Saturday, July 31, 2010

FTC's List of Corporate Privacy Abusers Shows Advertisers Can't Be Trusted With Data Security

Jim Edwards writes on the CBS Business Network:

The FTC yesterday published a list of companies that used unfair, deceptive, false or misleading claims about consumer privacy that caused “substantial consumer injury,” and the names on it will surprise you. Sure, many of the companies are mortgage scammers and spam phishers. But lots of them are household and blue-chip brands such as Twitter, TJ Maxx, Microsoft, and Dave & Busters.

The list proves that advertisers cannot be trusted to regulate themselves when it comes to tracking and targeting consumers on the web or on mobile devices. There are currently few rules controlling how advertisers can use personal information gathered from consumers electronically, and if self regulation worked the FTC would not have brought action against these companies for privacy abuses.

More here.

Hat-tip: Donna's SecurityFlash

Friday, July 30, 2010

FBI Access to e-Mail, Web Data Raises Privacy Fear

An AP newswire article by Pete Yost, via SFGate.com, reports:

Invasion of privacy in the Internet age. Expanding the reach of law enforcement to snoop on e-mail traffic or on Web surfing. Those are among the criticisms being aimed at the FBI as it tries to update a key surveillance law.

With its proposed amendment, is the Obama administration merely clarifying a statute or expanding it? Only time and a suddenly on guard Congress will tell.

Federal law requires communications providers to produce records in counterintelligence investigations to the FBI, which doesn't need a judge's approval and court order to get them.

They can be obtained merely with the signature of a special agent in charge of any FBI field office and there is no need even for a suspicion of wrongdoing, merely that the records would be relevant in a counterintelligence or counterterrorism investigation. The person whose records the government wants doesn't even need to be a suspect.

The bureau's use of these so-called national security letters to gather information has a checkered history.

More here.

Google, CIA Invest in 'Future' of Web Monitoring

Noah Shachtman writes on Danger Room:

The investment arms of the CIA and Google are both backing a company that monitors the web in real time — and says it uses that information to predict the future.

The company is called Recorded Future, and it scours tens of thousands of websites, blogs and Twitter accounts to find the relationships between people, organizations, actions and incidents — both present and still-to-come. In a white paper, the company says its temporal analytics engine “goes beyond search” by “looking at the ‘invisible links’ between documents that talk about the same, or related, entities and events.”

The idea is to figure out for each incident who was involved, where it happened and when it might go down. Recorded Future then plots that chatter, showing online “momentum” for any given event.

“The cool thing is, you can actually predict the curve, in many cases,” says company CEO Christopher Ahlberg, a former Swedish Army Ranger with a PhD in computer science.

Which naturally makes the 16-person Cambridge, Massachusetts, firm attractive to Google Ventures, the search giant’s investment division, and to In-Q-Tel, which handles similar duties for the CIA and the wider intelligence community.

More here.

Thursday, July 29, 2010

Another veiled story…

As I tried understanding the debates around the burqa especially in the French context here, I received many valid, well thought out, and legitimate replies – all in one way or the other against the “forced veiling”.

In a country like India, it is heartening to see educated people expressing their opinion, which is for humanity and moderation and balance. However, it is greatly disappointing to wake up to news that reads: Forced to wear burqa, teacher quits.

What is most shocking about this news is that the Students’ Union pressurized the university teacher!

What is happening to the supposedly educated youth in our country?

Why are young minds embracing religious fanaticism with such ardor?

Are they in search of a unique identity because they feel their individuality is threatened?

Has Indian politics created a whole generation of confused and misguided youngsters – rebels without any real causes?


I still remember my childhood days when religion and caste were only chapters we read in our Civics books. In school, I did not know which caste my classmates belonged to.
Through my growing up years, I had Sikh neighbors with whom I used to happily pile on for the Sunday langars at the Gurudwara; I had Muslim neighbors who were differentiated only because of the wonderful language they spoke – aap, bhai-jaan, abba-jaan – music to the ears; I had Christian neighbors who shared rich plum cakes on Christmas; and all of us together celebrated the “Hindu” festivals of Diwali and Holi!

