logger in his computer.

# Do not install any third party software or download any code from any non reputed website which may install a malicious code in the computer

Situation 5: Mr. Patjoshi may have used any proxy sites some time to access his own email account. Which could have store the ID & Password for his email account.

# Never use any unsecured proxy site to access your email or bank account.

Situation 6: Mr. Patjoshi could be a victim of Phishing sites. (see my earlier blog on Phishing)

Situation 7: Password use for the account or the answer for the secret question under forgot password option could have been very easy to guess.

# Always use alphanumeric & special character for the password. Don’t use any dictionary word. Try to have more than 8 characters as password. Regularly change the password. Answer to the secret question should be a very personal one; no body should be able to guess that.

e-mail attachments

2009-04-11T18:30:00.000+05:30

Fake / Fraud email

2009-03-27T16:35:00.001+05:30

After the blood bath of Bangalore & Ahmedabad in last week of July 2008, Calcutta was on high alert for a possible terrorist attack. What happen for a week was wide spread rumor, fake phone calls/sms with bomb hoax. The icing on the cake was an email apparently sent from a cyber café in Saltlake to some of the media houses in Calcutta. What followed was panic. The owner as well as the person who was responsible to look after the day-to-day management of the café was taken under custody by investigation authority.

Police could trace the IP address used to send the email to the Saltlake cyber café but they failed to identify the person who has sent the email.

Status: Investigation is on

Fake / Fraud email:: inside

With the mushrooming of web based free email provider, it takes less than 3 minutes to create & own an email account. Surprisingly there is no system in place to check the authenticity of the data provided during the creation of the email account. End result we have a system by which you can walk into any of the cyber café in the country create an email account send few email to the media houses in the country with a subject line “BOMB Planted in ABC School/College/Office” & walk out, without having to worry that one can trace the email back to you.

Why can’t we trace these culprits?

Hurdle 1 - Unlike PCO booth where one will have unique phone no. for all the machines/handsets, in a cyber café all the computers shares a one (in some case two or three at max) IP address to connect to Internet. As there is no centralized record keeping or a log system in most of these café’s it becomes almost impossible to locate which computer in the café has accessed which site & at what time.

Hurdle 2 – If one had a log system to locate the access of a particular site from a particular computer at particular time. The Herculean task will be to identify the person who was using the computer at that point of time.

Hurdle 3 – With different time zone is in use in the globe, it becomes difficult to ascertain the time in which the email was actually sent. The café which uses the service of a local ISP will have a setup for a different time zone, whereas the web based portal from where the mail was sent can have different time zone. The receiving email server may be in a different time zone. For an investigation officer it becomes tedious job to identify the actual time of crime.

Hurdle 4 - Technical glitch, this is the mother of all problems; there are websites which allow users to hide their IP address. With the help of one of this web site one informed/learned user can send an email sitting in Kolkata which will be traced back to some cities in Nigeria or North Korea. Unless one gets active help from these countries it will be an impossible task to catch the sender.

The e-mail protocol (SMTP) has no authentication by default, so the con person can pretend to originate a message apparently from any e-mail address. To prevent this, some ISPs and domains require the use of SMTP-AUTH, allowing positive identification of the specific account from which an e-mail originates. But still there are plenty of SMTP servers in the world available which can allow unauthenticated email.

What investigation authority did was issued an order for all cyber café in the city to record usage of their computers by keeping a record for all customers, their name, address, in time, out time & computer used. All cyber café’s are asked to check a valid photo identity proof for the prospective customer before allowing them to use the café facility.

A welcome initiative, but what they have not notice is, there are few other not so public place from where one can send the similar email & still will go untraceable. These places can be any place where more than one person uses a single computer to access Internet without proper authentication or log system. Example: Computer labs in educational institutions. Computers in office or work places.

Prevention:

Accountability: one has to be accountable; it may be a cyber café, office or an educational institution one has to be accountable for the usage of internet in their premises.
CERT (Computer Emergency Response Team) in India has to come up with some solution how to tackle with anonymous proxy sites in India.
One needs to go through the email header carefully for any kind of doubt on the mail content.
People need to be informed about the possibility of fake/fraud email messages.
Proper log keeping at various level, so one can cross check.

Time has come that we start taking email account creation a bit seriously & start proper verification proceedings or some referral system by which one can trace the physical person through an email id.

Its our duty !!!

2009-03-17T09:18:00.000+05:30

Its our duty, we need to act. Next time you visit a cyber cafe, make sure that you sign in your contact details in the cyber cafe log register. Its important for the national security, its important for us. Stop passing the responsibility to the others - to the Police, to the Govt. Let's make a pledge next time when we visit a cafe - we will record our details. If the cafe doesn't have a record book - request him to maintain one.

Let's act together to stop cyber crime, I know maintaining a log book at a cyber cafe will not be enough to stop the crime, but at the end of the day you can say - 'I have done my part of the job'.

