Nettech | Official Blog site | Networking | Update on Hacking and Cyber Crime

http://www.nettech.in/blog

2012-04-29T08:21:00.003+05:30

Dear Friends,

We are changing, so is our blog.

Please note we have shifted our blog page from Blogger to our own web server.

Our new blog address as on date is:

http://www.nettech.in/blog

Looking forward to meet you all in our new address.

Team Nettech

This summer, see you in GOA !!

2012-03-30T14:19:00.001+05:30

You are relaxing on the sands of Goa, enjoying the breeze and waters brushing your feet, beguiled and content with your life.

While back in your room, someone from the USA is clicking pics from your webcam, accessing your hard-disk, changing your passwords and emptying your credit cards. Or better still, your Android, BADA, Symbian or iOS is sending your EXACT location to that guy even while you are reading this.

This is the power of hacking. And if you wish, this will soon be the power of YOU so that you can stop such things to happen to YOU!!!
If you end up being at this programme, after the 15 days' sessions, your mind will be begging you to stop, but your curiosity will not let you to, you will be left wanting for more, targeting unscalable depths of hacking.

Why do you need this? Well simple, this world is no more a safe place to be in. One loophole meant a thousand vulnerabilties. And a thousand vulnerabilties means another thousand loopholes. Once you know how a hacker works, you know how to secure your own self from the hacker's virtual claws.

Welcome to the world of Hard-Core Hacking, a full 15 day venture of your life, which I promise you would never forget in your entire lifetime, where you will be taken on a drive to Ethical Hacking and Network Management. And by the end, to pack it up, you all will hack it up and take up a project on the stuff you learnt during the programme.

The prerequisites are NIL. You need to know nothing to be eligible to sit in the programme. We will begin with the basics of LINUX OS and Networking and swept towards the world of WebSite Hacking and System Hacking, moving towards the most advanced OS made BY THE HACKERS AND FOR THE HACKERS, The BackTrack Operating System!

Know what? You will be playing from Novice to Hardcore in just 15 days.

Program Highlights:

# Live Demonstration of Latest Hacking Techniques & Tools along with insight into the real world Network Management.
# Hands-on practice with live servers to practice the Hacking Counter Measures.
# Binary Pirates :: Live Hacking Contest for the participants, winner of which get's a merit certificate and goodies!
# Understanding the Linux operating system right from the very basics to a pro in just a fortnight.
# Understand computer networking in-depth starting right from the installation of linux and creating your own LAN wire to understanding complete concepts of user and file system management in linux, Routing, FTP, DNS, DHCP, Samba, NFS, Apache, SMTP configurations !
# After a complete overview of linux, dive into BackTrack, the most advanced OS for the Hackers and understand tools like Metasploit Framework, Armitage, Social Engineering Toolkit, Aircrack-ng, Nmap, Ophcrack, Ettercap, WireShark --- all this in depth and see for yourself how in the real world penetration testing is done.
# Complete a full project of your own by the end of the program.
# Regular T-10 ( 10 minute 10 marks tests )
# Demonstration of the various cyber crime investigation cases giving you the idea about how in the real world, UNethical hacking is done, and more importantly, how the UNethical hackers are caught by the cyber crime branches across the globe.
# “Certificate in Network Management & Ethical Hacking” to each participant of the programme. :: Certificate will be awarded by Nettech (an ISO 9001:2008 Company)
# Top 10 students of the programme get special merit certificate along with goodies from Nettech.
# Group visits to GOA beaches + GOA sightseeing (which includes visiting oldest lighthouse in Asia + visiting the Old Goa Churches)

And the whole package comes to you just @ 7000 INR per head.

You get to explore a parallel universe which you thought never existed. Be ready to go paranoid about everything, doubt everything, that's how you avoid getting hacked. Plus, after we hack, we jump into the mood of Goa, with parties and beaches and scuba diving and paragliding and water scooters and treats and prizes. You do not want to miss this. You definitely don't

Our Motto of the Programme ::
If you don’t leave here more paranoid than when you came in, we haven’t done our job

You will be so enthralled, trust me, you will say, Gotta Hack 'em All.. See you in GOA, very soon :)

The Program is on first-come-first serve basis with limited seats for the centre.
For more details please visit http://www.nettech.in/summer/training/2012/goa/

Please Note ::
Hostel facility is available on a twin sharing basis for the program and the hostels would be inside BITS-Goa Campus. Charges for the same will be Rs. 5,000/- per head inclusive of accommodation and food charges for 15 days, for details please call Sunayana at +91 93395 90003.

New course on Web Development # 2

2011-11-11T14:32:00.002+05:30

In this changing era of IT and its applications, one needs to be updated with the technology. All the information, all the interaction, all the connection with this changing era can only be possible with a real life connection with the IT world. But here the question comes, what is the medium to connect with it. What is the method for this connection? The pure answer is www. i.e. World Wide Web. As the name says, it is the medium or the platform to connect common people with the technology worldwide.

Earlier this interaction or connection was made through codes, the coding languages only, which were understood by the technicians or the group of technical people only. But, nowadays an introduction to web technology has made it possible for the common people also to communicate through internet.

The concept of Web development is like as same as to develop or make such applications or such websites which can help common people to communicate with each other. These websites or the applications can be an information publishing website or the interacting websites. The difference is that in information publishing or static WebPages one can't send any data or message while in a dynamic website, one can send as well as receive the data or information.

This course by Nettech will help the students to develop such user friendly or user-interactive solutions or WebPages that can be easily handled by our common people i.e. "our janta" also... After completion of this course, one will be able to develop various web applications and websites. This project based training program will help you to get live with the real world. You will be acquainted with the present web development scenario and the methodology used in corporate world.

You will be able to develop your own solution, your own website or your own application. You will be able to provide business solutions, corporate solutions, e-commerce solutions and various static or dynamic websites. The web forums, blogs, social networking websites, chat applications... All web interacting things will float within your control. Also through this course you will get a free .in domain and hosting space , using which you can implement your own ideas live.

Why Nettech is getting in to WEB Development ?? very good question, we at Nettech planning to start a new department where in we can take up work on network level application development, we have network guys what we need is pool of web developers who can do the work. Please note we are not leaving networking at any point, this new course will be step to go big on networking only. If you know we have Netmin projects - but we still use webmin - so why not some web based netmin. Why not our own email client rather than sendmail - the list is long !! To make it short please note we are not deviating from Networking, we are going more deep on the same !!

So, get ready for this 60 hours course for an encounter with the reality behind web. Learn it, control it and master it... See you all this winter at Kolkata :-)

With inputs from Prakhar Prateek.

Nettech's new course on Web Development - What's in it for you !!

2011-11-06T18:57:00.000+05:30

Mr. Rahul Kapoor is an owner of departmental store. He wants to introduce the concept of free home delivery on all orders greater than Rs. 250. He wants to publicize it in the city and is bit skeptical about the payment mechanism. Her wife Mrs. Kapoor is a fashion designer and runs boutique. She has some amazing designs with her and wants to expand her business but does not know where to start. Their son Rohan is a medical student and is a very good musician. He along with his friends is organizing a music night at his college. He is perplexed about the way registrations will be done for Music Night. He wants to get registrations before the event so that arrangements can be made accordingly. His sister Ruchita is a member of NGO which fights for rights of women. This NGO wants to make people aware about their efforts. They want people should get notifications about their activities on mobile phones so that they can contribute to NGO’s effort.

You are Rohan’s best friend and doing computer related course in some college. You visit his place to wish his family Happy Diwali. His family wants to know if you could help them with your CS/IT skills. Can you help them ? If Yes can you provide a complete solution to their needs or you can just guide them about these ideas? Do you have any similar business Idea? Can you see similarity of the above ideas?

Do you have a same kind of solution to all these problems or problems related to these problems? The solution to above ideas can be answered in one line …take them to web. All the above ideas need a transformation from an idea to a complete web based solution that you will be able to provide after doing our course. :)

Mr. Rahul Kapoor can build a online departmental store website and link transactions through payment gateway. He can even link the system with sms gateway handled by backend web server. He can manage his store’s inventory, sales and delivery all via one solution.

Mrs. Kapoor can build a great website with some awesome jquery affects providing a great UI that can attract customers. She can link her website to social network like facebook where each design liked by customer spreads to people and so on helping in publicity also.

Rohan can build a website describing about his event link it with facebook page and google calendar. All registrations can be done online and linking with social networks give publicity.

Ruchita can build a website for NGO. They can create a mailing list and send notifications about their events.

Anything that needs to go big, anything that needs a solution that is accessible everywhere, whether it’s a tuition teacher giving notes to students or it is some music event / dance night or its some new startup with a brand new idea. What you need to know is just one thing - How you can take it to web and manage the same. Once it’s on web the power of internet based solutions will help you flourish your ideas.

