New Xerox PARC Processor capable of Self-destructing

Some may find it a good news and some may find it a bit risky as researchers from Xerox PARC, have now come up with a new type of cryptographic processor dubbed Xerox PARC processor, which is capable of self-destructing if someone ordered to do so.

The researcher have created the cryptographic processor under a DARPA-funded security push which aims to create ways of safeguarding top secret information that are less susceptible to hacking if they fall into the wrong hands.

The chip was built on a Corning Gorilla Glass substrate.

“The applications we are interested in are data security and things like that,” Gregory Whiting, a senior scientist at PARC in Palo Alto, California, told Extreme Tech. “We really wanted to come up with a system that was very rapid and compatible with commercial electronics.”

“We take the glass and we ion-exchange temper it to build in stress,” said Whiting. “What you get is glass that, because it’s heavily stressed, breaks it fragments into tiny little pieces.

According to a news report published in Extreme Tech, creating a chip that can store cryptography keys and self-destruct if it falls into the wrong hands could solve a problem that’s as old as cryptography itself how do you ensure that the right recipient can read your messages, while still protecting the data from unauthorized recipients?

However, quantum computing could offer a potential solution to this in the long run as attempting to read the data being transferred between two quantum computers will inevitably change the data-state and alert the users that they are being spied on. Since quantum computing remains a long way off, however, other solutions for data security are needed.

So, in order to address this issue, the researchers came up with the Xerox PARC processor.
Many people expressed their opinion regarding the Xerox PARC processor.
SH4ZB0T commented, “It reminds me of the MIPS-X instruction hsc (that I believe was a joke).”
Whereas, Darkstar36 said, “Now hackers really can make your computer explode! What a time to be alive.”

Mikemol said, “Anyone else amused at the thermal limits this places on a device? You're not going to want to leave it in your car on a hot day. (So, for things like DRM device keys in mobile devices, this might not be the best solution...”

Uber Hires Security Analysts For Enhancing Car Safety

When it comes to vehicle security, Uber has taken a step ahead in making the vehicles safer. The officials have confirmed that the company has hired two top-notch security analysts to ramp up its target of achieving the technology of self-driven cars. Uber promises the joining of Charlie Miller and Chris Valasek who have been working for Twitter Inc. and security firm IOActive respectively.

Uber’s Advanced Technologies Centre, a research laboratory set up by the company in Pittsburgh in February has already hired dozens of vehicle experts from Carnegie Mellon University, and now will be joined by Miller and Valasek.

There appointment was confirmed by a welcome tweet from Raffi Krikorian, head of Uber ATC. Both have started with their new appointments from Tuesday.

Uber at the moment is knee-deep with the target to develop or adapt the self-driving cars technology, and Miller and Valasek will be joining the company to make the vehicles more secure. This can help the company to reduce the man-power it has under the header of the thousands of contract drivers that the company has hired.

In order to develop this technology, the company has also shook hands with the University of Arizona, by providing the students grants in order to research and help developing the technology.

In march, Uber bought digital mapping firm deCarta, a San Jose, California-based company whose technology offers search and turn-by-turn directions.

FCA USA LLC recalled 1.4 million vehicles to install software intended to prevent hackers from emulating the experiment, which used the cellular network to enter the entertainment system and then win control of the engine, brakes and steering.

Facebook to bring “Video Matching Technology” to control Piracy

Here comes a good news for those video creator who are fed up with the video piracy especially on social networking sites as Facebook is planning to launch a “Video Matching Technology” which will inform the real video owners that those videos are uploaded by others. 

A news report published in ReCode, confirms that in order to control the video piracy on Facebook, the company has decided to come up with the technology.

“We’ve heard from some of our content partners that third parties too frequently misuse their content on Facebook,” Facebook posted in its blog. “It’s not fair to those who work hard to create amazing videos. We want creators to get credit for the videos that they own.”

It is said that the company and its partners have started testing the new technology, which requires content owners to upload the clips they want to protect into Facebook’s system.

