- Details
- Denis Giles
- Hits: 1789
- Niteen Lall
Juice jacking (Mobile attack)
Juice Jacking – a type of cyber attack which originates from USB charging port installed at public places such as airports, cafes, bus stands, etc. Once the device is plugged-in and connection is established, it either installs malware or secretively copies sensitive data from a smartphone, tablet, or any other computer device. USB port is often used as a medium for data transfer. A regular USB connector has five pins, where only one is needed to charge the device. Two of the other pins are used for data transfers.
Mobile Spoofing Attack (Fake wifi)
Network spoofing is when hackers set up fake access points (connections that look like Wi-Fi networks but are actually traps) in high-traffic public locations such as coffee shops, libraries and airports
SIM hijacking
By getting a mobile phone carrier to transfer a user's phone number to a fraudster's SIM card. Critical information such as OTP used in Multifactor Authentication can be used to initiate fake transactions and Account transfers.
Spyware
In many cases, it’s not malware that users should be worried about, but rather spyware installed by spouses, coworkers or employers to keep track of their whereabouts and use patterns. They have capability to collect your private data,location etc.
Exploiting links in Apps
Fraudsters take advantage of the ‘request money’ option on UPI apps such as Bharat Interface for Money (BHIM), Google Pay, PhonePe, etc. Imposters show interest in buying a product advertised on various online platforms and engage with the seller on a phone call.
Terminal Tampering (Skimming)
This is a type of fraud where a skimming device, usually a tandem of a card reader (skimmer) and keypad overlay or pinhole camera, is introduced to the machine by placing it over the card slot and keypad, respectively. ATMs, point of sale etc are the common vulnerable hot spots.s
Brute force Password attack
An attack that takes advantage of the fact people tend to use common words and short passwords. The hacker uses a list of common words, the dictionary, and tries them, often with numbers before and/or after the words.Using a program to generate likely passwords or even random character sets. These attacks start with commonly used, weak passwords like Password123 and move on from there. The programs running these attacks usually try variations on upper and lowercase characters, as well.
Man-in-the-middle (MitM) attack
Man-in-the-middle is a type of eavesdropping attack that occurs when a malicious actor inserts himself as a relay/proxy into a communication session between people or systems.
- Session Hijacking - In this type of MitM attack, an attacker hijacks a session between a trusted client and network server.
- IP spoofing is used by an attacker to convince a system that it is communicating with a known, trusted entity and provide the attacker with access to the system
Phishing attacks
Phishing is a cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment. Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers
Drive by Download
Drive-by download attacks are a common method of spreading malware. Hackers look for insecure websites and plant a malicious script into HTTP or PHP code on one of the pages. This script might install malware directly onto the computer of someone who visits the site, or it might re-direct the victim to a site controlled by the hackers.
Key logger attack
A cyber criminal manages to install software that tracks the user’s keystrokes, enabling the criminal to gather not only the username and password for an account but exactly which website or app the user was logging into with the credentials. This type of attack generally relies on the user first falling prey to another attack that installs the malicious key logger software on their machine.
Internet of Things (IoT) Attacks
Privilege escalation: Attackers are exploiting IoT device bugs, design flaws and operating-system or software-application-configuration oversights to gain elevated access to resources that are normally protected from an application or user.
Eavesdropping: If a weakened connection between an IoT device and server is found, an attacker might be able to intercept network traffic and steal the possibly sensitive information that IoT devices transmit over enterprise networks.
Brute-force password attacks: Due to the weakness of most IoT device passwords, brute-force attacks can be effectively used to gain access to the device.
Malicious node injection: Using this method, attackers physically deploy malicious nodes in between legitimate nodes in an IoT network. The malicious nodes can then be used to control operations and snoop on the data flowing between linked nodes.
Firmware hijacking: If firmware updates downloaded by an IoT device are not checked to make sure they originate from a legitimate source, it’s possible for an attacker to hijack the device and download malicious software.
Physical tampering: Physical threats exist if devices are deployed in environments where it is difficult for the enterprise to control the device and the people who can access it
Denial of Service (DOS)
A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users by flooding it with traffic. A DDoS attack is also an attack on system’s resources, but it is launched from a large number of other host machines that are infected by malicious software controlled by the attacker.
SQL Injections
SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details.
Cross-site scripting (XSS) attack
XSS attacks use third-party web resources to run scripts in the victim’s web browser or scriptable application. Specifically, the attacker injects a payload with malicious JavaScript into a website’s database. When the victim requests a page from the website, the website transmits the page, with the attacker’s payload as part of the HTML body, to the victim’s browser, which executes the malicious script.Steal cookies,log key strokes, capture screenshots, discover and collect network information, and remotely access and control the victim’s machine are common security threats due to XSS attack.
Trojans attack
A Trojan or a Trojan horse is a program that hides in a useful program and usually has a malicious function. A major difference between viruses and Trojans is that Trojans do not self-replicate. In addition to launching attacks on a system, a Trojan can establish a back door that can be exploited by attackers. For example, a Trojan can be programmed to open a high-numbered port so the hacker can use it to listen and then perform an attack.
