June 30, 2003

E-Mail Policy in Corporate Circles

According to a survey of 1,100 companies conducted by The ePolicy Institute, the American Management Association and Clearswift U.S. workers continue to underestimate the power of the medium. Indiscretion in the use of e-mail has cost many to lose their jobs prompting a cynical comment from a security observer that this could be a new strategy for manpower reduction!. Though 75 % of the Companies surveyed had an "Employee E-Mail Policy", many employees complained that they were not aware of the existence of the policies.  A similar survey is due in India and we should not be surprised if we find that 95 % of our companies are yet to develop an "Employee E-Mail Policy".

A Virus that hacks the Password

A Virus named Sluter A has been reported with the property of trying to make an intelligent guess of  the passwords in a network with a bank of 16 commonly used passwords. Sluter-A uses admin, root, server and various lengths of a few sequences: 1234, 4321, asdf and !"$, as tools to prise open access to network shares named C$ and Admin$. Network administrators using such such passwords can now be legally considered "Negligent" and responsible for any loss or damage that may occur to the owner of the Network as a result of such password leak. Details at Sophos.com

Chennai Police Introduce Guidelines for Cyber Cafe's

A set of guidelines have been prescribed for Cyber Cafe's in Chennai by the Police which is likely to be made part of a licensing system contemplated to be introduced.

Amongst the guidelines is also included a direction that the user computers should not have CD drive or Floppy drives. This means that the users cannot copy material from the web and also their e-mails into floppies.

At a time when the Cyber Cafe's are to be encouraged to provide low cost E-transaction facility to users, so that they can be used as "E-Business Centers", the guidelines restrict the use of Cyber Cafes to anything beyond browsing. 

Also, remote monitoring of Cyber Cafes is possible today with appropriate software installed in the Cyber Cafes. If only the Police encourage the Cyber Cafes to install such software voluntarily, then the need for imposing impractical guidelines on the lines of what Mumbai Police has done in the past would no longer be there....Details  in Hindu(28/6/03)

When All Crimes are Cyber Crimes..Who should Investigate?

When there comes a time where there is no business without E-business, there will be no Crime without a Cyber Crime element therein.. In such a scenario, will certain provisions of ITA-2000 create problems for the Law Enforcement Agencies?...More

How Good Intentions May be Interpreted as Cyber Crimes

An interesting case reported from USA highlights the need for Law Enforcement Agencies to interpret laws fairly. These problems are very much relevant in India too where the Police are just acquiring the working knowledge of Cyber Crimes..Details in CNET.com

Symantec Online Virus Check ..Beware of the defective version

 Symantec has warned customers that users of its online Security Check service might have downloaded a flawed ActiveX control that could be used by an intruder as a path into the victim's PC. They need to replace the file immediately....Details at CNET.com

Pay Channels to have a Cap on Ads

Measures seem to be coming up to regulate the ad content in Pay channels once the CAS system comes into operation in India from July 14. It is not known if the Government will be bold enough to adopt the zero ad model of the west or settle for a compromise.

It is suggested that atleast in live event broadcast, the ad content has to be brought to zero as otherwise the content for which the consumer pays for to watch live is being missed. In non-live shows, the ad content ideally should be below 10%.

RIAA Declares War on Music File Downloaders

IN a significant escalation of its efforts to curb file sharing on the Net, RIAA in USA has declared that it may institute law suits on hundreds of consumers using software like Kaazaa to download and share MP3 music files.....Details at HT

Long Awaited PKI Tool is Here

Naavi.org has been highlighting the need for simple applications in India which can enable digital signing of documents. Though Office XP had an inbuilt digital signing capability, Odyssey technologies of Chennai was the first to come up with a stand alone application for digital signing.

Now Safescrypt which has a tie up with Odyssey has released SafeDoxx which enables multiple signing of documents. Some of the internationally available applications such as FileAssurity were built for PGP encryption and were not suitable for India. Hopefully SafeDoxx will usher in a new era in the use of Digital signatures in India. Hopefully it would be priced conservatively for the common man to use the tool. Details here.

In a country considered a global super power in software, it is regrettable that it has taken 3 years after ITA-2000 for such critical applications to trickle through. This indicates  lack of long term marketing vision in the software industry where winning project contracts from  foreign companies is considered better marketing than creating branded products of our own and marketing them in India and abroad. If our industry captains  shift focus to products from projects, India can become an IT superpower sooner and also meet emerging competition from countries like China.