“It is the first step to creating the equivalent of YouTube’s Content ID system, which the video giant built up over years as a response to its own copyright/piracy problems. After years of ignoring video, 
Facebook is now a major player, so this kind of effort was obvious and overdue,” the news report reads.

“Facebook’s response comes after video makers and distributors have grown increasingly vocal about pirated videos, which by one estimate accounted for more than 70 percent of Facebook’s most popular videos. In May, Jukin Media, a video licensing agency best known for “Fail” clips, described Facebook’s copyright problems as “massive.” In June, Fullscreen CEO George Strompolos, who runs one of the biggest YouTube video networks,tweeted that he was “getting very tired of seeing our videos ripped there with no way to monitor or monetize,” the news report reads.

Now Facebook says Jukin and Fullscreen are two of its initial launch partners for the new technology, along with Zefr, a service company that helps content owners track their clips on YouTube. Facebook says it is also working with major media companies on the effort, but won’t identify them.

Researchers comes up with Sound-proof which may protect your online accounts

Swiss researchers from Institute of Information Security ETH Zurich have come up with a two-factor authentication based on ambient sound. The researchers claim that it does not require any user interaction to help speed adoption of strong security.

Researchers, Nikolaos Karapanos, Claudio Marforio, Claudio Soriente, and Srdjan Capkun, have presented a paper about their research at the recent Usenix conference in Washington, DC.

The researchers have proposed Sound-Proof, a usable and deployable two-factor authentication mechanism.

“Sound-Proof does not require interaction between the user and his phone,” they said.

In the Sound-Proof, second authentication factor is the proximity of the user's phone to the device being used to log in. The proximity of the two devices is verified by comparing the ambient noise recorded by their microphones.

As the audio recording and comparison are transparent to the user, the user experience is similar to the one of password-only authentication.

It can be easily deployed as it works with current phones and major browsers without plugins.

“Two-factor authentication protects online accounts even if passwords are leaked. Most users, however, prefer password-only authentication. One reason why two-factor authentication is so unpopular is the extra steps that the user must complete in order to log in,” the researchers said in the paper.

According to the researcher, currently deployed two-factor authentication mechanisms require the user to interact with his/her phone to, for example, copy a verification code to the browser. Two-factor authentication schemes that eliminate user-phone interaction exist, but require additional software to be deployed.

"We build a prototype for both Android and iOS. We provide empirical evidence that ambient noise is a robust discriminant to determine the proximity of two devices both indoors and outdoors, and even if the phone is in a pocket or purse. We conduct a user study designed to compare the perceived usability of Sound-Proof with Google 2-Step Verification,” the researcher added.

The researchers claim that many people like the Sound-Proof. And they are willing to it for scenarios in which two-factor authentication is optional.

Soft Tokens : Low cost mass market 2-Factor Authentication for e-banking, e-commerce and e-governance

Many banks in India use SMS OTP system for customer authentication. However, a recent incidence of a fraud in a bank showed that the SMS OTP token was not fully effective. In this incidence, hackers modified the customer’s mobile number in the bank’s database and redirected the OTP to the modified mobile number that they controlled.

Problems arising due to misdirected creativity of Black Hat hackers apart, most bank officials also privately complain about high costs of the SMS method of authentication. Banks apart, the customer also incurs monthly SMS charges.

Sometime back, in a customized Zeus MITM malware attack, a researcher showed how such customized malware could easily intercept communication between a net banking portal and a desktop.

The demo clearly demonstrated money ending up in a hacker’s account after a customer concluded a transaction. This vulnerability was exposed in a MNC bank’s Indian operation. Checking further, the researcher discovered that this particular vulnerability could be exploited in other bank's net banking systems as well.

It is widely accepted that the only real security is offered by use of a hardware token. Such a token generates time based token numbers on the customer side and net banking /e-commerce/payment wallets can undertake token verification on the server side. However, while effective, the hardware token method is accompanied by significant costs.

An elegant solution to the cost conundrum is to use the ubiquitous mobile phone as a soft token dispenser, and completely do away with the costs and hassles of using a separate hardware token.

