Thursday, May 20, 2010

Metasploit Version 3.4.0 Released

The penetration testing professionals must rejoice the latest Metasploit Version 3.4.0 release. This is a wonderful tool that can be downloaded from here. It has many crucial improvements from its predecessor.

Metasploit now has 551 exploit modules and 261 auxiliary modules. It has got a brute force support and the release includes several major improvements, especially to Meterpreter, which is one of the available shellcode modules.

Meterpreter is now claimed to be capable of switching seamlessly between 32-bit and 64-bit processes on compromised systems. The Meterpreter is a critical component of Metasploit in that it provides the ability to perform advanced post-exploit automation on a target system. The release has also added new Java and exploit automation technologies.

The version is still freely available though its professional and paid version is also available. Metasploit is used world wide for security and pen testing purposes. It is also part of many security distros like Backtrack ( may be in modified form).

Sunday, April 4, 2010

Techno-Legal Online Cyber Security Research, Training And Educational Centre of India

Cyber security management is a tough task especially if it is techno-legal in nature. In that case one has to manage not only the technical aspects but also the legal aspects. Perry4Law is the leading Techno-legal ICT law firm of World. It has many techno-legal segments like Perry4Law Techno-Legal Base (PTLB), Perry4Law Techno-Legal ICT Training Centre (PTLITC), etc. Perry4Law is also running various online techno-legal research, training and educational centre in India. Techno-Legal Cyber Security Research, Training and Educational Centre is one of them.

Cyber security in India is not in a good shape. India is on the verge of a technology revolution and the driving force behind the same is the acceptance and adoption of Information and Communication Technology (ICT) and its benefits. This technology revolution may, however, fail to bring the desired and much needed result if we do not adopt a sound and country oriented e-governance policy. A sound e-governance policy presupposes the existence of a sound and secure e-governance base as well. The security and safety of various ICT platforms and projects in India must be considered on a priority basis before any e-governance base is made fully functional. This presupposes the adoption and use of security measures more particularly empowering judiciary and law enforcement manpower with the knowledge and use of cyber forensics and digital evidencing, says India’s leading techno-legal expert Praveen Dalal.

India cannot achieve a good cyber security till it takes care of both technical as well as legal aspects of cyber security. There is no doubt about the proposition that Indian Parliament is not technology sound and we need to empower it through ICT. At the same time we must also train the governmental officials holding key positions in crucial ministries and departments about basic technology, cyber law and cyber security. These individuals must be trained suitably so that cyber security of crucial systems may not be compromised.

Cyber security is very important to protect businesses, governments and general public at large. The same must be a part of the national policy of a nation. Another crucial aspect related to a secure and strong cyber security in India pertains to critical ICT infrastructure protection in India. Critical infrastructure is becoming increasingly dependent upon ICT these days. If we are unable to secure an ICT system we are also risking critical ICT infrastructure as well.

On the one hand India has a weak and criminal friendly cyber law whereas on the other hand it does not possess tech-savvy law enforcement machinery. Even lawyers and judges are not that much aware about the nitty-gritty of cyber laws. It is high time for India to take some serious steps towards not only making the cyber law of India stronger but also to streamline cyber security of India.

AUTHOR: RAM K KAUSHIK

SOURCE:
GROUND REPORT

Saturday, March 20, 2010

Online Dispute Resolution In India Strengthened

India is not using ICT for dispute resolution whether it pertains to e-courts or contemporary out of court dispute resolution in the form of online dispute resolution. Fortunately, the first ever Techno-Legal Online Dispute Resolution Centre of India has been launched by Perry4Law that would cater the dispute resolution, training, educational and many more such crucial requirements in India.

Online dispute resolution (ODR) in India is in its infancy stage and it is gaining prominence day by day. With the enactment of Information Technology Act, 2000 (IT Act 2000) in India, e-commerce and e-governance have been given a formal and legal recognition. Even the traditional arbitration law of India has been reformulated and now India has Arbitration and Conciliation Act, 1996 in place that is satisfying the harmonised standards of UNCITRAL Model. Even the Code of Civil Procedure, 1908 has been amended and section 89 has been introduced to provide methods of alternative dispute resolution (ADR) in India.

However, the fact is that the increasing backlog of cases is posing a big threat to the judicial system of India. The same was even more in the early 90 but due to the computerisation process in the Supreme Court and other courts that was reduced to a great extent. However, the backlog is still alarming. This is because mere computerisation of courts or other constitutional offices will not make much difference. What we need is a will and desire to use the same for speedy disposal of various assignments.