Come the late 90s and early 2000s, as college beckoned, caste based reservations became the talk of the day. Quota seats – General seats – SC/ST – OBC – all alien terms began to invade my vocabulary.

I still remember the day I started filling out my entrance test forms - all of them asked the following disturbing questions:

Religion?
For the first time I was going to define my identity within a religious institution that had not meant much in my life so far.
Hindu, I wrote. In a fraction of a second, differences based on religion were established between neighbors.

And then the final blow that firmly established boundaries and partitions in once-innocent classrooms.
Select one of the following:
SC, ST, OBC, Others
I was baffled. I asked my dad, what I should fill in.
He said in a matter of fact tone, “Others”.

Wednesday, July 28, 2010

FBI: Mastermind of Botnet Nabbed

An AP newswire article by Lolita C. Baldor, via MSNBC.com, reports:

International authorities have arrested a computer hacker believed responsible for creating the malicious computer code that infected as many as 12 million computers, invading major banks and corporations around the world, FBI officials told The Associated Press on Tuesday.

A 23-year-old Slovenian known as Iserdo was snagged in Maribor, Slovenia, after a lengthy investigation by Slovenian Criminal Police there along with FBI and Spanish authorities.

His arrest comes about five months after Spanish police broke up the massive cyber scam, arresting three of the alleged ringleaders who operated the so-called Mariposa botnet, stealing credit cards and online banking credentials. The botnet — a network of infected computers — appeared in December 2008 and infected more than half of the Fortune 1,000 companies and at least 40 major banks.

Jeffrey Troy, the FBI's deputy assistant director for the cyber division, said Tuesday that Iserdo's arrest is a major break in the investigation. He said it will take the alleged cyber mastermind off the street and prevent him from updating the malicious software code or somehow regaining control of computers that are still infected.

Officials declined to release Iserdo's real name and the exact charges filed against him, but said the arrest took place about 10 days ago and the man has been released on bond.

More here.

Wednesday, July 21, 2010

A Sailor’s Cottage

A couple of months back, I happened to visit Odyssey (a leading book store in Chennai) and was delighted to spot the Anchor Stitch Kits.
Those not familiar with these kits must know that Anchor provides great designs that you can embroider using long stitch. They give you the design as well as the matching threads.

Though not a pro at these myself, take my word that they are extremely easy to work with – I first did a design (a cute penguin with an easel) eons back in school and it took me 3 years to complete it – not because it was complicated but because of the lazy procrastinator I am :). The framed work still adorns my bedroom back at my parents’ place.

This time around I thought these kits would work well with my resolve to do something more constructive with my free time, especially over the weekends, instead of wiling it away on the idiot box. So the highly ambitious person that I am, I picked two large ones.

After a good amount of dilly-dallying with little progress made in months together, I pulled myself up. And, yes, the self reproach did work.
Here’s the fruit of my labor, and you bet, I am damn thrilled and proud of myself. Forget the fact that long stitch is child’s play, atleast I did it reasonably well. This design (25 cm x 30 cm) is named ‘A Sailor’s Cottage’ and I love the bright, vibrant colors that make the setting! This colorful work goes for framing this week and then its up on the wall :).


I have the next one (and the larger of the two :() to finish now, but want to take a break from all the needlework. Hoping I can get back to my pencils in the interim!

Monday, July 19, 2010

Programming Note: Off on Holiday for Two Weeks



Off to Hawaii for a couple of weeks. Yeah, I really need to chill on the beach for a couple of weeks. Really.

Blogging will be virtually non-existent until I return, so peace out!

Thanks for following -- see you in August!

- ferg

Saturday, July 17, 2010

New Virus Targets Industrial Secrets

Robert McMillan writes on PC World:

Siemens is warning customers of a new and highly sophisticated virus that targets the computers used to manage large-scale industrial control systems used by manufacturing and utility companies.

Siemens learned about the issue on July 14, Siemens Industry spokesman Michael Krampe said in an e-mail message Friday. "The company immediately assembled a team of experts to evaluate the situation. Siemens is taking all precautions to alert its customers to the potential risks of this virus," he said.

