"This website is the Wikipedia of Indian Cyber Laws".. A Visitor's remark
REQUEST ONLINE MEETING
Mobile Digital Signatures on the way
Oct30: With increased Banking operations on mobiles, it has become necessary to have a digital signature system for mobile messages since this is the only authentication system permitted in law for digital documents. Dr N Vijayaditya, CCA has announced that they are considering a SIM based digital certificate system to enable existing Smart phone users to use digital signatures. One has to wait and see if this is compatible with all systems of Smart phones including Android and Blackberry phones. This is a welcome move in the light of increased incidences of Phishing in Banking transactions and the high degree of risk in mobile banking. Report
Is BSNL network ready to collapse?
Oct27: A report in CIOL has put up an alarming headline that "BSNL network may collapse anytime" and created a scare in the industry. On deeper analysis it appears that there is a distinct possibility that the article might have been planted to serve some vested interests. The article itself suggests that the network is getting overloaded and if it is not upgraded immediately, it may collapse. The suggestion is that Cisco systems that support the network is to be upgraded. The report however also reveals that Cisco is using its monopoly position to charge exorbitantly for the upgrade. This might have prompted BSNL to look for alternatives and call for a tender. The article seems to have been put up to support an attempt to abort the tender and give advantage to Cisco. Read comments in the article cited above to observe that one BSNL official has called the report as "Fake". This appears to be a distinct possibility given the way the article has been written and headlined. A responsible publication such as CIOL should have taken care to avoid such a perception.
Second Password for Credit Card Payments
Oct 27: RBI has issued a notification that from 1st January 2011, it would be mandatory for Indian merchants to introduce the second password system for acceptance of credit cards in "Card Not Present" situations. The mandate would be applicable for cards issued in India and payments where there is no outflow of foreign exchange. IOW, payment in Indian rupees to an Indian business entity would be covered under this guideline. This will be a good step towards improving the security of online payments. Copy of circular
First Anniversary of ITA 2008
Oct 27: Today is the first anniversary of ITA 2008. It is time to remind corporates and IT users that ITA 2008 prescribes several security practices and compliance of such practices is mandatory to avoid liabilities. It is also necessary for ISO auditors to take note that the current audits will be highly deficient unless ITA 2008 principles are incorporated into their systems. Corporate CEOs and Independent Directors need to recognize that non compliance of ITA 2008 could be non compliance of corporate governance responsibilities. Perhaps we need to have several awareness building measures undertaken for top management of organizations and industry to highlight the implications of ITA 2008. The recent workshop conducted by Cyber Law College at Bangalore for Bankers on 25th October was an example of activities required.
Need For ITA 2008 audit in Banks
Oct 25: Cyber Law College organized a workshop today at Bangalore on "Impact of ITA 2008 on Bankers". Naavi's presentation is available here : Detailed Report
Infringement of Naavi's Rights
October 20: In 1999, December, Naavi published what was historically the first book on Cyber Laws in India and it was titled "Cyber Laws for Every Netizen in India". It was also made a text book for some colleges in Chennai.
Surprisingly, MacMillan has now published a book by the title" Handbook: Cyber Laws for Every Netizen" authored by Vakul Sharma and published it in 2009. The title of this book is confusingly similar to the title of my book and is aimed at misusing the similarity in name for commercial benefit.
The matter came to my notice today and I have called for necessary explanation from the publishers to decide further action in this regard.
I hereby give notice that any person or organization selling the book may also be held accountable for contributory infringement of the IPR associated with the naming of the book. Details
20th October 2010
Politician Arrested for cyber crime
Oct23: A congress block president in Mahim Mumbai is reportedly arrested for sending obscene mails to the general secretary of the party. The accused is said to have been dissatisfied since he was denied ticket in an election and sent absuive and vulgar emails through a cyber cafe. Report in HT
Commercial Interests behind Cyber Attack on INSAT 4B?
Oct 18: For the first time doubts have been expressed if the Cyber Attack on Indian Satellite INSAT 1B using Stuxnet worm was motivated by a commercial interest. The article cited here refers to a cyberwarfare expert according to whom many customers who relied on Insat-4B ended up on the ASIASAT-5 satellite , and that, "AsiaSat's two primary shareholders are General Electric and China International Trust and Investment Co. (CITIC)," which is a Chinese state-owned company. .. Details
Today is the Digital Society Day of India.
Oct 17: On October 17, 2000, India stepped into a new era by creating a legally accepted digital society. It was on this day that the Information Technology Act 2000 (ITA 2000) was notified.The notification of ITA 2000 meant that an electronic document, became recognized in law subject to the restrictions of Section 1(4). Similarly, a system of authentication called "Digital Signature" also became legally recognized for authentication of digital documents. The two provisions together meant that legally accepted digital contracts became possible in India from October 17, 2000.
