Saturday, June 25, 2011

ITI wants to reduce revenue from BSNL and MTNL


ITI, the loss-making state-run telecom equipment manufacturer, is working out ways to reduce dependency on BSNL and MTNL, the largest customers of the company. This has been necessitated by a significant drop in the revenue contribution from these companies during the financial year 2010-11, K L Dhingra, CMD of ITI Ltd told Business Standard.

The company wants to reduce its revenue exposure to these companies to 60-65 per cent during the ongoing financial year, from the earlier 80-85 per cent, Dhingra said. ITI, which reduced losses in 2010-11 to Rs 382 crore from Rs 459 crore, reported a year ago, saw a significant drop in revenues in the year ended March 2011. The revenues of the company dropped over 54 per cent to Rs 2,101.2 crore compared to the previous year.

“We saw a huge drop in demand from our major customers BSNL and MTNL, which affected our turnover. Traditionally, we have been too dependent on both these companies for our revenues. Now, we want to reduce the dependency and diversify into newer areas such as defence and other allied sectors,” he said.

ITI is part of the consortium manufacturing the biometric cards for the Unique Identification Authority of India (UIDAI), the other two partners being Bharat Electronics Ltd (BEL) and Electronics Corporation of India Ltd (ECIL). While the project cost is estimated to be about Rs 700-Rs 750 crore, Dhingra said the company being the sole manufacturer of the cards, was expecting over 33 per cent of the project cost as revenues. Besides, ITI is also a hardware partner for the National Population Registry. The effort to bag defence contracts is on and the company has participated in some procedural tenders, he said.

“In 2011-12, we expect to derive about 45-45 per cent of our revenues from customers other than BSNL and MTNL. And we will slowly take this to more than 50 per cent as we go forward,” he said.

Meanwhile, the company is planning to introduce a voluntary retirement scheme (VRS) for employees. A proposal in this regard has been sent to the board of directors, which would take a decision on this in its next meeting, scheduled in July.

ITI employs about 11,000 across its six manufacturing units. Dhingra said the company was comfortable with having 6,000 people to run the organisation in efficient manner.

ITI has three of its manufacturing units located in Uttar Pradesh (Mankapur, Rae Bareli and Naini), while one each are located in Srinagar and Kerala (Palakkad). The main facility of the company is located in Bangalore. Three of the six units are said to be profitable.


Link:

http://www.business-standard.com/india/news/iti-wants-to-reduce-revenuebsnlmtnl/438323/

Friday, June 24, 2011

Banks seek cybershelter with "ethical hackers"


By Ross Kerber and Maria Aspan

BOSTON/NEW YORK | Fri Jun 17, 2011 6:49pm EDT

BOSTON/NEW YORK (Reuters) - Professional hacker Nicholas Percoco received an unusual request from a major financial institution this week: How can you help us avoid becoming the next Citigroup Inc?

Amid a wave of cyber attacks on Citi, the International Monetary Fund and other institutions, Percoco and his team at security firm Trustwave Holdings Inc are fielding more and more calls from banks wanting to stress-test their online defenses.

Trustwave is increasingly being hired for so-called ethical hacking of banking systems to hunt for weaknesses, he said. It is also selling more data loss prevention software, which can freeze a computer network before an intruder can extract sensitive information.

"It's not a new technology, but in the wake of these data losses there's more interest," Percoco, senior vice president at the Chicago-based firm, told Reuters. Trustwave has filed for an initial public offering of stock.

Some cyber experts fear many financial institutions have inadequate defenses, due to distractions during the financial crisis and after that led them to ignore IT systems as they dealt with more pressing issues.

Percoco says his group almost always manages to penetrate bank firewalls or find other ways to cause mischief, from viewing confidential checking account images online to physically strolling into unsecured data centers.

"We'll call the CIO (chief information officer) and tell them, 'We're standing in the middle of your data center. Do you want to come get us?'" he said.

ARMS RACE

Still, there are signs of progress. Financial institutions are now keeping a closer eye on their databases and making more use of one-time transaction passwords to customers' mobile phones. Bank of America Corp, for example, has a SafePass service started in 2008.