There is a lack of training among police, lawyers, judges, etc regarding use of information and communication technology (ICT) for legal, judicial and ADR /ODR purposes. Judges in India need cyber law training, e-courts training, ADR/ODR training, etc that allow them to effectively understand and use ICT for judicial and ADR/ODR purposes.

India has to cover a long gap before the benefits of ICT can be used for effective day to day functioning of its courts. The easy task of computerisation has already been achieved to some extent but the real task is still yet to be achieved. For instance, although computerisation efforts are satisfactory regarding courts in India yet till now India does not have even a single e-court. This is because the difficult part of establishment of e-courts in India is yet to be achieved.

ODR and e-courts may hold the key to growing heaps of backlog of cases in India but the political will is essential to achieve the same. In the absence of political will, we have to be satisfied by half hearted, half baked and failed e-governance projects alone.

SOURCE: OPEDNEWS

Tuesday, March 9, 2010

First E-Judiciary Training And Consultancy Centre Launched In India

India is at the initial stages of establishment of electronic courts (e-courts). Though India has done a good job by computerising the courts at various levels yet it is still far from the establishment of even the first e-court of India. It seems the e-courts project of India needs a techno-legal training boost.

Perry4Law and PTLB have launched the first ever e-courts training and consultancy centre of India and perhaps first of its kind in the World. A “prototype” of the same is available to the public and stakeholders till the final website is out.

Efforts in the direction of establishment of e-courts in India have been in process since 2003 and significant development in the sphere of computerisation has already been achieved. It is at this stage that there seems to be stagnation of e-court project of India and this initiative by Perry4Law would facilitate in the smooth and hassle free migration of e-court project to the next level.

India must understand that E-courts are much more that mere connectivity and computerisation of traditional courts. The moment e-filing, presentation, contest and adjudication of the cases in an online environment would start, India would surely be capable of establishing e-courts.

Monday, February 22, 2010

Techno-Legal Education In India Got A Boost

Legal education in India is in the process of transformation. However, there are urgent educational and legal reforms that must be undertaken by India as soon as possible. One such area that requires urgent attention is the amalgamation of legal education with information and communication technology (ICT). For instance, cyber law is an important facet of such an interaction of technology and law.

Indian educational system is more academic than professional. As a result although India has good population that is academically sound yet when it comes to practical and real life experience and work, they do not perform reasonably well. Various studies and research in India have suggested that out of the educated masses only 15 to 25% are fit for being absorbed at job places.

In short, India is running short of institutions that can impart good techno-legal skill development education, training and coaching. Perry4Law and PTLB have launched the first ever “Techno-Legal Online Coaching, Training and Education Centre” in India that aims at developing the skill and talent of the students and professionals seeking a good career in cyber law and allied fields.

Interested students, teachers and partners wishing to be part of the project as well as future projects and initiatives of Perry4Law must contact it as soon as possible. The contemporary skill requirements are multi disciplinary in nature where a computer science student or professional must also have basic level of legal knowledge. The proposed initiative keeps this in mind and students and professionals from all the educational streams are encourage getting themselves enrolled.

The government of India must also come up with a good educational policy as well as sound legal reforms so that legal sector may meet the contemporary international standards and requirements.

SOURCE: GROUND REPORT

Cyber Law Training And Coaching In India Rejuvenated

Cyber law is a subject that is less appreciated and even lesser applied in India. Whether it is the law making in this regard or its execution and enforcement, by and large cyber law scenario in India needs rejuvenation.

The position in this regard cannot be improved till we inculcate appropriate knowledge and skills at the initial stages of education. Cyber law education in India is at its infancy stage and is maturing towards a qualitative one. However, there is a growing need for good “Techno-Legal Institutions” that can manage the growing demand for cyber law coaching, education and training in India.

Fortunately, one such initiative has already been undertaken by Perry4Law and its Techno-Legal Segment known as Perry4Law Techno-Legal Base (PTLB). Perry4Law is the First and Exclusive Techno-Legal ICT Law Firm of India and is World renowned in techno-legal fields like cyber law, cyber forensics, cyber security, etc.

To cater the growing demands for qualitative techno-legal education in India and abroad, the coaching, training and education segment of PTLB has been launched. Presently, it would be providing “Online Cyber Law Coaching and Internship” to law graduates, law students, graduates and professionals of various disciplines and streams, etc. This is a golden opportunity for those who wish to make a mark in the field of cyber law. Since the seats are “limited” an early enrollment would be beneficial for the serious students.