Though it is the tenth anniversary of this momentous occasion, worthy of a national celebration, "Digital Society Day" is not as well remembered by our society as it should be. ..More
Legal Compliance Requirements in Information Security Audit in India
Oct 16: Information Security Audit Practitioners in India have been traditionally following ISO 27001 as a guideline. The amendments to ITA 2000 has now thrown a challenge at these auditors and raised a question if such audits are complete without a special reference to ITA 2008 (Information Technology Act 2000 as amended by Information Technology Amendment Act 2008)....more
Workshop on "Implications of ITA 2008 on Bankers"
Oct 12: Experts in Techno Legal Information Security will be congregating at Windsor Manor, Bangalore on 25th October 2010 to discuss the "Implications of ITA 2008 on Bankers". Naavi, Rakesh Goyal, D.P.Dube, Vicky Shah, and several other speakers are expected to share their views on the subject which is engaging the attention of all Bankers in India. The workshop is meant for senior Bankers who are managing the functions of Legal Compliance, Information Security, Internet Banking and Training.. For more details click here or send an e-mail here
Computer Virus Causes Airplane Crash
Oct 10: A Spanish airplane crash in 2008 killing 154 persons has been attributed to a malfunctioning of some systems which prevented detection of certain flaws in the aircraft and allowed it to take off with a defective mechanism onboard. Report
India to develop its own OS
Oct 9: In a long awaited move it is reported that DRDO is setting up a center for development of a computer operating system for reasons of better security. Report in TOI
Beware of Voice Phishing
Oct 8: Phishing is widely prevalent in India and many customers of Banks have been hurt badly. Recently it has been found in one of the Nationalized Banks that the fraudsters appear to have successfully accessed the account only by picking the transaction password. They either had the log in ID and access password already from insiders or found a way to bypass the first firewall. In the coming days it is expected that Phishers may also resort to Voice Phishing where they may receive a phone call supposedly from the bank suggesting that the customer should update the ATM PIN on the phone or expect an e-mail which they should respond. Report in ET
"Health Certificate for Computers"... a proposition
Oct 7: Scott Charney, corporate vice president of trustworthy computing at Microsoft, unveiled the software giant's Collective Defense proposal on Tuesday during his keynote at the Information Security Solutions Europe (ISSE) conference in Berlin. The idea is to ensure that ISPs or other agencies are encouraged to check the security status of individual computer users so that they donot become threats to the society by being part of botnets etc. Naavi.org supports the idea and would like to extend it with a need to build a minimal security awareness amongst all those who seek an Internet account from an ISP. Related Article
Only 3% of Cyber Crime Complaints are converted into FIRs
Oct: 5: According to information from Mumbai Cyber Crime Cell most of the Cyber Crime complaints donot result in registration of FIRs since parties go for compromise of some sort with family pressures etc. This is mostly prevalent when the victim fears a social stigma if the offence is publicized as it may involve revealing offending information about oneself such as obscene pictures or content. While it is perfectly logical for complainants to go for such compromises, even in cases which donot involve such personal defamation, the conversion rate of complaints to FIR is low. If Police share information on Nigerian Frauds, Lottery Frauds and Phishing, we will know how many of them are also being buried without investigation and registration of FIR. Related Article in TOI
The bjp.com controversy
Oct 4: An interesting controversy has arisen with the alleged cyberjacking of the bjp.com website by Congress party. It is alleged that the site was being redirected to the Congress website. Though Congress was the apparent beneficiary of this redirection, only an investigation will reveal who was responsible for the offence. In the meantime, BJP can get the domain name transferred to them through the UDRP process. More on ndtv.com
What to Do when you receive a Phishing Mail?
Oct 1: Phishing has become so common that every Bank customer needs to set up his own defense mechanism against Phishing. Naavi has been taking up several steps to assist Phishing victims both for taking up complaints. He is also taking steps to create awareness amongst the public to understand the Phishing risks as well as creating awareness amongst Bankers on how they should improve their security measures.
As a part of this endevour to create an "Anti Phishing Action Force" and empower the Netizens to defend against Phishing, Naavi has introduced two new services under Cyber Evidence Archival Center which may be of interest to Netizens... More
Security Experts Vote to Outlaw PDF
Oct 1: A snap poll amongst security specialists in the Vrus Bulletin 2010 confference are said to have voted overwhelmingly (97%) to abolish PDF standard and replace it with a safer document format. Related Article
Did China Attack Indian Satellite?
Oct 1: On 9 July, 2010, half the transponders on India's three-year old INSAT-4B satellite shut down unexpectedly due to a solar panel failure. According to some security experts, this was a result of Cyber warfare and probably China was behind this attack. It is stated that ISRO's Liquid Propulsion Systems Centre used Siemens Siemens Prgrammable Logic Controller which was vulnerable to Stuxnet worm attack. Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world and is said to have originated from Isrel as a Cyber War weapon targeting nuclear installations in Iran. Related Article