But the soft token model is only being offered by some major MNC security technology firms and comes accompanied by MNC prices and price structure that Banks find discomforting. These vendors insist on levying a fee on the bank on a per customer basis and the sum adds up to a significant amount when a bank or an enterprise deals with many millions of customers.

One possible solution for a Bank or other enterprises is to implement a 2 factor soft token authentication program by developing their own system. They could develop a system on their own with a 6 month R&D effort. It took us, Cyber Security and Privacy Foundation (CSPF), less than 3 months R&D to develop a 2FA system which can be implemented in banks and other enterprises and institutions.

Our research suggests that it can be both practical and economical to implement net banking with soft tokens given to all customers and thus prevent a lot of frauds.

The authentication server can be placed in a bank’s premise and soft tokens can be integrated with net banking. On an indicative basis, we envisage a first year license fee US $ 50,000 for up to 100000 customers (something like half a dollar per customer for the first year).

We further envisage an annual recurring license fee of US $ 10,000 per 100000 customers to be levied Year 2 onwards. The price per customer could be reduced further to just 25 cents for a 500000 user base.

Convenience, cost, comfort and security all suggest that it is now time to look beyond the SMS OTP and the hardware token and adopt an in-sourced soft tokens 2 Factor authentication model. Banks, e-ecommerce players and wallet providers should all seriously evaluate this option.

Database breach occurs at Hanesbrands Inc.

Hanesbrands Inc. has reported that a database of their's containing 900 thousand contact details about their carious customers has been breached.

The hacker gained access to the database by posing as a guest on the brands website while checking out something.

The hacker got access to addresses, phone numbers and last four digits of a credit or debit card of customers according to Hanesbrands Inc.

The breach happened in the last month of June according to Hanesbrands spokesman Matt Hall and does not affect the retail stores of the brand.

The brand had themselves been contacted by the hacker to inform them of the breach.

Astoria - Researchers develop a new Tor client which aims to beat NSA

With an aim to beat powerful intelligence: like NSA, researchers have developed Astoria, a new Tor client which is said to be capable of protecting user’s privacy, even from such powerful intelligence agencies.

A cyber security researcher team from America and Israel come up with a new Tor client which is designed to make spying more difficult for the world's most capable intelligence agencies.

According to the research paper, people have used Tor, a popular anonymity system for users who wish to access the Internet anonymously or circumvent censorship, to prevent their activity from being tracked as Internet anonymity becoming difficult to establish.

However, Tor is not as safe as it was supposed to be, from the powerful intelligence agencies.

As a result the researchers have developed Astoria, which particularly focuses on defeating autonomous systems that has set up to intrude into Tor’s anonymity.

“In our experiments, we find that 58% of all circuits created by Tor are vulnerable to attacks by timing correlation and colluding sibling ASes. We find that in some regions (notably, China) there exist a number of cases where it is not possible for Tor to construct a circuit that is safe from these correlation attacks,” said in the research paper.

It added, “To mitigate the threat of such attacks, we build Astoria, an AS-aware Tor client. Astoria uses leverages recent developments in network measurement to perform pathprediction and intelligent relay selection. It not only reduces the number of vulnerable circuits to 5.8%, but also considers how circuits should be created when there are no safe possibilities. It performs load balancing across the Tor network, so as to not overload low capacity relays. Moreover, it provides reasonable performance even in its most secure configuration.”

The Astoria is aimed to do a list of things:
• Deal with asymmetric attackers.
• Deal with the possibility of colluding attackers.
• Consider the worst case possibility.
• Minimize performance impact.

Google launches 'Password Alert' to protect its users from phishing attacks

Google on April 29 launched a new extension, ‘Password Alert’, which warns people whenever they type in their Google password on any site that is not a Google sign-in page.

Drew Hintz, security engineer and Justin Kosslyn, Google Ideas, posted on the Google’s Online Security Blog, that the Password Alert, which is now available on the Chrome Web Store, is aimed to prevent phishing attacks. However, it also aims to minimize the over use of Google password.

They wrote that it is designed to alert people while they use their Google password on those sites which are not operated by Google.

According to them, if anyone enters his/her password on a website that’s imitating and aims to get personal details, he/she will receive a warning. It also provides people time to change their password before it gets misused.