Two-thirds of U.S. banks plan to raise spending on fraud-detection and authentication systems in 2011, including all 14 of those with more than $75 billion in deposits, according to a Gartner Research poll of 76 banks.

"This is an arms race," said Bill Conner, chief executive of Dallas-based security company Entrust, which sold $35 million worth of security software to financial institutions last year, up 50 percent from 2009.

"The risks are out there, the regulators are breathing heavy on this. Now the financial institutions are going to have to spend," Conner said.

The question is how quickly can this spending make a difference. Banks have always been targeted by cyber criminals but have so far avoided the worst breaches as hackers focused on softer targets, such as stealing credit and debit card data from retailers.

But banks got wake-up calls this month, when the attacks on the IMF and Citi, the third-largest U.S. bank, came to light. Security specialists say Citi suffered the largest direct hit on a financial institution to date.

MOBILE BANKING WEAKNESSES

As stewards of the payment system, banks face an extra burden to keep the confidence of their customers.

Many financial institutions are starting to bulk up security around their treasury services divisions, which can process trillions of dollars daily for large corporate clients, according to the American Bankers Association.

But now a new push toward mobile payments by big banks, from BofA to Wells Fargo, has some cyber experts worried.

On average, only 8 cents of every dollar that banks spend on IT infrastructure goes toward sustaining and securing that infrastructure, according to Tom Kellermann, chief technology officer at AirPatrol Corp in Maryland and a member of the Obama Administration's Commission on Cyber Security.

Bank security chiefs "are always playing second fiddle to the folks that are saying, 'Let's create the wonderful wireless Web portals with access to financial services through our mobile phones," he told Reuters Insider. "Most security wonks would say 'That's a really, really bad idea.'"

"I think there's been an over-emphasis in security on perimeter defenses, on the walls and moats of castles, and not enough attention is being paid on remote access and website security," he added.

CLEARINGHOUSES VULNERABLE

The threats go beyond retail banking. Among the financial system's most vulnerable points are the clearinghouses that act as central counterparties to all traders, security experts speaking at a Reuters-hosted cyberterrorism panel said on Thursday.

Mark Clancy, chief information security officer at the Depository Trust & Clearing Corporation, agreed on Friday that clearinghouses are especially attractive targets to hackers -- not because their defenses are weaker than other financial institutions but because they house so much concentrated data.

"If you wanted to destroy financial operations, those are the kinds of places you look because they are aggregation points ... they're just more interesting to that kind of bad guy," he told Reuters.

He said the DTCC's spending on cyber security has "really in the last 12 months ratcheted" up.

Market operators are also vulnerable. Hackers breached Nasdaq OMX Group's systems this year, leaving "suspicious files" on the exchange's servers and sparking an investigation involving the FBI.

None of the largest U.S. banks would discuss the latest attacks or make security executives available for interviews. JPMorgan Chase in the past had touted its use of security tokens, but a spokeswoman said it would not discuss the program currently "for security reasons."

Some specialists question whether the banks themselves have done enough to fight hackers in the past. Woodbury Advisor payments consultant Steven Kietz, a former credit card executive for Citigroup and JPMorgan Chase, said he helped to implement federal guidelines for Internet security standards in 2006 while at Citigroup.

But he said those standards are now far out of date, and "five years later we've seen really no new efforts by any of the major banks to protect customers."

(Reporting by Ross Kerber and Maria Aspan; Additional reporting by Jonathan Spicer and Lauren Tara LaCapra; Editing by Tiffany Wu and Matthew Lewis)

Links:

http://www.reuters.com/article/2011/06/17/us-cybersecurity-banks-idUSTRE75G5VR20110617

Special report: Government in cyber fight but can't keep up


By Phil Stewart, Diane Bartz, Jim Wolf and Jeff Mason

WASHINGTON | Fri Jun 17, 2011 6:51pm EDT

WASHINGTON (Reuters) - The Pentagon is about to roll out an expanded effort to safeguard its contractors from hackers and is building a virtual firing range in cyberspace to test new technologies, according to officials familiar with the plans, as a recent wave of cyber attacks boosts concerns about U.S. vulnerability to digital warfare.

