Posts Tagged ‘Pakistan’

Saadat Hasan Manto’s 100th birthday

No Comments »

A letter to Uncle Sam (America) in 1951 by Saadat Hasan Manto (Things are same for genius like Manto)

[stream flv=x:/blogs.silicontechnix.com/wp-content/uploads/2012/05/Manto.flv embed=true share=true width=640 height=360 dock=true controlbar=over bandwidth=high autostart=false /]


Don’t use our software, security firm Symantec warns customers

1 Comment »

 

After loosing  Norton AntiVirus Corporate Edition source code in 2006, now Symantec is asking its customer to stop usage of Norton/PcAnywhere which was also leaked on Internet.

The security firm said the theft occurred in 2006, compromising 2006-era version of Norton Antivirus Corporate Edition, Norton Internet Security and Norton SystemWorks and most important "pcAnywhere", which could allow malicious users to gain complete access to systems and data very easily.

Also it is intresting to add that the guy who hacked that code also released source code of Indian Spy software 

“So far we have discovered within the Indian Spy Program source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI”

What does that mean? Indian agencies are doing signed agreements for spying using Symantec/Norton products and others???? must be those agreements are not in favor of Pakistan 🙂

 

"The headline is very embarrassing to Symantec,"

Anup Ghosh, founder and CEO of Virginian security firm Invincea, told FoxNews.com at the time.

"But this has now become the normal in securities. Every single corporation is susceptible to threats."

hahahah, very funny!!!!

 

“Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks,” the company wrote in an online statement about the hacking.

 

The “The Lords of Dharmaraja”, the hacking group who authored the Pastebin note, has released the code online(last week).

 

 

Some security tips from (Ira Victor, a security expert in Nevada):-

1. Do not use a "suite" of security protection from any one firm. A mixture of best of breed security is more secure.

2. Usernames and passwords alone are not enough protection for remote access. A single-use password system makes unauthorized remote access exponentially harder for cyber criminals.

3. Do not run computers in "Administrator" mode. Run systems in "User mode" so that malware does not install automatically.

4. Businesses should deploy application "whitelisting." This will prevent unauthorized malware from running on computers.


Why Pakistan’s move against online crypto is a dangerous idea

No Comments »

Pakistan newspaper The Express Tribune reports from Karachi that the country's telecommunications regulator is pressing ISPs to comply with recent regulations which restrict the use of end-to-end encryption.

Any technology which conceals communications and prohibits monitoring, it seems, is off the menu.

The Tribune quotes a letter sent to it by an ISP which had been warned by the regulator:

    In line with [the Monitoring & Reconciliation of International Telephone Traffic] Regulations 2010 and national security, [the Pakistan Telecommunication] Authority prohibited usage of all such mechanisms including encrypted virtual private networks (EVPNs) which conceal communication to the extent that prohibits monitoring.

The letter continues by reminding the ISP:

    It is observed that the aforementioned directive has not been followed in true letter and spirit as EVPNs are heavily being used on the Licensees Network.

This concern over the inability of law enforcement to intercept or prevent communication between criminals and militants will no doubt resonate in other countries – notably in the UK, where services such as BlackBerry's instant messaging came under the spotlight after the recent riots there.

Unfortunately, however, an internet in which encryption was banned altogether would be even more dangerous than what we have today.

You've probably heard the gun lobby's truism that "if guns are outlawed, only outlaws will have guns." Yet there are many countries where private ownership of guns – handguns, at least – has been heavily regulated or even banned outright without a concomitant increase in gun crime.

It's tempting, therefore, to argue that if we can ban guns without endangering society, despite the vigorous warnings of a vocal minority, we can do the same with cryptography. Perhaps "if crypto is outlawed, only outlaws will have crypto" is just the crazy slogan of a bunch of libertarian survivalist cypherpunks with something to hide?

The problem is that banning every sort of 'communications concealing' technology online would destroy the very fabric of the internet's law-abiding use. There would be no SSH, no SSL, no TLS, no HTTPS. There would be no WiFi security. Online commerce would implode.

Whether the private ownership of weapons is as big a threat to society as some like to make out is an argument for another day, because cryptography on the internet isn't like handguns in the suburbs.

In most developed countries, you don't routinely need to pack a Browning Hi-Power when you visit your local bank branch. (Even in countries where that's legal, the bank would probably make you lock it in a safety deposit box at the entrance, anyway.)

In contrast, you do routinely need to use an SSL-protected tunnel to the bank when you transact online.

Significantly, the bank needs you to do so, as well. And if you don't, you're actually playing into the hands of the crooks.

So the next time you hear a nanny-state advocate oppose the general availability of strong crypto on the grounds that "if you've got nothing to hide, you don't need to hide anything", don't just sigh in dismay.

Confront them with the inanity of their remark. (Unless they've got a Browning Hi-Power. In that case, give a little smile and leave as soon as you can.)

* If you have nothing to hide, then it doesn't matter whether you choose to hide it or not, does it?

* Online, you do have things to hide. And if you and the rest of us don't hide it as a matter of course, the cybercrooks will plunder our economy more seriously than they're doing already.

In short, if you want to do away with online crypto, you're making things easier for the crooks, not harder. And that, I'm sorry to have to say, is a truism.

Take cryptography seriously. Protecting your own online assets helps protect everyone else, too.

Sources:
http://tribune.com.pk/story/240736/virtual-watchdog-internet-users-banned-from-browsing-privately-for-security-reasons/
http://nakedsecurity.sophos.com/2011/08/29/pakistan-move-against-online-crypto-a-dangerous-idea/?utm_source=facebook&utm_medium=status%2Bmessage&utm_campaign=naked%2Bsecurity