What is Net Neutrality?

The principle that Internet service providers should enable the access to all kinds of content and applications, favoring or blocking particular products or websites. Network neutrality is the idea that your cellular, cable, or phone internet connection should treat all websites and services the same. 

Net Neutrality Across The Globe-
After Chile, Netherlands became the second country to adopt Net neutrality, in 2011. It bans mobile telephone operators from blocking or charging consumers extra for using Internet Based services. The European Union is also in the process to follow the Netherland’s lead. The most recent addition to the small club is Brazil, which adopted the legislation on April 22, 2014.
Yahoo, eBay, Amazon, Microsoft, along with many other companies, have also been in support of neutrality regulation. Opponents of net neutrality include hardware companies and members of the cable and telecommunications industries, including major telecommunications providers, such as Comcast and AT&T.

Net Neutrality in India
The issue of Net Neutrality has been the topic of public debate in India for some time now. It has finally come to the fore with decision by Bharti Airtel Ltd, India’s largest telecommunications carrier to charge extra for the use of VOIP Services on Apps like Skype, Viber etc over its cellular data networks. Indian operators look to boost their data network and revenues.
The Telecom Regulation Authority of India (TRAI) is no stranger to Net Neutrality, having sent a note to the ISPs in 2006 suggesting a position for Net Neutrality. However, India has no laws governing net neutrality as of 2014. There are have been a few violations of net neutrality in India by some service providers. The Telecom Regulatory Authority of India (TRAI) is yet to form proper guidelines regarding net neutrality.

Stay Safe & Have Fun!!

Kindly Share This Article


The Misfortune Cookie vulnerability allows an intruder to remotely take over a gateway device with administrative privileges to attack various networks. This critical vulnerability affects 12 million routers at risk around the world in home and corporate environments.

The Misfortune Cookie vulnerability occurs due to an error within the HTTP cookie management process present in the affected software, allowing an attacker to trick the attacked device to treat the current session with administrative privileges – to the misfortune of the device owner. The majority of these devices are residential gateways including models by ASUS, D-Link, Edimax, Huawei, TP-Link, ZTE, and ZyXEL, among others.

Be particular about your privacy. Make sure your devices and documents or folders containing critical information are password protected. Consider adding more privacy to your browsing by using HTTPS connections to encrypt all your browser activity.
Remember that your router’s security is another layer in your network security defenses – you should have endpoint protections which includes firewalls, anti-virus software, and a freshly updated operating system.

Watch for firmware updates from your device vendor addressing Misfortune Cookie, apply the update as it is released. Generally, all vulnerable device makers need to obtain an updated version of RomPager or patch it manually, integrate the fixed version into their current firmware for all vulnerable lines and models, test that nothing was broken during the process, release the firmware version, which would then have to be installed on every vulnerable device in the world.

See for more details.

Stay Safe & Have Fun!!

Kindly Share This Article


Recently, one of the most infamous cloud attack is Celebrity iCloud Hack. The scam about hack of Celebrities iCloud accounts, are causing many Smartphone users to wonder whether their data is secured on cloud. Unfortunately, the harsh reality is that their presence is not much secure and the users must consider some extra security steps to safeguard their online data.

For instance, Apple’s iCloud hackers knew the process of finding email addresses associated with an account. Out of two, this is the first step for a successful hack.

One of the Challenges with online account security is the “Security Question”. We tend to take Security question for granted. For example, we often keep the Security question way too simple, such as childhood nickname, birth date, birth place etc.  Which can be found online or can be obtained via social engineering. As a solution to it, Apple follows ‘Two-step verification’ i.e. ‘Security Question’ & ‘‘Authentication via SMS’. However, Apple only initiates two step verification if the users is buying a movie or an application or attempting to change account preferences from a new device. To enable two factor authentication, the account holder must configure the account’s standard security function.