The twin efforts show how President Barack Obama's administration is racing on multiple fronts to plug the holes in U.S. cyber defenses.

Notwithstanding the military's efforts, however, the overall gap appears to be widening, as adversaries and criminals move faster than government and corporations, and technologies such as mobile applications for smart phones proliferate more rapidly than policymakers can respond, officials and analysts said.

A Reuters examination of American cyber readiness produced the following findings:

* Spin-offs of the malicious code dubbed "agent.btz" used to attack the military's U.S. Central Command in 2008 are still roiling U.S. networks today. People inside and outside the U.S. government strongly suspect Russia was behind the attack, which was the most significant known breach of military networks.

* There are serious questions about the security of "cloud computing," even as the U.S. government prepares to embrace that technology in a big way for its cost savings.

* The U.S. electrical grid and other critical nodes are still vulnerable to cyber attack, 13 years after then-President Bill Clinton declared that protecting critical infrastructure was a national priority.

* While some progress has been made in coordinating among government agencies with different missions, and across the public-private sector gap, much remains to be done.

* Government officials say one of the things they fear most is a so-called "zero-day attack," exploiting a vulnerability unknown to the software developer until the strike hits.

That's the technique that was used by the Stuxnet worm that snarled Iran's enriched uranium-producing centrifuges last summer, and which many experts say may have been created by the United States or Israel. A mere 12 months later, would-be hackers can readily find digital tool kits for building Stuxnet-like weapons on the Internet, according to a private-sector expert who requested anonymity.

"We're much better off (technologically) than we were a few years ago, but we have not kept pace with opponents," said Jim Lewis, a cyber expert with the Center for Strategic and International Studies think tank. "The network is so deeply flawed that it can't be secured."

"IT'S LIKE AN INSECT INFESTATION"

In recent months hackers have broken into the SecurID tokens used by millions of people, targeting data from defense contractors Lockheed Martin, L3 and almost certainly others; launched a sophisticated strike on the International Monetary Fund; and breached digital barriers to grab account information from Sony, Google, Citigroup and a long list of others.

The latest high-profile victims were the public websites of the CIA and the U.S. Senate - whose committees are drafting legislation to improve coordination of cyber defenses.

Terabytes of data are flying out the door, and billions of dollars are lost in remediation costs and reputational harm, government and private security experts said in interviews. The head of the U.S. military's Cyber Command, General Keith Alexander, has estimated that Pentagon computer systems are probed by would-be assailants 250,000 times each hour.

Cyber intrusions are now a fact of life, and a widely accepted cost of doing business.

"We don't treat it as if it's here today, gone tomorrow," said Jay Opperman, Comcast Corp.'s senior director of security and privacy. "It's like an insect infestation. Once you've got it, you never get rid of it."

The private-sector expert who requested anonymity said a top official at a major Internet service provider told him that he knew his network had been infiltrated by elite hackers. He could digitally kick them out - but that would risk provoking a debilitating counter-attack.

"THE THING ... THAT KEEPS ME UP AT NIGHT"

The idea behind the soon-to-be-announced Pentagon program for defense contractors is to boost information-sharing with the Defense Department on cyber threats. It also aims to speed reporting of attacks on firms that make up what the Pentagon calls the Defense Industrial Base.

The DIB, as it is sometimes known, provides the Defense Department some $400 billion a year in arms, supplies and other services. The new program is voluntary and builds on a smaller pilot, reflecting the persistent challenge of regulating private firms that traditionally shield proprietary data and often downplay cyber setbacks.

Ultimately, the new program may lead to agreement to put at least some Pentagon contractors behind military-grade network perimeter defenses, such as those that protect the Pentagon's own classified networks.

On another front, the Pentagon's far-out research arm, the Defense Advanced Research Projects Agency, is expected to launch by mid-2012 the National Cyber Range, a kind of replica of the Internet costing an estimated $130 million that would be used to test cutting-edge cyber defense technologies and help train cyber warriors.

The Obama administration has made cyber security a national priority, and tried to fashion an "all-government response" that imposes order on the competing domains and priorities of the Pentagon, FBI, Department of Homeland Security, the super-secret National Security Agency and the private sector.

