Social Icons

Tuesday, September 24, 2013

Leh Paroxysm : The unplanned trip to LEH

www.tatasafari.com/

This post is written for Indiblogger for I am Explorer! in 
association with TATA SAFARI

1.   Have never shared the script of my greatest journey of life with anyone on the web....but got some free time...and then I came across this SAFARI STORME competition and thought of sharing it in the webosphere...though my blog is all about IT...but then for a change I am going to share this one on my blog that will basically cover driving...driving and driving and driving....nothing else..sheer driving...that too in the mountains with few worst sets of roads....I simply love it...

2.  So two summer's back,it started with, at a lunch that I had at my friends place in Delhi...and one of his friend their was sharing his grievances of never been able to find a friend with whom he could plan a Bike trip to Leh...he too was passionate about biking and adventure like me...and the moment he shared his grievance I was their in front of him standing in Attention and said..."Sir...here is your friend that you have been longing for so long...."..he could not believe it and the sheer yes from my side had tears of joy in his eyes...(pun intended)...and so a week later we started with another volunteer and the best part was that except for our basic clothing and tying ropes we did not plan any other thing like where are we going to halt or stay for the night..one of us Chetan soni was kind enough to brace us with lots of google info printouts that proved critical en route the entire trip....so before I start with the details..I would first summarise the trip.

Delhi - Bilaspur - Manali - Rohtang Pass - Patsio - Pang - Moore Planes - Leh - Pangong Lake - Leh - Nubra - Leh - Batalik - Baltal - AmarNath Yatra - Srinagar - Pathankot - Amritsar - Jallandhar - Delhi

16 Days @ 4285 Km


3.    So we trio got together first at Karnal Bypass and then after seeking blessings from a small Hanuman temple there,we started to Bilaspur.Being the kind we foodies were...we though tried to drive and just drive but the hanging tongues at the road sides Dhaba's were enough to halt and have a grt food bite....

3

and off course since it was just the start ..we were slightly easy to stop...and then we stopped at Cafe day to ease out the humid environs!!!!

and then it was a non stop to BILASPUR...

Posing on way to Bilaspur,Himachal Pradesh.Till now the typical humid factor and summer heat was with us...and the best part is that it was not going to be with us for long....
When we were venturing into the darkness time late evening,we decided to halt for the night at Bilaspur but where.....so first we inquired about few hotels and then suddenly we came across this board of Govt Rest house...and we rung the bell...the officer their was kind enough to tell us that there was one room available...he checked our voter I cards and let us in...so after a simple veg dinner we just fell down on our beds...first day was our around 429 KM
Early morning Pose right in the sprawling green Lawns of the Guest House..we cleaned our bikes...checked up the basics.Thankfully all was well....so here they are seen raring to go!!!!!

we left Bilaspur early on way to Manali...we left early at 0500h...we ensured one more thing evry day we started from a place....HANUMAN Temple....and surprisingly we used to find the same at every place we ever searched for....sought the blessings...and then moved ahead....


Could not resist the tempting river call flowing aside our route....breaking into the break....


we saw interesting lives en-route like the one seen below

We were slowly entering into the realms of nature....which has lost all most all of its sheen in the cement concrete in cities.....the lush green effect had started taking up as the new desktop background of our new life ...though only for a short duration....
It was just the size that made us come closer to the champ seen...but had all the traits of a mini-Godzilla :-)
Vanishing in SPEED...
Crossing successfully....missed the trucks!!!!!
Posing inside the 3 km long canal....pitch dark at few places inside...the head lights were saviours
Entering the Manali Sarchu Road.Till now the roads had been like a ideal dream stuff....what was awaiting us was not known to us ahead.
Preparing one of the devils before the launch to Rohtang early morning.It was surveyed at local level that the earlier you move from Manali ...the better it is going to be....and the advise was noted and made compliant with.We left as early as 0430 am....in the arly morning chills
Right at the gates of SASE....thanking for the hospitality.....
Leaving early morning....
 The Game Begins...its now snake and ladder....at a snails Pace with no sight of clearing the traffic...the long stream of SUVs and tourist buses had no end....
I love these roads..the roads that have taken shape only owing to the moving traffic...and the innumerable blasts by the BRO to give them a face to look like road....but the natural beauty covered it all....

 Little Success on crossing one jam and sluggish roads


Manoeuvring through the slim and sick roads!!!

Moments that we have been waiting for in our lives...the mountains...the pleasure of driving in the terrain which offers only natural resources as support...


These little ways in between  standing trucks were good enough for bikers to move ahead,,,,to reach LEH...the skills were borne by us thankfully to manouvere inbetween....
The Devil Swim


What we see below in the pics is just a trailor of roads that we are expected to move along on the entire journey....sluggish...soaky...hardened by stones...


oooh..lala....life is getting cooler!!!!!rohtang pass was one of our first interactions with passes...but with the kind of stories we had read in various blogs we were lucky to get out in about 5 hours...


Stuck for nearly 5 hours..... and then finally a little congrats to each other on crossing the first major hurdle.....


Found a cave in between ...reminded of the Lord Shiva...just checked inside if we have finally been able to locate Lord Shiva's House...


Finally at ROHTANG PASS!!!!!!Shout is a must to celebrate.The all around cloud cover was though a danger sign for moving further but who cares...this is what we wanted....to expect the unexpected at each moment ahead...we had no plans of where to stop for the night...the only plan was to enjoyyyy nature and surroundings....


Such bridges were in not less then hundreds...at few places ahead we found few broken bridges.....that added to the planned hours of move....


Any time we sighted a flowing river...we would not hesitate to stop and have some fun by opening cans of the jaw water...:-) and we dedicated various such stops to the bikes...make them relax... :-)


It's a wow feeling...the bikes...and the trio of us...such a combo in the best of places with only driving as the mission....drive drive and drive....

To get this click...I had to jump about 10-15 times before my friend Chetan got it correct...this was just the beginning of various jumps we got addicted to...many jumps ahead!!!
The cloud and the dust cover had started to dominate....and the nallahs had started becoming more frequent...crossing the same was an art that we some how quickly learnt.....
The wrestle with flowing water at full speed and the machine with each one of us on the top was a hearty experience...that made our beats faster and the speed quicker....
So...we saw the first fall...no major damage....

The security forces units enroute played a great part in our successful trip...we had never planned or tied up with any hotels...or make shift accommodations for tourist...but these guys were always ready to help us out....a plain verbal request at the gate was enough...off course they checked our identity proofs but no further interrogations....the stays were made comfortable ....and the hospitality at such heights only made us respect them more....


The road was never ending like always...keep driving....


This was our first experience of crossing a flowing and bursting nallah...and the good thing about our team was that none of us had a Royal Enfield or a bike with a silencer parallel to the ground...my pulsar had a silencer which had a acute angle formation with the ground...so no water could stop us...and we paved ahead ...though it required some driving and manoeuvring skills


This is one of the Royal Enfield that got stuck in between the nallah...and we ensured to not only assist in pushing...but also concluding the cross...