In a statement, Apple said, “After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a much targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved. ”

We should be careful about the Phishing scams as well. Apple has reported that some of the celebrity pictures were uploaded online because the victim clicked on the phishing links and that’s how hacker got the credentials.
Satnav Nearing, Security Response Manager at Symantec stated “Convenience trumps security very often when it comes to various services”. On the other hand, Gary Davis, Chief Consumer security evangelist at McAfee said “I don’t believe, in the long term, this will hurt the cloud services industry bottom line. The cloud services industry would be impacted if this opens the door to rampant and regular exposures of this type.”

In an International Data Corporation study, Consumer cloud adoption has increased which was worth an estimated $47 billion in 2013, will be worth $107 billion by 2017. This study is coming into reality as Dropbox has attracted 150 million users between mid-2011 and November 2013.

Another notorious attack which made the headlines when hackers claimed that they have acquired the log-in usernames and passwords of almost 7 Million users of Dropbox. A series of posts made in Pastebin website containing what appear to be the log in credentials of thousands of accounts for the Cloud storage service. The author of the posts claiming to be in possession of a total of 6,937,083 accounts credentials. He also said that they will be releasing more credentials unless they are paid ransom in bitcoins.

According to a security engineer working in Dropbox, Anton Mityagain wrote on drop box’s official blog that the website was not hacked. In the blog he mentioned that the passwords that the hackers obtained were acquired through unrelated, third party services and not Dropbox itself. “Attacks like these are one of the reasons why we strongly encourage users NOT to reuse passwords across services and to use two factor authentication system” he added.

“It’s a shared responsibility — the providers’ responsibility is to protect the service, but the users’ responsibility is to protect their credentials,” said Adallom senior vice president Tal Klein. “Every time you put data in the cloud, you need to do a quick summation of how valuable the data is and how it should be protected.”

Stay Safe & Have Fun!!

Kindly Share This Article

cloud_computingCloud Computing is a word which we all heard but few of us know the actual power of this. The origin of the term cloud computing is actually dubious. The word cloud in scientific world is used to explain a large cluster or bundle of objects which usually visually appear as one cloud. Lets start from the very basic, Cloud is a metaphor for the internet but when combined with computing, the meaning gets bigger and muddled. Some analysts defined Cloud computing as an updated version of Virtual computing, which is basically Virtual servers available on the Internet or cloud. Others has a broad view of looking at it, they argue anything you get outside the firewall is “in the cloud”.

Cloud computing is a platform and is divided into various other components.

  1. Software as a Service: We all have used SaaS or Software as a service. This type of cloud computing gives us the service to use an application using a web browser to the internet community or the customers using a multitenant structure. On the client end, it is a money saving solution as the client has no need to invest in servers or software license. On the Service Provider end, now they have to maintain just one app so the investment is very low compared to orthodox hosting. is a very famous amongst enterprise applications.
  2. Utility Computing: In this form of service, a service provider makes Computing resources and Infrastructure management available to the customer if needed, and charges them for specific usage rather than a flat rate. This sort of computing is getting a rejuvenated life from vendors like IBM, etc. who offer virtual servers and storage that can be accessed on demand.
  3. Cloud Web Services: In addition to the SaaS services, Web service providers develops and provides API’s that enable developers to target the functionality over the Cloud or Internet. Now, they don’t have to deliver full applications because an API will be there to get the desired result. Industry giants like Google, Facebook, Twitter etc. provides API’s
  4. PaaS or Platform as a Service: This form of cloud computing offers development environments as a service. In this scenario, a client can make and build his own applications that run on the provider’s infrastructure using the libraries from the provider. The consumer can also able to administer the configuration and deployment of the application.