To facilitate an effective two mode communications between students and teachers on the one hand and Perry4Law on the other, an online “Information Centre” has been established. This information platform would announce and publish all the relevant information regarding the proposed initiative from time to time. Students, teachers and other interested persons are advised to regularly visit this platform. This platform also contains many crucial and important information that must be read before finally applying.

For those who are looking forward for “Domain Specific” and “Highly Skilled Training”, a separate initiative has been launched by another segment of Perry4Law. The same would also be functional very soon.

SOURCE: MYNEWS

Friday, January 22, 2010

BACKTRACK 4 FINAL RELEASE: AN ESSENTIAL TOOL IN YOUR CYBER SECURITY AND CYBER FORENSICS ARSENAL

The final and stable version of Backtrack 4 series is a wonderful penetration testing, cyber security and cyber forensics tool. It is not only a powerful utility but is also useful for multiple purposes. The best part is that it is available to the security and forensics community free of cost.

Although Backtrack has always been a good tool but its team(s) must be congratulated for not only providing it free of cost but also for keeping pace with the contemporary cyberspace challenges. The latest stable and final release has also added the cyber forensics functionality. The best part about this feature is that it is claimed to be safe from making changes to the system under inspection. Although Perry4Law and Perry4Law Techno-Legal Base (PTLBTM/SM) have yet to test the tool but the claimed features are very promising.

A successful cyber forensics examination must essentially gather both volatile as well as non-volatile data and information. Also during the live analysis of a system, files and data should not be overwritten. Similarly, there should not be any change in the integrity of the information residing on the suspected computer or device. Backtrack 4 meets many of these requirements but it still has to enhance the cyber forensics features further. It is very difficult to provide security and forensics functionalities at the same time yet Backtrack 4 is proceeding in the right direction.

All interested person must give it a try and the same can be downloaded from the website of Backtrack. Perry4Law and PTLB are in the process of analysis and use of Backtrack 4 and would come up with their observations and suggestions. For the time being it would be a good idea to start gaining the basic knowledge of Linux.

We are also analysing other freely available cyber security and cyber forensics distributions. There are many freely available and dedicated cyber forensics distributions that are worth trying. Similarly, there are dedicated cyber security softwares that are freely available. We would be covering them one by one.

Sunday, January 17, 2010

Cyber Laws All Over The World Are Becoming Unreasonable And Oppressive

Cyber Laws all over the World are intentionally designed to violate civil rights like privacy, speech and expression, etc. They are also intentionally formulated to facilitate “Internet Censorship” and “E-Surveillance” beyond the legitimate limits of “National Security”. This approach is more dangerous and is detrimental to the national security in the long run.

The Google’s episode regarding China’s censorship shows the growing hunger of various nations for Internet censorship and e-surveillance. India is no different from China when it comes to “Internet Censorship” and “E-Surveillance”, though the extent and degree may be somewhat lesser. The Information Technology Act 2000 (IT Act 2000) is the sole cyber law of India that was amended by the Information Technology Act 2008 (IT Act 2008). From here starts the real problem.

According to Praveen Dalal, Managing Partner of Perry4Law and the leading Techno-Legal Expert of India, “The IT Act 2008 made India a “Safe Heaven” for cyber criminals on the one hand and an “Endemic E-Surveillance Society” and “Internet Censorship State” on the other hand. It seems the main aim of the proposed IT Act 2008 was to strengthen the “Internet Censorship” and “E-Surveillance Capabilities” of India.

With the passage of IT Act 2008 India has now officially become an endemic e-surveillance society. The amendments have provided unregulated, unconstitutional and arbitrary e-surveillance and Internet censorship powers to Government of India and its agencies and instrumentalities, says Praveen Dalal. The fact is that India has become an E-Police State, states the ICT Trends of India 2009.

Surprisingly, Minister of State for Communication Sachin Pilot believes that Indian cyber law is strong enough to meet the challenges posed by technology-assisted terrorism and cyber-terrorism. It seems he has not gone through the present IT Act 2000 after its 2008 amendments.

Some observers in India have rejoiced the exit of Google from China believing that it may be a good opportunity for India. However, they fail to understand the “ground reality” that India is no different from China when it comes to Internet Censorship and E-Surveillance. If India does not abdicate its alliance to Internet censorship and e-surveillance similar incidence may happen in India as well.