If you want to know how to build interesting web solutions for various daily life problems then this course is for you, it does not matter which stream you belong to, ideas and boundaries don’t have limits, if you have some great idea, we will help you and teach you how to transform it into reality. In this 60 hour course you will enjoy every bit of it, if you like practical answers to practical problems. Looking forward to meet you all - this winter for a new journey !!

---

With inputs from Mr. Smarth Behl, Student, BITS-Pilani K.K. Birla Goa Campus.

What is that we will do in the ERP course!!

2011-02-14T13:48:00.000+05:30

We will integrate all business function of a hypothetical company in one application, resulting a single window for communication with the entire enterprise. Lets take an example of a cola company (my favourite – you will have minimum two cola cases during the course). For simplicity purpose lets assume the company only produces one drink – LMN (the nimbu pani).

To produce the same what is that you need, to start with the raw material for example – we will require lets say 200 ml water, ½ lemon, and two spoon of sugar (I know this is not enough – take its as an example only). We will also require an empty bottle, label for the same and a cap. Then comes packaging – may be a crate to hold 24 bottles.

Now think of running the plant for 3 shifts, assuming you would like to take the advantage of the plant and machinery already installed – to maximise your profit. You will require human resource, now we have to plan for the no. of people required for each job multiply that by 3 shifts, should we pay for overtime or should we employ more people to run the plant. Please do remember that there is always the option for outsourcing. You can understand that, only to produce lemon water you will be required to maintain staff records to calculate the wages, overtime and always weigh your option against outsourcing. Here we will integrate human resource management with your manufacturing process, which will do the resource handling, recruitment, salary, welfare and lots of the other functions.

Now let’s come to your stock location, you should plan your manufacturing according to your stock condition, so your store house’s physical location should be optimised – small area you will have problem, vast area – is wastage of real estate and your capital as well. Now – stock can be in different locations, different cities, different countries, think of Boeing or Airbus – think of their size, no. of raw materials required and the dispersed stock location. I hope you are able to visualise if we can give an integrated application which can give exact quantity of materials available at any given point of time – that will have a tremendous value addition for any enterprise.

Now think about a system which will generate automated purchase order and also send the same to your suppliers depending upon the minimum stock rules that you set for a product, as far as for our example, you have decided that you will keep 1000 lemon at any given point of time, so the moment your lemon stocks becomes 999 it will send an order to your preset vendor for another 500 or a set-quantity on real time. – think the managerial implication of the same. Now there is a catch – you need 200 lemon everyday for your production and it takes 4 days to get a new stock from your vendor and if you are in West Bengal which is a Bandh loving state, your entire projection would change. – So here we will add purchase management to your system.

As far as manufacturing is concern – how do you know how much to produce? , so we will integrate your manufacturing to your sales management system. So depending upon the sales forecast – and the stocks available – you will produce the item. Now if you have a wrong forecast – lets say demand is actually more, for example for 1000 bottles – but your sales team says 800 will do, the result will be stock out, end result you go to a shop to ask for your brand, it is not there you drink some other brand, so company brand image is gone, you loose out on sales and market-share. – So can’t do stock out. In other case – you produce 1200 where as the demand was for 1000 - you will have excess stock, no place to keep, your money is stuck, more over some stock will have validity or expiry date.

Add all these chain with logistics. You are required to send material to Madhya Pradesh – from where will you send, Delhi, Kolkata or Mumbai. How do you decide, cost, labour, transport – life is going to be more complex. Think about a demand of 1200 in a region where as your truck can carry only 1000 bottles at a time, what will you do, send 1000 and another truck of 200, which will any ways take the charges for a full truck. Now – putting the incoming stocks in your storehouse, a truck has come with full load, but your store in-charge is not aware of the same – but with a integrated application, the moment purchase places an order of the same will reflect in your stock dashboard – the materials are on their way – will reach by this date.

Don’t forget to add finance with all this, one has to know, when to pay, what to pay it is your good-will that matters the most. In other case, the finance is required to collect money on-time, or it will be a bad-debt. After all you need to submit report for your legal requirements – or there will be scams.

All that and many more is what I will say is ERP. What’s in it for you, honestly you will not get ERP course at a price that we are offering. More over you will get the same course from various institutes who will kill you with boring lectures and theory – don’t worry we will not do the same. For this course laptop is compulsory, so we can install the application and utilise our time at the maximum.

As a career opportunity, if you have read this so far, you will understand this is different, this is not one particular subject, not only database or not only coding or development, its mix of all. It will surely open new ideas and paths for the serious ones – who are looking forward to work on the same.

If nothing works, think about yourself as a development guy, who knows why you are doing the work, what is the requirement for a particular module on a macro level against an engineer who is coding something – only because he was asked to do so, without having much appreciation for what the module will do.

I think this will be reasonable, for you to decide, if you require any further clarification please post a comment here, we will get back to you.

Why Learn ERP ??

2011-01-31T09:01:00.000+05:30

Enterprise Resource Planning (ERP) integrates internal and external management information across an entire organization, embracing finance/accounting, manufacturing, sales and service, etc. ERP systems automate this activity with an integrated computer-based application. Its purpose is to facilitate the flow of information between all business functions inside the boundaries of the organization and manage the connections to outside stakeholders.

ERP software drives productivity by leveraging an integrated framework making it possible to “do more with less, be more deliberate with IT budgets, and demand a higher ROI”. Investment in software isn’t always an easy undertaking during a turbulent economy, but if you step back and look at the big picture, it’s an essential move if you want to come out of the downturn ahead of the competition. A study by the McGraw-Hill Laboratory shows that “companies who continued strategic spending during a recession outperformed non-spenders and experienced revenue growth of 275 percent during the first full year of recovery.” For example, in the Order Central implementation of the Dynamics ERP for the Microsoft Business Solutions division of Microsoft – the ERP implementation was able to help drive cost savings of U.S. $2 million a year in reduced IT support requirements and U.S.$1.5 million in reduced staffing requirements. That is approximately $3.5 million of savings a year! No small change even for a giant like Microsoft.

So how did these savings come into play? There is no single magic bullet. It is a combination of reduction of many manual processes that lead to higher productivity. For example at Microsoft Business Solutions a report that used to take 2 person days of effort is now produced automatically by the system in minutes. Deb Remboldt, Accounting Services Manager at MBS validates this. According to her, "All our worldwide partners now have online access to their statements and invoices. Through this online functionality, they can advise our credit and collections team on what invoices they are paying and which credit notes to allocate online. This functionality has already streamlined this process significantly and simplifies this interaction.”

ERP Advantages ?
The fundamental benefit of ERP is that by integrating the myriad processes by which businesses operate, it saves time and expense. Decisions can be quicker and with fewer errors. Data is visible across the organization. Tasks that benefit from this integration include:
* Sales forecasting, which allows inventory optimization
* Order tracking, from acceptance through fulfillment
* Revenue tracking, from invoice through cash receipt
* Matching purchase orders (what was ordered), inventory receipts (what arrived), and costing (what the vendor invoiced)

ERP systems centralize data. Benefits of this include:
* No synchronizing changes between multiple systems - consolidation of finance, marketing and sales, human resource, and manufacturing applications
* Enables standard product naming/coding.
* Provides comprehensive view of the enterprise (no "islands of information"). Makes real–time information available to management anywhere, anytime to make proper decisions.
* Protects sensitive data by consolidating multiple security systems into a single structure.

Why learn ERP ?
Enterprise resource planning holds a promising future in terms of employment. The professionals are second to none in terms of demand. Many Thanks to the intuition of companies that have made them realize the importance of ERP. The researches conducted by the leading IT consultants have also drawn positive conclusions. They point a vibrant and an ever expanding growth for ERP given the increasing tendency of companies to mechanize and automate enterprise operations. ERP has been the preferred and still continues to be favourite choices among other applications like Customer relationship management.

ERP job opportunities
ERP vendors: ERP professionals have lots of opportunities to seek employment from ERP vendors. ERP vendors will be requiring their services right from implementing, deploying and making pre consultation services and so on. Formerly ERP vendors were hiring them only on service basis. This scenario has undergone a change because the vendors are reluctant to shift manpower team for reasons like convenience and maintaining the confidentiality of business secrets.

Corporate giants: However ERP professionals have enormous opportunities in corporations that invest huge money in ERP. Those companies require the service of ERP professionals in order to strengthen the in-house IT team. By and large many of them have been observed in companies in the aftermath because companies unconditionally realize the need for their continual service for an indefinite period during the time of implementation.

Functional Consultant: Persons with prior experience in diverse backgrounds will be preferred for this job. There is no stigma on the qualification aspect. Candidates from all streams will be considered. However technical knowledge will be a prerequisite. In additions an all-rounder will be preferred for this type of ERP job.

