Cyber Security in India : Role of CERT-In

CERT-In is a low-profile (Indian) government organization.

The Government of India established the Computer Emergency Response Team  (“CERT-IN”) to ensure Internet security. Many institutions, including the Ministry of Home Affairs, courts, the intelligence services, the police, and the National Human Rights Commission, may call on it for specialist expertise. CERT-IN’s stated mission is “to enhance the security of India’s Communications and Information Infrastructure through proactive action and effective collaboration” [Source]

I had a chance to visit CERT-In last week. The experience was overall good, unlike the typical dirty government office with laid-back employees, I saw employees enthusiastic about their work (and a colorful office).
Read More

A preliminary analysis of “Bom Sabado” orkut worm

So, today morning I received an email saying I recieved an orkut scrap from a friend with contents “Bom Sabado”.
Within a minute,  I received same scrap from another friend. Now getting the feel that this must be some sort of worm, I decided to open Orkut with firebug logging enabled to see what’s going on.
It turns out that its a typical case of Cross-Site Scripting (XSS), the attacked is able to include and execute its own script from hxxp://tptools.org/worm.js and the contents of scrap are able to by-pass orkut sanitization.
Read More

Is HTTPS secure?

We all use HTTPS and vaguely understands it as a more secure form of communication. This article is aimed at better understanding of HTTPS and how secure it is.
Read More

BlackBerry Controversy in India

Indian Govt. has asked RIM (maker of BlackBerry smart phone) to provide access to the data going through its servers for intelligence purposes and it appears that BlackBerry has accepted the demands. Due to the lack of understanding of encryption on the part of Indian media, misleading and ambiguous reports have been published on the same. This blog post is an effort to clarify the same.
Read More