Naavi.org

Dont be confused with iaadhaar.com or iaadhar.com

Posted on February 2, 2013 by Vijayashankar Na

Cyber Squatting is a practice where some people register popular domain names or small typographic variations thereof with the object of attracting visitors. Some times it may be harmless to the visitor since the purpose may be to only generate advertisement revenue out of such stray visitors. But there is a potential risk of the site being misused for gathering personal information of visitors.

We have recently come across two websites iaadhar.com and iaadhaar.com both being “Confusingly similar” to the Government of India project of issuing Aadhar cards through UID authoity of India (UIDAI).

Both these sites are not related officially to UIDAI. Though the site iaadhaar.com provides information about the aadhaar registration process only and also provides a disclaimer, the iaadhar.com site is presently only a domain parking site.

It is necessary for the public not to misunderstand these as the official sites and part with any sensitive information about them. UIDAI is however is using a sub domain http://eaadhaar.uidai.gov.in.

It is to address situations like these that naavi had way back in 2000 introduced a service which is still available at www.lookalikes.in.

It is preferable for UIDAI to place a possible disclaimer in its own site so that public are not at any time in future be misguided with cyber squatters resulting in identity thefts.

Screen shots: iaadhaar.com :: iaadhar.com::eaadhar.uidai.gov.in

Naavi

Posted in Uncategorized | Leave a comment

2.5 lakh Twitter passwords compromised

Posted on February 2, 2013 by Vijayashankar Na

It is reported that about 2.5 lakh Twitter IDs with passwords have been compromised. It is also reported that Twitter has informed the affected users and asked them to change passwords.

Details in TOI

Posted in Cyber Crime, Privacy | Leave a comment

Rs 1 Crore lost by executive in Mumbai Bank fraud

Posted on February 2, 2013 by Vijayashankar Na

In one of the larger Bank frauds of recent times, an executive in Mumbai has lost Rs 1 crore through a series of fraudulent transactions in his Bank account. The transactions occurred through 12 RTGS debits within a space of 45 minutes indicating a total failure of the Bank’s security warning system.

The Bank involved is Yes Bank.

As it always happens the victim is now running around the Police where as it is the Bank which should run around the Police. The victim is entitled to be fully reimbursed of his losses by the Bank immediately and it is the Bank which has to file a police complaint and pursue its recovery.

Details in TOI

It must be pointed out that the Damodaran Committee on Customer Services set up by RBI had recommended that Customers should be provided complete control on fixing daily limits on such transactions as well as a freedom to switch on and off the Internet banking facility. It had also clearly defined the bank’s liabilities in such cases and the need to immediately reimburse the losses to the customers.

Unfortunately, powerful Bankers such as SBI and ICICI Bank have used their influence in the Indian Banking Association and prevented RBI from implementing the recommendations of the Damodaran Committee.

RBI has not shown the courage to ignore the objections of IBA and go ahead with the Damodaran Committee recommendations.

If therefore this case is taken to a Court, I would advise IBA to be made a party to the suit along with RBI.

Naavi

Posted in Bank, Cyber Crime, Information Assurance | Leave a comment

Mumbai Consumer Court awards compensation in ATM fraud case

Posted on February 2, 2013 by Vijayashankar Na

Maharashtra State Consumer Disputes Redressal Commission ordered Citibank to pay Rs 9.44 lakh to a man, after Rs 6 lakh wasfraudulently withdrawn from his account with an ATM card which he did not even possess.

In December 2006,Ratilal Israni a SB Account holder in Citi Bank noticed that between November 22, 2006 and December 5, 2006, Rs 6 lakh was shown as withdrawn using an ATM card. Israni contended that he never had an ATM card relating to his saving bank account. Israni alleged that it was a fraudulent act on the part of the bank officials to debit the account for the amount claimed to be withdrawn by using an ATM card.