Security experts believe the virus appears to be the kind of threat they have worried about for years -- malicious software designed to infiltrate the systems used to run factories and parts of the critical infrastructure.

Some have worried that this type of virus could be used to take control of those systems, to disrupt operations or trigger a major accident, but experts say an early analysis of the code suggests it was probably designed to steal secrets from manufacturing plants and other industrial facilities.

More here.

Friday, July 16, 2010

Feds Look for Wikileaks Founder at NYC Hacker Event

Declan McCullagh writes on C|Net News:

Federal agents appeared at a hacker conference on Friday morning looking for Julian Assange, the controversial figure who has become the public face of Wikileaks, an organizer said.

Eric Corley, publisher of 2600 Magazine and organizer of The Next HOPE conference in midtown Manhattan, said that five Homeland Security agents appeared at the conference a day before Assange was scheduled to speak.

The conference program lists Assange -- who has been at the center of a maelstrom of positive and negative publicity relating to the arrest of a U.S. serviceman and videos he may have provided the document-sharing site -- as speaking at 1 p.m. ET on Saturday.

"If he shows up, he will be questioned at length," Corley told CNET. Assange did not immediately respond to questions late Friday.

More here.

What lies beneath?

I have been following the various feminist, political, and racial debates that the French proposal for ban on the Islamic full veil or hijab has fanned. Read the latest on it here.

My feelings, stance and opinion remain unsorted and confused. A lot of questions diffuse my attempts at any kind of understanding, and I share them here.
  • Does Islam really mandate the wearing of a veil that covers the face in its entirety? Doesn’t the holy Quran refer to the hijab in its broader sense of modesty and not necessarily a physical piece of clothing to be worn? If it is modesty and social propriety, is a piece of cloth enough to ensure the same?
  • Is the enforcement of the mandate of the full veil a fanatic religious measure to keep women entrapped in the dark shadows of illiteracy and ignorance - do the extremists actually believe that women need to be protected, or hidden, or maybe just put away?
  • Is the proposal to ban the wearing of the full veil in France pro open-faced democracy, and in the interest of the security of the nation, and the feminist endeavor for greater rights and freedom for women?
  • Is the problem with the veil that it covers the full faces and hence poses security threats? Have there been incidents of misuse of the veil by criminals?
  • Is the proposed ban against the institution of secularism? Does it indicate religious intolerance and racial bias of the xenophobic “west”?
  • Do Islamic women see the burqa or the hijab as a cultural identity that empowers them as unique individuals or thwarts their efforts at any kind of progress?
  • Do Islamic women wear the veil out of coercion or of their own free will? Is their will free or conditioned?
  • Is the hijab the only form of expressing religious belief? Why should only women carry the burden of religious identity?

Thursday, July 15, 2010

Possible New Rootkit Has Drivers Signed by Realtek

Dennis Fisher writes on ThreatPost:

Security researchers have identified a new suspicious program that is copying itself to PCs via USB mass storage devices and is digitally signed with the certificate of Realtek Semiconductor, a major manufacturer of computer products based in Taiwan.

The program, known as Stuxnet, looks like a somewhat standard-issue piece of malware, with a couple of key exceptions. Stuxnet uses an LNK file to launch itself from infected USB drives onto PCs. LNK files are used by Windows programs as a shortcut or reference to an original file, and this is thought to be the first instance of a piece of suspected malware using a LNK file to infect machines.. Secondly, and far more worrisome, is the fact that the two drivers associated with the Trojan are digitally signed with the Realtek certificate.

"However, sometimes cybercriminals do somehow manage to get their hands on their very own code signing certificate/ signature. Recently, we’ve been seeing regular instances of this with Trojans for mobile phones. When we identify cases like this, we inform the appropriate certification authority, the certificate is revoked, and so on," Aleks Gostev of Kaspersky Lab said in a blog post on the Trojan. "However, in the case of Stuxnet, things look very fishy indeed. Because the Trojan isn’t signed with a random digital signature, but the signature of Realtek Semiconductor, one of the biggest producers of computer equipment."