Another pass...another happiness...another celebration


Posing with machine...did not miss any opportunity


Thats my LIFE...my view....live life full throttle....live your passion....and I was fortunate to experience these moments...thankyou GOD...for blessing the trip....


Can their be a better desktop then this ?....each thing is a gift of nature...un touched...unexplored by the humans!!!!


That's BIRU DHABA...seeing this site at a place which is inhabited by none....shows that there is no dearth of adventurers in this world who have been able to drive in this terrain regularly...and so regularly that dhabas like this exist to make a commercial living for the locals..


Man and the machine....and the backdrop....each pic speaks of volumes of what nature has to explore....


Straighten it out MAN........got a moment to straighten the back and below was my temporary bed....


The best bed ever slept on...balancing act!!!!


The road goes on and on...no end....sheer driving pleasure...no phone signal to get disturbed...no traffic...no waiting....chal bhai chal.....


Relaxing Machines....and we stopped for a nature's call...


The combinations of clouds,mountains and terrain was a never seen,never imagined and never experienced moments.....


The roads which were sandy and sluggish till now....slowly started getting rocky...we thanked god for each moment we moved ahead....lest we suffered a puncture in such a terrain....


21 hairpin bends called Gata loops took us from 4190 mts to 4630 mts. height. and measuresd approx 25 kms from sarchu tents.


The loops were keen to ghost us....like the stories existed and we had read on various blogs....debriefed here in short...

" Years ago, it seems, a truck broke down on the same bend. The driver, mindful of the cargo he was carrying, told the cleaner to stay with the truck while he walked to the nearest village to get help. Off he went, trudging the forty kilometres of mountain roads that separated him from inhabitation.

He got there, totally spent, to find no help in sight. A storm on another pass had closed the road, there were no mechanics to be found in the tiny village and, even as the driver waited, the weather closed in. He was stranded in the village for over a week before a mechanic and a vehicle came by. By the time the party reached the truck, they found the cleaner dead, felled by exposure and thirst, high on the bone-dry mountainside. Rather than carry a decomposing body home, the rescuers buried it close by.

Then, things started happening. Travellers stopping on the loops started meeting a man who begged them piteously for water. People who refused were soon writhing with mountain sickness, and some even died of it. Those who obliged, though, saw the bottles they offered drop through the man’s hands, while he kept pleading for water. Terror struck the region and only subsided when the locals set up a memorial at the site and made offerings of water to placate the ghost.

No one stops unnecessarily on the Gata Loops."


The bottle devi....a memorial as mentioned above of used water bottles!!!! remarkably Indian


After the gata loops...we reached the Lachulungla Pass.Located some 54 km from Sarchu and 24 km from Pang,this is one of the easier 16,616 ft passes and it can be traversed cross-country by moving along the nallah on both sides. However, due to elevation, most of the the bikers face breathlessness during climb and those who have not undergone acclimatisation may face severe symptoms of altitude sickness...so at such places we only decided to click and move jaldi jaldi..


The roads...alass!!!were not there....


Can their be anything better then this....u r a dot from far!......


and even a smaller dot from much far.....


Pose can never stop.....


Click me buddy!!!!i m feeling like a bond.....


Helped yet another time by a security force make shift camp....no worries...jai army...jai hind....i love them...good food...and a good sleep...we could get here....


The morning meter....


Morning check of the machines....basic repair and maintenace had to be done...to expect a flawless performance on such a terrain


My pulsar...my machine...my life...my time..."IT's my LIFEEEEEE"


Moore plains is crossed by the road from Leh to Manali. This stretch of approx 40 km falls in between Leh and Sarchu on Manali-Leh Highway. This road has an average elevation of 4000 metres and is flanked by scenic and beautiful mountain ranges on both sides. At some places the road runs along the Sumkhel Lungpa river featuring some stunning sand and rock natural formations. Unexpected breaks in the plains, you make your own road is the policy when u drive.
 
The road goes on and on....no established road....u drive and make your own road...
 The plain area starts after covering around 4 km uphill road from Pang towards Tanglang La pass. The road is mostly on the plain for around 30–35 km, before it again starts to rise to Tanglang La. Flanked by beautiful mountains on both sides, this area is a major attraction to the Bikers heading towards Leh from Manali.

The area is uninhabitable and has no construction at all, and also no population...no trees...no vegetation...no birds...nothing...!!!
The Dusty State of the Explorer


Another pass...another coming together...another click....we have been achieving newer heights every day of the trip and the good thing is that there are many more to come



The ride must go on!!!!!



The unofficial...shabby looking,not to scale road signage and directors were of great and crucial help when we moved along the general directions on the roads....

The roads as beautiful as this were never ending...and we always kept waiting for something like a small puncture to happen....so that we can test our repair skills....but we could never get such an opportunity...thank you god for that!!!!


More then in Bike..we felt like engine oil doing the rounds in our veins that kept us moving along these beautiful roads...and these are the same roads on which trucks and buses ply for the localities...no wonder one trip would eat into each vehicles Clutch and Brakes......


With no in habitat around...it was only the roads that showed us the way ahead..the tell tale signs of the earlier tyres were the source of navigation....


and stoppages like these were some times irritating for the speeds but it was we only who asked for all this...no one sent us on a mission....


so after this unexpected break for about one hour...we started crawling ahead with confidence in our tyres....on such roads..more then confidence in selves..it is the confident in tyres that makes the way ahead....:-)


Looking for the third guy......


oh!!!!!here he was...few metres back on a turn...he had a skid...thankfully nothing major...some dettol and a bandage were enough to keep the mission on the move....


Bike damage was not enough to deter us moving ahead....thankfully....


So after the this we started moving ahead...a closeup of the damage


and yess!!!!!!!!!we saw the first sign-age that welcomed us to Leh....it was our first step in the Leh terrain...that we have waiting for our last 4 days.Today was our fourth day...most of the pics tell you the date to show our dates of move....


We moved ahead...and the roads were slightly getting better...we started seeing public..population which our eyes had been deprived for last two days...we could see markets welcoming us....


But the main city was still about 60 km from our welcome point...


and yess!!!as we entered in the out skirts of Leh...we tasted success...ie the national food of LEH...Maggi...ha ha ha...we had it like about 2-3 plates per person...and we never knew that this is going to be the most sold out food in outlets and restaus ahead.


As we found this barren land in between our present location in the outer skirts of Leh...we started doing Saat Pheras....so that we get bonded by heart :-)


This PIC is my personal favorite...the flag shining and flying and my machine relaxing!!!


and then we found the same set of Haryana Guys whom we had met and helped out earlier...these guys were like great...they had travelled around the same route like we had...but with a twist....two guys on one bike...abd each bike was a mere 100 cc...how did they manage...I still keep wondering


So after we reached Leh...we found a relatively economical accommodation and you can see that after bath and clean up...i started looking smart and handsome again....:-)


So the first and foremost part early next morning of our first day at Leh was the basic maintenance of our machines who had without any issues helped us out reach till here...so here we are posing with our mechanic


Though there was no dearth of bike repair shops in the market,we trio filtered out this guy at SHIV SHAKTI shop based just on our bike handles....we all stopped some how at his shop...we all looked at each other...and YES'd to select...thats how...and we were not wrong...his basic repairs were enough to handle us till Delhi...