All the best.

Vishing:

2009-03-06T18:36:00.001+05:30

The term is a combination of voice and phishing. Vishing exploits the public's trust in landline telephone services, which have traditionally terminated in physical locations which are known to the telephone company, and associated with a bill-payer. The victim is often unaware that VoIP allows for caller ID spoofing, inexpensive, complex automated systems and anonymity for the bill-payer. Vishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals.

It will start with a fake email sent from bank authority which will strongly discourage the customer to click on the hyperlink instead it will ask to call a specific telephone no & talk to the customer care executive. When a customer calls at that no. he will be connected with Interactive Voice Response system (IVR) which will request the customer to key in the debit/credit card no along with the pin no. to verify. At no point of time customer can guess that it’s a fake telephone number with complete fake IVR system where he has just given his original bank/card details. Now depending upon the mode of operation the con will rob the innocent victim by using his debit/credit card details on any online financial transaction.

Phishing: All you wanted to know

2009-02-04T15:52:00.002+05:30

Mr. Saibal Banerjee (Name changed) resident of Salt lake area is working with a reputed private sector manufacturing company. Alok, his son is pursuing his degree course in engineering from a private engineering college in Bangalore. Mrs. Banerjee teaches English for class VII & VIII students in a local English medium school.

Banerjee family banks with a leading private sector bank in the country. They use ATM as well as net-banking facility of the bank for regular banking related activity as well as for buying rail tickets & paying the monthly bill for their telephone connections.

Mr. Banerjee has a desktop computer (It’s a branded PC loaded with original Windows operating system, he with the help of his son has installed a pirated copy of the Microsoft Office, his antivirus software which came bundled with the PC has expired 6 months back) along with a broad band internet connection at home which helps him to keep in touch through email/online messenger with his son in Bangalore. He also uses his internet connection to access his bank account online.

One evening he received an email from his bank the text of the email given below. (I have used the ABC Bank for case purpose)

From: customercare@abcbank.com

Subject: Important Fraud Alert from ABC-Bank

Body: Dear ABC - Bank Account Holder,
On January 10th 2008 ABC Bank had to block some accounts in our system connected with money laundering, credit card fraud, terrorism and check fraud activity. The information in regards to those accounts has been passed to our correspondent banks, local, federal and international authorities.
Due to our extensive database operations some accounts may have been changed. We are asking our customers to check their checking and savings accounts if they are active or if their current balance is correct.
ABC-Bank notifies all it's customers in cases of high fraud or criminal activity and asks you to check your account's balances. If you suspect or have found any fraud activity on your account please let us know by logging in at the link below.

The email then contains a button that reads "Click Here to Login". Clicking the button appears to take the recipient to the web address www.abcbank.com which instead is a criminal North Korean site.

After 3 days when Mr. Banerjee checked the balance of his bank account, he was horrified the money he kept for his son’s annual college fee is all gone. The balance of the account is merely Rs. 1200/-. He could see that there are two separate money transfer transactions which amount to Rs. 92,000/- from his account. He couldn’t recall any such transaction of his own. Same day he contacted the bank authority & was told that he is one more victim of the growing cyber crime called Phishing.

With the help of the bank authority he lodged a FIR in the local police station. Soon police swung in action & arrested one person named Chattaraj from Siliguri town in whose account the money was transferred.

Chattaraj’s story: In last October he was approached by one Mr. Parekh from Rajasthan over phone. Mr. Parekh has is business in Rajasthan & Gujarat, he was looking forward to trap the growing North-East market. He was looking for business associates in Siliguri. Mr. Parekh has already done his own investigation & was impressed with Chattaraj’s business operation & moreover his good will in the market. Parekh proposed to Chattaraj to share his bank account details with him so he could pass on the same to all his customer & associates in North-East. Business responsibility for Chattaraj is quite simple, customers will deposit money in his said account every week. He has to withdraw 90% of the same in cash & deposit in another Pvt. bank, whose account details were provided. For doing this over simplified job Chattaraj got 10% of the money transacted. He was very happy. He never met Parekh in person.

During investigation police found the personal details given by the Parekh was fake. The bank account where the money was transferred was opened with fake information & address. All the money withdrawn, expect some Rs. 10000/- was left in the account.

Status: Investigation is on

Phishing:: inside

In computing, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from online banks are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail, and it often directs users to enter details at a website. Phishing can also be used against senior executives or colleagues or class mates to collect their user ID & password for any web site (mainly the email sites).
Fake email: Today with growing usage of internet it’s very easy to send a fake email. One need not know the password of the account but still can send an email from that account. (Header of the email will reveal that it was not send from that account, & is a fake)

Web site: With thousands of free hosting sites available it will take less than 5 minutes to host a web page which will be 100% similar to the original site.