"We're far better prepared than we've ever been before," said White House cybersecurity coordinator Howard Schmidt.

"Notwithstanding all the threats that we see out there, the things that are making news on a regular basis about a company that's been intruded upon ... (look at) how much the system still runs," Schmidt told Reuters in an interview.

The key, Schmidt said, is resiliency, "to make sure that we're better prepared, to make sure that the disruptions when they do occur are minimum - we're able to recover from them."

Still, he said major worries remain. "The thing that I worry about that keeps me up at night is the unknown vulnerability that may exist out there."

Some officials are even less sanguine.

The Pentagon's computer systems are widely considered to be better protected than other U.S. government agencies', and far safer than the private sector's. Still, a U.S. defense official told Reuters he would give the Pentagon just a "C+" grade overall for its cyber defenses. "We're not impervious to attack by any stretch, but nor are we 'open kimono'," the official said. He added: "And we're getting better."

WHAT IS 'CYBER'?

Experts say that one of the toughest challenges of cyber defense is, oddly, definitions. What constitutes "cyber"? Computers and digital networks, certainly. But how about digitized pictures or video streams from a pilotless Predator drone flying over Pakistan?

Who is responsible for protecting what? Where does national security begin and privacy end?

"The other big problem is lack of policy," said one former U.S. official. "(We) lack policy because we lack consensus. We lack consensus because we haven't had an informed debate. We lack an informed debate because we don't have a common pool of data. And we don't have a common pool of data because we don't share it."

Nowhere is the problem more acute than in thinking about cyber warfare. What constitutes an act of war in cyberspace? And how do you determine who it was that fired the shot?

U.S. military officials, eager to talk about how the Pentagon has boosted computer defenses, clam up when the topic turns to offensive capabilities.

The Pentagon has put together a classified list of its cyber capabilities so policymakers know their options - just as it does for more conventional weapons.

Offensive actions against foreign systems would require White House authorization. But the Pentagon does not need special approval to do the kind of cyber surveillance work that can identify vulnerabilities in foreign networks, a U.S. official told Reuters, speaking on condition of anonymity.

That includes leaving hidden digital "beacons" inside adversaries' networks that could be used to pinpoint future targets. The beacons can phone home to tell U.S. military computers that they are still operational, the official said.

While the United States is trying to apply conventional military logic to the cyber realm, there is no global consensus about the rules of cyber war. A Pentagon report due out toward the end of the month is not expected to articulate case-by-case possibilities of when a cyber war could turn into a real one.

INTO THE CLOUD

Even as such policy debates rage, the technological landscape is being remade, seemingly by the month, posing new challenges - and opportunities. Tens of thousands of mobile applications for smartphones and tablet computers represent new vectors for hacks and attacks.

"The quick answer is we haven't been doing enough and we're semi-late to the game" on protecting mobile applications, said Rear Admiral Mike Brown, a senior Department of Homeland Security cyber security official.

U.S. government agencies are working with major commercial vendors "to start looking together at how to address the issues of mobile vulnerabilities," Brown said at a symposium sponsored by Symantec Corp.

Meanwhile, the U.S. federal government is planning to move in a big way into "cloud computing," in which off-site providers offer network and storage resources accessible remotely from a variety of computing platforms.

Potential cost savings are significant. Handled correctly, computing clouds could offer added security, specialists say. But there are also risks.

A study released in April by CA Technologies and the Michigan-based Ponemon Institute contained alarming findings. Based on a survey of 103 U.S. and 24 European cloud computing providers, it found that a majority did not view security of their services as a competitive advantage, and believed that security was their customers' responsibility, not theirs.

Most did not have dedicated security personnel on staff.

Deputy Defense Secretary William Lynn met Google executives in California in mid-February to discuss cloud computing. On May 19, Lynn instructed the Pentagon's Defense Science Board to study the benefits and risks of cloud computing, "paying particular attention to attacks on communications that would destroy or delay delivery of services and information for time-critical uses."

Lynn told Reuters that "cloud computing has the potential to offer greater capability at equal or lesser costs." He added: "I want to make sure we are taking full advantage of these advanced technologies."

The Pentagon is preparing a cloud computing strategy, which it expects to complete by the end of the summer, a U.S. defense official told Reuters.

