Secure by Design from IBM Software Development Practice

This is a video recorded at the IBM Innovate 2010 conference, David Grant, the Director of Security Solutions at IBM Rational, talks about how software is the invisible thread in a lot of innovations that enhance the quality of our lives.

Since software is present everywhere, it potentially brings forward new threats, so a high level of security is paramount. IBM's new "Secure by design" concept consists of building security into practices, especially into software development practices.





Anish

Read more...

ATM Fraud in Bangalore - No Tech Hacking

You don't have to be a Hacker to do ATM Frauds. Read on.....

A private security agency in Bangalore has busted a currency mis-dispensation racket involving two cash operating executives.

The racket was busted following a series of complaints made by the ICICI bank customers about its ATMs dispensing less money.

Colonel Ramesh Raman, who heads SDB CISCO, which arranges cash replenishments for ICICI ATMs, initiated an investigation and found that Naveen Kumar and Manu Kumar, in-charge of Ramamurthy Nagar, Marathalli, Whitefield and Old Airport ATM respectively, were involved in the crime.

The investigation revealed that the duo, who used to load money into the machines and look after the accounting and the maintenance of ATMs, kept Rs 100 notes in cassettes meant for Rs 500 notes.

Hence, each time a customer withdrew cash, the machine dispensed Rs 100 notes instead of Rs 500. Naveen would pocket the difference.

Soon, the agency conducted an audit and discovered that Naveen and Raman had cheated the bank to the tune of Rs 1.54 lakh.

"The amount that the duo swindled was counted from all the ATMs they serviced," said Colonel Raman to Ashok Nagar police, who are on the lookout for the duo as they have been absconding since a week.

Colonel Raman added that such instances not only result in financial loss, but also give the bank a bad name. Meanwhile, Ashok Nagar police have registered a case of cheating against the duo.

The culprits were in-charge of ICICI bank's ATMs at Ramamurthy Nagar, Marathalli, Whitefield and Old Airport.

"This is the first time persons have loaded notes of wrong denomination into the machine, thus duping the bank and its customers," said a cop.

"I am not aware if ICICI Bank ATMs have been compromised in the manner you told us. We will check and revert tomorrow. We will need to check with the police station, business head and also confirm if the men involved are our employees," explained Charudatta Deshpande, head, corporate communications, ICICI Bank.

While the bank's spokesperson Mythili Rao said, "As soon as we noticed the discrepancy, we took up the matter with SDB CISCO. Thus, there was no loss to the bank or to our customers." [ndtv]

Read more at: http://www.ndtv.com/news/cities/bangalore-atm-fraud-ask-for-rs-500-get-rs-100-29541.php?cp

Read more...

Mobile Broadband on Ubuntu 10.04 NetworkManager Gnome-PPP Wvdial

I just got ubuntu 10.04 installed on a laptop and wanted to connect to internet with my Data card. Ubuntu identified my Datacard without any problem but when I tried to connect with NetworkManager, it just won’t connect. I tried to debug and went through all the logs that I can see but it just did not work and getting on the ubuntuforums seems lots of people have the same problem.  However,  This was a Clean install and not an upgrade. Most of the users are facing problem due to upgrade.

1) So finally, to get my data card connect to the internet instead of wasting my time with debugging and ripping off everything. I had to download Gnome-PPP and Wvdial  offline on other system which has internet and moved these packages to the Ubuntu 10.04 system.

2) To install Gnome-PPP and Wvdial there are a few dependencies, most of them are already included with default Ubuntu install but the ones I had to downloaded offline are listed below: -

libwvstreams4.6-base_4.6.1-1_i386.deb

libwvstreams4.6-extras_4.6.1-1_i386.deb

libuniconf4.6_4.6.1-1_i386.deb

wvdial_1.60.3_i386.deb

gnome-ppp_0.3.23-1ubuntu2_i386.deb

I downloaded these packages from Ubuntu Lucid Online Repository http://packages.ubuntu.com .

3) Install these packages one by one in the order listed above and then start gnome-ppp with sudo, we use sudo just to make sure the connection works and we don’t get stuck again saying there is problem when our user does not have access to dialout.

4) Run command lsusb and check your if your datacard is detected and then run dmesg command and look for Modem (GSM/ CDMA).  There in the dmesg you should see your datacard using ports like TTYUSB0, TTYUSB1, etc.

5) Now back to Gnome-PPP screen and go to configuration.  In the Modems select TTYUSB0 and click detect modem, it should work. Once your modem is detected change the modem type to USB Modem and Speed to Max available with your card. (I might work with analog also but did not try it).

6) Now enter the details  about the number to dial, your username password and then connect.

7) Once you are done connecting as root, you can run this command “adduser username dip” and add your user to dialout.

8) Close Gnome-PPP and reboot the machine and start Gnome-PPP with normal user rights and see if it works. IT Should!
9) You should have internet access by now.

I have tried reliance netconnect and TATA Photon+ and both worked well without any issues.

Read more...

Solution to prevent downtime due to bad updates in IT - OS and AV

Latest reports from across the internet about a bad update from McAfee. We have seen this kind of mess-up happening every now and then. No AntiVirus is 100% foolproof. There might be updates that cause performance issues, some delete files due to an odd signature. One reason why I always suggest clients to invest in a testbed environment so that what ever the updates are be it OS Patches, Policy changes or AV Updates. All changes go through this environment which makes it easy to spot problems and it later helps when your machines are still working fine and your competitors are not.

Below are some points I would like to mention about the deploying updates or changes of any kind.

1) When to updates: Every company has to take a call as to when they want to deploy patches or updates. They should not just go ahead and deploy updates just because the vendor has published them. A thorough testing needs to be done and the update has to pass internet audit checks. Companies are apply these patches after 8-24hours after they have been published because during this time many of them would have already installed and tested it and if it is going to open a Pandora's box you still have the lead. Some of you might disagree as too 24hrs is a long time for somebody to hack into the systems and steal data but friends. Every company has to take a decision based on CIA what is acceptable and what is not.



2) A Backup Plan: Another very important point is to always be ready with a backup plan. What if you have deployed it and something went wrong, you need to know what to do if the latest change fails and you should be able to revert back to a working condition as fast as possible.

3) Workaround Solution: Good to know a workaround solution if any for the updates being pushed to clients. This helps because sometimes workarounds are easier than deploying patches. For eq. closing a port on a firewall or a change in Group Policy.

4) Testbed Environment:  A company should invest in keeping up a testbed environment which is used to deploy and test updates, patches and changes of any kind. This environment should be kept up and should be stable as to replicate the current company systems to ensure any issue with the changes are caught before they are pushed to thousands of clients.

Every company needs to take this decision, there are costs and extra processes involved but no company can afford a downtime so careful planning has to be done.

Anish

Read more...

Microsoft Fix-IT for your Windows Computer Problem needs

Microsoft has released "Fix It Center" software designed to act as a personal computer technician that troubleshoots problems with machines.

A test version of the free program available online at fixitcenter.support.microsoft.com promised "tools that help solve the issues you have now and prevent new ones."

Fix It Center scans computers to diagnose and repair problems, letting users decide whether to have it tend to fixes and even report the troubles to Microsoft.

Center software, which must be installed on individual computers, makes note of what programs machines are using and tracks updates "to find and fix issues before they become real problems," according to Microsoft.

Read more...