Repairs ON!!!!!!!!!!!!!Rock ON!!!!


A hot cup of tea en route to the world's highest motor-able road..courtesy ....the security forces...we were already indebted to them for lending out a helping out every time we desired or we felt like some one helping us...loads and loads of thanks.....


Top view of the Leh city from a approach road point to Worlds Highest Motorable road....


Can their be some thing like this shoppe.....Highest Cafeteria in the World...surprised us and we immediately ventured inside to find out varieties of national food of this terrain "Maggi"...what else?


One kid monk requested us for a photo on one of our bikes...feeling like heroes :-)..we could not say no to our first fan....


and here is our dream pic of the trip...KHARDUNGLA fateh!!!!the machines who bought us here in the front and we stand in the back ground


We were so happy and enthu about this feel that we did not even come down from the place we are seen standing...for about 30 min we kept standing at the place we are seen in the pic....:-)


The trio with the waiving flags...


this is the pic inside the worlds highest cafetiere ..had a hot Maggie and a hot coffee...it felt so good....in the heaven and feeling heaven....heavenly feeling :-)


and we started our move further and the scenes were just getting better..all around the scenes were better then each other...we could not resist clicking...just went on clicking and the pics as seen here are just few of the thousands we have in our repository.


then we first went to the hot geyser location that we had read across various blogs...at Panamic.Along the Nubra River,there were various small villages viz Sumur, Kyagar , Tirith, Panamik, Turtuk and many others. Samstanling monastery is between Kyagar and Sumur villages, and Panamik is noted for its hot springs and then there is this  isolated Ensa Gompa. Sadly the hot water stream did not make us jump with joy...as it was equivalent of tap water flow :-(.The yellow color in the pic below shows the erst while sulphur that remained and the water that was their in the past...but now now....


The kids in these villages were always keep and enthu not only for the pics but for various choclates that we used to distribute anywhere we found a kid....


The journey went on from Panamic...and now we headed for the desert...the highest desert in the world with double hump camels....we always wondered that in this chill cold what can a desert with camels look to fit in like....


Pictures and photographs can be clicked but not the feel....for any biker..visual treats like this can always be only felt...and remain in memoirs....another favorite of mine is seen below.


and here comes the camels and the desert....it is sheer nature that plays such games....I had only seen deserts and camels in Rajasthan...but at such heights and such cold....we were left wondering of the combo....


The double hump camels..resting at peace...Camel safaris here at Hunder and Deskit are the most popular centres for the tourists. This ride through the Nubra valley surfing the rugged terrain and changing landscapes of sand and snow was one another memorable parts of the trip.


Finally we could see people flocking this pretty inhabited area...full of tourists...kids..children and camel safari's....the weather could not have been better


Manning the machine and smile tells it all for me.


Feeling deserted was never so good as seen in the pic....the cool sand and the sun combo was mind boggling....


Where did we stay....?yess!!!it was again the secuirty force camp...by now we started giving references of our past stays at their respective transit camps...and no one said "No"...


Early next morning we started back for Leh and this time we were looking for the 3 idiots climax location...PANGONG lake....


the desert had made our faces look deserted as can be seen.....


break for natures call....


We were now getting used to regular jams that used to happen any time unexpectedly...so here we are seen waiting again....


wait...wait....wait.....


wait continues as we keep clicking the basic area around to pass time


resting machines....


again getting back to khardungla while getting down to leh....this time the pose was planned!!!


The place at Leh....where we all stayed...nice economical stay...we could not have asked for better...



next day we started for pangong lake and here we are seen seeking directions from the army guys...


beautiful roads .....


One of us just wanted to celebrate in a different manner as we pass the worlds third highest pass "CHANG-LA"


Changla has been captured by two of us...and we have the proof below ...:-)


stranded and sitting in peace while the other guys attends a nature's call....


Started feeling high as we approach the Pangong lake....


Isn't it simply wow!!!!!this is the first sight of the lake.... traveled for about 5 hours from leh....the roads were finally good for a large part of the route....


The Pangong Tso...the board tells about the history....interested to know...zoom inside!!!! :-)


U see these small hutments....the exact 3 Idiot climax location....


and I tell u ...the lake was sub zero....and we decided to try our luck here too....dip dip dip...and it was another frozen experience....first time in life!!!!!



Life was never so cool....and chilled


Pangong Tso has few special things to know about….one was the fact that lake has boundaries that separate China and India…second, within the lake some part of the water is saline and some part is sweet like you can drink with comfort….third ..the color of the lake though is blue all day…but the shades of blue keep changing every 10-15 minutes based on the cloud cover and sun shine availability…The time at Pangong Tso for finding a suitable accommodation was also great fun…after driving alongside the lake we came across various options that included the basic tentage to the luxurious tents with hot water geyser!!!our priority of location was based on the nearest vicinity to the lake wherein we can hear the sound of water at time of silence in night…so we opted for this Whitehouse as seen below….and I tell you that this was another good decision…not only was the stay good but in such chills when hot food served…we could not keep thanking God for making us experience all this…the camp fire was icing on the cake….and here is our Pangong House for the night....bang opposite the lake....


This became my profile pic at Google....the best with my machine


Reminds you of the 3 Idiots...that we were trying to prove we are...


We met this cute set of kids on way back to Leh...and Rahul could not resist stopping and offering them sweets and I could nbot stop my self clicking!!!


And below is the Magnetic hill....where crowds can be seen fighting over the fact and illusion....does this mountain has ghostly powers to pull a car if stranded without engine start....we trio had our doubts about this....


The journey to Amarnath Continues....


another jam of traffic...another blockage...another waste of time....


A Small event like a car getting stuck in a bridge can add to about 3-4 hours to your journey...and here we are seen wasting few ....


The long jam...continues...and keeps occurring every 15-20km of each other....but who cares...we have our oiled machines ready to take us at any hour of the day or night.


Do I need to say where the other two guys have disappeared!!!!!!!!!!


The noise of this flowing water seems like music by nature...


The thrill at reaching Batalik.....stayed over nite at a local's hutment....Batalik is that part of Indian Administered Ladakh which has been the centre of all Indo-Pakistani wars. Operation Safed Sagar was launched primarily in this region. It was one of the main regions in which Kargil war was fought.


Started early morning....and as always ...clicks are a must


Kargil welcomes us!!!!Thanks Kargil..
.

Now here we are seen standing at the second oldest inhabited place in the world...so many firsts in so few days...


The Tiger Hill.....stop to click..this place has its critical significance.Tiger Hill or "Point 4660"is a mountain in the Drass-Kargil area of Jammu & Kashmir, India. It is one of the highest peak in the area and was the subject of the famous battle during the 1999 India-Pakistan Kargil War. Its recapture as it was claimed by the Indians was one of the most important objective for Indian forces during the Kargil War.


