[Owasp-Mumbai] Can we help govt fight cyber crimes
vinilm at yahoo.com
Thu Oct 23 10:10:25 EDT 2008
All good points. Couldn't resist chiming in with my 2 cents.
1. Awareness is top priority.
a. Seconding Yash here, First target should be the device vendors/manufactures. SD3 (Secure by design, default, deployment) should be the norm for all mass-market products. No vendors/ISPs should be providing devices that are not secure Out of the box. There would be considerable resistance to this idea from the vendors as the first impression for the customer would be poor. At a minimum, the default password should be a function of the device serial number/date of manufacturing. Even if support gets a call, they would be able to ask and generate the default password.
b. Internet is a good medium to begin the awareness program. However, we might be able to get better mileage by simply approaching shows like Tech2/Gadgets and fm radio stations like Mirchi, Big, Red etc. I am sure a 5 second skit/ad that gives out tips and a url can be effective. I am sure the Police or Cyber Crime cell might be already chalking out something like this.
c. Areas like Lamington Road where devices are bought in thousands should be specifically targeted. An additional instruction flyer (courtesy/order of Mumbai Police) could be included along with each device sold which would have some info. on securing, why one needs to secure, and a further url to more information would've better penetration than simply littering the streets with flyers.
d. About catching them young, I am not sure this approach is going to yield much benefit. We could set up an orkut group and then send out an email blast to all the young ones we know asking them to join the group. And, then turn the orkut group into a forum from where we can run or organize special informational sessions. Every college could be made to have "security" champs ( who could be given additional information and assistance in conducting informationals)
2. Another avenue that we should explore is looking at what other corporates with community presence in India are doing. Say, Microsoft has user groups in every city. And, this is a topic that is being debated in those user groups too. I am sure even Java, Windows and other groups would be having similar discussions. Reaching out to other groups via one's companies internal mails is another option.
Say, taking Dharmesh as an example. Mastek has a considerable .NET and Java practice area. Dharmesh could start a thread itnernally to connect with his .NET user group/forum champion (Almost every company has a guy who's the go-to guy for forums/user groups.) This way one can get in touch with the user group heads/organizers and have a combined event with much more penetration.
3. Every stray dog should be fit with a collar that is part of a mesh (802.11s) n/w and does wardriving and attempts basic attacks and the encrypted results can be collected by Mumbai Police. Then, the police can tie up with a BPO company to call and instruct/pester the wifi owner to secure his wifi...or else they will pester him with credit card/insurance calls.
----- Original Message ----
From: Aashish Bobade <aashishbobade at gmail.com>
To: Dharmesh Mehta <dharmeshmm at owasp.org>
Cc: owasp-mumbai at lists.owasp.org
Sent: Thursday, October 23, 2008 9:58:56 AM
Subject: Re: [Owasp-Mumbai] Can we help govt fight cyber crimes
This is really a good idea. Awareness is required to stop cyber crime. At the same time we have to take care that some one will not miss use it. Security is kind of weapon which can be used for good or bad cause simultaneously. Practically going everywhere will not be possible I think, but we can prepare best practices for securing information, network and publish it to maximum number of bogs, print pamphlets and distribute to colleges and general people. We will mention our contact details on this pamphlets so interested people can arrange seminar for us.
My experience regarding spreading awareness is that, people get afraid instead of feeling secured after know how they will be hacked.
This is just my thought.
On Wed, Oct 22, 2008 at 1:50 PM, Dharmesh Mehta <dharmeshmm at owasp.org> wrote:
I was just re-looking at the blasts that have happened around the country and connect with the broken wireless networks been attacked.
The immediate thing that probably comes to all of security gurus is "Wireless security should have been done obviously".....
Essentially, I believe that for security experts in the industry, there are more malicious attacks possible which we all concentrate based on attackers trends.
Just a thought. Can OWASP Mumbai community members help NASSCOM and Cyber Crime Cell fight against growing cyber attacks?
I think if we all can collaborate and share our knowledge with these guys, we can work at best helping the government in addition to working for the security industry.
Also, I was wondering, if anyone has contacts with Engineering and Management Colleges / Universities, one of us in the community should go and have an awareness session with these colleges.
Discussions, thoughts and actions are welcome..
Thanks & Regards,
OWASP Mumbai Chapter Lead
OWASP-Mumbai mailing list
OWASP-Mumbai at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Mumbai