Ransomware attack
Ransomware is a type of malware that blocks access to the victim’s data and threatens to publish or delete it unless a ransom is paid. While some simple computer ransomware can lock the system in a way that is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, which encrypts the victim’s files in a way that makes them nearly impossible to recover without the decryption key.
Advanced persistent threat (APT)
An advanced persistent threat (APT) is a broad term used to describe an attack campaign in which an intruder, or team of intruders, establishes an illicit, long-term presence on a network in order to mine highly sensitive data.
Botnets
Botnets are powerful networks of compromised machines that can be remotely controlled and used to launch attacks of massive scale, sometimes including millions of Zombie computers. Botnets are controlled by Command and Control (C&C) networks, which are run by the hackers.
* Niteen Lall hails from Andaman & Nicobar Islands and is presently based in Bangalore. He had held the Second position in AISSCE in the year 1995. He is presently working as Senior Manager Engineering (Head of Engineering for RSA IG&L) at RSA Security National Institute of Technology in Bangalore.
- Details
- Denis Giles
- Hits: 749
I looked at the banners I was making:
We want Freedom of speech!
We want Freedom to Speak!
We want Freedom of Expression!
All banners for the next march, morcha or protest against the government. Then I heard a sound and from across my room heard muffled sobs and saw a man in a lecture’s garb coming across to me, “What’s wrong?” I asked.
He pointed to the inside of his mouth and I realized there was no tongue.
“Government did that?” I asked and watched him nodding in affirmation.
“Terrible!” I said, “We must organize a morcha.Get a banner ready, have a candle light vigil, against those two in the centre!”
He shook his head.“You don’t want protests? You don’t want me to hold a banner and get your tongue back?” I asked.
He nodded affirmatively and I got ready to show him a poster, denouncing the government, “This government seems to be slicing everybody’s tongue off!” I said irritably and watched as he shook his head in disagreement. “No, you need to shake your head up and down!” I said gently, “It will take you time to learn sign language now that you have no tongue!”
I got down to selecting the poster for him, when I heard another sound from afar, and found the tongueless man running to the window and beckoning someone up. It was a woman, and as I heard her sounds, I realized she had a tongue, but was still in pain after it had been stitched back.
“So you also lost your tongue for awhile?” I asked her and she nodded.
“You also can have a banner against the ruling party at the centre!” I said and found both the man and woman shaking their heads negatively.
“You don’t want a banner?” I asked and found both of them nodding that they wanted one.
I got up from my banner making and went to the speech-less two, “You want a banner, but you don’t want a banner? Maybe you two should take lessons on how to express yourselves!” I watched startled as the woman and the man grabbed the paint brush from my hand, and wrote something on the banner on the ground, “Down, Down Congress!” I read, “But why?” I asked and found them both telling me in sign language it was the Congress who had cut off both their tongues.
“Yours was cut off in Rajasthan?” I asked the girl, “And yours in Mumbai for saying something against Rahul and the Gandhi family?” I asked the man who I realized was a lecturer.
I heard a wail from West Bengal, and before hearing that Mamata had also done the same, I threw my banners away, realizingthat every party that came to power, having no idea what freedom of expression meant,ruled with a pair of scissors..!
This email address is being protected from spambots. You need JavaScript enabled to view it.
- Details
- Denis Giles
- Hits: 861
Scholarship Name 1: J N Tata Endowment Loan Scholarship
Description:
The J N Tata Endowment invites loan scholarship applications from students who wish to pursue higher studies abroad. Students who are selected for their loan scholarship are entitled to receive a ‘Travel Grant’ and a ‘Gift Award’- which are linked to their academic performance. Scholars who have already been awarded for this scheme cannot apply again for the same course.
Eligibility:
Open for students who have completed graduation studies or students who are in the final year of any undergraduate programme at a recognised university/college/institution in India. Students who are at the beginning of the second year of their overseas studies (Fall 2020 – Spring 2021) are also eligible to apply. This is applicable only if the minimum duration of course is 2 years. Students must have scored a minimum of 60% marks in the previous qualifying examination.
Prizes & Rewards:
One-time loan scholarship ranging from INR 1,00,000 to 10,00,000. Students who are selected for loan scholarship are entitled to a ‘Travel Grant’ and a ‘Gift Award’- which are linked to their academic performance.
Last Date to Apply: 09-03-2020
Application mode: Online applications only
Short Url: http://www.b4s.in/ac/JNT3
Scholarship Name 2: STFC Meritorious Scholarship Programme
Description:
Shriram Transport Finance Company Limited has announced this scholarship programme to provide financial assistance to students from underprivileged families of commercial transport drivers. Under this programme, selected students will receive multi-year scholarships for professional studies after Class 10 and Class 12.
Eligibility:
Students currently enroled in Diploma/ITI/Polytechnic courses, or Graduation/Engineering (3-4 year) programmes may apply for this scholarship, if they have scored at least 60% marks in Class 10 and Class 12. Applicants must come from the family of a commercial transport driver with an overall family income of less than INR 4 Lakhs per year.