ERP training: This is another lucrative market considering the demand for ERP professionals and the average salary drawn by them all over the globe, of late ERP training has by itself become a very large industry and has been expanding into a fast growing segment. Leading companies like Oracle, S.A.P. and Microsoft offer lots of training programs in collaboration with reputed institutes. They offer certifications that are well recognized in the international market and MNC'S. Leading business institutes conduct special programs on ERP. ERP is also becoming a favorite research topic for management students (from business angle). In fact ERP is being introduced into management curriculum with its intervention in supply chain and warehousing segments. ERP training is offered by the companies in institutes or in companies or both depending on the policies of the company and the requirements in the market.

Beware : Top 10 web hack techniques !!

2011-01-30T12:33:00.000+05:30

1. Padding Oracle Crypto Attack -- The hack takes advantage of how Microsoft's Web framework ASP.NET protects AES encryption cookies. If encryption data in the cookie has been changed, the way ASP.NET handles it results in the application leaking some information about how to decrypt the traffic. With enough repeated changes and leaked information, the hacker can deduce which possible bytes can be eliminated from the encryption key. That reduces the number of unknown bytes to a small enough number to be guessed.

2. Evercookie -- This enables a Java script to create cookies that hide in eight different places within a browser, making it difficult to scrub them. Evercookie enables the hacker to identify the machine even if traditional cookies have been removed.
3. Hacking Autocomplete -- If the feature in certain browsers that automatically completes forms on Web sites (autocomplete) is turned on, script on a malicious Web site can force the browser to fill in personal data by tapping various data stored on the victim's computer.
4. Attacking HTTPS with Cache Injection -- Injection of malicious Java script libraries into a browser cache enables attackers to compromise Web sites protected by SSL. This will work until the cache is cleared. Nearly half the top 1 million Web sites use external Java script libraries.
5. Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution -- Gets around cross site request forgery defenses and tricks victims into revealing their e-mail IDs. Using these, the attackers can reset the victim's passwords and gain access to their accounts.
6. Universal XSS in IE8 -- Internet Explorer 8 has cross-site scripting protections that this exploit can circumvent and allow Web pages to be rendered improperly in a potentially malicious manner.
7. HTTP POST DoS -- HTTP POST headers are sent to servers to let them know how much data is being sent, then the data is sent very slowly, eating up the servers' resources. When many of these are sent simultaneously, the servers are overwhelmed.
8. JavaSnoop -- A Java agent attached to the target machine communicates with the JavaSnoop tool to test applications on the machine for security weaknesses. This could be a security tool or a hacking tool, depending on the user's mindset.
9. CSS History Hack in Firefox without JavaScript for Intranet Port Scanning -- Cascading style sheets, used to define the presentation of HTML, can be used to grab browser histories as victims visit Web sites. The history information can be used to set the victim up for phishing attacks.
10. Java Applet DNS Rebinding -- A pair of Java applets direct a browser to a pair of attacker controlled Web sites, forcing the browser to bypass its DNS cache and so make it susceptible to an NDS rebinding attack.

Team Nettech 2010 – Best of The Best !!!

2010-08-17T10:16:00.001+05:30

6 Different Centres + Same Course + Same Standard + Same Precision + Always On time + Some time sweet + Some time rough + Excellent Technical skills + Never say die attitude = That’s our team, Team Nettech.

I take this opportunity to present my team – Team Nettech 2010. One thing is common in all these people – they are all handpicked by me. Some of the finest people, you would love to have them in your team, they are best of the best !!! My success is My Team – I am so proud of them !!!

Santu: My Backbone - Never said ‘NO’ till date. Give him a task, he will do it - without asking why? Can adapt to any situation. This summer worked 83 days+nights non-stop. Wish I could get more Santu in my Team !!!
Location: IMT Ghaziabad (May), LNMIIT Jaipur, IMT Ghaziabad (July)

Sumanta: Mr. Dependable - Size does matter, can take up load, which – otherwise will require 6 people. The true tech-guy in our team. Can work with any kind of hardware.
Location: IMT Ghaziabad (May), LNMIIT Jaipur, IMT Ghaziabad (July)

Swapna: My Biggest critic – someone said that she has the machine’s perfection with a human touch. Very quick learner. Can tell you all 240 students name along with a brief background report.
Location: IMT Ghaziabad (May), LNMIIT Jaipur, IMT Ghaziabad (July)

Vineet: Very technical and very very professional. Some of the participants might find him bit rough – but he is just doing his job. The Nettech page on Facebook – Credit goes to Vineet !!
Location: IMT Ghaziabad (May)

Amit: Very Technical, very good in communication skills, good in swimming and very good in Dance ::)) Please watch the Goa party video available in Youtube!!
Location: BITS Pilani Goa

Abhinav: Tallest guy in our team. Always a smiling face. Good with numbers. Checked all 215 + answer papers everyday – on time. Loud voice - when he speaks others keep quite !!
Location: BITS Pilani Goa

Apoorva: Technical with the administration flavour. Always focus, knows what’s coming next. Our test in-charge for Goa Summer program.
Location: BITS Pilani Goa

Bhargav: A Technical guy who took up the manager’s job – did incredibly well with logistical support. He is always there when you need him the most. Tell him what you want – he will get it for you !!
Location: BITS Pilani Goa

Anand: First & Last word – Techie. Probably the best resource we have in LINUX. If you love to play around with the OS and love to work on CLI – he is the person to be in touch!!
Location: BITS Pilani Goa

Bageshwar: A Techie, always looking for something new, something to code, something which will automate the system. Change the way we take backup. Contributed few new dialogues in Nettech Lingo Dictionary (F..A..I..L..!!!).
Location: XIM Bhubaneswar, BIT-Mesra Kolkata

Sumit: The chocolate boy from the Goa Program, joined us in XIM Bhubaneswar as a team member. Excellent analytical skill, a great trouble shooter, always on a learning mode.
Location: XIM Bhubaneswar

Ishan: Very technical, soft spoken. Changed his hat depending on the situation and role – a manager, an accountant, store keeper, driver & the photographer (924 photographs in 21 days)
Location: XIM Bhubaneswar

Aditi: Very good with numbers, always ready with the next test paper. Managed our Intranet server throughout. Very good administrator.
Location: XIM Bhubaneswar

Neha: Very good task Master, fast and reliable. Handled more than 40 Linux servers of her own. Took the responsibility for Picassa – 1564 snaps in 15 days.
Location: BIT-Mesra Kolkata

Satendra: A quiet guy - a Techie, if at all we start a new advance course on routers and switches – the credit will be to him. Can dance well too !!
Location: LNMIIT Jaipur

Naveen: A Fast learner, can adapt to different situation. Handled all our test schedule (240+ students). Fast, Reliable technical candidate.
Location: LNMIIT Jaipur

Sunny: The Ubuntu guy, excellent communication skills and always eager to learn and implement new things. We have started working on Ubuntu – its his credit.
Location: LNMIIT Jaipur, IMT Ghaziabad (July)

Harviish: The Power house, can fit into any profile under any circumstances. Did the policing job well, disciplinary success of Goa program – Credit goes to him.
Location: BITS Pilani Goa.

Sanjeev: A single word will suffice – Brilliant. I have kept the Delhi no. still on hold for him, I am looking forward to work with him in near future.
Location: BITS Pilani Goa.

Sunayana: The Program Co-ordinator, the authorised signatory, always the first person to arrive and the last one to leave. An outstanding administrator, a back office operation on move. A silent observer in the LAB / Class.
Location: BITS Pilani Goa, XIM Bhubaneswar, BIT-Mesra Kolkata.

Swapan Purkait

Me, Swapan; When you have such a talented team backing you up – you can do only one thing – RELAX !!

Location: Everywhere !!

To My Team,
Thanks guys, thanks for all your support – I really had a great & memorable time this summer. Thanks for making the summer 2010 – a Grand Success!! - Swapan

Why Summer Training at Nettech!!

2010-04-10T14:43:00.000+05:30

1# We do only Networking!!

First and foremost; we specialise in computer networking. We do not offer any other course except Computer Network Management. As we conduct only one course, it gives us ample time and opportunity to make the course better and updated with relevant and latest networking technologies. Our faculty team has worked in various training assignments with some of the premier Institutions in India including IIM Calcutta, IIT Kanpur, IIT Kharagpur, BITS-Pilani, XLRI Jamshedpur, XIM Bhubaneswar, IMT Ghaziabad and many more. At Nettech you can be rest assured for a very focus and professional training environment on Networking.

2# Do it yourself approach!!

If you are coming for any of our program, don’t worry we will not bombard you with theories. We don’t deny that theories are important, one need to know the theory to understand things, why it works, and how it works. At Nettech we allow you to go through the theory component at your own space in your leisure time. We will put 100% focus on practical. It’s complete do it yourself approach, you need to try of your own to understand what it is. Round the clock lab and Nettech support staff will help you to do all your experiment of your own. At Nettech, if we mention a topic, be assured we will show you the same practically.

3# Best of the Best Infrastructure!!