"We're trying to get to the place where warfighters or any of us can get to our information from anywhere on the planet, with any device," the official said.

Schmidt, the White House coordinator, said as many as 170 security controls are being built into government cloud computing projects from the start. "It's not deploying something and securing it later. We're setting the requirements at the outset."

"I'M NOT CONFIDENT THAT WE WOULD KNOW..."

So how safe are the computer networks of the United States, which perhaps more than any nation relies on them for banking, electric power and other basics of modern civilization?

In May 1998, then-President Clinton signed Presidential Decision Directive 63, calling for a "reliable, interconnected, and secure" network by 2003, and establishing a national coordinator for protecting critical infrastructure.

The Department of Homeland Security now has lead responsibility for protecting the power grid. Yet, as with almost everything involving cyber, it's not quite that simple.

If there were a cyber attack on the power grid today, "I'm not confident that we would know what parts of the government should respond," said one former U.S. official, who asked not to be identified. "Who jumps in there? DHS, DoD, Cyber Command, NSA, the intelligence community?"

"So nothing's really happened." said former Pentagon general counsel Judith Miller, talking about grid vulnerability at a cyber event in Washington this month.

"This is a discussion we had in the 1990s. We're having it right now. Nothing really has changed, although perhaps the ability of attackers, whether they're nation states or just kids, has grown apace," she said.

A central conundrum is that the Pentagon's National Security Agency, which specializes in electronic eavesdropping, has personnel with the best cyber skills, but has been until recently mostly shut out of protecting domestic networks. That's due to the highly classified nature of the NSA's work, and fears that it will stray into domestic spying.

Another complicating factor: the 1878 Posse Comitatus Act, which generally bars federal military personnel from acting in a law-enforcement capacity within the United States, except where expressly authorized by Congress.

"NSA has a long history in cyber security, on both the offensive and the defensive sides. It has great resources and expertise. But it makes privacy advocates nervous," said Stewart Baker, a former DHS official now at the law firm Steptoe and Johnson LLP.

Last October, the Defense Department and Homeland Security - responsible for protecting civilian U.S. government networks - signed a memorandum to cooperate, with the NSA sharing technology and the agencies swapping personnel.

The effort has gotten mixed reviews. Schmidt said that early reports of inter-agency tension have dissipated, and Representative James Langevin, a member of the House intelligence committee, said DHS is improving. "I don't think that they're there yet but we're moving in the right direction," he said.

However other experts, who would not be quoted for the record, said the gap between the two agencies remains wide.

Even if the NSA, DHS and other agencies worked together seamlessly, the problem remains of coaxing industries in critical infrastructure to accept more government regulation.

"There's absolutely no question that the power companies and indeed state regulators have been unenthusiastic about a federal role," Baker said. He added this warning: "The regulation that would pass after a disaster is a lot worse than they would get right now."

And then there's the Stuxnet-like "zero day" attack, exploiting a flaw no one knew existed, perhaps tucked into some off-the-shelf software like that purchased daily by federal agencies.

"Our largest fear ... is the zero day attack," said Sherrill Nicely, the CIA's deputy chief information officer. "It's very, very, very difficult to protect oneself from an attack that you did not know was coming or the vulnerability that you did not know existed."

(Additional reporting by Jeremy Pelofsky and Warren Strobel; Writing by Warren Strobel; Editing by Kristin Roberts and Claudia Parsons)

Links:

http://www.reuters.com/article/2011/06/17/us-usa-cybersecurity-idUSTRE75F4YG20110617

New round of cyber attacks heightens focus on FBI


By Jeremy Pelofsky

WASHINGTON (Reuters) - Each week brings word of another cyber attack on a major U.S. institution, sending law enforcement scrambling and raising new questions about whether it has the ability or resources to track down cyber criminals.

The FBI says it is working to bulk up its cyber division as hackers focus on higher-profile targets, but is at the mercy of a Congress struggling to cut the massive budget deficit.

FBI Director Robert Mueller, who has made it his mission to boost computer savviness during his decade-long tenure, acknowledged there was more work to do when he testified to Congress recently about extending his term by two years.

