Trust me I am not a Hacker December 12th, 2014
The title of this post pleads my readers to trust me. Yes, Indeed I'm not a hacker and I have never been one.
With remniscence of the recent past that was unleashed by a social internet activist Edward Snowden. The only crime that guy did was that he revealed the about the project PRISM and the suporting operations of The NSA which actually hampers the privacy of the users.
Well, frankly according to me, internet was the only place where I felt that I *WAS* a free-soul and nobody holds a chance to intrude into my personal life, but recently the world is bombarded with a series of events which relates to the security and the privacy of the users.
We all have maintained two lives as of now, we all are spending an ample amout of time in social networking sites like facebook, google plus and many other but we forget that Facebook and Google are actually going to use our data, they build a separate user portfolio, his likes, dislikes.
Meanwhile facebook is providing enough data through their APIs and if you write a good algorithm you can easily spot someone's secret "Crush", their "EX" or their *To BE*. All you need is to properly supply the inputs of the FB to your FB Application. For this you will actually have to create a Prediction model of your own, because FB is smart enough to keep the prediction ideas to themselves and let users decide what to do with the Statistical data which is being provided.
We all don't just add the known people on fb, some of the people that we add are those, who we have not even met and sometimes those who don't even hold a chance to meet in the future. Do we really want them to know so much about our personal lives. The answer from all around the world is a simple *No*
From the above statements it might seem that I'm an FB hater but actually I'm not. I was just trying to explain that in the worldwide monitoring of NSA it might be one of the cases that your Statistical data might be given to some of the people for observation and analysis. Those statistical data can be sometimes right or may be wrong.
I'm from India and I have nothing to do with NSA's project PRISM but India is about to launch the same programme of national survelliance of Telephony and Intenet Data.
NSA once said that the data which they are recording is very likely not to be used. Their promise seems analogous to the person who downloads a Pirated movie and promises not to watch it.
For The Gov Of India I can say that its a nice move, I have full faith in you but I don't trust your contractors.
Since India lags in survelliance devices they are very likely to move the programme to some contractors.
So what are the pros and cons of this scenario:
Pros (There will be sarcasm in every point)
0. Suspecting everybody as a terrorist, will eventually make people not choose terrorism as a future career plan.
1. Lesser number of inland terrorist activities since terrorist plan everything on phone and email.
2. Lesser protests as the emails and phone calls sent to protestors will very likely disclose the location of the people protesting.
3. The right salesman on your door, as you just talked to your neighbour that your mobile is not working anymore, Gov of India knows it, so they will send the person concerned on your doorstep.
Cons: (No Sarcasm intended.)
0. Your personal data your stats are with thirdparty. Every potential *buyer* citizen will be worth a lakh to the advertizer, your data can easily be compromised with the third party contractor (As the saying goes- I trust the government but not their Contractors)
1. Since your data is not secure any idea or any strategy can be sent to the competing organization. This will be highly dangerous and is an added advantage to the counter strategist.
2. Your personal life may not be personal anymore. Making you suspect like a terrorist makes you a non valued citizen of India.
If you consider Government as your friend, you will very likely be into a situation like this-
Your Friend forcefully makes you discuss your new idea with you then he goes on implementing that idea before you and captures the market.
The Above 3 reasons are enough for your to understand your value and it gives you enough authority to question the governements plan.
I am assuming that the reader of the post is a normal citizen like me and does not hold a lot of power in the Central Gov so here is something which is worth doing.
You must use encryption technique to hide your data from being monitored.
The best technique till this date is GPG, I have been using it for the past 3 years.
Before I go ahead, let me tell you the reason why I started using GPG.
I started using GPG because of the OSS movement, I became a fan of Richard M Stallman (RMS).
I liked the ideology of RMS, his thinking about the privacy of an individual, How facebook and the other enterprise like google will use your data and can anytime produce your data to any other organization whenever required.
So what exactly happens with GPG:
GnuPG encrypts messages using asymmetric keypairs individually generated by GnuPG users. The resulting public keys can be exchanged with other users in a variety of ways, such as Internet key servers. They must always be exchanged carefully to prevent identity spoofing by corrupting public key ↔ "owner" identity correspondences. It is also possible to add a cryptographic digital signature to a message, so the message integrity and sender can be verified, if a particular correspondence relied upon has not been corrupted.
How to move in the direction of Messaging with GnuPG:
There are several tools available for Linux Based OSes and Mac OS.
For an easy operatibility they are now coming with GUI frontends and command line was also pretty easy.
1. You first need to generate your key, for the email id that you want.
2. There will be two keys, one is the private key and the other is the public key, the public key will be used to encrypt messages which are designated to you. The private key is used for decrypting your message, its a passphrase which is asked while creating the RSA keys.
2.1 You all must be thinking why pass-phrase and not password, its simple because we don't want the Agencies to do a bruteforce attack on the messages. If you have chosen a difficult combination then it would take the agencies, around 10 years, with their million dollar CLUSTER, to decode the message that talks about birthday present of your grandmother.
2.2 Heads up for the present because this was not guided by the Machine learning Algorithms of Google/Amazon/Flipkart. It was originally yours.
3. Once you are finished creating keys you just need to use the plugins for your email client.
For mac your can use the GPG suite that goes with the name of GPGTools - It will even help you in creating the keys and encrypting other messages too.
For Thunderbird you would want to use the famous Enigmail
I am more of a Evolution fan because it already has GPG/PGP security in the newer version.
4. Once you are done with the above setup all you need is to send your messages to your friends, relatives and colleagues and you may also encourage them to use it.