It works by checking the HTML of the page to identify whether it’s a legitimate Google sign-in page or not.

According to Google, the password hacking is known as “phishing” which represents two percent of all Gmail messages.

The new tool is believed to be an additional attempt of security for Google’s users. The Password Alert sits among a number of tools which are aimed to safeguard user accounts. Other methods include two-step authentication and security key.

Colombian hacker gets 10 years in jail for spying

A Colombian court sentenced hacker Andres Sepúlveda to 10 years in prison after he admitted to various crimes, including spying on the government’s peace talks with the Revolutionary Armed Forces of Colombia (FARC). He admitted to spying on representatives of both the government and the FARC guerilla during peace negotiations.

The Internet pirate was arrested in May 2014 after being traced to secret offices that hacked confidential information and messages, including one whose objective was to sabotage the peace process.
According to the sentence handed down by the 22nd Presiding Court of Bogota, he was judged guilty of five crimes including, espionage, illegal wire-tapping, malicious use of software, breaching communications, and unauthorized access to classified information. He must also pay a fine of his current monthly minimum salaries as part of the agreement.
Sepulveda intercepted the communications of top-ranking FARC Commander Rodrigo “Timochenko” Londono and former Senator Piedad Cordooba.

According to the investigation, then-presidential candidate Óscar Iván Zuluaga hired Sepúlveda to carry out a smear campaign against President Juan Manuel Santos during the 2014 presidential campaign. The hacker told authorities that former President Álvaro Uribe was aware of his operations, and that Zuluaga paid him to undermine the peace process.

Sepúlveda has accepted the prosecution's offer of a reduced penalty in exchange for his cooperation. He cut a deal with the prosecutors in February that limited his prison term to 10 years in exchange for providing information that could help Colombian authorities.

Bulgarian hacker who hacked Bill Gate’s account undergoes legal proceeding

Photo Courtesy: GMA News
A Bulgarian man, who was arrested for withdrawing money with the fake ATM cards including the account of the Microsoft co-founder Bill Gates during a sting operation in Quezon City, faced legal proceedings on Friday, authorities said.

The sting operation was jointly launched by Presidential Anti-Organized Crime Commission (PAOCC) and PNP Criminal Investigation and Detection Group's (CIDG) Anti-Fraud.

While addressing the medias on Friday, Police Supt. Milo Bella Pagtalunan, chief of the CIDG Anti-Fraud and Commercial Crime Unit (CCU), said Konstantin Simeonov Kavrakov, who was arrested on Thursday while he was withdrawing money using different fake bank cards at the ATM booth of the PS Bank branch along Quezon Avenue, was charged for violating the Access Device Regulations Act (ADRA) for using and producing fake access devices.  

Kavrakov was arrested in Paraguay back in 2011 for hacking bank accounts and commercial fraud, he added.

According to the PAOCC, they are investigating on how Kavrakov got released in Paraguay. They are also checking the date he landed in Philippines.

According to the executive director of the PAOCC Reginald Villasanta, seven assorted credit cards credit cards including a Citi Visa, Standard Chartered MasterCard, Citibank MasterCard, Citi MasterCard, Citibank Visa, East-west Bank Vice and a blank Gold card, nine ATM receipts, a mobile phone, and a bag containing cash amounting to P76,570 have been recovered. He is currently detained at the office of the CIDG's Anti-Fraud and the CCU.

Yahoo to the rescue of forgetful users with "on-demand password"

Passwords are not meant to be remembered. It is meant to be generated fresh, every time you forget it.

This is what Yahoo seems to think as the company just introduced an on-demand password system.

The system works like this: After signing into the Yahoo account one has to select Account security from the account information page and opt-in for “On-demand passwords”. Then one has to enter the phone number where Yahoo sends the verification code and after entering this code one never has to worry about memorizing passwords ever again.

It can be argued that the move away from default passwords is welcome as password theft is very common now a days but some feel that the privacy is being sacrificed because anybody with access to the phone for even a few seconds has the potential to read through all your communication.