Cloud Storage/Infrastructure as a service/Hardware as a service: This is one of the three major service models of cloud computing other than PaaS and SaaS. Cloud Computing provides access to a computing resource in a virtualized environment. This offers Virtual Server space, network connections, IP addresses, Load balancers etc. Physically the pool of hardware resource is accessed through a cluster of servers and networks usually distributed across numerous data centers. All of this infrastructure is maintained by the service provider, On the other hand the client is given access to the virtualized components in order to build their own platform. Infrastructure as a service is a very cost effective and easily scalable solution where the technical complexities and cost to manage the hardware will be taken care by the cloud service provider. If the business scalability fluctuates and they need more computing resources to satisfy the requirement, they can anytime tap into the cloud resource as and when they need it rather than purchase, install and integrate hardware themselves

Few instances how IaaS can be utilized by enterprise:


  • Enterprise infrastructure:

Few enterprises use Internal Networks such as VLANs and Private clouds which utilises a clustered server and network infrastructure where the applications and the business data is stored. Business expansion can scale their infrastructure as required. On the other hand, private cloud can protect the storage and how the data will be handled by the businesses.

  • Cloud hosting;

Websites are hosted on Virtual servers deployed on a cluster of resources. If a website is hosted on the cloud, it can benefit the redundancy provided by the clustered environment and on demand bandwidth to deal with the high or low traffic load.


  • Virtual Data Centers (VDC: VDC consists of Interconnected Virtual Servers which provides enhanced Cloud hosting capabilities and Enterprise IT Infrastructure. We can also integrate and implement above mentioned operations within a private or public cloud.


A typical Infrastructure as a Service offering can deliver the following features and benefits:

  • Scalability- It is capable to handle a growing amount of capacity in the best possible way. And is always readily available whenever a client needs it.
  • No investment in hardware- The physical hardware supporting IaaS service created and taken care by the cloud provider, which helps to save the time and production cost.
  • Utility style costing- The service can be availed as per demand and the user has to pay only for the actual resources used.
  • Location independence- The service can be accessed from any particular location only if internet connection and the Cloud’s security protocol allows it.
  • No single point of failure- If one server or network switch, for example, were to fail, the broader service would be unaffected due to the remaining multitude of hardware resources and redundancy configurations.  For many services if one entire data center were to go offline, never mind one server, the IaaS service could still run successfully.

IaaS provides redundancy, which means if one server or network device meets a catastrophe, the service will still be available to the client because of clustered environment. So there no single point of failure.

Advantages of Cloud Computing:-

Cloud computing offers various advantages to end users and businesses as well. The major advantage is that one doesn’t have to support the infrastructure or have the knowledge necessary to develop and maintain the infrastructure, development environment or application.
Let’s discuss some of the most important advantages of cloud computing.

  1. Cost Efficiency- The cloud has eased much of the technological burden that is involved with IT systems support and maintenance, helping companies. Regardless of the motivation, business owners and data center managers are increasingly turning to cloud for vital computing services.
  2. Convenience and continuous availability- Public clouds offer services those are readily available anytime and anywhere. This approach enables smooth access to information and  takes care of user’s need various locations. Moreover, service uptime is in most cases guaranteed if resources are continuous available. In case of system failure, alternative instances are automatically generated on other machines.
  3. Backup and Recovery- The process of backing up and recovering data is simplified as they resides on the cloud and not on any physical device. The various cloud providers offers reliability and flexibility for  backup or recovery solutions. Sometimes, clouds are used only as a backup repository of the data.
  4. Redundancy and Resiliency- A cloud deployment is generally built on a robust architecture thus providing redundancy to its users. The cloud offers automatic switching to a redundant or standby computer server between hardware platforms, while disaster recovery services also exists.
  5. Scalability and Performance- Cloud instances are deployed automatically only when needed and as a result, you pay only for the applications and data storage you need.  Thus, providing scalability to business operations.  Also,  the systems utilizes distributed architectures which offers great speed of computations. It is the provider’s responsibility to ensure that your services run on cutting edge machinery.
  6. Quick deployment and ease of integration- A cloud system can be up and running in a quick span of time which makes deployment a key benefit of cloud computing. Software Integration occurs automatically on cloud. A business is allowed to choose the services and applications that suits them in best possible way. There is minimum effort involved in customizing and integrating those applications.
  7. Increased Storage Capacity- The cloud can easily store much more data as compared to a personal computer, providing almost unlimited storage capacity. It takes care of running out of storage space situation. It also helps businesses in reducing the overall IT cost.
  8. Location Independence- Bring your own device” (BYOD) policy can be easily adopted with the cloud which permits employees to bring personally owned mobile devices to their workplace. There is no limitation of place and medium, making it very attractive to people. It offers the flexibility for its employees to access company files wherever they are.

