Security by Obscurity and Digital Watermarking.
by ujjawalchhaparia on Dec.03, 2012, under Information Security
There are several statements in the computer security field which are misunderstood, one very important one is “security through obscurity is bad.” First let’s talk about what we mean when we say security by obscurity, it means that the security of a system or process resides in the secrecy of the whole method rather than strength or design of the system. It can be better understand with the help of an example, suppose you kept all your money in an ‘unbreakable’ safe and locked that down. So the security resides in the strength of the safe and the key combination that is needed in order to open the safe since everyone knows where the money is, but the main strength is the key combination that is kept secret. It is the combination of keys which guarantees the safety of the money. On the other hand, if you buried the money in some place in such a way that only in some particular night during the full moon, shadow of the particular tree will point to that place, its security by obscurity since all the security depends only on the fact that no one knows this.
(continue reading…)
Human (users) – Rival of security
by ujjawalchhaparia on Aug.17, 2012, under Information Security
One day in a group discussion we were trying to clear the misunderstood difference between IT security and Information security. one of my friend was insisting on his quote that his company has everything which makes them secure, they never hacked, never had a data breach so they are secure and they have nothing to worry about..looking at his over excitement about his organization i couldn’t resist myself and i asked him one question, how many employees are there in your company? 200 he replied. you already have 200 major vulnerability in your organization which can not be patched so on which base you are claiming to be secure? he said what do you mean by vulnerability here.. i replied can you write it down on paper and sign it that any of your 200 employee will never share his password with anyone outside company? their friends , their relatives, anyone..? he said that’s impossible how can i give you in written …he stopped for a second and looked into my eyes and realized my point..after a 2 mins pause he replied.. i think you are right, i never thought about it, this is a major issue and i completely ignored it.
Authentication – its not only about passwords
by ujjawalchhaparia on Jul.16, 2012, under Information Security
Authentication !! what it is?
it has different meaning for different category of people, such as just another word for a non computer user, windows login screen for home users, something related to username and password for some geeks, and something exciting to break for hackers.
Here in this post i will try to give you the meaning of this word from a different prospective, how this one word makes so much difference in our regular life without our realization.
Do you care about your privacy??
by ujjawalchhaparia on Jun.07, 2012, under Information Security
Hello, i am again sorry for delaying the post, was busy in some personal work. well all is good when i am back now.
So today lets talk about something which is very close to everyone, either you belong to security industry or not, you do care about your PRIVACY dont you? i guess the answer is yes..
Privacy is a ability of a individual or group who wants to keep something restricted to themsevs and dont want anyone else to know about it. well in security world we often say that there is no 100% secrecy, so you can try to keep things private but chances are very small that you will be susscessfull. Well you may not even know that someone else knows what you think is private, but thats different case. We all have our own personal space, which we dont want anyone to know and thats normal, its very “Human”, but what happens when someone breached into your personal space without your knowledge ? obviously no one would like to face that situation that your private pictures are posted online which you kept in some hidden filder or your laptop and thought they are hidden from world. But on the other hand in real life it happens all the time, we hear evey day about leaked mms , songs get leak before official relases, private pictures of celebrities are posted online. This kind of unintended action is called PRIVACY VIOLATION.
An introduction to Information Security
by ujjawalchhaparia on Apr.19, 2012, under Information Security
Security is a shield (environment) we create around us to feel secure from things we dont want to be affected.
Security always has its scope, it can be personal , it can be family, society, National , or global.. for example terrorism is a national security threat, global warming is a threat with the scope of global. the point is we in real life underestimate security where things are under our control and overestimate security where things are not in our control. let me put it this way, how come riding on a bike on a highway can be more secure than having a terrorist attack? in both the cases chances are equally high that you will die, but we care less about bike because we think we have things in our control, and overestimate terrorism because that’s not in our control.
Its very common that people often misunderstood information security as a technical security, think about this which firewall restricts an employee to share his password to his friend? can you secure that ? the answer is NO.
A New Tiny Computer : PogoPlug Pro With ArchLinux , Installation.
by dexter on Mar.02, 2012, under Router Security
Overview:
Pogoplug Pro is the first of a new variety of hardware from Pogoplug. They are based on the PLX/Oxford Semiconductor NAS7820 SoC, which provides two ARMv6 cores clocked at 700MHz. The Pro has an onboard mini-PCIe slot that is used for a WiFi module.
Pogoplug V3 and the new pink colored Classic models are the continuation of the “oxnas” hardware from Pogoplug. They are based on the same PLX/Oxford Semiconductor NAS7820 SoC. Unlike the Pro/Video varieties, these do not have a mini-PCIe controller or slot.
The SoC used in these models is not supported in the mainline Linux kernel, and all sources are covered under an NDA with PLX. We support these devices with a custom kernel that is flashed alongside the original kernel in flash memory. This is a safe and non-destructive process, and allows the devices to use all of the software in our repositories.
Model numbers located on bottom of foot:
POGO-P01 – Pro
POGO-P21 – V3
POGO-P25 – V3
POGO-B01 – Classic
POGO-B02 – Classic
POGO-B03 – Classic
POGO-B04 – Classic