But the fact remains that peril of default passwords had been dealt well with the two step authentication process; whereby if one logs in from a new device, in addition to the password one is asked for a code that has been sent to the associated mobile number. A move to completely eliminated the first step seems to be inclining towards laxer cyber-security norms.

At a time when Google tries to put one in panic mode by notifying what happens if you forget your password and repeated reports of security breaches makes one paranoid, the move from Yahoo to eliminate passwords has invited mixed reactions.

Presently, it is available only to US users.

While the effort is in the right direction to deal with password security issues by closely connecting the virtual and real identities, the approach adapted seems to be fallacious.

Web users exposed to "FREAK" attack

SSL/TLS breached

Newly discovered security vulnerability in the SSL/TLS protocol, dubbed as “FREAK” poses potential risks for millions of people surfing the web on Apple, Google and Microsoft browsers.

A whole range of browsers including Internet Explorer, chrome for Mac OS and Android , Apple browsers and about 12% of popular websites like,, have been found to be vulnerable.

The flaw would allow a “man in the middle” attack which can downgrade security of connections between vulnerable clients/servers by tricking them into using low strength “export grade RSA” , thus rendering TLS security useless.

This 512 bit export grade mode of cryptography can then be easily cracked to compromise the privacy of users, by stealing passwords and other personal information. Larger attacks on the Web sites could be launched as well.

Computing power worth 100 dollars and seven hours is all that is required for a skilled code breaker to crack it.

The flaw was exposed by a team of researchers at INRIA and Microsoft Research who named it as “FREAK” for Factoring attack on RSA-EXPORT Keys.

The “export grade” RSA ciphers resulted from the 1980s policy of the US government which required US software makers to use weaker security in encryption programs which were shipped to other countries. It was meant to facilitate internet eavesdropping for intelligence agencies to monitor foreign traffic. These restrictions were lifted in the late 1990s, but the weaker encryption got wired into widely used software that percolated throughout the world and back into US.

Christopher Soghoian, principal technologist for the American Civil Liberties Union said, “You cannot have a secure and an insecure mode at the same time… What we’ve seen is that those flaws will ultimately impact all users.”

This reveals that a weaker crypto-policy ultimately exposes all parties to hackers and serves a strong argument against the recent requests of the US and European politicians to enable new set of backdoors in established systems.

Apple said its fix for both mobiles and computers will be available next week and Google said it has provided an update to device makers and wireless carriers.

For web server providers , the way ahead entails disabling support for all export cipher and known insecure ciphers.

A full list of vulnerable sites is available here.

Wired website blocked by Google Chrome

Official website of popular American magazine Wired has been blocked by Google and Chrome.  Users who tries to access few urls of wired are getting a warning message saying "This site may harm your computer".

We tried to access from Google search result, there was no warning message for home page.  However, when i tried to access the '', i was presented with Malware warning page.

"Hey folks, we had a brief technical issue this morning, but it's fixed. Thanks to those of you who brought it to our attention." Wired tweeted regarding the issue.

It is unclear what they mean by 'technical issue' and how come Google has blocked the website.  At the time of the writing, visitors are still presented with the malware warning message.  Wired says it is waiting for Google chrome to remove the warning.

Users targeted with large number of Spam mails containing Banking Trojan

A new massive spam campaign has been spotted by security researchers at AppRiver which sends large amount of spam mails to data centers in an effort to evade Email-filtering engines.

AppRiver's data centers received 10 to 12 times normal traffic.  Even though AppRiver managed to block the spam mails, tremendous volume of traffic caused some of its customers delays in sending and receiving emails.

CyberCriminals are targeting users with large amount of emails with varying premise.  One of the spam mails is targeting Bank of America customers.  A fake alert message pretending to be from Bank of America contains a Bredo malware.

Researchers say the malware is capable of recording the keystrokes and steal financial information.  It has also capabilities to do download additional malware on the victim's machine.  The spam mails reportedly detected only by 11 out of 51 antiviruses.

Another mail analyzed by AppRiver is pretending to be from "VISA/MasterCard" and informs recipients that their account has been blocked due to unusual activity.