Disadvantages of Cloud Computing:-

As made clear from the above, cloud computing is a tool that offers enormous benefits to its adopters. However, being a tool, it also comes with its set of problems and inefficiencies. Let’s address the most significant ones.

  1. Security and Privacy- Security is the biggest concern when it comes to cloud computing.  In a remote cloud based infrastructure, a company essentially gives away private data and information. Such things might be sensitive and confidential. It is then up to the cloud service provider to take care of them, thus the provider’s reliability is very critical. Companies and users have to trust their cloud service vendors that they will protect their data from unauthorized users.
  2. Technical Difficulties and Downtime- You should keep in mind that at times all systems might face no functionality.  Outage and downtime is possible even to the best cloud service providers. The major setup is dependent on internet access, thus any network or connectivity problems will render the setup useless. It might take several minutes for the cloud to detect a server fault and launch a new instance from an image snapshot.
  3. Limited control and flexibility- Since the applications and services run on remote, third party virtual environments, companies and users have limited control over the function and execution of the hardware and software. Remote software lacks the features of an application running locally.
  4. Increased Vulnerability- Related to the security and privacy, cloud based solutions are exposed on the public. Thus, they are more vulnerable target for malicious users and hackers. Nothing on the Internet is completely secure. Due such interdependency of the system, If there is a compromise one of the machines that data is stored, it might leak all personal information to the world.


Stay Safe & Have Fun!!

Kindly Share This Article

Before we jump to Do’s & Don’ts for Entrepreneur’s startups, let’s see why an Entrepreneur requires Cyber Safe startup.

Internet Security Threat – Key Findings*
• 42% increase in targeted attacks in 2012.
• 31% of all targeted attacks aimed at businesses with less than 250 employees.
• One waterhole attack infected 500 organizations in a single day.
• 14 zero-day vulnerabilities.
• 32% of all mobile threats steal information.
• A single threat infected 600,000 Macs in 2012.
• Spam volume continued to decrease, with 69% of all email being spam.
• The number of phishing sites spoofing social networking sites increased 125%.
• Web-based attacks increased 30%.
• 5,291 new vulnerabilities discovered in 2012, 415 of them on mobile operating systems.
*Source Symantec Survey Report

What is a Cyber Crime?
Any criminal/illegal/unlawful activity committed where cyberspace is used either as a tool, target or both is known as ‘Cyber Crime’.

What is Cyber Environment or Cyber Space?
It is a pool of all electronic devices which may or may not be connected to any network and/or Internet for any of the purposes of communication, transmission and storage.

But to go ahead, first understands the Cyber Security Concept.

What is Cyber Security?
Cyber Security ensures the attainment and maintenance of the Security apparatus & assets (of an organization, individual or even a Government) against security risks in the Cyber Environment.

22Don’ts for an Entrepreneur

1. Don’t Purchase business domain name & hosting from unknown brand. Especially which is out if India because Indian Laws as applicable to the jurisdiction boundary of India
2. Don’t use others Copy-Righted Image on your Domain as it’s an open invitation of legal notice.
3. Don’t use pirated or cracked software’s as companies who owned them has increased the Cyber surveillance which is helping them to conduct run time raids.
4. Don’t leave your online content without security from getting copied. As multiple domains with same content will start getting SPAM by search engines. It will further degrade your website ranking on search engines.
5. Don’t use Public Computers to access your Business Email Id or any other Business related access where you have to use your confidential credentials.
6. Don’t provide access to Company’s hardware & backup to all employees.
7. Don’t keep company’s Wi-Fi unsecured.
8. Don’t sell the old hardware or resend the rented hardware without media sanitization.
9. Don’t use Business Pen/external drives for public purposes.
10. Don’t believe on all business emails received as Fake Business Emails are increasing day by day.