If you are aware, we don’t have any infrastructure of our own (only one address for Demand draft collection and communication). That’s the only reason we associate with some of the Premier Institutes in India. Can you imagine in one computer lab (within four walls) 300 computers, please come to Nettech to experience the same. With our unique association with some of the best education brand in India, we are able to provide state-of-the-art labs for training programme.

4# All India Presence!!

Please note at Nettech you don’t have students from only one college, or from one city or from one University. You will have students from various IIT’s, NIT’s as well as private engineering colleges from across the Country. On an average we get students from more than 50 colleges in one of our venue. Students are able to mix with others, speak to others about their curriculum and exchange their views on an open platform at Nettech.

5# Faculty members!!

At Nettech we bring you the best of two worlds, academics as well industry. With our unique association we get access to the faculty pool of our partner Institutions and able to provide some of the best faculty to the students. For examples Dr. Gopal Nayak, Director, IIIT Bhubaneswar, and former Dean of XIMB will take few classes and interact with Nettech students at XIM Bhubaneswar. Similarly Dr. Poonam Garg, Chairperson Information system area, IMT Ghaziabad will interact with the students at IMT Ghaziabad. Then we have Swapan Purkait, Director Nettech Private Limited who will share his industry experience with the students. Mr Purkait has worked with ICNET, first commercial email company in India, Novell, the company known for his networking OS, Netware and he is also the founder director of Nettech Private Limited.

6# Our Grouping system!!

At Nettech we emphasize on team work. Students are asked to work in a group of six/eight members. No two students of the same college will be in the same group. There are group tests; the group gets 10 or 0, resulting all members getting 10 or 0. Our Binary marking system encourages students to come together and work as a single unit. At Nettech we are looking for a team who will unite against all odds and succeed not only in our course but in their future professional life.

7# T10 - Our Testing system!!

Its either you pass or you fail no fifty-fifty. We take pride on our testing system, it’s the backbone of Nettech. T10 – is Ten minutes – 10 marks. We have trained more than 5000 engineering students till date. Not a single student has ever asked us to stop the system. T10 – is all practical, in the lab, students will be given a practical problem, which they need to solve in 10 minutes. The best part there will be a 10 minute count down timer running on the LCD projector which will always create that extra pressure that you are racing against time. Think about the group test - 10 minutes – six students – one problem – 10 marks – and a count down timer, one need to be there to feel the excitement. Yes, we know its tough, it’s a stiff climb, but ask those students who have completed their task in less than 10 minutes, they will tell you – its worth the pressure. If you think you know it all, you are a brilliant trouble shooter, we will say come, take a T10 test, you will know where you stand.

8# Transparent Grading system!!

If you have given a test this morning, the result will be out by the evening or latest by next day morning. And it will be out on the intranet, where each and every student can see their as well as others marks. We encourage students with different grade colours. TOP 10 will be in blue colour, so you will always know, who to catch for that crucial tips. Then there will be colours like green, red and black. Don’t get scared its for your benefit only. We have seen students who have come from red to BLUE and topped the batch. And yes there is this extra certificate for your extra effort, we will give and extra certificate to the top 10 students saying that they are the top ten out of a batch of 200 students. So get ready for a tough competition.

9# Lucrative incentives!!

If you are ready to put your best for the program, don’t worry you will be well rewarded. Depending upon venues, we give lucrative incentives, for example in our Sikkim program top 3 students gets a Helicopter ride. In some centre we give prizes as books, in some cases we provide free hosting space as well as free database and email support for one year. There is also the opportunity to join the Nettech Team for the next program.

10# Continuous feedback process!!
Its YOU who is important, without you the program cannot be successful, that’s the only reason we have a continuous feedback process. We try to adapt the pace of the program depending upon your feedback. You will be requested to give your feedback on a regular basis, formally – informally, on the class or off the class. The best part of Nettech, as we always say we live in a democratic country named INDIA, we are not a Taliban run state, in our country we the people decide - what need to be done. At Nettech, you can change the topic, reschedule a class, change anything that you want just ask 51% of the total students to support your view and we will do it as you want. – So enjoy !!!

Look forward to meet you this summer.

wap.nettech.in / nettech.mobi activated : useful WML tips for begineers!!

2010-02-05T22:03:00.003+05:30

There are more mobile phones in the world than televisions and PCs combined. And millions of people are using those mobile phones to connect to the Internet. IDEA cellular has already started m-commerce (you can buy fish and transfer money from your mobile to the fish vendor). Today you can by railway ticket, air ticket as well as shares. Trust me a day will come you will have more mobile sites or “wap” sites then the “www” sites (unless you configure your www to cater to wap also). On an average any household in urban India will have minimum 4 mobile connections. It’s a huge market or the opportunity that we are looking at.

I take immense pleasure to inform you that, we have also started our wap site this month. Now you can get information about Nettech and its upcoming programs in a wap enabled mobile phone or smart phones. Visit wap.nettech.in or nettech.mobi from your wap enabled mobile phone.

Now students can track their application status for Nettech program in a mobile phone. (I am looking forward to starting the program registration also very soon). Do let me know what else we should add in our wap site.

For all those who doesn’t understand the difference between wap and www sites. WML (Wireless Markup Language) is the new programming language for mobile communication devices of any kind. The language is strongly similar to HTML and can be learned fairly quick in you understand basic HTML. WML has been developed especially for devices with limited memory and low graphic ability, like cell-phones or PDAs.

To read WML-pages you need a WAP-browser, you will not be able to view a WML page from your regular browser like IE or mozilla. WML-pages are black and white because colors would need too much memory.

If you want to see WML-pages in your computer you need to have a WML emulator you can visit the following web site to check your WML-pages online.

1. http://emulator.mtld.mobi/emulator.php
2. http://tagtag.com/site/info/emulator

If you want to have something in your desktop which can be used offline, you can download winwap browser from http://winwap.com very handy tool, if you are looking ahead for WAP development, winwap is must.

Now if you are seriously looking forward for WML but not sure where to start, please visit the following websites.

1. http://www.w3schools.com/WAP/
2. http://www.ccwap.com/wap_express.htm
3. http://www.developershome.com/wap/wml/
4. http://www.sourcecodeonline.com/list?q=wml_sample_codes

If you have any plan or looking forward for developing application in WML, please do keep in touch. All the best.

Summer Program 2010

2010-01-20T10:41:00.001+05:30

We have started the online registration for our Annual Summer Program – “Summer Program 2010”.

We have not included any new venue this year, but I am very sorry to inform that this year we will not visit Sikkim. We tried our best to make it happen but the frequent political disturbance in the region forced us to withdraw the venue this year. I am looking forward for returning to Sikkim in next year or if possible for Winter 2010.

Schedule for Summer 2010 as follows: First we head for IMT Ghaziabad, like last year IMT is the first program for summer 2010, starts on 15th May. Though we don’t have any exclusivity for any program or any quota system, we will request all students from IIT, NIT, ITBHU, BITS-Pilani, BITS-Mesra & IIIT to register for this venue.

The second in line is BITS-Pilani Goa Campus starts on 29th May, last year our water sports got spoiled because of rough sea condition, hope the same will not be the case for this year. In any case we have kept back-ups – (sorry I can tell you what that’s the back-up plan you know). I am looking forward for a high-voltage party on Santa Monica.

After the IMT Ghaziabad first program team will head for LNMIIT Jaipur campus (12th June). It’s the third year in a row for LNMIIT campus. Looking forward for lots of excitement (let me confirm Jaipur is Santu sir’s favorite venue). I am sure this time also Jaipur will be the first venue to get filled up, I don’t know the chemistry that’s what it is. I am personally looking forward for the trip to Choki Dhani, Rajsthani foods at its best.

Next the jewel, XIM Bhubaneswar, it’s the 7th year in a row for the venue. Personally my favorite not for any adventure sports or party or anything – it’s simply Dr. G. K. Nayak, my mentor, my guide, 5 minutes with him, trust me its more than a course. Let me give you guys a little secret, Nettech today, whatever it is – credit goes to Dr. Nayak. Nettech is a result of all those discussion I had with Sir, during my stay at XIMB. (2005 I have passed out from XIMB). Timing for the XIM Bhubaneswar is changed this year, we had problems with BPUT dates for last couple of years, so we scheduled our XIMB program dates such, BPUT will have less influence on the same. It starts on 22nd June. For the record XIMB used to be the first program for our summer season once upon a time. If I can recall correctly we started once as early as 27th April. Only hope that the university will be able to maintain their schedule in future.

Next is IMT Ghaziabad again, this time it’s a non-residential program starts from 8th July just after the LNMIIT campus.

And last but not the least we will be back in Kolkata for a non-residential program at Birla Institute of Technology, Kolkata Extension Centre. The program starts from 16th of July. Lost of Rasogolla and a fun trip of city of joy to sign-out summer 2010.