Seeking directions from localites


and now we are very much near the shrine ...another about 30 km's...but I must tell you that these 30 km's were the toughest part of the complete trip...soaking mud... continuous rains..slippery and narrow roads...with regualr army convoys coming from the opposite directions at roaring speeds


And here comes the best part of the trip...the AMARNATH Darshan...this view from top was the first sight of the devotees camp....it looked like a wallpaper HD View....from top.


The closer we came to the camp..the more beautiful it started to become.

After lots of documentation and clearances and security checks we finally started the yatra early morning at 0300 am...pitch dark and chilled cold..was the weather...but the enthu inside us could not be beaten by any...we started and we were at the main temple up in about 4 1/2 hours...for most of our circle it was a record of sort....what carried us at this speed was actually the thrill we were imagining of going further ahead after this...ie to srinagar and ahead.....:-)


The yatra was an experience in itself...the number of devotees was just like a ant story....the queue never got over...jai bhole baba was the cry and naaraa all along....har har mahadev.....


Finally on reaching near the cave temple...we could see the commercial shops all along offering prasad etc....


Were we tired?....aah!!!!not at all...we were all jumping to new heights :-)


Never late to give a pose to the camera....


After the darshan...we started back....and it was not so easy while we got down....the crowd...and the rush...made it difficult for us to move at the speed we desired.....but alas...there was no choice....


We took our first break since the road was blocked for some accident had taken place ahead...we had to stop...so we rested our backs!!!!


Finally back with our machines....the journey and the yatra to amarnath was over...got the blessings and we started getting ready for the next move.


The local children were too happy to see three bikes and guys with camera's...all ready to pose....the josh was on!!!


The journey to srinagar started and we were there after a cruise of non stop 8 hours....


...and here we reached Dal lake...and the josh was on......yahoooooooo!!!!!!!!!!!


Dal lake and the boat ride....it was another never to forget experience


The spearing boat....took us into the water streets...relatively unknown concept to city guys like us.....


Shopping complex along....

After a days halt at srinagar...we started back next morning early at 0400h...and we only stopped at Patnitop.....the down fall had started....we started seeing sweat and humidity again....


The face had damaged like never before...the hair had started vanishing...the natural face had started coming out of us....the handsome guys were no more looking handsome....


A famous sweet shop....we took our packed orders for the families and friends waiting at Delhi....


and here after riding and cruising through udhampur....we were into the lanes of punjab....and we started looking more handsome...the faces can be seen...but the enthu was even much better


At a friends place....at amritsar.....too happy and shocked to welcome guys who drove from delhi up to leh and got down at amritsar!!!!!


At the golden temple at Amritsar....seeking further blessing and thanking  for the continued blessing en route greatest bike ride of our lives


Starting back for home...the conclusion begins...now deciphering the amritsar streets....


the tanned face had started glowing on thoughts of getting back to the metro life style...


The journey back to home had started...the road to Delhi...the concluding part starts.


The house door...with a WELCOME BACK SIGNAGE by my daughter


here my father and mother are happy to see me...and I will always thank them for allowing me on such a rigorous trip that I now realize after two years....


My mom....


and my Wife...who always bears my adventures silently...thanks wife


Wednesday, September 18, 2013

LATEST ISSUES & TRENDS IN CYBER SECURITY &THREATS :IETE Diamond Jubilee National Seminar

 1.  Copy of the presentation that I gave at Ajay Kumar Garg Engineering College on the occasion of IETE Diamond Jubilee National Seminar.The Institution of Electronics and Telecommunication Engineers (IETE) is India's leading recognized professional society devoted to the advancement of science, technology, electronics, telecommunication and information technology. Founded in 1953, it serves more than 69,000 members through 59 centers/ sub centers primarily located in India (3 abroad) . The Institution provides leadership in scientific and technical areas of direct importance to the national development and economy.Association of Indian Universities (AIU) has recognized AMIETE. Government of India has recognised IETE as a Scientific and Industrial Research Organization (SIRO) and also notified as an educational Institution of national eminence. The objectives of IETE focus on advancing electro-technology. The IETE conducts and sponsors technical meetings, conferences, symposia, and exhibitions all over India, publishes technical journals and provides continuing education as well as career advancement opportunities to its members.


Sunday, September 08, 2013

Kernel panic after Ubuntu 12.04 LTS update : SOLVED

1.   I recently had installed one new VM with Ubuntu LTS 12.04 last week.All was running fine and I ensured it had all the updates but after one last update I could no more boot into the desktop..instead I started getting stuck at the grub and then kind of the following messages :

Kernel panic - not syncing:Attempted to kill init

unable to read itable block

exitcode=0x00000100


2.  After many attempts I could not solve the issue but all went okay after the following were ensured and run...

Step one...start ur PC and choose the previous Linux version for boot.Once you get into the desktop...get to the sudo mode and run the following :

sudo apt-get update

sudo apt-get upgrade

sudo apt-get dist-upgrade

3.  Should solve the panic...after a reboot.....

Sunday, September 01, 2013

IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA

1.  Recently attended  IT SUMMIT : Next Generation Network security at AMITY,NOIDA campus.The day long summit had three panel discussions including Big Data,Cloud and Next Generation Network security.I was part of the third panel discussion..uploading the ppt  here....







Tuesday, August 27, 2013

After What's APP : Now WeChat threat!!!!

1.  Few backs earlier I wrote a post about Security Issues in Whatsapp here. Now exactly on the same lines there is a proven issue on Wechat....

2.  WeChat gained an immediate success the moment it was launched few months back in India.Every one was so happy to adopt it in their respective androids but it seems that the application is not so secure as hackers have been able to bypass the security mechanism to decrypt the messages sent using the app and China could be potentially spying on Indian citizens...
 
3.   Rest ditto from Parity news at http://www.paritynews.com/2013/08/26/2487/wechat-is-a-threat-to-national-security-claim-researchers/

According to a couple of young researchers, Jiten Jain and Abhay Agarwal, the free messaging app doesn’t employ the best of encryption and security technologies, which leaves personal information of its users vulnerable to theft. To prove their point the researchers went onto demonstrate the ease with which the messages sent using WeChat can be decrypted, indirectly indicating that foreign governments could be doing the same thing for spying and surveillance purposes.

The researchers were discussing the potential risks to privacy of users because of surveillance techniques employed by service provides across the globe at The Hackers Conference in New Delhi India on August 25. The researcher duo claimed that app from Chinese Internet Giant Tencent is threat to national security.

Jain and Agarwal claimed that not only can the Chinese government access the chat logs, but they can also access each and every detail about users stored in their smartphones – ranging from contact lists, messages, calls, geographic locations, etc.

One of other points raised at the conference was that the Indian Government is not able to successfully utilize the vast potential of security researchers in India. The Government has failed to secure its websites never mind the security of the whole nation. Researchers present at the conference stressed for the need of raising awareness about security within government establishments and masses in general.

Researches urged the government to strengthen the security of its websites as well as digital data by grooming in-house security experts as well as by availing help from industry experts present in India.

4.   In fact the duo did not hold back to say that it is a severe national threat...and I agree to their view...but who cares!!!!elections are coming...we are not even bothered about so many internal threats...external is out of purview!!!!!SAD.