5. Keep the passphrase/private key safe, if you lose it there is no way you can get it back.
5.1 If you are a terrorist or a mafia, Agencies can still beat the shit out of you to get the message with complete meaning without using a million dollar cluster server.
6. You can also digitally sign your messages, which will authenticate that you are a genuine sender and not a hoax who is trying to spam from some other un-authentic source. Adding a PGP signature at the end of your message shows a greater sense of responsibility for your messages.
7. Your ideas will remain yours, your friends and your enemy don't hold a chance of knowing it without your permission.
Its totally your choice to make the public keys open to the world so that anybody can send you encrypted messages or you can keep it private among your circles.
Sachin Tendulkar - The legend December 27th, 2012
Here is something Inspirational that I came across on one of the posts over social Network.
Its a must watch for Sachin fans as well as the fallen ones :)
One Love :) October 18th, 2012
I am not really very good at expressing myself but here something that I felt was meant for me after reading an email.
Something that I would like to share which I read through Naveen Pandey.
“Only once in your life, I truly believe, you find someone who can completely turn your world around.You tell them things that you’ve never shared with another soul and they absorb everything you say and actually want to hear more. You share hopes for the future, dreams that will never come true, goals that were never achieved and the many disappointments life has thrown at you. When something wonderful happens, you can’t wait to tell them about it, knowing they will share in your excitement. They are not embarrassed to cry with you when you are hurting or laugh with you when you make a fool of yourself. Never do they hurt your feelings or make you feel like you are not good enough, but rather they build you up and show you the things about yourself that make you special and even beautiful.
There is never any pressure, jealousy or competition but only a quiet calmness when they are around. You can be yourself and not worry about what they will think of you because they love you for who you are. The things that seem insignificant to most people such as a note, song or walk become invaluable treasures kept safe in your heart to cherish forever. Memories of your childhood come back and are so clear and vivid it’s like being young again. Colours seem brighter and more brilliant. Laughter seems part of daily life where before it was infrequent or didn’t exist at all. A phone call or two during the day helps to get you through a long day’s work and always brings a smile to your face. In their presence, there’s no need for continuous conversation, but you find you’re quite content in just having them nearby. Things that never interested you before become fascinating because you know they are important to this person who is so special to you.
You think of this person on every occasion and in everything you do. Simple things bring them to mind like a pale blue sky, gentle wind or even a storm cloud on the horizon. You open your heart knowing that there’s a chance it may be broken one day and in opening your heart, you experience a love and joy that you never dreamed possible. You find that being vulnerable is the only way to allow your heart to feel true pleasure that’s so real it scares you. You find strength in knowing you have a true friend and possibly a soul mate who will remain loyal to the end. Life seems completely different, exciting and worthwhile. Your only hope and security is in knowing that they are a part of your life.”
Thanks for reading this. :)
End to End security, or why you shouldn't drive your motorcycle naked September 27th, 2012
The following post is something that we all should know its about HTTPS and WEB Services.
Though its basic but its really something important for the banking and web service development perspective.
Courtesy MSDN flash.
Brace yourself, here there's another coming :-)
Today I had to explain to my girlfriend the difference between the expressive power of WS-Security as opposed to HTTPS. She's a computer scientist, so even if she doesn't know all the XML mumbo jumbo she understands (maybe better than me) what encryption or signature means. However I wanted a strong image, which could make her really understand what things are useful for, rather than how they are implemented (that came a bit later, she didn't escape it :-)).
So it goes like this. Suppose you are naked, and you have to drive your motorcycle to a certain destination.
In the (A) case you go through a transparent tunnel: your only hope of not being arrested for obscene behaviour is that nobody is looking. That is not exactly the most secure strategy you can come out with... (notice the sweat drop from the guy forehead :-)). That is equivalent to a POST in clear, and when I say "equivalent" I mean it.
In the (B) case, you are in a better situation. The tunnel is opaque, so as long as you travel into it your public record is safe. However, this is still not the best situation. You still have to leave home and reach the tunnel entrance, and once outside the tunnel probably you'll have to get off and walk somewhere... and that goes for HTTPS. True, your message is safe while it crosses the biggest chasm: but once you delivered it on the other side you don't really know how many stages it will have to go through before reaching the real point where the data will be processed. And of course all those stages could use something different than HTTP: a classical MSMQ which buffers requests which can't be served right away, for example. What happens if somebody lurks your data while they are in that preprocessing limbo? Hm. (read this "hm" as the one uttered by Morpheus at the end of the sentence "do you think it's air you are breathing?").
The complete solution (c) in this metaphor is painfully trivial: get some darn clothes on yourself, and especially the helmet while on the motorcycle!!! So you can safely go around without having to rely on opaqueness of the environments. The metaphor is hopefully clear: the clothes come with you regardless of the mean or the surrounding infrastructure, as the messsage level security does. Furthermore, you can decide to cover one part but reveal another (and you can do that on personal basis: airport security can get your jacket and shoes off, while your doctor may have a higher access level), but remember that short sleeves shirts are bad practice even if you are proud of your biceps :-) (better a polo, or a t-shirt).
I'm happy to say that she got the point! I have to say that the clothes metaphor is very powerful: I was tempted to use it for introducing the concept of policy (disco clubs won't let you in sport shoes; you can't go to withdraw money in a bank in your underwear, while this is perfectly acceptable look while balancing yourself on a surf; and so on) but I thought that for one afternoon it was enough ;-)
Hope you all enjoyed reading it.