Some of the malicious attached files have pointed to Andromeda botnet and some other pointing to Bredo Botnet.  This botnet activity being referred as TidalWave/TidalBotnet by AppRiver.

One of the largest Botnet "Sirefef" disrupted by Microsoft

Microsoft teamed up with law enforcement agencies and A10 Networks has disrupted one of the world's largest Botnet "ZeroAccess" that defrauded online advertisers.

ZeroAccess also known as Sirefef is a notorious malware which makes money for cyber criminals through Click fraud - Hijacking victim's search results and generating fake clicks on ads. It also installs Bitcoin miners in the infected machines.

Victims usually get infected by the ZeroAccess through drive by download attacks.

The malware has reportedly infected more than two million computers. It costs online advertisers around $2.7 million per month.

David Finn, executive director and associate general counsel of the Microsoft Digital Crimes Unit said the disruption "will stop victims’ computers from being used for fraud and help us identify the computers that need to be cleaned of the infection"

Microsoft said the action will not "fully eliminate the ZeroAccess botnet due to the complexity of the threat". However, it will significantly disrupt the botnet's operation and will bring loss of revenue for the cyber criminals who behind the ZeroAccess.

Used memory sticks being sold online contains sensitive Government data

Selling an used memory sticks often pose an information security risk-  We might be thinking that we completely erased the data from it, but it is possible to recover the files that are not properly deleted with the help of some tools.

A recent study found that "old memory sticks" being sold online contain sensitive Australian Government data.

The research paper which is to be presented at a cyber security conference in Perth reveals how researchers discovered the confidential Government data while they are researching the used memory sticks, The Australian news reports.

The study found that sellers are sending memory cards without properly erasing the data. The recovered data not only contains a personal info but also appears to be information belong to Australian government.

"It is evident that actions must be taken by second hand auction sites, and the media to raise awareness and educate end-users on how to dispose of data in an appropriate manner," the study says.

AutoCAD malware opens gateway for cybercriminals

Security Researchers at Trend Micro have discovered a new and rare type of malware which is disguised as a legitimate Autocad component with '.FAS' extension.

The malware opens up infected machines to exploits. It first creates user account with admin privileges and then creates network shares for all drives in the victim's machine.

It also opens the ports 137 to 139 (ports known for NetBIOS service) and 445 is used for Microsoft-DS SMB file sharing service that provides access to files, printers, serial ports .

The open ports can be abused by cybercriminals for exploiting old SMB based vulnerabilities.

It appears the attacker created admin account for the sake of making his "access" to the system is easy so that he doesn't need to crack password for existing accounts or remotely create one.  

The attacker can now easily steal all files from the infected machines.  He can also infect the target machine with any other data stealing malware.

Cyber Society of India wants to Ban Ethical Hacking course in India- Compares hackers to rapists

I was totally shocked when i heard the words came out from the President of Cyber Society of India( on local channel "Puthiya Thalaimurai'. The local channel covered a story about Ethical Hacking.

He told in the Puthiya Thalaimurai's interview that "Ethical hacking" is like ethical rape.  He asked "how one can claim it is legal by adding 'Ethical' word in front of Hacking".

He also added that "We are not doing rape in order to prevent rapes. Then, why we should do ethical hacking to prevent hacking?". 
It is ridiculous to compare ethical hackers with rapists. 

Here is Puthiya Thalaimurai's video covering Ethical Hacking (Tamil):

"I will say ban Internet, no Internet no Hacking we all will be safe. Even Pollution is increasing so shall we stop breathing????? " One hacker commented . " What I understand from my side is you should increase Cyber Forensics Courses so that we get good investigators."

"If you have good Cyber Forensics Investigators the crime rate will go down, and only those people will get enrolled to even Ethical Hacking Course who have good ethics as they know that if thet go wrong they will be arrested."

Yes, i agree with what hacker said.  An Ethical Hacking course with a cyber laws always produce a good ethical hackers.  We can't just simply ban ethical hacking course as India need more Ethical Hackers/PenTesters.  We just need to teach them cyber laws as well.