Monday, August 26, 2013

Finding Maximum frame size on the Network : PING makes it easy

1.   We know how to get the IP address of any website...we simply need to ping it.For example if we need to know the IP address of a website ie www.somesite****.com...then we only need to ping it....like shown in the screen shot below :

2.   So we get the IP address of the web site at www.somesite****.com as *.*.*.*....But if we need to know the maximum frame size that this can handle...what's the way out ?...ping will be able to assist us here too...we need to add some switches to it...so the next command goes like :

ping www.somesite****.com -f -l 1500 and we get this as the output :

3.   The display Packet needs to be fragmented but DF set means that the frame is too large to be on the network and needs to be fragmented.Since the -f switch is used,the packet was not sent and the ping command returned with this error.

4.   Now instead of 1500...type the same command with the attrib as 1300 like ping www.somesite****.com -f -l 1300


5.   So here we have got a bracket of size ie the maximum packet size is more than 1300 and less then 1500 bytes...so keep trying with values between 1300 and 1500 till ur reach the exact breaking point wherein the message in the ping display changes...so here the border line at which the message changes is shown in the screen shots below :



6.   So for the given www.somesite****.com ,the maximum frame size on the machine network is 1472 bytes....

7.  If you wanna try this in your network,then the 1300-1500 set that I have used may be different...so first you need to figure out those boundaries yourself!!!!!

Sunday, August 25, 2013

Wanna sync Two Harddisks / Two Folders : GRSYNC is there for you!!!!

1.   I have two harddisks of 500 gb and I have loads of data in both...but i could never find out time to set my data at one place and then make a clone kindda or a bakup of the other...it is a herculean task if you keep updating your one harddisk regulary...so the crude rule says that you must copy the updated folder to the backup drive and then keep replacing the older one's....but if the data is too much and the files are in thousands and you have lesser time wouldn't you like to simply click one button and auto syn the complete folder or the harddrive at one go!!!!!What if you have the following GUI that give a whole lot of options to play around...like in the screen shot below :

 
 
2.  Isn't this simple and great...no need to bug yourself trying to find what was old and what is newer...what to keep and what not to keep... you simply see the options above and you will be able to figure out how helpful this utility can be if u have not been suing this till date....The best part is that it is very simple to use.

3.   Grsync is a Graphical User Interface (GUI) for the rsync synchronization tool under Linux / Unix System. There are also ports of Grsync on Windows and OS X platforms. Grsync is released under the terms of the GNU General Public License (GPL), so it is free software, and makes use of the GTK+ UI toolkit. In addition, it has support for the Unity user interface. It can be effectively used to synchronize local directories and supports remote targets (although in a limited way).

How do u install this in FEDORA ?

 4.   A simple type yum install grsync with root privileges will do the needful.....

Saturday, August 17, 2013

Reduce Tracking/Increase Privacy : Start Mozilla in PRIVATE MODE by default

1.   Earlier in one of my posts I had shown on how to start chrome in "INCOGNITO" mode to avoid any cache storing and also at the same time remove cookies at the end of the session....the following steps make way to start the mozilla browser by default in a private mode.

2.   As shown in the screen shot below...go to the Edit drop down menu and select preferences and then go to the privacy tab and select NEVER REMEMBER HISTORY

(Click on the image to enlarge)




(Click on the image to enlarge)


(Click on the image to enlarge)


 3.     The video cast below :

Friday, August 16, 2013

If u r Google Service User : Don't EXPECT any Privacy@MISINTERPRETED!!!!!

1.    For about last 4-5 years ,we have come across many debates about how so many companies are minting our private data and associating that with third parties to create a profile based marketing environment in and around the naive user....and except for the few white papers about the technicalities involved in doing this ...max of the companies had denied mincing with privacy..but actually they were just mincing with words to have their way inside the privacy den of each user!!!!and now the big revelation from Google comes as part of small news...and that says 

"Google Tells Court You Cannot Expect Privacy When Sending Messages to Gmail -- People Who Care About Privacy Should Not Use Service"

But it seems that the meaning has been mis interpreted....


2.      Isn't it a big news otherwise!!!!but the news has been put across the web as just a small snippet news....

"Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s ECS provider in the course of delivery. Indeed, “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” Smith v. Maryland, 442 U.S. 735, 743-44 (1979). In particular, the Court noted that persons communicating through a service provided by an intermediary (in the Smith case, a telephone call routed through a telephone company) must necessarily expect that the communication will be subject to the intermediary’s systems. For example, the Court explained that in using the telephone, a person “voluntarily convey[s] numerical information to the telephone company and ‘expose[s]’ that information to its equipment in the ordinary course of business.” 

 3.      Now this declaration by Google has two connotations : one from point of view of a user who is only concerned about his private life,his social exchanges with friends,relative and office staff...and then the other point of view has a deeper meaning to it.The line highlighted above has been widely misinterpreted to make it seem like Google is saying Gmail users have no expectation of privacy when they use Gmail. To clarify and paint a better picture,Google's argument is about non-Gmail users who haven't signed Google's terms of service. It's right there in black and white — the heading for the section literally starts with the words "The Non-Gmail Plaintiffs."




 4.     But that does not mean the gmail users can take a back seat and relax about being safe again...the issue is too complex to have a clear cut YES...OR NO....the surfing goes on.....

Wednesday, August 14, 2013

Being CEH : Certified Ethical Hacker V8

1.    After CCCSP,,my efforts to clear a EC-Council exam finally paid off....and today I passed my CEH V8 exam....the feeling of being a CEH is yet to set in...but yess!!!it feels good to clear a exam which has good repu in the security world....one thing I would like to share is that though the exam covers nearly all domains and spheres of security and hacking but still ,end of course does not mean that a guy can hack into any site and create havoc...but yess it does make you understand the nuts and bolts of how one can do it...and more importantly from a CEH point of view...what and where are the vulnerabilities?

2.  CEH is all about offensive hacking.The amount of tools that are available today in the open source world is mind boggling...and the best part is the course ware that the student gets...its great!!!!I can just say that...it all comes with a set of 6 CDs which have thousands of PDFs and tools.If one starts doing each and every practical aspect of this course-ware it will take more than a year to assimilate and do it on a VM platform...so that is definitely going to keep me busy.The best part is that all this is explained with screen shots and step by step instructions.


3.   As i keep doing these practicals on my VM...will try certainly uploading and sharing with you guys!!!!will get my hard copy of the certificate in a few weeks from now...anxiously waiting!!!!

Tuesday, August 13, 2013

Lure of a FREE PEN DRIVE : MALWARE'd

1.   If you are one of those guys who are regular to attend workshops, seminars, product launches , lectures...you must have got varying opportunities of getting hold of freebies in form of bags,brochures and PEN DRIVES....yess m sure the last one is a pure lure and most of the times everi one of us falls for it...be it a small capacity or a large capacity...the hand does not think twice before picking it up....but does any one of us realise that it may be these pen drives who become the first source of uploading some malware or a virus in your PC or laptop...the moment it is plugged in .....the machine is compromised.....unless the autorun is disabled...which in most of the cases is not.....