Looking forward to meet some of the best brain in the country, and some of the best times of my life.

2010-01-07T23:16:00.001+05:30

A Classic example of T10 (ten minutes – ten marks). I know lot of you will still say it’s harsh on students. 10 minutes is too less a time to solve – but what happened today will help you to change your view a bit.

This is the true story of the topper of the batch, Utsav Basu, IEM, Kolkata. Topper of winter 2009 Nettech Kolkata program. For all of you who think 10 minutes is too less, this guy got 10 out of 10 in all lab tests till yesterday, then this happened. Trust me, getting 10 in all the tests, where Santu sir is ever-ready with his Bam___ its tough, I know it, I can vouch for it. I really feel sorry for Utsav, it should have been a 100% record in all lab test (a record of its own).

The test paper was relatively easy, it was an individual test, create 3 users with your loginid as aloginid, bloginid and cloginid. Then create a folder dataloginid in “/” inside the data folder create another folder driver. Now allow all there users to access dataloginid where they can view files but can’t create or delete. Inside driver aloginid and bloginid can create and delete where as cloginid can only view and read. Design the file structure and share the same on Samba for windows access.

Utsav did everything right, all permission, user, password, samba share. But the group name he used was 1 and 2 for the job.

I give below, sequence of commands he used for the user and group creation.

groupadd 1
groupapp 2

useradd –G 1,2 aloginid
useradd –G 1,2 bloginid
useradd –G 1 cloginid

There was no error. He never checked the /etc/group file or never used the groups command to check the group membership, as he was sure he was right.

But useradd command took the group name 1 and 2 as the groupid instead of group name. So according to those ids the groups are bin and daemon respectively. So aloginid and bloginid became member of bin and daemon rather than the group 1 and 2.

His group permission was correct (chgrp) his samba share was also precise, but he ignored the quality control and as a result 100% record marks also went with those two bin and daemon group.

I am sure, he can forget us, forget Nettech but bin and daemon and the groupid he will never forget. I will say T10 has served its very purpose.

2009: Looking Back

2009-12-31T08:00:00.004+05:30

2009: Positives

We conducted our first program at NCR (National Capital Region), it was at IMT Ghaziabad May - June 2009. We followed the same with another program at Greater Noida during July 2009.

For the first time, we conducted 6 programs in one summer, CHEERS to SUMMER 2009.

Designed two new programs/course: Enterprise Resource Planning (ERP) & Technology for e-Business (TEB).

Lots of social networking, trust me we never thought we will do all these, were against to the idea for a long time but 2009, here we are. [ORKUT is still a big NO!! – don’t ask me why??]. As far as the photographs for Picasa is concern, 1GB is too less to keep all of you together, so 2010 we will have 20 GB space for Picasa. If required we will get more, so if you have something to put in Nettech photo album, do send us the same.

Facebook fan page: http://facebook.com/nettech.in
YouTube page: http://www.youtube.com/user/nettechteam
Twitter page: http://twitter.com/nettech_in
Picasa Web Album: http://picasaweb.google.co.in/photos.nettech

Worked with some of the best, the list is long; please allow me to mention at least these four, Lester, Ayush, Thomas and Priyanka. Looking forward to putting them together to make a dream team for 2010.

2009: Will never forget

Went for Delhi tour twice, never could enter the Famous (infamous) Lotus Temple, & will never forget the argument we had with the Security Guard during the tour with IMT batch.

Will never forget the Pizza party (138 + pizzas) at India Gate, Delhi during the Delhi tour with Greater Noida Program Students.

I am sure some of you will feel jealous now but can’t help – the DJ party on board Santa Monica on River Mandovi during our Goa program, was just a Awesome!!.

2009: When things goes wrong

Lets start with the worst, I bet you can’t beat me on this, we took a train from Allhabad to Sealdah, the train was late & it was only for 22 hours. (Yes we reached Sealdah next day same time)

This one will not be that bad, we were grounded in Ahmedabad for more than 8 hours. We were traveling by spicejet from Goa to Jaipur with a schedule stop over for 30 mins at Ahmedabad, which stretched to 8 hours. The bad part was next day the Jaipur Program was schedule to start, so there was always this tension. Good part Spicejet offered us complementary food in one of the restaurant upstairs – we reciprocated our feelings with more than Rs. 3000/- bill. I know if the Jaipur tension wasn’t there, this could have been a very happy moment.

We all went to Sikkim all set to start our in-campus program, SMIT campus gave us very warm (read hot) welcome, it was Tear-Gas and lots and pots of bricks and stones everywhere (literally flying from every direction). There was this disturbance between (I don’t have any authority to say anything more than this) some students & the college authority evicted all the students from the hostel. So – we head back for Kolkata.

After the Sikkim fiasco we went to Goa for our in-campus, at BITS-Goa campus, we sacrificed our Durga Puja (don’t ask a Bengali to leave Kolkata during the Durga Puja, if you have to ask at least wear helmet, you know safety first) and went to Goa (Goa – is after all Goa so actually we shouldn’t complain). Tragedy came on the second day of the program this time it was Jaundice, College remained closed for two weeks. We decided enough is enough not going back this time (you will say “Goa boss – why complain” – but you know “Durga Puja” – anyway you will not understand, let it be). Bought those 20 liters bisleri jars for drinking purpose. As said – things goes wrong, as they will, one need to take a decision. Good thing – we continued our program after a 15 days break. We completed what we started.

2009: Bitter moment

We had to ask four students to leave from BITS-Goa Campus and One from SMIT Sikkim campus during our program (Lets not dig into the reason and all). Trust me, it was a tough decision to take, professionally we did well, took our steps, every team member supported. Personally I was upset, I spoke to some of the parents personally but I couldn’t tell them that I also feel sorry. You know no Host will want their guest to return back with bitter taste. No body wants that, my hands were tied. I had to take a decision; I only hope that I don’t have to take a similar decision again in my life.

Something to Cheer, two students whom we asked to leave from Goa, came back at Greater Noida to complete the course. They completed what they started!!

Movies you must see !!!

2009-10-30T19:46:00.001+05:30

Next time if you get some free time please watch the following movies. Just watch, don’t think too much.

1. WarGames
2. Hackers
3. The Net
4. The Net 2.0
5. Entrapment
6. Takedown
7. Swordfish
8. Firewall
9. Die Hard 4
10. Recruit
11. Antitrust
12. Pirates of silicon valley
13. Untraceable
14. Sneakers
15. Eagle Eye
16. Enemy of the State
17. The Italian Job
18. Freedom Downtime
19. In the Realm of the Hackers
20. Mission Implossible 1,2,3

Password: Your key to the networked world

2009-09-30T09:47:00.000+05:30

I receive more than 10 calls (SOS) every month from my students, saying that someone has hacked their email password or some other password. It is a genuine problem. Before I start with the problem, I would like to ask you few questions (list is long, please take your time). My honest request to you all, please answer these questions seriously, don’t just think, don’t take more than a second, just answer – “yes” or “no” .

Let’s begin.

1.Your password is less than 6 characters.
2.Your password is nothing but a dictionary word. (A word which is listed in a dictionary)
3.Your password is your boy friend’s/ girl friend’s name.
4.Your password is your date of birth / date of the first DATE that you had / date of the first kiss (you know what I mean).
5.Your password is all small letters, you don’t use any capital letter or any numbers or any special characters in your password.
6.You haven’t changed your password in last one month.
7.You use the same password for more than one of your login id (for example your password is same for yahoo and gmail or orkut and facebook).
8.You have told your password to that special friend that you have.
9.You have kept a note of your password in your Cell phone, laptop. (you know, we are not the good in remembering things, so keep a note, anyway I don’t give my cell phone to anybody you know).
10.You were filling up a registration form for an event in your college fest, and the password you have given is the same of your gmail or yahoo account.
11.Your password is the phrase that you use very frequently, or its there everywhere, like your status message in Orkut, or your wall paper and so on.

Let us understand the serious implications of all these questions that I have posted.

1.Your password is less than 6 characters.

# If it is less than 6 characters, its vulnerable, its weak. It is all about permutation and combination. There are so many third party softwares available, which can keep on changing the permutation of the letters or the position of the letters and keep on trying till it gets it right. Now if you have a long password the probability of getting it right will be very low. (Please read Digital Fortress by Dan Brown)

Another case can be, you are not that good/fast at typing. There is always this friend of yours who is always standing on your head when you are typing the password. There is a chance that he/she can memories the keystroke. I am sure you would not want to take a risk like that.

Counter measures: Please use a long password. If the website asks you to have a password of 8 – 12 characters, try to go for the 12 instead of bare minimum 8. Practical example will be, if you want to buy a lock for your room/house you will buy a 4 lever or a 7 lever lock? I leave it to you to answer the same. If the hacker is a committed one and he will try, no matter what the password length is, he is going to try it anyway. Don’t make his life or work simple by keeping your password small. What is the password length I use, no I am not going to answer that. But I know a student of mine who has a password length of 32 characters. Hope you got the message.