"I will tell you that we will increasingly put emphasis on addressing cyber-threats in all of their variations," Mueller said earlier this month. "Part of that is making certain that the personnel in the bureau have the equipment, the capability, the skill, the experience to address those threats."

Some experts question whether the FBI has the tools or manpower to apprehend those responsible for attempts like one earlier this year that sought to infiltrate the International Monetary Fund's computers, which hold sensitive economic data.

A Justice Department inspector general report in April said some FBI field agents raised concerns they were not qualified for cyber cases and were rotated between offices too often, hobbling their efforts.

The FBI is now reviewing its policy on agent transfers and reviewing training they receive for such investigations.

"The tools that the FBI has in its toolbox are really pretty limited," said Stewart Baker, a former top official at the Homeland Security Department and now a partner at the law firm of Steptoe & Johnson.

"Many of these attacks are launched from overseas, they use individual e-mails with specially-packaged malware to get into the system," he said. "The FBI doesn't have a lot of tools to actually identify a wrongdoer."

The FBI does not reveal how many hacking cases it has pending or the budget for its growing cyber division.

Following a joint investigation with the FBI, British authorities on Tuesday announced the arrest of a 19-year-old man suspected of involvement in the attack on the public website of the CIA.

FINDING MORE RESOURCES TOUGH

A senior official in the FBI's cyber division said his team has recently received more backing from Congress. Now, about 60 percent of cases focus on national security and criminal intrusions, up from 50 percent about two years ago. Most of the remainder deal with child pornography.

"As we've received enhancements to personnel and non-personnel resources, we've specifically trained them in the areas of intrusion," Steven Chabinsky, deputy assistant director of the FBI's cyber division, told Reuters.

A Senate Judiciary subcommittee on Tuesday weighed beefing up cyber laws. But the critical issue of finding more money could be difficult as Obama and Congress are under intense pressure to cut the budget deficit.

National security matters tend to get spared the budget ax, but the chances of a large boost in resources are slim.

Obama's proposed budget for fiscal 2012, which starts October 1, includes a request for almost $19 million more for 42 new positions at the FBI focusing on investigating and protecting against cyber attacks, including 14 special agents.

Obama also sought money to hire six more attorneys who would be placed overseas to focus on cyber crime cases, adding to the 40 or so prosecutors already working on those crimes in the Justice Department's criminal division.

The FBI has been confronted with both "nuisance" attacks, like the CIA and Senate website cases, and much more serious intrusions at the IMF, Lockheed Martin and Sony.

The latter cases are a "higher priority in terms of damage and victimization, but an overall investigative approach can be quite successful by looking at the entirety of the problem," Chabinsky said, a possible indication of how broadly the FBI is examining the recent spate of attacks.

Still, he said the number of cyber attacks has not increased dramatically in the last two years, rather publicity about them has -- either from the victims or those launching the attacks.

"But I think they're more visible, and a trend toward destructiveness is disconcerting," he said. "The level of capability that's now being used for destructiveness as opposed to financial gain is different."

Cyber attacks often span multiple countries and servers. Laws overseas may be different. Determining who was at the keyboard at the time poses yet more challenges.

Chabinsky said the FBI spends considerable resources on those cases that take them around the world. Cooperation by foreign governments in pursuing hackers has increased.

One expert offered praise for the FBI upping its game, noting it was zeroing in on the more serious cyber attacks. He said the FBI must also try to infiltrate groups that openly publicize their hacks, like Anonymous and LulzSec.

(Editing by Warren Strobel)

Link:

http://www.reuters.com/article/2011/06/21/us-usa-cybersecurity-fbi-idUSTRE75K6EN20110621

Forget Spy Kids, try kiddie hacker conference


By Jim Finkle

BOSTON | Thu Jun 23, 2011 9:26pm EDT

BOSTON (Reuters) - Children as young as eight years old are invited to Las Vegas this summer to learn that it's cool to be a hacker -- provided they don't cheat, steal or commit other crimes.

The first-ever Defcon Kids conference in August is a chance for children between eight and 16 to learn the skills of computer hackers, as well as protect themselves against cyber attacks.

It will also be an opportunity for U.S. federal agents to size up tech-savvy youngsters who could form the next generation of digital crime-fighters.