11Do’s for an Enentrepreneur

1. Keep Domain details on your name & address to prove, you owned this domain. And purchase from leading brands in your country rather going for international brand.
2. Create or design your own images/logos to avoid the legal notices.
3. Use open source software’s for your company operations purpose. Or purchase corporate life time licenses. As its onetime payment for those licenses. And also use paid Anti-Virus/Anti-spyware to safeguard your data.
4. Create own original content for online presence & Copyright your website content to secure legally. Also secure it technically by embedding scripts in your web portals.
5. Make sure your business email ids or any admin controlled access must be accessed only from your business network.
6. Lock your company hardware’s like servers, backup devices etc. And backup all your data & keep at least 3 copies at different location/media. Create contingency plan or CERT (Computer emergency response team). Also you may Use Virtualization.
7. Secure your Wi-Fi network & use open source encryption technology like Bitlogger tool to encrypt your critical data.
8. Integrate Media sanitization process whenever any hardware goes out of the company premises. Open source tools like C-cleaner & date wipers like eraser, shredder can be used for media sanitization.
9. Pen drives must be protected, scanned & only to be used for business internal purpose in business premises.
10. Please cross-verify the genuineness of business emails to avoid any financial frauds.


Stay Safe & Have Fun!!

Kindly Share This Article

Case-Study-for-Customer-Information-Breach-via-SQL-Injection-21 (1)

SQL injection as the name suggests, it is a process in which SQL is getting injected with a code. SQL Server keeps all our data in its database. So what if we can inject a string of code and take out some information from the server. SQL injection is a code injection attack in which some special malicious SQL statements are inserted into an entry field. A successful SQL injection exploit can read sensitive data from the database, which consist your Usernames and passwords as well.

SQL injection is one of the most malicious and most dangerous attacks of all time. If executed in the right manner, an attacker can read and modify the database data. Execute administration operations on the database, can shut down the database as well.

Authentication bypass: This is one of the most common form of SQL injection. In this attack an attacker executes an SQL query which is “True” in Username and Password input field. If someone is executing a “True” query, it may give him the access to the logged in user without the need of giving Username and Password.

Database Dump: In this attack, an attacker executes SQL strings and using some automated tools he may dump the entire database as well.

Now, let’s talk about the solution. Penetration testing covers all these attacks which a hacker/attacker will use on the actual website. If a Tester finds any loopholes then the vulnerability can be easily fixed.

Stay Safe & Have Fun!!

Kindly Share This Article



Cross Site scripting ranks third in the OWASP 2013. That means, it is very critical. XSS or Cross Site scripting is a Computer vulnerability or loopholes , commonly found in Web applications. If properly done, Attacker can inject client side script into Web pages those are on the Internet. It is very dangerous as these web pages are viewed by other users as well. XSS may be used to bypass access controls and session hijacking in some cases.

Following are Two types of Cross Site Scripting:

a) Non Persistent (reflected) =  this is the most common type of Cross Site Scripting or XSS. Without going in detail, Non persistent XSS vulnerabilities in one website could allow malicious sites to attack that specific website users who visit them while they are logged in.

b) Persistent (stored) = such type of XSS flaw are dangerous. This happens when the code injected by the Attacker is stored in the server and it stays there. It will be there permanently and will be shown to every user who will view that website or webpage. For instance, a stored XSS scripting binded with a computer worm allowed arbitrary code and listing of file system contents.

Now, here’s the solution. Full Web application Penetration test will cover all these parameters and methods through which an attacker performs this attack. If a tester finds any vulnerability in the web application then the issue is reported to the secure developer to fix such problem.