2.  The concept of zero day exploits has made it more dangerous....coz even if the user decides to run a antivirus scan...it will be shown free of any kind of virus or malware...the result is a silent compromise of the machine...however updated it remains in respect of OS or browsers or any application....the silent action in the background defies every lock of the user.Now all this is not based on some kind of imagination...there have been real life cases of which the one which made lots of noise is the IBM-AusCERT conference on the Gold Coast, Queensland, in which the free pendrives were infected by not one, but two pieces of malware.The details available at this link http://nakedsecurity.sophos.com/2010/05/21/ibm-distributes-usb-malware-cocktail-auscert-security-conference/

(CLICK ON THE IMAGE TO ENLARGE)
3.   In what must have been a highly embarrassing admission, IBM Australia sent an email to all AusCERT attendees warning them of the security screw-up...as shown in the screen shot above...besides this the famous stuxnet example was via pendrives lure....so if this is happening at such high levels of interactions,can the workshops u and me attend be left behind!!!!no way....so whats the way out?....best way is to buy one from a genuine store...(not sure how clean will that be?)...or still better refrain your self from picking one free pendrive.




Monday, August 12, 2013

Pirate Bay Web browser : Yess!!! it's here....

1.   This is another tool to make you access that you cannot.Majorly known for allowing movie downloads,the pirate bay has launched this browser to celebrate its 10th anniversary....PirateBrowser is a bundle package of the Tor client (Vidalia), FireFox Portable browser (with foxyproxy addon) and some custom configs that allows you to circumvent censorship that certain countries such as Iran, North Korea, United Kingdom, The Netherlands, Belgium, Finland, Denmark, Italy and Ireland impose onto their citizens...
The website at http://piratebrowser.com/ says "PirateBrowser - No more censorship!"

2.  We all have heard of TOR...so you configure that TOR more tightly and should be able to access what is not allowed....while it uses Tor network, which is designed for anonymous surfing, this browser is intended just to circumvent censorship — to remove limits on accessing websites your government doesn't want you to know about....

3.   But except for few of security guys and some extended circle of those guys...the general crowd would still keep using the chrome and Internet browser.....because most of them do not understand the long term effects of invasion of privacy and neither anyone is interested!!!!

CARRY ON....SURFING!!!!!!more at http://piratebrowser.com/

ARACHNI Web Scanner

1.    When we start finding vulnerabilities in a web application,either we have a option to do it manually by putting in hours of patience and grilling or we generally hear the commonly used tools like Acunetix and few other online scanners...or for may be afford a luxury like IBM - Proventia Network Enterprise Scanner ..but there is an open source tool option to Acunetix. Takes lil bit of time but the amount of options that it offers are huge...and gives a great report that is exhaustive.


2. Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives. It is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.


3.   Arachni is a fully automated system which tries to enforce the fire and forget principle. As soon as a scan is started it will not bother you for anything nor require further user interaction.Upon completion, you will be able to export the scan results to several different formats (HTML, Plain Text, XML, etc.).Few useful pointers about details of this good scanner : 

Download from         -  http://www.arachni-scanner.com/download/

Homepage                 - http://arachni-scanner.com

Blog                          - http://arachni-scanner.com/blog

Documentation          - https://github.com/Arachni/arachni/wiki

Support                     - http://support.arachni-scanner.com

GitHub page              - http://github.com/Arachni/arachni


Author                     - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)

Twitter                    - http://twitter.com/ArachniScanner

4.    To use Arachni run the executables under "bin/".

To launch the Web interface:

   cd bin
   ./arachni_web in a separate terminal
and ./arachni_rpcd in a separate terminal

Default account details:

    Administrator:

        E-mail address: admin@admin.admin
        Password:       administrator

    User:

        E-mail address: user@user.user
        Password:       regular_user

5.    For a quick scan: via the command-line interface:

    bin/arachni http://test.com

6.     For detailed documentation see:        http://arachni-scanner.com/wiki/User-guide

Thursday, August 08, 2013

Creating ISO images in Linux : FEDORA 19

1.  Few useful commands to create ISO images in linux :

First install mkisofs from root by typing :

yum install mkisofs

In most of the recent linux distros...this would invariably be pre-installed...the above command will work for yum installations

If u require to create an iso file from a directory containing other files and sub-directories via the terminal, you can use the following command:

mkisofs -o image.iso -R /path/to/folder/

An example is shown below : here YOURFILE is the name of the ISO image that will be created and then is the route where the data is stored.

mkisofs -o YOURFILE.iso -R /run/media/kurta/CEH\ Tools\ Vol-1/


Sunday, August 04, 2013

Making GOOGLE search safe for Kids : Two steps

1.    Invariably in most of the homes barring few...the desktop or the laptop is shared by all...including your enthu and school going kid.Today Google has become part of our lives...be it office or home or school lessons..it is always there.But at times it may become embarrassing when some inappropriate content is shown in presence of your kid while searching for something that your search may not be connected with at all.At these times there are basically two steps to more safe surfing.Google has given this in settings, but by default they are off.Though Google does not promise that after configuring in the way presented below,the content flashed is guaranteed to be safe but yess...it will be much filtered and safer...

First Google search configure :

Goto http://www.google.com/preferences

and check the option to Turn on SafeSearch to filter sexually explicit content from your search results as shown in the screen shot below :

CLICK ON IMAGE TO ENLARGE

Second step is to configure your youtube settings.


and move to the bottom of the screen and check the option to Turn on safety mode to hide videos that may contain inappropriate content flagged by users and other signals.

CLICK ON IMAGE TO ENLARGE

Zoomed portion shown below :

CLICK ON IMAGE TO ENLARGE

A video screen cast of both the settings shown below vide youtube :


DON'T FORGET TO CLICK THE SAVE OPTION AFTER CHECKING THE OPTION



Fedora Security Labs

1.   The Fedora Security Lab provides a safe test environment to work on security auditing, forensics, system rescue and teaching security testing methodologies in universities and other organizations.

2.    The spin is maintained by a community of security testers and developers. It comes with the clean and fast LXDE Desktop Environment and a customized menu that provides all the instruments needed to follow a proper test path for security testing or to rescue a broken system. The Live image has been crafted to make it possible to install software while running, and if you are running it from a USB stick created with LiveUSB Creator using the overlay feature, you can install and update software and save your test results permanently.

3.    Download the .iso file from http://spins.fedoraproject.org/security/#downloads

Here in the video below,basic running of the lab along with inside features available inside are shown...


Your ANDROID APPLICATIONS : Mining your profile

1.    It is common for us to hear a company promoting its phone or tablet showcasing that lakhs of android applications are available for free...and the poor(???) customer generally falls for it...so he buys the device and immediately starts exploiting the world of millions of applications on the net and the Google play store...now off course Google just does not upload a application for download once the up loader does his part of the formalities and registration...it checks under its set of QRs if the application is ok from the point of being malicious in nature or not but that does not always works....so many times android applications even in the Google play-store have been found to be suspected...now lets keep suspected apart...does the typical user even checks the terms and conditions of any application before installing?...the blind rule is JUST ACCEPT IT!!!and this goes against the user...this allows invasion to privacy...why should a company ask to access your phone contacts..your location..your system settings...your configuration settings before it allows to install it application on your device...BUT NO ONE THINKS ABOUT THIS!!!!