More here.

Talk on Chinese Cyber Army Pulled From Black Hat

Dennis Fisher writes on ThreatPost:

A talk on China's state-sponsored offensive security efforts scheduled for the Black Hat conference later this month has been pulled from the conference after concerns were raised by some people within the Chinese and Taiwanese government about the talk's content.

The presentation was to be delivered by Wayne Huang, CTO of Armorize, an application security company with R&D operations in Taiwan. The talk was billed as an in-depth, historical look at the offensive capabilities and operations of China's so-called cyber-army. The description of the presentation on the Black Hat site promises an interesting presentation.

"Operation Aurora, GhostNet, Titan Rain. Reactions were totally different in the US and in Asia. While the US media gave huge attention, Asia find it unbelievable and interesting, that cyber warfare and government-backed commercial espionage efforts that have been well established and conduced since 2002, and have almost become a part of people's lives in Asia, caused so much "surprise" in the US. Here we'll call this organization as how they've been properly known for the past eight years as the "Cyber Army," or "Wang Jun" in Mandarin. This is a study of Cyber Army based on incidences, forensics, and investigation data since 2001. Using facts, we will reconstruct the face of Cyber Army (CA), including who they are, where they are, who they target, what they want, what they do, their funding, objectives, organization, processes, active hours, tools, and techniques."

Caleb Sima, Armorize's CTO and co-founder, said on his Twitter feed yesterday that the talk had been pulled. "I had to pull our blackhat talk. Taiwanese gov is prohibiting it due to sensitive materials. Unreal."

More here.

Wednesday, July 14, 2010

Mark Fiore: Little Green Man



More Mark Fiore brilliance.

Via The San Francisco Chronicle.

- ferg

TSA To Require Passenger Screening For U.S. Overflights

Via AERO-News.net.

TSA's Secure Flight program intends, by the end of this year, to require passenger information for all flights over the U.S. - even commercial airline flights which cross U.S. airspace but don't land at a U.S. airport. Canada's airlines, which would be disproportionately affected by the rule, are not amused. Nor are some of its media or political parties.

The Washington Times notes that an editorial last week in the Calgary Herald included this analysis. "The American obsession with security has literally reached new heights of paranoia. The thought of the U.S. government denying boarding passes to travelers on outbound Canadian flights direct to Puerto Vallarta, Cancun, Jamaica or Havana is another example that the terrorists have won."

More here.

Alleged Spy Worked as a Software Tester at Microsoft

Jeremy Kirk writes on ComputerWorld:

The 12th person detained for allegedly spying for Russia worked as an entry-level software tester at Microsoft for nine months, the company confirmed Wednesday.

Alexey Karetnikov was deported to Russia on Tuesday after he admitted to an immigration judge to being in the U.S. illegally, according to a report in the Washington Post, citing anonymous federal law enforcement officials.

Microsoft then issued a short statement confirming the status of Karetnikov's employment.

One law enforcement official told the Post there was insufficient evidence to charge Karetnikov with a crime. The Russian had "just set up shop" and was in the early stages of his mission.

More here.

Tuesday, July 13, 2010

Former NSA Executive May Pay High Price For Media Leak

Ellen Nakashima writes in The Washington Post:

For seven years, Thomas A. Drake was a senior executive at the nation's largest intelligence organization with an ambition to change its insular culture. He had access to classified programs that purported to help the National Security Agency tackle its toughest challenges: exploiting the digital data revolution and countering terrorism.

Today, he wears a blue T-shirt and answers questions about iPhones at an Apple store in the Washington area. He is awaiting trial in a criminal media leak case that could send him to prison for 35 years. In his years at the NSA, Drake grew disillusioned, then indignant, about what he saw as waste, mismanagement and a willingness to compromise Americans' privacy without enhancing security.

He first tried the sanctioned methods -- going to his superiors, inspectors general, Congress. Finally, in frustration, he turned to the "nuclear option": leaking to the media.