There are lot many websites as well as OS which will not allow you to give password less than 8 Characters.

2.Your password is nothing but a dictionary word. (A word which is listed in a dictionary)

# This is more dangerous than having it small. There are thousand password cracking software available in Google search, which will be a dictionary based tool. How it works? Very simple, the program will take the first word from the dictionary and try if he is not lucky will get the second word from the dictionary and try. The program is nothing but an “IF & ELSE” loop, so he is going try all possible words available in a dictionary and will not stop until there is a positive match. Now a powerful computer dedicated only for this work can actually crack it in no time. As I said, a committed hacker has all time in is life to wait for that positive match. Please do some research for the term called “BRUTE-FORCE”.

Counter measures: Simple, don’t use a dictionary word as your password. If you are attached to that word emotionally, please use the same differently. For example you are looking for the word “EVERGREEN” as your password, please use “SADABAHAR”. Some one using an English dictionary will never get that word.

For your information there are many OS which will not accept password based on a dictionary word.

3.Your password is your boy friend’s/ girl friend’s name.

# This is a kind of an open secret. 50 % of the students I have spoken to fall in this category. They are so much in love with each other, that they use the password also on their name. Now when I know you, there will be a chance that I will know him/her also. You will say, “Swapan, you don’t know him/her how can you know the name” – very simple, I will try Orkut, Facebook – you know there is this friends list available. Worse, there are people who publicly acknowledge their relationship and keep the password on their name. Why only special friends name, there are people use their spouse’s name as the password, or some other name, father, mother, brother, child the list is long. Not to forget – Pet’s name.

Counter measures: Don’t get emotionally carried away, we understand that you love the person so much but don’t use the password based on his/her name.

4.Your password is your date of birth / date of the first date that you had / date of the first kiss (you know what I mean).

# This is also a very common way how one’s account is compromised (very very dangerous as a PIN for your ATM card). You mention your password to be your date of birth or any other significant event in your life, people close to you might know about it (the date or the event) and they can discuss with their other friends so they also come to know about it. Students love to dwell in telling these events and word gets around through the social networking sites too. So mentioning your password as these examples are not very secure as one hint is enough for anyone to guess and have access to an email and get an access to it. For example if my close friend’s date of birth is 28th Feb 1984 and the password can be 28021984 which is 8 character and lot many websites will accept it as a password (Please note al the major websites will not allow to have all numeric as a password). Moreover this numeric password is applicable to your ATM pin no. as 2802 or any other combination of the same numbers.

Counter Measures: So stop using dates and events for your passwords use other numeric which are random and try always combining it with alphabets and special characters. If you are anyways going to use the dates or events then do not divulge it to anyone. And keep it away from the social networking sites

5.Your password is all small letters, you don’t use any capital letter or any numbers or any special characters in your password.
# Using all small letters for your password is not a good option for securing it. It is easy for any person or any software like (password recovery toolkit) to guess it. People knowing about you will easily guess it as you have, apart from using dates or events, are using all small letters and no capital letter or special character for the password. For example using ‘sumitacharya’ as a password is totally wrong a. it has all small letters, b. it starts with the users’ name, c. it is not combined with nos. or special characters

Counter Measures: Always use special characters and combine your passwords with Capital Letters and numeric with more that 12 characters to make it a strong password

6.You haven’t changed your password in last one month.
# Keeping the same passwords for your account for a prolonged period of time makes it easier for anyone to crack it and gain access to your account. One should make it a practice to change password on a regular basis so that the account is not compromised. Ones email account is of immense importance as people usually get important details in them like job related information for working professionals, campus recruitment's for undergraduate students.
For your information its statutory to change your password for all online trading site within 14days. Lot many OS has this options to ask user to change their password periodically. We can make it much stronger by adding an additional option that you can’t change your password to the old password or atleast to the last 3 old passwords.

Counter Measures: Make it a habit to change your password every month. You can take help from the Password Manager software that apart from protecting, if set then will help you give reminder to change your password by giving you warning of expiry. This feature can be found in popular anti-virus softwares.

7. You use the same password for more than one of your login id (for example your password is same for yahoo and gmail or orkut and facebook).

# This is the most common and grave mistake that account holders make because for convenience sake when someone uses same passwords for more than one account it is definite that if someone gets hold of one password then it is easy cracking password for the other account if given same. Same goes for giving password for your banking accounts or ATM pin numbers. Someone who knows you will definitely make use of this opportunity and try to create problems with it.

Think about it, your house has four entry points, you have protected all of them with steel doors and a 7 lever lock, but what you have done is the key is same for all the four doors. I get hold of one – I get all. Its like “ek ke sath ek free”.

Counter Measures: DO NOT USE SAME PASSWORDS AT ALL! for your email, bank accounts. Even though you have more than two accounts do not give them same password, it is good to have great memory so always have different and unique passwords for all your email and online banking accounts. You will say I don’t have good memory, I will forget my password. Ok – then try something smart. Its easy to forget words but not any phrase – or an happy moment, make that a password. For example – you can make a password from a phrase like “I saw her first at the coffee shop” – this can be “ishfatcs” – now we can make that as “1shfatcS”. If you want more help, you have to pay me for the consultancy :).

8. You have told your password to that special friend that you have.

# Please! password is your very personal thing more than the special someone so letting them know your password is a very bad idea. That special friend can also become a not so special friend someday then your account will be definitely in jeopardy if the password has not been changed. Your information in the mailbox or your bank account details can be tampered by other if told to others, they might unknowingly make some changes without your knowledge which can/may cause trouble for you or your data may get deleted or even your account emptied of your money by just click of a button by that special someone.

Counter Measure: Its plain and simple just do not tell your special friend your password and try to keep to your self no matter how close that special friend is to you.

9. You have kept a note of your password in your Cell phone, laptop. (you know, we are not the good in remembering things, so keep a note, anyway I don’t give my cell phone to anybody you know).

# This is another serious mistake that people make after giving passwords to their account. You just can’t store your passwords in Cell phones or Laptops because if anyone gets an access to them, then your account is not safe. And you should always be careful while giving you laptops, external drives and cell phones to service centers because if your data still present in them and there is chance that data theft can occur and your account also might get hacked with the password info that they get from it. You might have heard the recent news of Famous Sitar player Anoushka Shanker’s account getting hacked where her pictures were stolen and for that the hacker was demanding for money. It is believed that she had given her Laptop to service center and someone had stolen info from there and hacked her account. There was another incidence where one of my acquaintances’ special friend had access to her cell phone where she had stored her ATM pin number, when she had gone out of sight the money was also gone from her account which was around Rs.40,000/-

Counter Measure: Do not save your passwords or pin nos. in your cell phone or PC’s and try remembering them. And while giving your PC’s, External Drives, Cell phones to service stations please do not have any data in them first back it up and remove [remove it – means complete erase – how to do that – ok some time next] it and then give it up for servicing.

10. You were filling up a registration form for an event in your college fest, and the password you have given is the same as your gmail or yahoo account.

# Doing this can again put you into problems. Most of the cases these sites are developed by the colleges students (don’t take is an offence – but these students are not that Professional – still on the learning stage). There are chances that the registration site will have lots pots of bugs and errors. Which some other (unholy) student will exploit and get access to your password. Now if your password are the same as you have given it to any of the other mail site – you are asking for trouble. No – names, I know a college where a student hacked into their fest registration site and showed us live in one of our workshop. Secondly, these site managers are your friends, and you know they would also like to know your password (may be only for fun). Small changes in the registration database and they can read your password as clear text – PROBLEM.

Counter Measures: Do not give the actual details while registering for some sites if it is absolutely not necessary. In case of Password always use something different and unique and definitely not your gmail or yahoo account password.

11.Your password is the phrase that you use very frequently, or its there everywhere, like your status message in Orkut, or your wall paper and so on.

# Nothing much to say on this, please watch the movie “AJNABI” where Mr. Boby Deol (our hero) tries to access the Mr. Akshay Kumar’s (the con guy) online bank account. Oh oh – the password “ every thing is planned”. – enjoy the movie.

Nettech Summer Program – 2009

2009-09-03T09:56:00.001+05:30

Looking back – Some interesting figures

3 - No. of students left behind for being late during adventure activities/ sight seeing
5 - No. of students expelled from the program
5 - No. of dance parties during the program
6 - No. of Program venues across India
6 - No. of Days spent for adventure activities / sight seeing
15 - No. of Tata Sumo booked for the trip to Nathula Pass
27 - No. of Team members for Summer Program 2009
66 - No. of students couldn’t qualify (Received Participation Certificate)
78 - No. of Days of non-stop activity
85 - No. of days Santu Sir worked non-stop, without a single holiday
130 - No. of Pizzas ordered from the Dominos for the Pizza party at the India Gate
226 - No. of Pepsi bottle (300ml) ordered for the Pepsi party at Red Fort
1093 - No. of students participated in the summer program 2009
1152 - No. of theory and lab hours (all 6 venue put together)
21034 - No. of Kilo Miters traveled by Swapan during the summer program

Email Hacking:

2009-05-16T22:35:00.000+05:30

Its our aim to generate Information Security awarness among students so they can participate and build a secure and reliable internet community. My sincere request to all students will be please do not use any of our suggestion or tips for a wrong or unethical reason. All the best !!!

