For Digital Signature Certificates with Online Training on how to use them securely,  Contact naavi@vsnl.com

Digital Society Foundation of India (DSFI) intends making a consolidated representation to Reserve Bank of India on behalf of the Phishing Victims to pursue improvements in the security of Internet Banking in India. DSFI therefore invites information from Phishing Victims with details of their respective cases indicating the amount lost, bank involved, how the amount was transferred, to which account the amount was transferred, whether a Police complaint was preferred, FIR lodged, whether Bank responded to the complaint etc. Victims may use the enclosed format if required and elaborate with evidence if any. All material may be sent by mail or e-mail to DSFI office at Bangalore at Digital Society Foundation, No 37, 20th Main, B S K Stage I, Bangalore 560050, Ph 26603490, e-mail;dsfoundation@gmail.com. .. Online form: : Word/ PDF  (For download)

 

Draft UIDAI Bill Available for Public Comment

June 30: The Draft UIDAI Bill is now available for public comment to be submitted before July 13th. The bill includes offences which have been defined in line with ITA 2008 with 3 years imprisonment. As regards privacy necessary enabling provisions regarding information access rights to the data subject and right for correction has been provdied. Details will be availabel only when rules are framed. A copy of the bill is available here for detailed review.

Dr Prakash Acquitted by HC

June25: It has been reported that the Madras High Court has discharged Dr L Prakash who had been accused of several offences including Section 67 of ITA 2000 and convicted for life in an earlier Court. The reason appears to be lack of proper evidence. This was the second conviction under ITA 2000 in India, the first being Suhas Katti which was sustained in an appeal at the High Court. Naavi was involved as an expert witness and produced evidence from CEAC in Suhas Katti case which was filed by the Cyber Crime PS, Chennai and but not in Dr Prakash Case which was handled differently. Report in topnews.ae

Actress Files Cyber Crime Complaint

June 24: In a bizarre complaint, an actress in Mumbai (Meghna Naidu) lodged a Cyber Crime Complaint that a person hacked into her gmail account, impersonated her in Chat sessions and defamed her stating that she was pregnant from a person whose name she does not remember. Hopefully, Mumbai Police would resolve the case soon. This highlights the kind of risks people face today from such apparently mischievous hackers. Victims of such cases should not ignore such cases and need to file complaints and hold evidence of their protest so that they will not be held against them subsequently in their life with adverse effects.  Related story in TOI

A Red letter Day in Indian Banking

June 23: Corporation Bank became one of the first Indian Banks to start using Digital Signatures for authentication of Internet Banking for their Corporate Customers. In launching the facility, Mr Bhat, the Chairman of the Bank rightly observed, "..While there are number of authentication methods such as One Time Passwords, Virtual Key Board, Dual Passwords being implemented and in vogue, PKI based authentication of transaction using one’s Digital Signature Certificate is the only one that provides legal sanctity to the transaction besides providing additional security. Also this is in line with the recommendation by RBI in its Internet Banking guideline and Information Technology Act 2000"... a clear vindication of the stand Naavi has always taken and also supported by the adjudication decision in Umashankar Vs ICICI Bank case.

The report also observes  that "across Asia the banks and government authorities have been consistently emphasizing the adoption of PKI based security measures for healthy online banking transactions. For example, in Korea, 12.8 million certificates were used for internet banking of 19 banks (2008), more than 10 banks in Hong Kong adopted PKI for the internet banking transactions and Chinese-Taipei Government issued a Directive mandating financial sectors to deploy PKI for the internet banking or internet stock trading.".

PNB and IOB are the other two Banks who might have already  taken steps to implement PKI in Internet Banking. It is only a question of time before other Banks follow suit.

 : Report in CIOL

Finger Prints Changed Surgically!

June 20: A Chinese woman has been recently found to have surgically altered her finger print and beat the biometric systems in Japanese airports. The operation is said to have  cost around Rs 30000 yen (approx Rs 15000). This opens up serious issues of the reliability of the finger print biometrics when identifying organized criminals such as terrorists. Perhaps we need to work on other systems such as the vein pattern identifiers. 

The palm vein identifiers are devices which try to identify the vein patterns beneath the skin and match it with a registered vein pattern. This can identify if the person is live or dead and is not affected by dirt or damage to the surface of the palm. The false acceptance ratio is said to be as low as 0.00008%. (8 in 10 million)  False rejection ration is said to be around 0.01%. (1 in 10,000) This is better than other biometric methods. Probably UID authorities need to take note of this. Related Article

Beware of Tab Napping.. a variant of Phishing

June 20: A new variant of a Phishing exploit has been brought to the notice by FireFox security professionals. This is called "Tabnapping" which is a method to replace idle browser tabs with fake tabs that ask for credentials. User who has just visited the original site and left it in the tab assumes that he is beign asked to enter the credentials because of auto log out and goes ahead and falls into a trap.... Details

Mobile Banking Vulnerable

June19:  Speaking at a function organized by IDRBT, in Hyderabad, the Governor of Reserve Bank of India Mr D Subbarao said  mobile banking should be driven by banks, not telecom operators, considering money laundering and terror financing threats. ..Detailed Article at ET

US False Claims Act invoked against Oracle

June 17: US Government has sued Oracle for having agreed to provide the best commercial discounts to the Government and no adhering to the promise. Government has now charged Oracle that they have provided better discounts to other customers and made a false claim to them. . Report in Information age