Hyperlink: The fake email will ask to click on the below web link to go to the bank site. Ex. http://www.abcbank.com/secure/personal/banking%%/Customer#?
but in reality it will link to http://219.13.12.13/customer/secure/login.php (fake destination created by the con guy)

Prevention:

# Check the email header for authenticity
# Never click on a hyperlink to go to any site, type the URL address of your own in the address bar.
# Use proper spam filter for your email account
# Use up-to-date antivirus (Phishing filter for the website you visit)
# Any discrepancy alert the bank
# Proper awareness for banking customer by the bank
# Checking of website content by law enforcement or regulating authority.
# Control on website hosting

Common Information Security Lapses

2009-01-23T18:12:00.001+05:30

Mistakes made by common/end users

* Opening or downloading e-mail attachments without verifying their source and checking their content first.
* Not installing an Anti-Virus software or regular update for the same.
* Not having updated security patches for the Operating System or for any other application installed in the computer.
* Installing programs or games from unknown sources.
* Not keeping proper backups
* Using an unsecured modem while connected through a local area network.
* Using USB or other removal device without proper virus scanning
* Accessing Intranet or visiting important or secured websites from an unsecured computer from a remote location. Ex. Cyber café.
* Sharing passwords or important network information with friends or strangers on a very informal platform.

Mistakes made by Business owners / Senior Executives

* Hiring people without a proper background check on them.
* Assigning people with limited knowledge to maintain information assets
* Providing neither the training nor the time to make it possible to learn and do the job.
* Lack of IT domain understating for the top executive, resulting a very casual approach towards IT security.
* Failing to realize the impact of a security breach in terms of Money, Time and more over reputation at risk.

Mistakes made by Information Security Department/Team

* Underestimating the capability of others, namely Hackers.
* Implementing solutions without investigating known security threats or bugs of the same.
* Limited or no security Audits.
* Keeping easy physical access to information assets for end user or a stranger.
* Improper logging or backup of data for foot print record, in case of a security breach.
* Failing to update systems against new bugs/virus found.
* Concentrating on very few selected issues, rather than taking all of them seriously.
* Having a reactive approach than a proactive approach.
* Making a few fixes and then not performing the necessary action to ensure the problems stay fixed.
* Making servers live/production before securing them.
* Connecting servers to the Internet with default accounts/password or password provided by vendors during installation/implementation.
* Failing to update systems when security holes are found.
* Using telnet and other unencrypted protocols for managing systems, routers, firewalls, and PKI.
* Giving users passwords over the phone or configuration information
* Failing to maintain and test backups.
* Running unnecessary services on the live server. Keeping unnecessary ports available to the users.
* Implementing firewalls with faulty rules.
* Failing to educate users on what to look for and what to do when they see a potential security problem.
* Giving too much information or a very complex access system to an end user. Providing users with too many usernames & password and making things difficult for the user to manage the same.

Mistakes made by law enforcing / regulating authority

* A reactive approach rather than a proactive approach.
* Lack of knowledge / information about the cyber crime & the effect of the same.
* Judicial system: No or lack of domain knowledge on the information security system.
* Lack of infrastructural support & training to handle Cyber crime.
* Lack of co-ordination between Internet service providers & law enforcing agencies.
* Not much control over the internet usage & internet community at large.

What a StArT

2009-01-01T10:42:00.001+05:30

Day one of a new year. At Nettech its just another day. Life is just a bit different here - we start the day with a happy note - a theory test, 20 minutes 25 marks.

One will wonder what we did last night, I mean 31st night. One has to be bit innovative to think what we did. After a dull test evening (our own Ten-10), we assembled for a camp fire. Fire was readily available, but woods came after a proper Age-Of-Empire wood collection style. Some went Scouting, some went for Supply chain. It was different, different than any party in any part of the world. One has to be there to feel it.

As far as the Music System & Live band, one cant match all the Network Engineers, they just know how to start & forward. All type of packet .. ooops sorry Song.. Bengali, Telugu, Bhojpuri, Malayalam, English & our very own HINDI style. Life was different.

Oh - forgot to mention after the Camp fire one really needs to consult Sharlok Holmes, to find out where the original camp fire was. Thats Nettech Team.

Do let me know your feedback.

Oh- one more today for a change we will have a movie show.. what movie.. that me to know & you to guess.

Enjoy..

HaPpY nEw YeAr

Swapan Purkait

Nettech

2008-12-31T18:09:00.000+05:30

We never thought, that we will be a part of the so called "BLOGGER - Community" - anyway its our first posting.. lets see how it works.. if things does work.. we will have lots of new thing on this Blog. So do visit us back on this page - "blog.nettech.in".

Looking forward

Swapan Purkait
Program Co-ordinator, Nettech
+ 91 93315 90003
1-800-300-90003
swapan@nettech.in
www.nettech.in