Mr. Patjoshi (named changed) is an eminent Professor in the field of Physics. He teaches in a well known Govt. University in Kolkata. He is a frequent flier; he travels to across the nation as well as abroad to attend various National & International Seminars. He is also respected & well connected in the corporate sectors in the country.

January 2008 when he was in Nigeria to attend an International Conference, he lost his handbag which had his passport, money & very important papers. He was virtually left with no money. Under this circumstances he sent an email to one of his close friend Mr. Dey, Managing Director of ABC Ltd. back in Kolkata & requested him to send him some money on urgent basis. Mr. Dey on receiving the email requested one of his colleague Mr. Som (who was in South Africa during this period) to enquire & help Mr. Patjoshi. Mr. Som sent an email (cc to Mr. Dey) to Mr. Patjoshi & requested him to provide him the Name & Address so he could moneygram the requested money. Mr. Patjoshi requested him to send the money in the name George Pent, Manager XYZ Hotel, Nigeria. Same evening Mr. Som sent Rs. 2500/- US$ through moneygram to the address mentioned in the email.

After a week Mr Dey met Mr. Patjoshi in a rotary club meeting in Kolkata, & asked him about his trip to Nigeria. Mr. Dey was in a complete shock when he was told the Mr. Patjoshi was in Kolkata last week & he has never visited Nigeria in his life time. Apparently Mr. Patjoshi Informed Mr. Dey that the email account is in question has got some problem. For last 10 days, he is not able to login to the same account, some password problem, even the forgot password option is also not working.

After investigation it was found that all the email received by Mr. Dey or By Mr. Som was originated from IP addresses which belong to Nigeria.

Status: Investigation is on

Email Hacking:: inside

How could someone know Patjoshi’s password?

Situation 1: Mr. Patjoshi has told someone his password, someone very close to him. That some one has used the opportunity to rob Mr. Patjoshi.

# Never disclose your password to anybody, there is always a possibility that person will misuse the same. Never write down your password in any place. Don’t have same password for more than one account. Is same as having 4 different locks & but one key for all.

Situation 2: Mr. Patjoshi may have accessed his email account from a public computer (cyber café, office common area). Computer he used could have stored his password on the local browser, so someone who accessed that computer after he left will be in a position to access Patjoshi’s email account with auto complete/fill up option of the browser.

# Always make sure that the auto save option / remember password option in the local browser is switched off. Make sure that you clear your browsing history & also delete all cookies from the computer that you have used in public places.

Situation 3: The computer Mr. Patjoshi used to access his email account may have been affected with a Trojan (a tiny software code which can record all the proceeding & work of your computer & then email it to a predefined destination).

# Usage of original antivirus & regular update of the same along with regular scan of the computer for all these malicious code could prevent such thing.

Situation 4: Mr. Patjoshi may have downloaded some third party software from the net or installed some third party games without proper checking, which may have infected a Trojan or installed some key-logger in his computer.

# Do not install any third party software or download any code from any non reputed website which may install a malicious code in the computer

Situation 5: Mr. Patjoshi may have used any proxy sites some time to access his own email account. Which could have store the ID & Password for his email account.

# Never use any unsecured proxy site to access your email or bank account.

Situation 6: Mr. Patjoshi could be a victim of Phishing sites. (see my earlier blog on Phishing)

Situation 7: Password use for the account or the answer for the secret question under forgot password option could have been very easy to guess.

# Always use alphanumeric & special character for the password. Don’t use any dictionary word. Try to have more than 8 characters as password. Regularly change the password. Answer to the secret question should be a very personal one; no body should be able to guess that.

e-mail attachments

2009-04-11T18:30:00.000+05:30

Fake / Fraud email

2009-03-27T16:35:00.001+05:30

After the blood bath of Bangalore & Ahmedabad in last week of July 2008, Calcutta was on high alert for a possible terrorist attack. What happen for a week was wide spread rumor, fake phone calls/sms with bomb hoax. The icing on the cake was an email apparently sent from a cyber café in Saltlake to some of the media houses in Calcutta. What followed was panic. The owner as well as the person who was responsible to look after the day-to-day management of the café was taken under custody by investigation authority.

Police could trace the IP address used to send the email to the Saltlake cyber café but they failed to identify the person who has sent the email.

Status: Investigation is on

Fake / Fraud email:: inside

With the mushrooming of web based free email provider, it takes less than 3 minutes to create & own an email account. Surprisingly there is no system in place to check the authenticity of the data provided during the creation of the email account. End result we have a system by which you can walk into any of the cyber café in the country create an email account send few email to the media houses in the country with a subject line “BOMB Planted in ABC School/College/Office” & walk out, without having to worry that one can trace the email back to you.

Why can’t we trace these culprits?

Hurdle 1 - Unlike PCO booth where one will have unique phone no. for all the machines/handsets, in a cyber café all the computers shares a one (in some case two or three at max) IP address to connect to Internet. As there is no centralized record keeping or a log system in most of these café’s it becomes almost impossible to locate which computer in the café has accessed which site & at what time.

Hurdle 2 – If one had a log system to locate the access of a particular site from a particular computer at particular time. The Herculean task will be to identify the person who was using the computer at that point of time.

Hurdle 3 – With different time zone is in use in the globe, it becomes difficult to ascertain the time in which the email was actually sent. The café which uses the service of a local ISP will have a setup for a different time zone, whereas the web based portal from where the mail was sent can have different time zone. The receiving email server may be in a different time zone. For an investigation officer it becomes tedious job to identify the actual time of crime.

Hurdle 4 - Technical glitch, this is the mother of all problems; there are websites which allow users to hide their IP address. With the help of one of this web site one informed/learned user can send an email sitting in Kolkata which will be traced back to some cities in Nigeria or North Korea. Unless one gets active help from these countries it will be an impossible task to catch the sender.

The e-mail protocol (SMTP) has no authentication by default, so the con person can pretend to originate a message apparently from any e-mail address. To prevent this, some ISPs and domains require the use of SMTP-AUTH, allowing positive identification of the specific account from which an e-mail originates. But still there are plenty of SMTP servers in the world available which can allow unauthenticated email.

What investigation authority did was issued an order for all cyber café in the city to record usage of their computers by keeping a record for all customers, their name, address, in time, out time & computer used. All cyber café’s are asked to check a valid photo identity proof for the prospective customer before allowing them to use the café facility.

A welcome initiative, but what they have not notice is, there are few other not so public place from where one can send the similar email & still will go untraceable. These places can be any place where more than one person uses a single computer to access Internet without proper authentication or log system. Example: Computer labs in educational institutions. Computers in office or work places.

Prevention:

Accountability: one has to be accountable; it may be a cyber café, office or an educational institution one has to be accountable for the usage of internet in their premises.
CERT (Computer Emergency Response Team) in India has to come up with some solution how to tackle with anonymous proxy sites in India.
One needs to go through the email header carefully for any kind of doubt on the mail content.
People need to be informed about the possibility of fake/fraud email messages.
Proper log keeping at various level, so one can cross check.

Time has come that we start taking email account creation a bit seriously & start proper verification proceedings or some referral system by which one can trace the physical person through an email id.

Its our duty !!!

2009-03-17T09:18:00.000+05:30

Its our duty, we need to act. Next time you visit a cyber cafe, make sure that you sign in your contact details in the cyber cafe log register. Its important for the national security, its important for us. Stop passing the responsibility to the others - to the Police, to the Govt. Let's make a pledge next time when we visit a cafe - we will record our details. If the cafe doesn't have a record book - request him to maintain one.

Let's act together to stop cyber crime, I know maintaining a log book at a cyber cafe will not be enough to stop the crime, but at the end of the day you can say - 'I have done my part of the job'.

All the best.

Vishing:

2009-03-06T18:36:00.001+05:30

The term is a combination of voice and phishing. Vishing exploits the public's trust in landline telephone services, which have traditionally terminated in physical locations which are known to the telephone company, and associated with a bill-payer. The victim is often unaware that VoIP allows for caller ID spoofing, inexpensive, complex automated systems and anonymity for the bill-payer. Vishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals.