Back in February of this year, Google announced it was hardening its stance on Android security, unveiling an app-scanner (codenamed Bouncer) to weed out malware uploaded to Android Market (now Google Play) through automatic scanning. Since then, Google has taken more steps to protect Android users: it acquired VirusTotal back in September and in Android 4.2 Jelly Bean introduced an optional app verification feature that enables users to identify dangerous and potentially-dangerous apps on their devices, even if they downloaded them from the Web or got them from an app store other than Google Play.
How have Google’s efforts to combat Android malware been working out? Perhaps not so well. Security researchers were quickly able to analyze how Bouncer operated and find easy ways to circumvent Google Play’s automated scanning — techniques publicly available now to malware authors if they hadn’t managed to think of them on their own. Further, Xuxian Jiang of North Carolina State University has published an assessment of Jelly Bean’s app verification capability. The results? Google’s app verification service identified just over 15 percent of malware samples thrown at it from the Android Malware Genome Project


2.     Mobile malware is lately becoming a organised crime with complex sophistication in terms of tracking back....and this makes the attack surface for the hacker and the black hats more big and the user more vulnerable at the same time....The most common victim is the one who looks for free applications in various heads of education...technology and not to forget the games section which is a big hit among-st all...the users love the games for which he has to pay nothing and the attacker gets a lot of attack surface to play around...and then the DO IT YOUR SELF TOOLS again add to the attack surface.

WHAT CAN YOU DO TO AVOID THIS?

- Keep your android updated: Now in this case most of the devices till 4.2.1 may not support upgrades..but then you have to keep your fingers crossed!!!

- Refrain from android applications other then google play store.STill you have to be careful...wherever possible read the Terms and Conditions before installing

-  Avoid public open wifi connections

-  Limit your greed to free applications.You may google about the application on google before you install it on your device.

Saturday, August 03, 2013

Fedora 19 USB automount doesn't work : SOLVED

Having installed Fedora 19 Schrodinger's Cat recently, a problem came up that the USB that used to get auto detected in earlier versions stopped working......and could not be seen anywhere in the file manager...and the disk showed the following screen which has no USB disk.

(CLICK ON THE IMAGE TO ENLARGE)

But the good thing is that on doing LSUSB at the terminal it was being shown as follows :

Bus 001 Device 002: ID 4033:0042 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 002: ID 4051:0030 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 3d4b:0008 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1f6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 0f6d:081b Logitech, Inc. Webcam C310
Bus 001 Device 004: ID 0c61:4d0f Primax Electronics, Ltd HP Optical Mouse
Bus 002 Device 005: ID 03f0:5201 Sandisk 

so mounted it the terminal way..

make a directory in home by the name of usb

mkdir usb

and

at the terminal type lsblk that will give you where to mount.In my case it is sdc1. My output comes as follows :

NAME            MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda               8:0    0 931.5G  0 disk 
├─sda1            8:1    0 488.3G  0 part 
└─sda2            8:2    0 443.2G  0 part 
sdb               8:16   0 465.8G  0 disk 
├─sdb1            8:17   0   100M  0 part 
├─sdb2            8:18   0   500M  0 part /boot
└─sdb3            8:19   0 465.2G  0 part 
  ├─fedora-swap 253:0    0   5.8G  0 lvm  [SWAP]
  ├─fedora-root 253:1    0    50G  0 lvm  /
  └─fedora-home 253:2    0 409.4G  0 lvm  /home
sdc               8:32   1    30G  0 disk 
└─sdc1            8:33   1    30G  0 part /home/kalama/usb
sr0              11:0    1  1024M  0 rom 

now at the terminal simply type

mount -t vfat /dev/sdc1 /home/kalama/usb/


thats it ..now it will start showing when you do df -h as shown below :

[root@localhost ~]# df -h
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/fedora-root   50G  4.8G   42G  11% /
devtmpfs                 2.9G     0  2.9G   0% /dev
tmpfs                    2.9G  664K  2.9G   1% /dev/shm
tmpfs                    2.9G  968K  2.9G   1% /run
tmpfs                    2.9G     0  2.9G   0% /sys/fs/cgroup
tmpfs                    2.9G   36K  2.9G   1% /tmp
/dev/sdb2                477M  117M  331M  27% /boot
/dev/mapper/fedora-home  403G  173M  383G   1% /home
/dev/sdc1                 30G   16G   15G  53% /home/kalama/usb


Is PORT SCANNING legal in INDIA?

1.   The IT security guys have so much to experiment and learn vide unending open source information and tools available on the net.Be it BACKTRACK or Wireshark or Nmap or nessus or Canvas(not opensource) or a web scanner like Acunetix or Arachini and the list is unending....there is lots to do...but do we actually know that simply running a port scan on the internet is a crime in other parts of the world?

2.   In countries like Australia,UK , port scanning is recognized as a "potential attempt" to infringe on a system and that's a simple truth....no body would run such tools openly available without intent. Yess!!!...the intent can be educating self but the other side can be bad intent and no one can prove whats the intent inside the person's mind.It may change the moment he realizes he/she is caught.In the United States there is no need to prove intent and port scanning is considered illegal.So even installation of such tools is a crime.So if a naive script kiddie from India goes with his laptop to US with a virtual box machine holding a OS with a port scanner...he is a cyber criminal the moment he lands in the US.

3.   Today we in India do not have straight and clear laws defining whether running such tools or installation is a crime or not coz the whole thing is COMPLEX.The compliance laws across countries vary and that too drastically...it may be acceptable in a country like India and it may be serious offence in US.So seeing from the current state of affairs in India,it does not look like if a day will be near when such stringent guidelines exist in India to restrict all these uses and installations...or let it be restricted to professionals only.....but then who will define a Cyber Security Professional....CDAC or CEH or some other such agency....these institutes can be a critical node in identifying and certifying cyber security professionals to measure and endorse the intent...but at the end of the day we all are humans...and we know that "too err is human"....so a agency certified person finally has himself to decide whether he uses a black hat or a white hat!!!! :-)

4.   Meanwhile students and IT security enthusiasts should take care of running such tools on the internet coz these are serious tools who can break into some one's privacy...and if the victim gets serious after you...things will be bad enough to land you behind bars...so the best place to experiment with such tools is a virtual environment that can be available vide Virtual box or vmware etc....Security guys and enthus should be familiar with the excellent Open Source Security Testing Methodology Manual (OSSTMM), which provides best practices for these situations.