Human Bombs Inside an Organization

June15: Here is a copy of the article by Naavi on insider threats in the context of growing incidence of Cyber Terrorism, published in the e-News letter Cyber Laws for CxO. This was also presented during a keynote address in one of the conferences in Mumbai. Naavi invites Behavioural Science experts to join hands with him in continuing research in this area. .. Article

56% of Business are Cyber Crime Victims

June 10:  A survey conducted by Symantec in Australia has found that 56% of small and medium sized businesses have been victims of cyber crime showing an upward tredn from 46% from the previous year. More than 24 crore distinct new malicious programs globally were identified during the year 2009 which is 100% higher than in the previous year 2008. The employees were found to have received nearly 250000 spam mails during the year showing the enormity of the problem. Related Article

 

Hacking of Passport Software

June 5:  AP Police arrested 7 persons on the charge of hacking into the passport issuing office in Hyderabad. The offence was spotted on a suspicion of corruption since some passport agents appeared to get quicker clearances than others where as more than 100000 applications were pending. A question has been raised by a few that the arrested persons could get bail since Section 66 of ITA 2008 is a bailable offence. In case the complaint is also registered under Sec 420 of IPC or as an offence under Sec 70 (If the passport system is declared as a "Protected System" or if the intention of jumping the que is linked to the getting of passports suspected to be used for threatening national integrity and Section 66F is invoked, it may not be a bailable offence. Hopefully Police will ensure that the persons are not getting immediate bail.   Related Story

What is more important however is that how did the Government allow an insecure system to be used for the sensitive business of passport issue management. The incident raises doubt if even the issue of the passports may also be amenable for doctoring. Government should therefore immediately order a review of the security of the software system being used  by the Passport office.

Bank of India Takes Half Step Forward

June 04: Bank of India whose web security came to be seriously questioned in August 2007 when its website had been infected with about 22 Trojans which downloaded onto the visitor's computer and had to be kept closed for about 4 days, now has announced that it has taken certain security initiatives for securing the Internet Banking environment. While any effort from the Indian Banking system to safeguard the customers is welcome, it is not clear why Bank of India opted for a half step which could be an advancement of the security over the current levels but still falls short of the legal and regulatory standards of the country. Bank of India has adopted the Rel-ID technology to enable customers identify the genuine website of the Bank in case of Phishing attempts. Details at Sify.com

 However this is not the required PKI enablement of the system and hence not Cyber Law Compliant. Further it is not clear if the Bank has inititated the security requirements which would prevent another SQL injection attack or other modes of compromise of its genuine website. Despite being hailed as a Patented technology, with the sketchy information available on the website of the supplier, the Rel-ID measure which banks on mutual authentication protocol may still fall short of the requirements in India.It is however a welcome step ahead and Bank of India may be congratulated for having at least shown a focus on the problem of Indian Banking clients which many other Banks have failed to do.

We may also recall here that in one of the recent Phishing complaints in Bangalore Bank of India was directed by the Banking Ombudsman to repay the fraudulently transferred amount to the customer with interest and the Bank complied with the order again showing the required concern for a cordial customer relationship rather than dragging through a litigation process.

Though the announcement about the service has been made in the press, the Bank of India website still appears to show that the system has not yet been implemented.

Related Articles: Youtube video : Computer World :

Article in Searchsecurity.in

This article in searchsecurity.in may be of interest to people who are following ITA 2008. Read the full story :

---

 

Naavi.org is India's premier portal on Cyber Law. It is not only an information portal containing information on several aspects concerning Information Technology Law in India but also represents the focal point of several services around Cyber Law carried on by Naavi.

The first such service is the Cyber Law College a virtual Cyber Law education center in India which provides various courses on Cyber Law.

The second key service is the Cyber Evidence Archival center which provides a key service to help administration of   justice in Cyber Crime cases.

The third key service is the domain name look-alikes dispute resolution service which provides a unique solution for websites with similar looking domain names to co exist.

The fourth key service is the online mediation and arbitration service another unique global service.

The fifth key service is the CyLawCom service which represents the Cyber Law Compliance related education, audit and implementation assistance service.

Additionally, Naavi.org is in the process of development of four sub organizations namely the Digital Society Foundation, Naavi.net, International Cyber Law Research Center and Cyber Crime Complaints and Resolution Assistance Center. Digital Society Foundation is a Trust formed with the objective of representing the voice of Netizens in various fora and work like an NGO to protect their interests. Naavi.net is meant to develop a collaborative distributed network of LPO consultants. International Cyber Law Research Center would support research in Cyber Laws and Cyber Crime Complaints and Resolution Assistance Center would try to provide some support to victims of Cyber Crimes.

Together, Naavi.org represents a "Cyber Law Vision" that goes beyond being a mere portal. Started in 1997, when the concept of Cyber Law was new across the globe, consistent efforts over the last decade has brought Naavi.org to the beginning of "Phase 2" in which the services are ready to reach out to a larger section. This is recognized as the phase of collaborations and growth by association. Naavi.org will therefore be entering into a series of associations to develop each dimension of its vision with an appropriate partner. Individuals, Organizations and Commercial houses which have synergistic relationship with the activities of Naavi.org are welcome to join hands in commercial and non commercial projects of Naavi.org.

Naavi

---

Add Your Comments Here

---

If you would like to know  more about Naavi, the information is available here.

For Any Payments to be made to Naavi online :  Naavi_s Payment Center

RSS Subscription

BLOG POSTS