Police, intelligence agents, military officers and the consultants working for them have long attended as well as recruited from Defcon, the world's biggest gathering of hackers held in Las Vegas every summer.

This year, against a backdrop of high-profile cyber attacks on targets ranging from Google Inc to the International Monetary Fund, Defcon organizers are holding Defcon Kids on August 6 and 7 alongside the main conference. Kids need to register in advance at www.defconkids.org to be able to participate in some conference activities.

One goal of Defcon Kids is to convince children from age 8 to 16 that it is cool to be a "white hat," or benevolent hacker who uses computer skills to fight crime.

"Black hats," in contrast, work on the dark side of the Internet, using their skills to steal money, identities and other perform nefarious deeds.

"Hacking isn't just fun and games. It isn't about breaking into systems," said a 16-year-old who goes by the hacker handle "FS." He will teach Defcon Kids how to protect against Internet spies who sniff wireless networks for private data. (www.defconkids.org).

"It's about securing yourself and the people around you," said FS, who gets paid by companies to conduct penetration testing, which is breaking into computer networks to uncover vulnerabilities.

Like many hackers, FS uses a handle rather than his real name to protect himself from being targeted by black hats.

Such names have special meaning for hackers, who often keep their significance secret. FS stands for forty seven, which is code for the initials of his real name, which FS declined to disclose.

HACKING TOOLS

Law enforcement around the world is scrambling to combat cyber crime, and each week seems to brings a new attack -- from activists promoting a cause, to more serious security breaches and data thefts at Sony Corp or Citigroup.

Some of the world's most elite hackers have volunteered to teach at Defcon Kids, running sessions on basic computer programing, lock picking and puzzle solving. A course in hardware hacking, for example, will show children how to modify a circuit board so it plays the game "Simon."

"CyFi," a 10-year-old Girl Scout whose identity has been stolen twice, is helping to organize the conference. Her personal agenda is to network with other young hackers, advance her lock-picking skills and meet real federal agents while she's there.

"Most of the time when people think of hacking, they think 'Oh that's a bad thing,'" she said. "I want to get more people to become good hackers and to have fun doing it."

While she has few friends who share her passion for hacking, CyFi is a fan of a website called CryptoKids (www.nsa.gov/kids) managed by the National Security Agency.

The highly secretive NSA, which runs spying operations for the U.S. government, tries to make hacking cool on the website by offering for download coloring books for the young, video games, and tips on breaking codes for older hackers.

Cartoon characters on the website include the code-breaking team of Crypto Cat and Decipher Dog, as well as Cyndi, a fictional hardware hacker who loves to figure out how gadgets work.

Defcon Kids will learn how white hats use Google's search engine to find confidential information that is exposed over the public Internet. But they won't cross the line into illegal activity by forcing their way into private sites.

"It will give the kids an avenue to practice certain skills without the fear of getting into trouble," said Chris Hadnagy, one of the Defcon Kids instructors.

That doesn't mean they won't have fun.

"We want to expose kids at an earlier age to the wonders of taking things apart and making them do things that they weren't intended to do," said Jeff Moss, Defcon's founder.

(Reporting by Jim Finkle; Editing by Tiffany Wu, Steve Orlofsky and Bernard Orr)

Friday, June 17, 2011

Cut-off scare wake-up call for quality education


The New Indian ExpressLast Updated : 16 Jun 2011 11:23:42 PM IST

The stratospheric cut-offs fixed by some leading Delhi colleges in their first admission list might be unfair to students but Union HRD minister Kapil Sibal’s challenge to their rationale amounts to shirking his responsibility. The high cut-offs are not a college-specific issue but a reflection on India’s education system. If someone is to be blamed for this, it is not the colleges but those entrusted with formulating India’s higher education policy and making it work. The cut-offs will decline in subsequent lists but they have sounded a wake-up call for system, which is unable to create additional capacity to absorb top class students. Sibal would do well to concentrate on addressing this issue than gallivanting everywhere as a political fire fighter.