Drake, 53, may pay a high price for going nuclear. In April he was indicted, accused of mishandling classified information and obstructing justice. His supporters consider him a patriotic whistleblower targeted by an Obama administration bent on sealing leaks and on having something to show for an investigation that spans two presidencies. Many in the intelligence community, by contrast, view Drake as the overzealous one, an official who disregarded his oath to protect classified information so he could punish the agency for scrapping a program he favored.

It's classic Washington: disgruntled officials sharing inside information with a reporter and an administration seeking to rein that practice in. Drake's attorney maintains he broke no laws.

More here.

In Passing: George Steinbrenner


George Steinbrenner
July 4, 1930 – July 13, 2010

Sunday, July 11, 2010

A shot at optimism…

The heat and humidity in Chennai (and Delhi) is enough to put any enthusiastic and cheery person off. Alas, the Indian “garmi” is in stark contrast to the romantic and poetic “Summer” of the west!

Which Indian will talk of summer as:
“Great is the sun, and wide he goes
Through empty heaven with repose;”
(Robert Louis Stevenson)

I wonder if the yogic power of auto suggestion – or in more filmy terms – the “aall izzz well” mantra really works…The plan is to list down things that I love about the summers (I better have a long list because that’s the only season in the city where I live – Chennai).

As always, it would be great to hear your summer hit list too!
  • No. 1 - Raw mangoes - With a dash of red chilli powder and a touch of salt
  • Naariyal paani (tender coconut) – I insist on eating the fattening “malaai” too!
  • Lemon Soda with lots of yummy masala
  • Gola or chuski – the kaala khatta one at the Rajasthan stall at Dilli Haat (Delhi) being the best I have ever had!
  • I am wondering if I should mention ice creams because I can eat them and enjoy them irrespective of the season :)
  • (Gosh I am such a foodie all that comes to my mind is what I can “feed” on! - Summers is a time when weather permits walks - but motivation is another matter)
  • Light, breezy clothes – come to think of it – most desirable and fashionable wardrobes are designed for summers!
  • If I was in school, I would have surely said summer vacation, but, well…
  • Ummm, what else?

Saturday, July 10, 2010

Trusted IDs Face Fearful Response

Via FCW.com.

The level of fear, uncertainty and doubt (FUD) that has always been a factor in online business has taken a turn for the worse — courtesy of the federal government, no less.

In late June, the Obama administration released a draft strategy for creating a system aimed at protecting individuals against identity theft, Internet scams and other malicious activity, whether someone is buying a book or downloading an electronic health record.

The gist of the proposal is simple: Develop a process for providing individuals with secure personal identifiers, such as digital certificates or smart cards, which they can use when conducting online transactions.

More here.

Friday, July 9, 2010

Ukrainian Brought to NYC to Face Cybercrime Charge

Via The Sydney Morning Herald.

A Ukrainian man has been brought to New York to face charges of selling stolen credit-card numbers as part of an international cybercrime ring.

Egor Shevelev is being held without bond after pleading not guilty Friday to enterprise corruption and other charges. The 24-year-old from Kiev was arrested while vacationing in Greece in 2008. He was extradited to New York last week.

Manhattan prosecutors say he amassed 75,000 stolen credit-card numbers. They say his customers used the information to steal money and identities.

His lawyer's name wasn't immediately available Friday evening.

Prosecutors say Shevelev was linked to an identity theft and fraud group centered on New York-based Western Express Inc.

Company President Vadim Vassilenko has pleaded not guilty.

Link.

Thursday, July 8, 2010

Microsoft Opens Source Code to Russian Secret Service

Tom Espiner writes on ZDNet UK:

Russian publication Vedomosti reported on Wednesday that Microsoft had also given the Russian Federal Security Service (FSB) access to Microsoft Windows Server 2008 R2, Microsoft Office 2010 and Microsoft SQL Server source code, with hopes of improving Microsoft sales to the Russian state.

The agreement will allow state bodies to study the source code and develop cryptography for the Microsoft products through the Science-Technical Centre 'Atlas', a government body controlled by the Ministry of Communications and Press, according to Vedomosti.