 "This is one of the most ridiculous discussions I have ever seen. Now guys will come and say don’t teach programming they will write virus" One cyber security expert comment.

"There is a great demand for “ethical” hackers all over the world and they are required to make cyber world secure. As its said in movie Spiderman “with great powers come great responsibilities” and should make kids understand the responsibilities associated with this great art."

India to prepare Army of Reverse Engineers to Counter Cyber Attacks

National Security Database, an initiative of Information Sharing and Analysis Center (ISAC) in association with Ground Zero Summit 2013,  organized a Seminar on Reverse Engineering in New Delhi. The Seminar was organized to identify and create the need for the most credible and valuable Information Security professionals in India, especially in Reverse Engineering, to protect the National Critical Infrastructure and economy of the country.

The Seminar touched upon the growing need of Reverse Engineers in the country to counter cyber attacks and piracy. As the $100 billion information technology industry seeks to chart a new course by fostering software product companies, Reverse Engineering to become a promising field for jobs in the IT and software development sector.

According to NSD, there are less than 5,000 Reverse Engineering experts currently in India. NSD in collaboration with various Academic Institutions across India aims to increase the number of Reverse Engineering professionals in the country to 1 lakh by 2015, through training and awareness.

National Security Database has joined hands with Ground Zero Summit (G0S) 2013 and is promoting Asia’s largest Information Security Summit (G0S) scheduled to take place from 7-10 November, 2013 at The Ashok, New Delhi.

Speaking at the Seminar, Mr. Rajshekar Murthy, Director, National Security Database, said “Hacking has become a growing threat to Indian IT industry. Some recent data theft cases by hackers has made India's $100 billion IT industry a primary target. The acute shortage of Reverse Engineering professionals will further hit the IT industry and the economic loss will grow exponentially due to piracy and insecure coding.”

“Today, reversing techniques are used for 'studying' viruses and malwares to help catch the criminals, create 'patches' to clean the viruses from computers and mobiles and also test closed systems and technologies for quality assurance and security vulnerabilities. Reverse engineering experts are immensely useful in the intelligence and defence sector for offensive research such as exploit development and embedded systems security. Companies can also hire reverse engineering experts to oversee security aspects during product design stage and protect their software from being copied or have security issues”, further added Murthy.

National Security Database has developed Intensive and in-depth Reverse Engineering Boot-camps offered by Information Sharing and Analysis Center (ISAC) approved partners. The program helps engineers to understand different aspects of application security, learn anti-cracking techniques and to create secure code for internal use that cannot be easily hacked. Through these programs the engineers also learn different approaches for Reverse Engineering and Application to get a strong foundation in dealing with new Malwares and gain expertise to analyze it.

Grab Your tickets Now! Defcon Bangalore Information Security Meet 2013

We invite you to the Defcon Bangalore 2013 Meet.  Defcon Bangalore is information security meet that you should not miss- The place where top Indian security researchers gather to share their knowledge.

The meet is going to be organized on coming Saturday, August 17th 2013 - The day that will give a chance for you to meet the WhiteHat hackers.

The reason why we mentioned this meet shouldn't be missed is that there are hackers from Brazil going to give a talk on "SCADA Exploitation".

Final list of Speakers:
  • Himanshu Sharma – Planning to rob someone? Here is an easier way
  • Ajin Abraham – Pwning with XSS reverse Shell
  • Dr. Daniel Singh – Tracing the Ghosts of Cyber World
  • Manas Prathim Sharma – IUTM
  • Francis Alexander – Abusing LFI-RFI with a twist
  • Aditya Gupta and Subho Halder – Droid Exploitation
Don't Miss the Training sessions.  Security researchers are going to give a training on several interesting topics on Information Security.

Training Track Sessions By
  • Aditya Gupta and Subho Halder on Droid Exploitation
  •  Bitcoins – Suriya Prakash
  • Deep Web – The TOR network – Nikhil P Kulkarni
  • Sabari Selvan on Exploit code writing
  • Hacking Hardwares with Raspberry Pi – Yashin Mehboobe
Book your tickets at:

You can find more details at