Cloud Computing : The Darker Side

1.            Cloud computing…the word has generated enough buzz already across the corporate…the techies…the possibilities in future but all this comes at a backend question on security. If there is one thing that stops 80% of possible users using this powerful technology,it is only one aspect of it and that’s SECURITY….The question that comes in an auto mode to any possible cloud service enthusiast like how safe will be my data stored with them…even if its private who controls the key generation algorithms code…who is the single point of contact and so many…but perhaps evry question on this comes under one umbrella by the name of SECURITY…..

2.            So …are they right in thinking so?…when a technology that’s coming up so strong and so globally accepted  is it possible that the giant rise comes without an inbuilt security module? Actually it goes like right they are…the users…their fears stand right when they think about their data ownership.Released by https://cloudsecurityalliance.org,  in Dec 2010,they have identified few imminent threats in the sphere of cloud computing which they have meticulously covered under few major heads as identified below.These are not in the sequence of severity of threat as no seniority levels in this have been identified by the CSA.The original version of this paper by the Cloud Security Aalliance is at https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf

Threat  1: Shared Technology Issues

Threat  2: Insecure Interfaces and APIs

Threat  3: Unknown Risk Profile

Threat  4: Malicious Insiders

Threat  5: Data Loss or Leakage

Threat  6: Abuse and Nefarious Use of Cloud Computing

Threat  7: Account or Service Hijacking

3.            Each of these security threats, I plan to discuss further in other posts within the week or as I am able to spare time….read some from CSA and put it in the manner I understand that.Thanks https://cloudsecurityalliance.org

Bulk SMS Ban : Carry on India

1.    The government has recently banned bulk SMS and MMS messages for 15 days in view of the exodus of people from the northeast from cities like Bangalore, Pune and Hyderabad, following rumours that they would be attacked.

2.    Now how do u feel about this ban?...do u think it is going to be effective?.....certainly not if it were actually the bulk sms that did the damage.Does'nt the govt know about various sites offering these services of bulk sms for free on a simple registration? or do they not know about various smart phones applications that can still send bulk sms via a different mode.Is it not known to them that this ban is going to be effective for pre paid owners only?....and not for post paid owners.

3.    These orders come like axing the problem instead of putting in efforts to manage it. Read the following paragraph@http://www.hindustantimes.com

"The five-SMS-per-day cap is adversely affecting a group of unsuspecting victims, the hearing impaired.A deaf individual sends up to 250 messages per day on an average as it is their only mode of conversation. "The five SMS cap is a real pain for us. It is the only way I can stay in touch with my family or friends when I go to college. If I want to have a proper conversation with someone, I have to send at least 50 messages. It is easy for people who can call and stay in touch. For us, this is the only mode that boosts our mobility. It is insensitive of the government to discount the deaf community when they take these decisions," said Mahesh P, a hearing impaired Delhi University student."

4.   Everi one knows that it is wrong...it is not effective...but hey come on ...carry on INDIA....it is just another passe...

Anti Keylogger : KeyScrambler

1.   How would u ever know that all your key logs on the PC are not being logged by a key logger working incognito in the background?...if u r not the SMARTEST....m sure u will never know....so what can u do to avoid that when u know u r equally prone like anyone across the web space?...stop typing...or use OSK(on screen keyboard) or use KEY SCRAMBLER....which would encrypt every key stroke that u type on your pc immediately as you type....available in three versions....at this site at http://www.qfxsoftware.com/index.html.The good news is that one version is free that will take care of most of you.....

2.   Something about KeyScrambler.....is an anti-keylogging program that encrypts user keystrokes at the keyboard driver level, deep in the operating system. The scrambled keys are indecipherable while they travel to the destination app so that no keylogger can steal your passwords or other crucial information. Thus it defeats known and unknown keyloggers.The unobtrusive overlay window lets realtime encryption in process so you know how and when KeyScrambler is working. 

Image Courtesy : http://www.qfxsoftware.com/index.html (Click to enlarge)

HOW IT WORKS ?

-   As u type, this simultaneously encrypting your keystrokes at the keyboard driver level. Because KeyScrambler is located in the kernel, deep in the operating system, it is difficult for key loggers to bypass the encryption.

-   While the encrypted keystrokes travel along the crucial path, it doesn't matter if they get logged, or whether the keylogging malware is known or brand new, because your keystrokes remain completely indecipherable the whole time.

-   When the encrypted keystrokes finally arrive at the destination app, the decryption component of KeyScrambler goes to work, and you see exactly the keys you've typed.

3.   Thanks http://www.qfxsoftware.com/

Excellent posts on 3D Printing

Would like to share link to this wonderful site at              http://www.3dprinter.net/author/mark for the best info on 3D Printers.....

Unbelievable world of 3D Printers!!!

1.   I read about 3D Printers few years back and then just forgot to follow the developments...and now when I googled about these printers it was completely a happy shocking event for me.....what I saw was printing actual toys....printing real life machine components...just watch these videos below to see it with your own eyes of what could be in offering in the very near future now on but first see these videos :

(This one is original from BBC)

2.   Might as well have shocked you..but these are just few from the thousands stored on the internet already......now read further....shocking is yet to come....that allows eatable food to be printed

3.   Will not be a big thing if some one tells or u come to know from somewhere that Google  offers free meals to their employees in their onsite cafeteria...so whats the big deal about this...a billionaire company can afford that!!!!!now if I tell you that Google’s cafeteria has a 3D printer in the kitchen that prints out pasta.... With customized-everything all the rage, why not pasta? And of all places, of course it would be at Google. Chef Bernard Faucher says that since everyone has their own favorite style of pasta, he can program their 3D printer to create any conceivable, printable shape..........(I read this from http://www.3dprinter.net/mama-mia-google-cooks-up-some-3d-printed-pasta)

4.   3D printers in food applications have recently been in news,but this is a first of any kind...i know reading till this much would have let you believe all this to be a bogus....but its a fact...and it is just tip of the iceberg of whats in store for future....

