Security

CERT-In is a low-profile (Indian) government organization. The Government of India established the Computer Emergency Response Team (“CERT-IN”) to ensure Internet security. Many institutions, including the Ministry of Home Affairs, courts, the intelligence services, the police, and the National Human Rights Commission, may call on it for specialist expertise. CERT-IN’s stated mission is “to enhance the security of India’s Communications and Information Infrastructure through proactive action and effective collaboration” [ Source] I had a chance to visit CERT-In last week. The experience was overall good, unlike the typical dirty government office with laid-back employees, I saw employees enthusiastic about their work (and a colorful office).

A primer on HTTPS warnings and error messages

So, today morning I received an email saying I received an Orkut scrap from a friend with contents “Bom Sabado”. Within a minute, I received the same scrap from another friend. Now getting the feeling that this must be some sort of worm, I decided to open Orkut with firebug logging enabled to see what was going on. It turns out that it’s a typical case of Cross-Site Scripting (XSS), the attacker can inject and execute its script from hxxp://tptools.org/worm.js and the contents of scrap are able to by-pass Orkut sanitization.

We all use HTTPS and vaguely understands it as a more secure form of communication.

Indian Govt. has asked RIM (maker of the BlackBerry smartphone) to provide access to the data going through its servers for intelligence purposes and it appears that BlackBerry has accepted the demands. Due to the lack of understanding of encryption on the part of Indian media, misleading and ambiguous reports have been published on the same. This blog post is an effort to clarify the same.