Microsoft Russia president Nikolai Pryanishnikov told Vedomosti that employees of Atlas and the FSB will be able to share conclusions about Microsoft products.

The agreement is an extension to a deal Microsoft struck with the Russian government in 2002 to share source code for Windows XP, Windows 2000 and Windows Server 2000, said Vedomosti.

More here.

SCADA Watch: Official Calls Securing Critical Infrastructure Against Cyber Attack Impractical

Jill R. Aitoro writes on NextGov.com:

Securing the nation's power grid and other computer systems that operate the nation's critical infrastructure against cyberattack is unrealistic, because companies cannot afford to check if suppliers have provided trustworthy products, said an intelligence official from the Energy Department on Thursday.

"If you give me influence or control of your hardware or software supply chain, I control your systems," said Bruce Held, director of intelligence and counterintelligence with Energy. "We're going to have to develop strategies [for managing the supply chain] that are consistent with [the assets] that we're trying to protect."

Systems that pose a national threat if compromised, including military command-and-control systems and networks managing weapons, must be built using equipment from trusted companies. The hardware and software must be checked for security vulnerabilities and possible malicious code that could cause problems, Held said. To vet the products would cost more than what private sector organizations likely can afford, he added.

"Cost considerations are going to make a security strategy impractical" for computer systems that are critically important but owned and operated by the private sector, including those that support the power grid, and the transportation and financial sectors, and other industries that make up the nation's critical infrastructure, Held said.

More here.

Boeing Acquires Narus

Via GSN.com.

On July 7, the same day that GSN published a guest column on its Web site by Greg Oslan, CEO and President of Narus, The Boeing Company announced it had reached an agreement to purchase Narus. The terms were not disclosed.

Boeing unveiled a plan to acquire Narus, a leading provider of real-time network traffic and analytics software used to protect against cyber-attacks and persistent threats aimed at large Internet Protocol (IP) networks.

The acquisition follows a successful partnership between the two companies and advances Boeing’s strategy to offer world-class, scalable, state-of-the-art cyber-security solutions.

Narus, which employs 150 people globally, is headquartered in Sunnyvale, CA, and has a strong presence in Bangalore, India.

More here.

Sew 'Cyberwar' Rhetoric, Reap The NSA's 'Big Brother'

Sean Lawson writes on the Forbes.com "Firewall" Blog:

Today we learned from the Wall Street Journal that the National Security Agency, with the help of defense contractor Raytheon, has been developing a system dubbed 'Perfect Citizen' and designed "to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants."

Disturbingly, a Raytheon email obtained by The Wall Street Journal "stated flatly that "Perfect Citizen is Big Brother." Such comments no doubt contribute to "Some industry and government officials familiar with the program see[ing] Perfect Citizen as an intrusion by the NSA into domestic affairs."

Revelations about the NSA's Perfect Citizen/Big Brother system come on the heals of an early version of the Cybersecurity Act of 2009 that would have given the President emergency powers over the Internet.

While a so-called Internet "kill switch" for the President was removed from that bill, it has found it's way back into the more recent Protecting Cyberspace as a National Asset Act. In response to concerns about the "kill switch," chief sponsor of the bill, Senator Joseph Lieberman, suggested to CNN's Candy Crowley that the U.S. should follow China's lead and develop the ability to "disconnect parts of its Internet in a case of war."

More here.

NSA Program Sparks Big Brother Fears

Amber Corrin writes on GCN.com:

The National Security Agency's (NSA) new program to shield the networks of privately owned utilities and other critical infrastructure companies has caused some people to fear it's a step toward a surveillance state or a government power grab.

Named "Perfect Citizen," the plan is designed to detect cyber assaults that could potentially threaten critical infrastructure, which includes the electric grid, power companies, nuclear power plants, transportation, health care facilities and other necessities of modern life, according to a report in the Wall Street Journal (WSJ). It would also deal with the networks of defense contractors and companies such as Google, which asked NSA for help after a major cyberattack last year.

The government would deploy sensors on the privately owned networks to identify unusual activity that could signal a potential intrusion or threat, but would not necessarily continuously monitor the networks.