Indo-Pak Cyber War in Full Swing

Unmindful of the on ground peace efforts, Indo-Pak Cyber soldiers seem to be flexing their muscles and testing their mutual strengths. Soon we may need a Cyber-Agra meet to reduce the Cyber tensions...Details at Sify.com

BSNL's Internet Plan Put on Hold

BSNL's proposed post paid Internet connection at Rs 6/- per hour announced some time back seems to have hit the predictable roadblock. Ostensibly, the move has been delayed due to non availability of international bandwidth. However, opposition from other ISPs whose business interests could have been hurt being one of the contributory factors to the deferment of this consumer friendly decision cannot be ruled out...Details in BL

US Supreme Court upholds Anti Pornography law

In a judgement with wide ramifications, US Superme Court upheld the provision of the Children's Internet Protection Act requiring public libraries to install filters to prevent access to pornographic material on the web in public libraries. This provision had been strongly opposed on the grounds of "Freedom of Speech"...Details at Washington Post

Call Centers etc exempted from Service Tax

In an announcement which should bring a huge relief to the ITES sector, the Government has clarified that medical transcription and call centres and computer, vocational and recreational training institutions would be exempt from the levy.

With regard to taxing commercial training and coaching centres, the Ministry has said that commercial services provided by computer training institutes, will not have to pay service tax, though this exemption is valid only up to February 29, 2004. ...Details at BL

Goa Telecom Introduces Internet Access based on Caller Line Identification

Further to the article BSNL Scheme..Your Password will be public knowledge, it has been clarified that under the Caller Line Identification based Internet access provided by Goa Telecom, the Telephone number is used only as User ID and not the Password. More details about this scheme is available at http://cli.goatelecom.com/

At 10 paise per minute and easy pay after use system, this scheme will render the services of ISPs totally redundant. Considering the enormous benefits that the Consumer is likely to derive from the scheme, we wish that the scheme be introduced in all Telecom circles at the earliest.New P2P File Sharing System

A computer science PhD student at the University of California, Santa Cruz, Mr Jason Rohrer has initiated a new method of online file sharing  online by called konspire2b. Unlike Napster and other applications, Konspire2b works on the principle of "Broadcast" where the files available for sharing are broadcast by the owner under a digitally signed communication. The legal accountability through digital signatures can be the fundamental difference between this system and Napster clones and make this legally acceptable. Mr Rohrer has indicated that the application will be released under an open source licensing ..Details at Redif.com

We are happy to inform visitors that Mr Anubhav Kalia of www.flawfinder.com will answer queries of our visitors on Cyber Security. If you have any queries on security issues send an e-mail here. Flawfinder.com is a Delhi based Intrusion check company providing internet security, information security, database protection, and hacker detection services. 

Another Cyber Crime by a 17 year old

A 17 year student in New York used a key logger software to steal his friend's passwords and delete critical files in the school network. The student has now been arrested. The incident highlights the vulnerability of young minds to be attracted to Cyber Crimes and the need for School authorities to ensure Cyber Law awareness wherever Computer education is imparted.....Details in CNN

Negligence in Using Web for Communication

Some time back we had highlighted in these columns how CET authorities in Bangalore had floated one brochure in the website and another in print with material differences. Now a similar negligence has been found in REC Trichy's advertisement which appeared in The New Indian Express on May 25, 2003 and the website at http://rangoli.rect.ernet.in/courses/advtorec.shtml. The advertisement refers again to admissions of candidates from outside the State where the last date is mentioned as 29/6/2003 on the web version and 30/6/03 in the print version. The date of the DD required for the application also has similar discrepancy.

It is strange that the seats of learning from which future Cyber specialists of India are set to emerge have no respect for the sanctity of the web communication and the legal implications of the mistakes they are committing.

Data Protection Act in India Expected

It has been reported that a draft Data Protection Act is ready and is likely to be introduced in the Parliament during the winter session...aAccording to  Mr Rajeev Ratan Shah, Secretary of MCIT. He also announced that a national "Cyber Security Assurance Framework" was also being developed.  ..Details at BL

CAS Regime....Issues still to be Resolved

The Conditional Access System that is being introduced in India for Cable TV channels in four metros from July 14 will bring in significant changes to the Convergent media scene in India. This has raised several regulatory issues such as "Bunching of Channels", "Invasion of foreign Media", "Spam" and "Consumer liability" which require further debate,....More

PIL filed in Ranchi against Microsoft

A PIL has been filed in Ranchi against use of MS products in E-Governance in view of the cheper Open source alternatives available...Details at FE

Internet Surveillance of Critical Infrastructure suggested

In a novel suggestion to enrol the unlimited manpower support available through Internet, Mr Jay walker, inventor of Priceline.com has suggested that webcams be installed to monitor the perimeter of critical infrastructures such as Power Plants and let the images be viewed on the Internet. It is  suggested that a suitable reward system be instituted for the public to alert authorities over any suspicious movements around the structures through a click of the mouse .