Details in TOI

Posted in Bank, Cyber Crime, Uncategorized | Leave a comment

PCI Guidelines for E Commerce websites

Posted on February 1, 2013 by Vijayashankar Na

On Jan. 31, the Payment Card Industry Security Standards Council issued its PCI DSS E-commerce Guidelines Information Supplement, a set of guidelines for e-commerce security. The guidelines relate to online infrastructures and how merchants work with third-party providers.

The guidance offers a checklist of security recommendations and reminders. The guidance reviews how merchants can work with third parties to address those risks and provides a checklist for easy-to-fix vulnerabilities.

It is observed that Merchants may develop their own e-commerce payment softwar or use a third-party developed solution,
or use a combination of both. Merchants may also use a variety of technologies to implement e-commerce functionality, including
payment-processing applications, application-programming interfaces (APIs), inline frames (iFrames), or hosted payment pages. Merchants may also choose to maintain different levels of control and responsibility for managing the supporting information technology infrastructure like for example, choosing to manage all networks and servers in house or outsource the management of all systems and infrastructure to hosting providers and/or e-commerce payment processors, or use a combination.

The guidelines provide that

1. No option completely removes a merchant’s PCI DSS responsibilities. Regardless of the extent of outsourcing to third parties, the merchant retains responsibility for ensuring that payment card data is protected.

2. Connections and redirections between the merchant and the third party can be compromised, and the merchant should monitor its systems to ensure that no unexpected changes have occurred and that the integrity of the connection/redirection is maintained.

3. E-commerce payment applications such as shopping carts should be validated according to PA-DSS,and confirmed to be included on PCI SSC’s list of Validated Payment Applications. For in-house developed e-commerce applications, PA-DSS should be used as a best practice during development.

4. Third-party relationships and the PCI DSS responsibilities of the merchant and each third party should be clearly documented in a contract or service-level agreement to ensure that each party understands and implements the appropriate PCI DSS controls.

A high level check list has also been provided to assist the Merchants regarding compliance requirements.

A Copy of the guidelines are available here.

Naavi

Posted in Information Assurance, Uncategorized | Leave a comment

Vishwaroopam Episode and Free Speech Rights in India

Posted on February 1, 2013 by Vijayashankar Na

During the last few days, discussions about Vishwaroopam, the movie has occupied the Indian media and have opened up debates on Free Speech as well as the Responsibility of the Police and State Governments as well as the power of Muslim fringe groups to dictate political will.

To record the facts, a well known artist in India by name Kamala Hasan produced a big budget movie called “Vishwaroopam” in Tamil, Telugu, Hindi and English languages. The subject of the story is “Terrorism” and appears to cover the Alquaida type of terrorism. The film has been already released in Los Angeles and was set to be released in India in multiple centers when it hit a controversy as to the contents being objectionable to the Muslim community. Presently it is running in some places but is yet to be released in Tamil Nadu the home state of Mr Kamala Hasan.

The film was set to create history by being the first film to have a premier release in the DTH as Mr Kamala Hasan had planned to release it through DTH channels a day before it was to hit the theaters. This was first objected to by the theater owners and hence did not materialize. In the meantime Mr Hasan invited a group of Muslim organization representatives and showed the film to them which Mr Hasan now claims was with a desire to use their references for the promotion of the film. The move backfired or appears to have backfired as it developed into an action by the Tamil Nadu Government which blocked the release of the film all over the State. The matter went to the High Court and after the Judge made a strange suggestion that Kamala Hasan should negotiate with the Government for a settlement, it was followed by the judgement ordering that the movie can be released as it had already been cleared by the statutory Censor Board. Th Government immediately went on appeal and a full bench of the High Court stayed the judgement of the single judge and ensured that the movie is still in cold storage in Tamil Nadu.

Pained by the developments, Mr Kamala Hasan announced in a press conference that he was considering shifting out of Tamil Nadu which was not a “Secular State” and if he cannot find any other State in India where an artist could live peacefully, he would shift out of India. This statement branded Tamil Nadu as a State which was not secular and did not support artistic freedom.