5.  For more on 3D Printing...please google and shock your self!!!!!!!!!

BARE METAL ENVIRONMENT & HYPERVISORS

1.   I had till now been playing around with Virtual Machines for quiet some time . I started with loading xp on Vista around 2006-7 and then tried networking,played around with basic linux OS....but what I did everi time was that I loaded the host OS first and then allocated the desired resources in form of some RAM and HDD and then booting the new OS....but then I was wasting the host OS Resource that actually is running the various virtual machines on it.....so how to use that, is where Bare Metal Environment comes in to rescue.

2.    Simply told,a bare metal environment is a system in which a virtual machine is installed directly on hardware rather than within the host operating system (OS). The term "bare metal" refers to a hard disk, the usual medium on which a computer's OS is installed.But then how come it is called virtual when the machine is directly running on the hardware? So actually a kind of  a pseudonym since a virtual machine running directly on bare metal would technically not be a virtual machine. In such cases VMs run within a hypervisor which creates the abstraction layer between physical and virtual hardware. So whats Hypervisor?? :-)

3.    A hypervisor is actually the virtual machine manager (VMM), or a virtualization technique allowing multiple operating systems to run concurrently on a host computer. Multiple instances of a variety of operating systems may share the virtualized hardware resources.The hypervisors are classified into basically two types as follows :

Type 1 refers to bare metal hypervisors that run directly on the host's hardware to control the hardware and to manage guest operating systems. 

Type 2 refers to hypervisors that run within a conventional operating system environment. With the hypervisor layer as a distinct second software level, guest operating systems run at the third level above the hardware.This classification can be made more clear with the help of figures below :

TYPE 1 : THE NATIVE BARE METAL TYPE

(click to enlarge)

TYPE 2 : HOSTED TYPE

(click to enlarge)

4.    Thanks Wiki and http://forums.hornfans.com

Cloud Computing & Virtualisation

 1.    Recently got an opportunity to give a presentation to a school/college audience about whats all the fuzz of Cloud Computing and Virtualization about?I tried building up the presentation from scratch to handling some secuity issues in the cloud.The copy is for you to see for reference : 

Cloud computing and Virtualisation

Power Searching with GOOGLE :Get Certified

1.   Few weeks back I came across a link in some blog that said the following :

"Google is offering a new free, 13 days, certification program on 'Google Power Searching' .The course is totally free and registration ends on July 16th. The course will sharpen your internet searching skill and help you learn advanced tricks to make internet searches. There are several short activities as a part of the course. Once the course is completed, a printable Google certificate will be emailed to you."

So the next thing I looked for was registering for the same....and yes it happened exactly the same way as was expected....the course started on time....i attended on line classes with wonderful simple videos to understand by google itself...became more crued up with the serch engine tools and tricks...appeared for the exams and i got the certificate as shown below.

2.  Would like to recommend this to everi one who googles....it really makes you a stronger searcher....for more details what else...u GOOGLE....

FinFisher : THE LAWFUL INTERCEPTOR

1.  Some thing to read here about one security software named FINFISHER thats making some news...a sequence wise time line of events related to this is produced below : 

-  FinFisher is security software. 

-  Marketed by Gamma International to various government security officials assuring that it could be covertly installed on suspect's computers through exploiting security lapses.

-  In the name of Lawful Interception (LI), FinFisher was found in the Egyptian Secret Police Spy headquarters used to track people down during the revolution when Egyptian dissidents ransacked the office's of Egypt's secret police during the overthrow of President Hosni Mubarak 

-  Egyptian dissidents who ransacked the office discovered a contract with Gamma International for £287,000 for a license to run the FinFisher software.

-  A security flaw in so called "designed secure" applications like Apple's iTunes allowed unauthorized third parties to use iTunes online update procedures to install unauthorized programs.Gamma International offered presentations to government security officials at security software trade shows where they described to security officials how to covertly install the FinFisher spy software on suspect's computers using iTunes' update procedures.

FEATURES OF FINFISHER : 

-  FinFisher is able to record Skype and other voice over IP communications.

-  Logs keystrokes and turn on a computer's webcam and microphone. 

-  Can also steal files from a hard disk

-  Built to bypass dozens of antivirus systems.

-  Presently found across 12 C&C servers in 10 countries: the US, Indonesia, Australia, Qatar, Ethiopia, Czech Republic, Estonia, Mongolia, Latvia and Dubai.

-  Not confirmed by any govt agencies as being used officially but then who else would at such a large scale???

-  Expected to be particularly difficult to detect. 

-  Used to access target Systems to give full access to stored information with the ability to take control of target systems' functions to the point of capturing encrypted data and communications. 

"When used in combination with enhanced remote deployment methods, the Government Agencies will have the capability to remotely deploy software on target systems".............................extract from official finfisher site at http://www.finfisher.com/FinFisher/en/portfolio.php

2.    Thanks http://thehackernews.com and http://www.bloomberg.com

Bitter Truth : If NOT on FB,u r INSANE!!!

1.   Read this article today vide a TOI post that says that if you are not on FB ur insane.Facebook revolution has become so important aspect in people's lives, that increasing number of employers, and psychologists, believe people who aren't on social networking sites, could be insane....does that bring a exclamation mark on ur face...it did to me.....the post is available here

2.   It is strange that such things come as a analysis/study reports from psychologists......it lets us know how psycho are these psychologists who r deeply gripped by the FB revol...