Stay Safe & Have Fun!!

Kindly Share This Article


IT user’s personal information such as passwords, credit card numbers, house address’, telephone number, id number etc. are mostly saved on their systems.
When these system is not secured effectively from any unauthorised access, there is a high probability that a hacker might exploit that vulnerability and steal that information. Such vulnerability is ”Sensitive Data Exposure”.

First you should figure out which data is sensitive enough and needs extra protection.
Now ensure that such sensitive data is
a) Encrypted wherever is it is stored, including backups of this data.
b) Encrypted in transition, internally and externally both. All internet traffic should be encrypted.
c) Strong crypto keys are generated for encryption algorithms, and proper key management
is in place, including key rotation.
d) Browsers should have Proper directives and headers are set to protect sensitive data.

Data can be exposed by using these three techniques: Intrusion, Phishing & Social Engineering. However, you can take an active approach to making sure your valuable information has not been exposed to those who would misuse it for financial gain or other reasons.
Make sure that your sensitive data is protected by proper laws, regulations, or policies.

Stay Safe & Have Fun!!

Kindly Share This Article


strongsecurepasswordsA few weeks ago, we wrote an article about how one can create a strong password.  Yet, many people still have no clue how important a secure password really is. Also, with news coverage about eBay’s corporate network being hacked and its database with users’ passwords being compromised, we feel it is necessary to – once again – recap the importance of a secure password, and the creation of it.

The case of eBay

eBay reported that cyber criminals compromised eBay through the theft of employee credentials. That way, they got access to the corporate network. The company was quick to announce that the stolen passwords were encrypted, however, encryption or hashing doesn’t necessarily mean that the passwords are safe. If the passwords, for instance, were encrypted, but the keys were stolen by the attackers, then the encryption is worthless.

An article of 23th May said a website offered “eBay user details for sale”, following that the user details were the result of a cyber-attack at the online marketplace. Although the spokesman for eBay told the offer was not a legitimate one, a leading Perth academic says it is.

eBay says that tests have shown that no financial information was accessed, however, the company advised everybody to change their passwords.

What is a secure password?

A strong password contains

–          Upper- and lowercase letters;

–          Numbers and symbols (if possible, even including spaces) and

–          Minimum 8 letters.

And it must not contain

–          any personal information, such as your real name, your company’s name or names of relatives and

–          any word that can be found in dictionaries.

NEVER use simply dictionary words (such as ‘Password’), but create ones based on easily memorized sentences. For example: ‘I am the one and only James Bond’ becomes: ‘IatoaoJB007:-)’. Again, use numbers and symbols, and create a unique password for every account!

Stay Safe & Have Fun!!

Kindly Share This Article

Digital Drugs

In today’s world, there are few things which are not been digitized yet. Even drugs are taking it to a next level: digital drugs, or cyber drugs, are now gaining popularity by teenagers and young adults. But how do these drugs work?

To get to know how cyber drugs work, we have to go back to 1839: German physicist Heinrich Wilhelm Dove found that when opposite ears receive two different tones, the listener thinks he is hearing a quick beat. Normally, the difference in sound between each ear helps people to get direction from where the sound comes from, but when listening to sounds of each a different frequency, the listener experiences it as it’s coming from the inside of the head. This phenomenon is called ‘Binaural Beats’ and is used in therapies to treat anxieties.

Now, ‘suppliers’ of the digital drugs claim that the drugs give the user the same effects of marijuana and cocaine on condition that he or she uses headphones and cover the head with a cloth. On YouTube, several videos of teenagers freaking out can be found. Other people claim that the drugs gives you nothing more but a headache, or that does not do anything at all.

Neither a lot of research is done about the implications of digital drugs, nor statistics are available. However, some American schools have already abandoned headphones, and warned parents to be extra careful.


Stay Safe & Have Fun!!

Kindly Share This Article