It will start with a fake email sent from bank authority which will strongly discourage the customer to click on the hyperlink instead it will ask to call a specific telephone no & talk to the customer care executive. When a customer calls at that no. he will be connected with Interactive Voice Response system (IVR) which will request the customer to key in the debit/credit card no along with the pin no. to verify. At no point of time customer can guess that it’s a fake telephone number with complete fake IVR system where he has just given his original bank/card details. Now depending upon the mode of operation the con will rob the innocent victim by using his debit/credit card details on any online financial transaction.

Phishing: All you wanted to know

2009-02-04T15:52:00.002+05:30

Mr. Saibal Banerjee (Name changed) resident of Salt lake area is working with a reputed private sector manufacturing company. Alok, his son is pursuing his degree course in engineering from a private engineering college in Bangalore. Mrs. Banerjee teaches English for class VII & VIII students in a local English medium school.

Banerjee family banks with a leading private sector bank in the country. They use ATM as well as net-banking facility of the bank for regular banking related activity as well as for buying rail tickets & paying the monthly bill for their telephone connections.

Mr. Banerjee has a desktop computer (It’s a branded PC loaded with original Windows operating system, he with the help of his son has installed a pirated copy of the Microsoft Office, his antivirus software which came bundled with the PC has expired 6 months back) along with a broad band internet connection at home which helps him to keep in touch through email/online messenger with his son in Bangalore. He also uses his internet connection to access his bank account online.

One evening he received an email from his bank the text of the email given below. (I have used the ABC Bank for case purpose)

From: customercare@abcbank.com

Subject: Important Fraud Alert from ABC-Bank

Body: Dear ABC - Bank Account Holder,
On January 10th 2008 ABC Bank had to block some accounts in our system connected with money laundering, credit card fraud, terrorism and check fraud activity. The information in regards to those accounts has been passed to our correspondent banks, local, federal and international authorities.
Due to our extensive database operations some accounts may have been changed. We are asking our customers to check their checking and savings accounts if they are active or if their current balance is correct.
ABC-Bank notifies all it's customers in cases of high fraud or criminal activity and asks you to check your account's balances. If you suspect or have found any fraud activity on your account please let us know by logging in at the link below.

The email then contains a button that reads "Click Here to Login". Clicking the button appears to take the recipient to the web address www.abcbank.com which instead is a criminal North Korean site.

After 3 days when Mr. Banerjee checked the balance of his bank account, he was horrified the money he kept for his son’s annual college fee is all gone. The balance of the account is merely Rs. 1200/-. He could see that there are two separate money transfer transactions which amount to Rs. 92,000/- from his account. He couldn’t recall any such transaction of his own. Same day he contacted the bank authority & was told that he is one more victim of the growing cyber crime called Phishing.

With the help of the bank authority he lodged a FIR in the local police station. Soon police swung in action & arrested one person named Chattaraj from Siliguri town in whose account the money was transferred.

Chattaraj’s story: In last October he was approached by one Mr. Parekh from Rajasthan over phone. Mr. Parekh has is business in Rajasthan & Gujarat, he was looking forward to trap the growing North-East market. He was looking for business associates in Siliguri. Mr. Parekh has already done his own investigation & was impressed with Chattaraj’s business operation & moreover his good will in the market. Parekh proposed to Chattaraj to share his bank account details with him so he could pass on the same to all his customer & associates in North-East. Business responsibility for Chattaraj is quite simple, customers will deposit money in his said account every week. He has to withdraw 90% of the same in cash & deposit in another Pvt. bank, whose account details were provided. For doing this over simplified job Chattaraj got 10% of the money transacted. He was very happy. He never met Parekh in person.

During investigation police found the personal details given by the Parekh was fake. The bank account where the money was transferred was opened with fake information & address. All the money withdrawn, expect some Rs. 10000/- was left in the account.

Status: Investigation is on

Phishing:: inside

In computing, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from online banks are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail, and it often directs users to enter details at a website. Phishing can also be used against senior executives or colleagues or class mates to collect their user ID & password for any web site (mainly the email sites).
Fake email: Today with growing usage of internet it’s very easy to send a fake email. One need not know the password of the account but still can send an email from that account. (Header of the email will reveal that it was not send from that account, & is a fake)

Web site: With thousands of free hosting sites available it will take less than 5 minutes to host a web page which will be 100% similar to the original site.

Hyperlink: The fake email will ask to click on the below web link to go to the bank site. Ex. http://www.abcbank.com/secure/personal/banking%%/Customer#?
but in reality it will link to http://219.13.12.13/customer/secure/login.php (fake destination created by the con guy)

Prevention:

# Check the email header for authenticity
# Never click on a hyperlink to go to any site, type the URL address of your own in the address bar.
# Use proper spam filter for your email account
# Use up-to-date antivirus (Phishing filter for the website you visit)
# Any discrepancy alert the bank
# Proper awareness for banking customer by the bank
# Checking of website content by law enforcement or regulating authority.
# Control on website hosting

Common Information Security Lapses

2009-01-23T18:12:00.001+05:30

Mistakes made by common/end users

* Opening or downloading e-mail attachments without verifying their source and checking their content first.
* Not installing an Anti-Virus software or regular update for the same.
* Not having updated security patches for the Operating System or for any other application installed in the computer.
* Installing programs or games from unknown sources.
* Not keeping proper backups
* Using an unsecured modem while connected through a local area network.
* Using USB or other removal device without proper virus scanning
* Accessing Intranet or visiting important or secured websites from an unsecured computer from a remote location. Ex. Cyber café.
* Sharing passwords or important network information with friends or strangers on a very informal platform.

Mistakes made by Business owners / Senior Executives

* Hiring people without a proper background check on them.
* Assigning people with limited knowledge to maintain information assets
* Providing neither the training nor the time to make it possible to learn and do the job.
* Lack of IT domain understating for the top executive, resulting a very casual approach towards IT security.
* Failing to realize the impact of a security breach in terms of Money, Time and more over reputation at risk.

Mistakes made by Information Security Department/Team

* Underestimating the capability of others, namely Hackers.
* Implementing solutions without investigating known security threats or bugs of the same.
* Limited or no security Audits.
* Keeping easy physical access to information assets for end user or a stranger.
* Improper logging or backup of data for foot print record, in case of a security breach.
* Failing to update systems against new bugs/virus found.
* Concentrating on very few selected issues, rather than taking all of them seriously.
* Having a reactive approach than a proactive approach.
* Making a few fixes and then not performing the necessary action to ensure the problems stay fixed.
* Making servers live/production before securing them.
* Connecting servers to the Internet with default accounts/password or password provided by vendors during installation/implementation.
* Failing to update systems when security holes are found.
* Using telnet and other unencrypted protocols for managing systems, routers, firewalls, and PKI.
* Giving users passwords over the phone or configuration information
* Failing to maintain and test backups.
* Running unnecessary services on the live server. Keeping unnecessary ports available to the users.
* Implementing firewalls with faulty rules.
* Failing to educate users on what to look for and what to do when they see a potential security problem.
* Giving too much information or a very complex access system to an end user. Providing users with too many usernames & password and making things difficult for the user to manage the same.

Mistakes made by law enforcing / regulating authority

* A reactive approach rather than a proactive approach.
* Lack of knowledge / information about the cyber crime & the effect of the same.
* Judicial system: No or lack of domain knowledge on the information security system.
* Lack of infrastructural support & training to handle Cyber crime.
* Lack of co-ordination between Internet service providers & law enforcing agencies.
* Not much control over the internet usage & internet community at large.

What a StArT

2009-01-01T10:42:00.001+05:30

Day one of a new year. At Nettech its just another day. Life is just a bit different here - we start the day with a happy note - a theory test, 20 minutes 25 marks.

One will wonder what we did last night, I mean 31st night. One has to be bit innovative to think what we did. After a dull test evening (our own Ten-10), we assembled for a camp fire. Fire was readily available, but woods came after a proper Age-Of-Empire wood collection style. Some went Scouting, some went for Supply chain. It was different, different than any party in any part of the world. One has to be there to feel it.

As far as the Music System & Live band, one cant match all the Network Engineers, they just know how to start & forward. All type of packet .. ooops sorry Song.. Bengali, Telugu, Bhojpuri, Malayalam, English & our very own HINDI style. Life was different.

Oh - forgot to mention after the Camp fire one really needs to consult Sharlok Holmes, to find out where the original camp fire was. Thats Nettech Team.

Do let me know your feedback.

Oh- one more today for a change we will have a movie show.. what movie.. that me to know & you to guess.

Enjoy..

HaPpY nEw YeAr

Swapan Purkait

Nettech

2008-12-31T18:09:00.000+05:30

We never thought, that we will be a part of the so called "BLOGGER - Community" - anyway its our first posting.. lets see how it works.. if things does work.. we will have lots of new thing on this Blog. So do visit us back on this page - "blog.nettech.in".

Looking forward

Swapan Purkait
Program Co-ordinator, Nettech
+ 91 93315 90003
1-800-300-90003
swapan@nettech.in
www.nettech.in