At first glance this idea of "Distributed Security Management" may seem an impractical idea, but for countries like India with terrorist threats exist in every street corners, this idea of "Home Based Security" needs a second look at least for high security zones.

Details at SNP

How To Punish a 15 Year Old Offender?

A 15 year old High school student's arrest in Japan for hacking into 140 sites in 23 countries to record his protest against USA's war on Iraq, highlights the unusual nature of Cyber Crimes. Should the boy be jailed for 3 years?....fined Rs 2 lakhs?.

While not sounding supportive of the deviant behaviour, one cannot but reflect on the responsibilities of the society in not guiding our children through appropriate education before endowing them with the Computer programming skills.

Also, it is time to debate if we need  a separate "Juvenile Cyber Crime Justice system" to meet the challenges of juvenile Cyber crimes.....Details at SNP

Delinking Mobile Numbers from Service Providers

In a decision with a far reaching consumer benefit, an US court has ordered that a Consumer can change the mobile service provider and yet retain his number. Such a system already prevails on the Internet where one can shift the web hosting service provider without the need to change the domain name.

In an emerging convergence era, it is appropriate that a master registry of mobile numbers be maintained to switch connections across mobile operators without any disruption of service like the DNS servers. Hopefully this would be adopted in India too as only such a system will introduce real competition into the mobile services....Details at TOI ;  Related Article in Voice and Data

BSNL Scheme..Your Password will be public knowledge

The news which appears in The Hindu today where BSNL has announced that it would introduce a new scheme for fixed telephone line users with an automatic Internet access raises some key security and Cyber Crime investigation  issues.....More

Dr Prakash Denied Bail

It is reported that Madras High Court denied Bail to Dr Prakash who has been charged with various offences centered around maintenance of a pornographic website....Details at Sify.Com

RKSWAMY is No More

R.K. Swamy, the doyen of the Indian Advertising Industry and a personal mentor of Naavi breathed his last at the age of 80, in Chennai on June 5, 2003. Naavi pays his tributes to the man who indirectly shaped his career and was and is still a source of inspiration to him.........More

Is Linux Under Threat?

The legal suit brought by SCO Group against IBM claiming that IBM misappropriated SCO's UNIX operating system trade secrets by disclosing and inserting those trade secrets in the Linux operating system and sharing them with the open-source community has aroused interest in the IT world on the future of Linux.... Details at Gigalaw.com

CET Bangalore Misleads Students through Cyber Negligence

CET Bangalore the authority that is conducting Common Entrance Examinations for various professional courses in Karnataka has attracted over 40,000 students from outside the State. Many of them are Kannadigas by Mother tongue  for whom there is a separate quota provided they undergo a test in Kannada Language. Being from outside the state they depended on the information provided by CET on their website http://kar.nic.in/.

In a classic case of Cyber Negligence, CET has put up one brochure on the website and another in print. The two versions differ in one important aspect of the examination such as the "Date of Examination of the Kannada Test". While the brochure on the web states that the test would be conducted on the date of seat selection, the printed brochure indicates the date of examination as June 3, 2003.

When most of the outstation students completed their  written examination with prior commitments to return to their distant places, they were handed over a brochure which contained the revised schedule which was in conflict with the electronic version.

Under the ITA-2000 regime, this amounts to misleading of the students  and liable to be set aside if challenged in Court.  In a meeting with the undersigned on 31st instant, CET authorities have assured that alternatives would be provided to the candidates who are unable to write the exams on 3rd June and the same will be indicated to them through a separate letter.


Copy of the Brochure as on 29th May 2003 at 7.00 pm.

How Patent Infringement can Cripple your Business

A U.S. district Court jury found e-Bay guilty of infringing three Patents belonging to  MercExchange of Great Falls, Va., and orderd damages of US $ 35 million (Rs 175 crores). This is an indication of how a Cyber Law non-compliance can hit a Company. It is time for Indian Companies to wake up and check their own compliancy status since one suit against them can mean shutting down the Company itself...Details at Cnet.com

Hacking Kingpin Arrested

An international fraudster described as the kingpin of a hacking racket was recently arrested in Thailand on an US warrant. The Ukranian born Maksym Vysochansky aged only 25 is alleged to have committed frauds to the extent of more than RS 5000 crores. The modus operandi included selling of copies of popular software copies on the Net with implanted malicious programmes that extracted credit card data of the users. The accused has been charged of copyright violations, trafficking in counterfeit goods and money-laundering and extradition proceedings are on to get him from Bangkok to US....Details at Sify.com



Add Your Comments Here

http://www.naavi.com/is mirrored at www.naavi.org


If you would like to know  more about Naavi, the information is available here.