There is a huge demand for tertiary education in India and this is not matched by the growth in centres of excellence in higher education. Given the demand-supply imbalance the only solution is to increase the number of colleges and seats and ensure that there is no dearth of good teachers and right education for students. The number of universities in India has grown manifold during the past few years. A similar trend has been witnessed in the number of student enrolments in the higher education system, which reached around 14.6 million at the end of 2010-11 and is expected to grow over 11 per cent during the next two years.

It is undisputed that increasing higher education enrolment is central to the country’s ability to compete in a global economy, as economic strength and gross national income (GNI) per capita are closely linked to a country’s higher education enrolment ratio. But in order to increase India’s competitiveness, it is necessary to increase high quality higher education. Along with the quantity of graduates, the quality of education should be a focus area for the Indian higher education system

Monday, June 13, 2011

Promise of a new future for Bengal, TN


T J S George
Last Updated : 11 Jun 2011 11:59:16 PM IST

Opportunity has been called “thou strong seducer”. From A Raja to B S Yeddyurappa, from the Bengal communists to the UPA II high command, they have all allowed opportunity to seduce them. Which is a pity because opportunity is also a provider of inspiration for great and noble work.


Following the recent assembly elections, three states saw historically significant regime changes. How are the novice chief ministers in Bengal, and veterans in Tamil Nadu and Kerala, using their newly-won moment in history? It’s barely a month since they took charge. Yet, a tentative appraisal is possible based on first impressions.

Mamata Banerjee, because of her inexperience in state governance and the unpredictabilities of her mood and behaviour, had caused the maximum apprehensions. But she seems to have given the best first impressions. She began with herself, trying to look less unkempt and less temperamental. (The importance of appearance in this television age cannot be over-emphasised. Every time Baba Ramdev is seen walking to his jet, there must be multitudes who wish he wore a shirt. Shapurji Saklatvala, a Labour member of the British House of Commons in the 1930s, once told Mahatma Gandhi at a meeting in London: “For heaven’s sake, Gandhi, wear a pair of trousers”).

Mamata’s approach to governance also showed a touch of freshness. Although her attack of the CPM is relentless, she seemed anxious to show that she had put old enmities behind her. One of her first acts as chief minister was to call on arch critic Somnath Chatterjee at his house. Imagine Jayalalithaa going to the Gopalapuram residence of Karunanidhi.

The new chief minister’s most promising initiatives have been with respect to choosing ministers and advisers. This was clear during the election campaign itself, when she reached out to non-politicos with party tickets. Beyond the cabinet, she has also organised an advisory council consisting of experts from several fields. This means that the new Government will have the benefit of guidance from non-party, non-political specialists. It also shows that the chief minister wants to listen to experts, and not just carry on as a party animal.

The chief ministers of Tamil Nadu and Kerala have been war-horses for too long to not be party animals. Even so, Jayalalithaa has the greatest opportunity among all chief ministers. She wields the most power as she is unhindered by allies or rivals in the party. She is also experienced and intelligent with an administrative acumen recognised by all. She has in her, the faculties to become the architect of a new Tamil Nadu and the builder of a new India.

Two factors have stood in the way of fulfilling this promise—a tendency towards vindictive politics, and a tendency to listen to no one. Both can be overcome by recognising her own strengths. The Karunanidhi family has been in a state of self-destruct. She could afford to leave it alone and appear graceful in the process. As for the loner posture, there are some new faces in the cabinet. Nothing will be lost—and a lot gained—if some able ministers are allowed to speak for themselves instead of the unvarying “Amma-speak”. She has also engaged an outside adviser, Ponraj, who played a similar role for A P J Abdul Kalam when he was the President. If memories of the earlier “kitchen cabinet” are also given a go-by, we may finally see Jayalalithaa coming to her own.

Unfortunately, Kerala raises no such hopes. A historically thin majority should have made the Congress alliance cautious. Instead, it gave ministerial posts to a host of tainted politicians with a history of corruption. The Muslim League’s president even resorted to the unheard-of tactic of announcing portfolios—the hapless chief minister pretended that he saw and heard nothing unusual. Kerala is set for a new era of plunder—if the Government lasts with its two-seat majority. The Congress should be grateful that Achutanandan and the CPM are not Yeddyurappa and the BJP. Such is democracy