According to the report, Raytheon has received a $100 million classified contract to start work on the program. No comment was available from either the NSA or Raytheon.

More here.

Wednesday, July 7, 2010

Sun, Sand and Sea

(Aside: The coincidental alliteration in the last two post titles is unintentional, though I think it makes for interesting captions :).)

This post is an ode (yet again :p) to the much hyped and self-advertised, though well deserved, holiday in California recently.

I have realized that I can never get enough of the sand and the sea (the sun can wait); though, ideally, my allegiance should lie with the hills considering my ancestry is rooted in the Kumaon hills of Uttaranchal. I think I was a born non-conformist :D.
I do not doubt the majestic grandeur of the Himalayan ranges – awe-inspiring, heavenly. And I’d dare not compare it with the blue of the luscious oceanic waters. But the fact of the matter remains that I love the sea and would rather spend a vacation at the beach than the hills.
(Wonder if this had anything to do with my falling in love with a South Indian living in a beach city *wink*).

I can spend a lifetime gazing at the waves – how, at the horizon, waves form a huge, all-devouring monster only to come crashing down at the coast – how the timid waves also make their way through the mayhem to reach the shore – how all the waves recede leaving shells behind while keeping the marine secrets to themselves.

The infinite and eternal quality of the ocean is exalting and intimidating in the same breath. I don’t know if I am secure at the shingle or am losing out on so much that’s happening somewhere in the mystic waters. My life – all these years – where do they stand in contrast to the might of the blue abundance? A drop in the ocean, they say; what worth is nothing but a drop?

It is in the pelagic solitude that I have found both - greatly soothing peace and the deepest of turbulence within.

Leaving you with some images (and emotions, if you can find them) that I have captured at the various “sun-sand-sea” vacations…
(P.S. The only flip side of such a vacation is the awful tan we Indians get – While the rest of the world turns pretty shades of pink and peach, we become brown and black – Am at present under the influence of a reasonably strong sun tan and am doing my best to get rid of it. Will try doing a post if and when I am successful and pass on the tips and tricks!)

Phuket easily qualifies as the best beach holiday destination I have ever had. The colors so rich, the sun so warm, the sand so magnificent. I have a soft corner for white sands.


In India, no better haven for those smitten by the waters than Goa. Mumbai is hardly okay. Chennai is dirty. I have heard the Andamans, Trivandrum and Kerela are beautiful – these are still on my must-see!


California beaches are a lot of fun.


A dockyard at the shore makes a picturesque sight too!


The sea at its sinister best…I am sold to the concept of piers…


Undeniably, the best moments at the beach are the sunrises and the sunsets.
The rich hues pacify the frayed nerves and rejuvenate the senses dulled by the monotony of everyday life.


There’s a long list of places I must go to satiate the water person in me (though I must admit I am not a water sports person – so no snorkeling etc for me) – Hawaii, Miami, Andamans...
Which ones make it to your list?

Monday, July 5, 2010

Prosecutor: Hackers Harassed FBI Tipster With Threats, Sex Toys

Scott Gordon writes on NBC Dallas/Ft. Worth:

Members of a shadowy group of computer hackers, including one in prison, tried to obstruct an FBI investigation and harassed a government tipster with emailed threats, attacks online, and even sex toys sent to his home address, according to a court document.

The allegations were included in a search warrant, authorizing agents to search the houses and seize computer equipment of four suspected members of a group known as the Electronik Tribulation Army.

The searches were conducted late last month in Texas, Ohio, Kansas and California.

ETA’s former leader, Jesse William McGraw, of Arlington, pleaded guilty in May in a high-tech scheme to manipulate the air conditioning system of the Dallas medical clinic where he worked as a security guard.

More here.

Security Expert Pulls Presentation After Legal Threats

Lucian Constantin writes on Softpedia News:

Raoul Chiesa, a renowned European security expert, was forced to cancel his presentation at the Hack in the Box (HITB) Security Conference after legal threats from ATM vendors. His was supposed to present the results of years of research into the underground economy.