PLEASE TAKE CARE TO RUN THE CYBER SECURITY TOOLS BEFORE THE LAW STARTS RUNNING AFTER YOU

Wednesday, July 31, 2013

XP still Continues though "eXPired"

1.    XP has now got the authorized prefix and suffix to get renamed as "eXPired" since it has been now officially announced by Microsoft as discontinued and has advised XP and Office 2003 users to migrate to Windows 7 and Office 2010 and thus systems are left vulnerable to new forms of malware. No further support to XP...no patches to update...no updates by Microsoft.....but certainly it will take time for XP to get disowned by more then a decade old loyal user population most of whom made their first PC experience with a XP machine...for a home guy who surfs net...it will be difficult to make him/her understand about how vulnerable he/she is now....actually very difficult.

2.    But what about the corporates and govt sector offices? I am sure private sector will make a fast change since it may adversely effect their business model in case of a undesired info leakage or a hack!!!Only recently I made a visit to a post office in Delhi for doing a speed post...wherein the dedicated  loyal postmaster was using a xp machine connected to Internet.I informally asked him about any upgrades in OS planned in their department to which he replied confidently that it's not required since it is working fine.Today the Indian postal department is slowly getting online.Today thanks to vision implementation of the government(though late) that we are able to locate the movement of a speed post letter...what time it was opened..whats the location and when it got delivered...etc etc..but all this can go waste and get a setback if the backbone nodes are not updated and monitored....more so if the staff handling all the machines are low on security aspect.

3.   Well...this postal department is one of the examples cited here since I just interacted with one of them today...but the risk stakes are high when we see this at national level...all the online-governance machines located in remote areas...have they been ensured removed of XP?....if it has not been done....this can be just on the lines of zero day exploits...in this case there must be millions of machines thrown open to hacking....and invasion to classified information.

Tuesday, July 30, 2013

NULL MEET: Open Source Security Testing & OSSTMM

1.    NULL,Delhi chapter organised this wonderful meet with the OSSTMM Guys incl  Joerg Simon and Fabian Affolter...well...at the time of registration I never knew what's OSSTMM but then we have google to answer that and after reading about OSSTMM....its a great way to broaden your horizons of security domain....It stands for "Open Source Security Testing Methodology Manual" ie OSSTMM...few pics from the meet



2.    More about OSSTMM at the following links :

www.osstmm.org/
https://www.facebook.com/OSSTMM


3.    Thanks to the delhi NULL chapter moderators Sandeep and Vaibhav for arranging the meet and great interaction....




Tuesday, July 23, 2013

Best IT SECURITY INFO & NEWS SItes

1.         IT Security enthusiasts guys/girls always keep looking forwards to discovering new sites that keep them enriched with latest happenings in the buzzing IT SECURITY world...I am listing out a list of sites that I keep abuzz with.These are not necessarily in the order of my preference or have any kind of ratings or ranking....but a whole lot of enriching info is available for every cyber security guy!!!

http://www.schneier.com/

http://thehackernews.com/

https://www.privacyrights.org/

https://www.owasp.org is specific to web application security subjects

http://www.itsecurity.com/

http://technet.microsoft.com has more of MS related aspects

http://csrc.nist.gov/

http://www.sans.org/

http://www.securityfocus.com/ : by Symantec

http://www.cert.org/

http://www.scmagazine.com/

http://www.securityweek.com/

http://nakedsecurity.sophos.com/

http://www.darkreading.com/

....surf few of them and enrich your self!!!!all the best

Treat your E-Mail address classified : ADVISORY

1.    Do you know that simply your E-MAIL disclosure to a person with malicious intent can be a key to disclosing your E-mail content and other personal attributes of life?...I mean it can invade your privacy...and just for info this is an active organised crime in the cyber world.

2.   What is the most important first thing that a hacker desires to know?....and the answer is the IP Address of the victim..and all it takes to know the IP address is to send a dummy mail at the victims id.. that's it....strange it may sound but there are so many websites offering you free solutions on how to get not only the IP address but also the browser and OS system details of the victim.One of the leading sites offering a free solution is SPYPIG...this site facilitates to let you know when your email has been read by the recipient! ...this happens in form of a intimation by SPYPIG as and when the e-mail is read by the recipient.

3.   Now some thing about SpyPig ....is a simple email tracking system that sends you a notification by email when the recipient opens your message.It works with virtually all modern email programs: Outlook, Eudora, Yahoo Email, Gmail, Hotmail, AOL Email and many others.In addition to the notification it actually sends you additional but undesired details also which can be exploited by malicious intent person.Thde details that can be used and exploited are shown here in the screen shot below in one test mail....

Red Encircled are the Critical Info

4.     But sadly,the recipient will never know of the fact that he is being tracked and so much of critical info has already swapped hands with unknown guys...I mean the OS,the browser with their respective versions etc....so in the state today the following preventions can be taken to avoid such a hijack :

-           Avoid opening E-mails from unknown sources

-      Disable Image display by default in E-Mail settings.This is important because this works on the funda of a hidden script in the image sent along with the mail.So if you disable the images display by default,it is unlikely that this will be executed.

-           Avoid sharing and disclosing your E-Mail addresses openly.

5.     To know about spypig visit : http://www.spypig.com

Friday, July 19, 2013

"Terms & Conditions Apply" : Bon Voyage to your Privacy

1.   How many of you actually read the complete word set of "Terms and Conditions" of an application like Chrome browser ,Facebook or some thing like WhatsApp,Truecaller etc.....m sure no one hardly has time for that....ok...just for info please read the excerpt below :

Google's terms of service, for instance, clocks in at 1,711 words, according to an AFP count, not including a separate 2,382-word privacy policy that is still about 1,000 words shorter than the Google Chrome browser policy

Facebook's terms of service clocks in at 4525 words....(I did a word count with a libre office)

WhatsApp terms of service clocks in at 6549 words....(I did a word count with a libre office for this too :-)

2.    So at the above rate for a typical Internet user who installs the regular OS,Word ,PDF,VLC, it would take about 200 hours the equivalent of about one full month of work a year to fully read all the terms and conditions attached to his or her favorite websites.Will any person on earth do it?Now think over the fact that why would a company legally bind every user with thousand of words of legal agreement...what could be the motive...the motive of any company on the web is not just to save its own credibility and ass but the real motive is mining data...that's why most of it is free...why would chrome be free or for that matter why so many applications are free?...I am not trying to demean the OPENSOURCE community here who are doing a great job and I am a strict FOSS for that matter...but I would like to focus on other applications like WhatsApp,Truecaller...and so many uncountable Android,Gaba,Windows mobile applications etc....


3.   A simple click by you on Accepting the Terms and Conditions of the the application company allows your consent to online lives being archived, shared with third parties or passed on to government agencies without notice....and that's a very very serious privacy breach today when we know that in another about 4-5 years to come when our digital dependence would be like never before...this can mean havoc....for example a school student who has a home computer based on pirated or for this matter even genuine OS with loads of software's with separate set of terms and conditions.....will have his/her literally whole life profile including his FB posts,his/her preferences,his phone calls,his phone contacts,audio recordings,photographs,his/her secrets of life and anything that can be his/her privacy attribute known to the third parties with whom he has no concern...and these third parties will have their ways and means to effect his/her life in so many ways then....!!!!!


Powered By Blogger