April 21, 2008. Filed in
test
As if appointment of Rod Beckström as director of National Cyber Security Center (NCSC) was not foolish enough, Bush administration couldn’t help tolerating Mr Chertoff’s ideas of privacy. In a public appearance at Canada, he attempted to explain how fingerprints are not his idea of personally identifiable information (personal data). What people, especially those who handle security, must understand that personal data can not be described by confidentiality alone.
What most people do not understand is the difference between personally identifiable information and confidential information, or as Schneier puts it ‘the difference between personal data and secret data. To put it simply, personally identifiable Information (PII) refers to any information that identifies or can be used to identify, contact, or locate the person to whom such information pertains. It has little to do with confidentiality of the information on its own. Postal codes/ zip codes and fingerprints are few such examples of less-confidential personal data.
March 24, 2008. Filed in
test
I have been thinking about buying ASUS Eee PC to help me access my main machine while I laze around in bed. The two laptops I have are a bit clunky and store crucial data that I cant afford to loose when I roll in bed. While most of my rss, email and music streaming needs are fulfilled by my pimped iphone, they keyboard and screen size often makes it uncomfortable to access my webserver over ssh and my machine over vnc.
While I still wait for some cash inflow for buying Eee PC, Jace has written a very insightful comparison of Eee PC and HCL MiLeap Y. For those who think HCL can produce a good laptop for Linux OS, this is an eye opener.
I have read a lot of material on Johny Lang and stuff written by him, but I have never come across an article as lame as this. Someone please tell the author that penetration testing is different from data stealing!
Indian government either needs a session on risk perception. It has this tremendous capacity to recognise a threat from a cow to a smartphone.
The way things are turning out in India, we will soon see DoT ordering NIC to maintain a national mail server where all our emails will be mirrored and scanned for keywords that reflect terrorism. Atleast people can look up to NIC to snoop around in other’s email and ask for backup just incase an email is deleted from their servers!
March 17, 2008. Filed in
test
The native applications on the iPhone are somehow incomplete in exploiting its capabilities over IP. Probably one of the reasons for the lack of heavy data transfer oriented apps is Apple’s assumption that most iphone users will use EDGE and not WiFi for their communication needs. While I use EDGE for most parts of the day and check my emails extensively without a hitch, it feels good to be able to use iPhone as a portable machine doing practically everything from setting up alarms, managing my web server, taking backups of remote machines over ssh, etc. Now that iPhone is quite common in this part of the world, it’s time to discuss the app suite on my iphone:
- SSH: The famous Open SSH implementation for iPhone opens limitless tweaking possibilities on the iPhone. Connect the phone to home WiFi, switch on the SSH service and you’re ready to control your remote machine of choice, or upload custom themes from desktop to iphone.
- Summerboard: Native iPhone interface is not for me. Dave Shea’s Chalkwork theme does the trick for me.
- Boss Prefs: I personally feel Apple should have included a tool to switch off EDGE when not in use. Keeping EDGE on all the time drains out the battery within a day. Boss Pref, the swiss army knife for network services on iPhone lets you control WiFi, EDGE, SSH, Bluetooth services and save precious battery charge.
- Customize: Who said changing the order of icons and hiding icons was not possible in 1.1.2 ! Customize lets you change icons, indicators, and enables you to hide unused icons to keep the home screen clutter free.
- Lockbox: Keeping secret things secret. This surely won’t protect information if your phone is lost to a hacker with basic unix skills, but stands to people poking in your iPhone.
- iSMS: Sending SMS to multiple recipients and forwarding SMSs – this application fills in for 1.1.3 feature.
- iFlickr: Click photos and push it to your flickr account without clicking an extra button. Allows you to tag photos, and control private/public status of the photos.
All of these applications are available through Installer App if your iPhone is Jailbroken. Which apps do you use?
March 17, 2008. Filed in
test
While the number of posts i was writing every month has decreased considerably, the zeal to dress up this site has not died in my mind. I still feel at times that there are hundreds of people reading my site everyday, and a boring stale design will only shoo them away. So I decided to pimp up my site yet again, and call it by a fancy name than just “sumeetsingh.net”. The past month has really been hectic. Foosball tournaments, patricks day celebration, b’day parties and what not. So now that I have some time to spare, the next few posts will be about punditz live, foosball tournament and b’day parties.
The last few years have seen alarming rise in demand for security products and services within India especially related to data security. Be it firewalls, VPN boxes and encryption solutions, or ISO 27001 and SOX consulting, the demand has only increased. There is not one reason amounting to this growth. Contractual clauses for BPO segment have become harsher. Fear of data breach within companies has increased. Salesmen (or Pre-Sales consultant as they are known these days) have mastered the art of selling expensive yet ineffective solutions. And so on. But do the solutions protect private data of consumers better than before? Probably not to the extent it should be protected. And yet, there are not as many cases of privacy violation in cyberlaw courts in India as one thinks there would be. The problem with Indian way of securing information and assuring privacy is many folds. Continue reading ‘Learnings from India: How not to secure personal data’
I am Sumeet,an information security enthusiast, crazy about Coffee, iPod, everything mac, travelling, consuming rss and eating. I work for a large consulting firm where I usually rant about security best practices.