Mr. Raoul Chiesa is an Italian white hat hacker, who works with with several international crime fighting organizations. The researcher is a permanent stakeholder at the European Network & Information Security Agency (ENISA) and a senior advisor with the Global Crimes Unit of the United Nations Interregional Crime & Justice Research Institute (UNICRI).

Mr. Chiesa was scheduled to give a presentation entitled "The Underground Economy," which is based on research done by UNICRI in the past several years. Some of the research has already served as basis for ENISA report called "ATM Crime: Overview of the European situation and golden rules on how to avoid it" that was released in September 2009. According to this report ATM crimes in the European Union increased in frequency by 149 percent and resulted in losses over 485 million euros in 2008.

According to Byte Mods, Chiesa's talk was canceled at the last minute and replaced by Job de Haas' presentation called "Side Channel Analysis on Embedded Systems." The cited reason were legal threats and pressure from ATM vendors, because his presentation included info on how cybercrooks exploited vulnerabilities in ATMs.

More here.

Note: Raoul is a close personal friend of mine -- I can understand his frustration on this issue. - ferg

Sunday, July 4, 2010

Saturday, July 3, 2010

Programming Note: Traveling Over the Holiday Weekend


Business calls early next week, and unfortunately I have to travel over the holiday weekend to be in meetings in Taiwan on Monday and Tuesday.

I'll be back midweek, so thing should be back to normal (whatever that is) soon thereafter.

Thanks for following, and enjoy your long Independence Day weekend!

- ferg

Sights, Sounds and Smells

Has it ever struck you that how people and places can be uniquely identified based on how they look, sound and smell?

Isn't it amazing more in the case of places?
The feeling of the salt in your hair on a beach, the smell of fish cooking from a bengali's house, the sound of the morning aarti bells from a temple, the sight of a whole city lit up in the night!

I have always felt that India is the richest when it comes to the diversity and the peculiarity of the varied sights, sounds and smells. I do not think there exists another nation so pregnant with such sensory stimulation.
And the truth of the fact strikes you the most when you are returning from an alien (read phoren) land :). I am sure my fellow "desis" will nod their heads in agreement (and amusement). The first proofs of this are available at the airport itself.

So, this time when I landed back from my transatlantic vacation - mind warped in the rapidly changing time zones I had travelled through - as I dazed through the ramp, I heard a 4-year ABCD (yes, american born confused desi) kid exclaim in a very matter-of-fact tone, "Now, this smells like India!".
Smart kid, I asserted to the slightly embarrassed parents. It was raining, and the muffled smell of wet cement and an unhealthily moist carpet, familiar to every Indian who has experienced the proverbial Indian monsoons, wrapped the air.

I, almost instantly, realized that actually there has been no other place where I could have landed and proclaimed "Now this smells, sounds, or looks like xyz". I mean you cannot distinguish HongKong and USA at the airport - There is this antiseptic sanitation - you cannot feel anything specific to that place - there are generic expected noises and sights - no smells (which believe me is very pleasant, and no am not complaining about that :))!
Forget the airport, most fast paced cities in the developed and advanced nations look so same - you visit one and then the other and the other and there is this characteristic cloning.

It never seizes to flabbergast me how even the various Indian metro cities still manage to have their distinct characteristics that attack, revolt, and please your senses alternately.
Where else in the world would you land and be welcomed by the smell of bidis from an open construction site (Delhi airport), the shouts of "gents and ladies separate line please for security" (Hyderabad airport), the gentle chiding of the security guys, "madame no need to take out laptop" - so what if the board says so (Mumbai airport), the strong smell of jasmine flowers from the masses who have come to receive a single member at the middle of the night (Chennai airport), and ofcourse, the sight of thousands of black and yellow auto rickshaws and taxis whose drivers in khaki uniforms create a stampede to invite travellers (Chennai airport again)!

My musings were suddenly interrupted by the blackout because of a power cut.

"Welcome to India", many co-passengers joked as we went on to face shortage of immigration forms, soaked luggage, and continued power cuts at the airport, but that is a different story, isn't it? ;)
My Ping in TotalPing.com