Prizes & Rewards:
Selected students will receive INR 15,000/- per year for ITI/Polytechnic/Diploma studies (max. 3 years), and up to INR 35,000/- per year (max. 4 years) for graduation/engineering studies.
Last Date to Apply: 31-01-2020
Application mode: Apply online
Short Url: http://www.b4s.in/ac/STFC1
Scholarship Name 3: Pearson MePro English Scholar Program 2019
Description:
This is a unique scholarship program to encourage Indian students and employed citizens for learning professional English to enhance their career prospects. Students will get international exposure to core English skills through this program.
Eligibility:
Indian students and professionals between the ages of 15 to 35 years, who enrol themselves in MePro English Program and complete the 8 GSE Levels, are eligible for this scholarship.
Prizes & Rewards:
INR 10,000 scholarship will be provided, based on each candidate's performance through the program.
Last Date to Apply: 31-01-2020
Application mode: Apply online
Short Url: http://www.b4s.in/ac/PMES01
Courtesy - buddy4study.com
- Details
- Denis Giles
- Hits: 831
Goons enter the JNU college.
They thrash professors and students.
The Union President, a girl, AisheGhosheisbeaten on the head with iron rods, thrown to the ground, kicked, punched, bleeding and badly injured is admitted to hospital where she receives sixteen stitches on her bloodied head!
Next day, the police, instead of arresting her attackers, arrest her!
A few years ago, when my elder daughter was in college, I received a call from her, telling me her phone was stolen from her bag, when she had deposited her bag in the college library.
I went to her college and found that all students had to leave their bags in small open lockers, and were given a token, which later they presented to a peon at the counter and got their belongings back.
She’d done the same, and since phones were not allowed in the library had placed her phone in her bag, and later on opening the same found it was missing. I spoke with the person at the counter, who said he had nothing to do with it. Then spoke with the librarian, and finally the principal. All of them said they were helpless.
I took my daughter to the police station and registered a complaint. The police sent a constable with me and I went back to the college with him.
Later, the principal asked me, why I had brought the police to a college.
I told him, since a robbery had been committed, I used the law, but more than that, I showed my daughter, what she had to do, if ever a crime was committed, and concerned authorities showed a lack of will to rectify a wrong.
But today as I see what is happening in Delhi, I ask myself, what message is it that our children are receiving?
My daughter learned to seek justice, but what are India’s children seeing?
I have no doubt that some higher up, must be thinking it was very clever to pin a crime on the very victim of an assault, but does he know that millions of children are bewildered and whispering, “You can’t trust khaki anymore! There’s no more justice in our country!”
Only when a child grows up trusting the system, does he or she grow up fearless and confidant. What such macabre and gruesome incidents show is treachery to the system, and with the children growing up with any deficit of trust, they will lose faith in the state and search for their own order.
I tried to teach my daughter how to seek justice when I took her to the police station. I wonder where you dads and moms will take your children?
Are you watching your child protesting? It should be we parents, not they, who should be asking questions!
Are YOU?
This email address is being protected from spambots. You need JavaScript enabled to view it.
- Details
- Denis Giles
- Hits: 5214
In a fictitious housing society very close to where I live, many sounds come out of the complex: Harsh words, screams, fists connecting with fists, connecting with shin and groin, and four letter expletives that shock the residents of other colonies who live nearby.
But it was not always so.
Many, many years ago, people belonging to one religious community, decided that since they all worshipped together, they would be happy living together.
“Wouldn’t it be nice to wake up in the morning, and shout Good Morning to you, Brother Jerome, rather than some other greeting like Namaskar or Namasthe!’
“Excellent!” shouted Mr Jerome, “So let’s put up our own building, where all of us will live together, and wake up in the morning and greet each other with ‘Good Mornings!”
The idea spread like wildfire within the community, and soon, all the ‘Good Morning’ greeting people shifted into the same building, and felt so good for a few days greeting each other with ‘Good Morning!’
“We need a committee to run this building!” they said to each other one day, after saying their good mornings!” And as soon as the date for elections to the committee was announced, strange happenings were noticed, “His good morning sounds different from the rest of us, so vote for me!” said Jerome.
“His good morning shows he is from a lower class!” said another.
“His good morning shows lack of education!” whispered another candidate.
And soon rumblings were heard withina building that had residents who had previously thought of themselves as identical in thought and belief and ‘good morning’ greetings!
After those same elections, which were bitterly fought by like-minded people, the sounds that echoed from the building were loud, rowdy and boisterous, till this morning, when I saw residents walking to the local real estate broker’s office, “Get us a flat in buildings, were people say namaste, namaskar and even good morning,” said the residents, “How silly we were to think that people of one kind could live happily together!”
“Any message you have for the people and prime minister of this country?” I asked them as they trouped out, broken, bruised and battered from their building.
“Yes!” said the spokesman and no it was not Mr Jerome but his missus, “Tell the people and its leaders that the only way to grow together, is by mixing our differences and enjoying a diversity of…”
“Good mornings..”
“Namastes..”
“Namaskars..”
“and Salaam Alaikums..!” they all shouted together..!
This email address is being protected from spambots. You need JavaScript enabled to view it.