Some also alleged that the stand of the Government was dictated by the refusal of Mr Kamal to provide rights of the film for a TV channel which is believed to be controlled by the Chief Minister.

Stung by the implications, the Chief Minister of Tamil Nadu, Ms J Jayalalitha held her own press conference stating inter alia that Mr Kamal wanted to release the film in 500 theaters and according to the intelligence reports, there was a possibility of Muslim groups opposing the release and the State did not have enough police personnel to be deployed in all the locations to curb possible violence and hence they had taken a stand to stop the release. She also denied that there was any consideration as alleged about TV rights in the decision. She also passed wry remarks on Mr Kamala Hasan allegedly having spoken in support of a “Wasti-clad Prime Minister” (A reference implying his preference of Mr P.Chidambaram- who is a political rival of the Chief Minister, to be considered for Prime Minister ship). She also passed some uncharecteristic remarks that Mr Kamal was unwise in taking up a large budget film at the age of 60.

Mr Kamal who initially contemplated going to Supreme Court challenging the High Court decision has now announced that he would wait and negotiate with the Muslim groups. He refrained from taking a stand against the Chief Minsiter and appeared to be diplomatically submissive. In between these controversies, pirated copies of the film appeared on the Internet and were quickly blocked.

The episode is a sad reflection of the state of Indian democracy and the status of “Freedom of Expression”. The fact is that our democracy is critically dependent on “Appeasement of the Minorities” and even persons like Ms Jayalalitha who was hitherto suspected to belong to the BJP camp and strong in administration has now shown that the policies of the Indian government authorities in both the State and the Center are guided only by the electoral considerations. If they see a group that consitutes a potential vote bank, they will do whatever is necessary to attract them whether it is unethical or illegal. The TN State Government expressing its inability to maintain law and order against a threat perception is also a development which raises a question of what is the responsibility of a Government in administration. In the current episode, after the initial singe judge verdict there was no justification for the TN Government to go on appeal abdicating its Governance responsibilities.

TN Government has by its action given a new undesirable guideline to other State Governments to take similar stand in future. I would not be surprised if Karnataka Government puts up the same argument namely- “We anticipate public unrest. We donot have adequate police machinery to handle the situation” when TN raises the Cauvery issue in future.

The incident has also exposed the weak belly of the Indian political system and if a strong leader like Jayalaitha can succumb to the temptation of Vote Bank politics, the possibility of other leaders standing up for principles is remote. There is also a possibility that Ms Jayalaitha would have sensed the opportunity to play politics, first imagined and then ignited a religious opposition where there was none to get political milege. This sort of intelligent manipulation of an event for a political advantage is the hallmark of current day politicians in India.

If a reputed person like Mr Kamal considers surrendering to the whims and fancies of fundamental muslim elements and or scheming politicians, then others stand no chance. By opting not to go to Supreme Court, Mr Kamal has prevented the only opportunity that was there to salvage the reputation of the system to come in support of Free Speech. Free Speech in India is therefore dead and gone. If the matter had been referred to the Supreme Court and it had dismissed the opposition with a guideline on the State’s responsibilities in similar situations, we could have seen a positive outcome of an ugly incident. But this has not happenned.

If this is the situation in the physical space in India, we can expect the Cyber Space to be no better.Today it is about speech that hurts the Muslim sentiments. Tomorrow it could be other reasons. Ultimately we can only speak in cyber space or physical space in “Diplomatic language” and nothing else.

If therefore Netizens need to survive in the Cyber Space of India with self respect, they need to organize themselves in Cyber Space without getting divided by language, caste and community and form a cohesive group which represents a significant voting strength in any future elections. An opportunity to forge such an organization is being debated separately in www.aifon.org.in and I invite interested persons to participate in the discussion.

Naavi