SOURCE: ITVOIR

Thursday, December 24, 2009

National Security And Internal Security Infrastructure Of India

National security of India has recently received a rejuvenation attempt by the Government of India (GOI). This is good news at a time where the national security issues are grossly ignored in India. The national security of India and internal security of India are suffering not only on the count of lack of political will but also due to absence of suitable policies and strategies.

The ICT Trends of India 2009 have also proved that India has failed on the fronts of Cyber law of India, Cyber Terrorism in India, E-Courts in India, E-Learning in India, Unique Identification Project of India, Serious Frauds and White Collar Crimes, National Security Issues, Crime Reporting by Media, Internet Banking Frauds, Cyber Security of Defense Forces, Cyber War in India, E-Surveillance in India, etc.

According to Praveen Dalal, Managing Partner of Perry4Law and the leading Techno-Legal Expert of India, “Indian approach in this regard is not sensible at all. We should not invest thousands of crores of Indian rupees into security projects that can be manipulated and sabotaged in minutes. Rather we should first analyse the weaknesses and security holes of the same before buying and installing it.

After all security of a Nation is proper application of “common sense” rather than wasting unlimited amount of money. Crime and Criminal Tracking Network & Systems (CCTNS) of India, Unique Identification Authority of India (UIAI), Rs 800 crores centralised facility to control phone tapping activities in India, etc are some of the projects that require common sense application before their implementation. They have to be tested in a “limited environment” before using them in a full fledged manner, says Praveen Dalal.

It seems Indian security initiatives have to be holistically analysed and suitably applied. The Indian security infrastructure and workforces are not in good shape and require rejuvenation. We need a techno-legal security workforce and not personnel who do not have even the basic facilities and technological means and knowledge. The terrorist attacks have really shattered the deep pervasive false sense of security present in the Indian government mentality. We have to think and act against such internal and external threats by going beyond a "political debate". We can fool ourselves by bragging about India’s capabilities and victories against terrorism and cyber terrorism and keep on facing future attacks and bear the traumatic casualties. Alternatively, we must accept our weaknesses against such attacks and take constructive steps to anticipate, prevent and counter such future terrorist and cyber terrorism activities, warns Praveen Dalal.

With a new ray of hope shown by the recent stress upon national security of India we can expect some good results in this direction. However, India is famous for mere assurances and proposals without actually implementing them. Similarly, due to faulty management and policies even the implemented projects have failed in the past. Let us hope that this time India would do the proper homework before starting an initiative that it cannot implement and run.

SOURCE: MYNEWS

Saturday, December 5, 2009

NATIONAL MISSION FOR DELIVERY OF JUSTICE AND LEGAL REFORMS OF INDIA

A blue print of the National Mission for Delivery of Justice and Legal Reforms (NMDJLR) has been recently released by the Law Minister M Veerappa Moily. The NMDJLR Plan is a very ambitious plan and if implemented properly may go a long way in reducing the backlog of cases in India on the one hand and effective Judicial Reforms on the other.

However, keeping in mind the prior experience of the Government of India (GOI) this Plan is too ambitious to be accomplished. The Plan cannot be accomplished till we honestly and dedicatedly work in this direction. In the absence of accountability and transparency and omnipresent corruption and red tappism in India, this Plan is not going to meet its benign objective.

What should be done to make the NMDJLR Plan effective and workable? I think the same requires “Committed Services” the day this Plan has been declared. After all mere declaration is worst that the “chaos” with which the current Judicial System of India is badly suffering. We make false and exaggerated statements and press releases that raise the hope of India citizens. When those hopes are not met, this brings not only a bad name to the Indian institutions like Judiciary but also declines the faith and trust in the same.

Take a perfect example in this regard. India has been claiming establishment and opening of E-Courts since 2003. However, there is not even a single e-court in India despite contrary claims. It seems Indian Government/Judiciary is repeating the history once again. The Delhi High Court has declared that it would open an e-court at its premises on 8th December, 2009. However, if we see the website of Delhi High Court even on 6th December, 2009 (15.10 PM) there are no “signs” of the same. It seems India is once again opening another e-court on “Papers Alone”.

Interestingly, the NMDJLR Plan has appreciated the “basic requirements” of establishment of e-courts in India. However, there is a dichotomy between the NMDJLR Plan and the other e-courts initiatives that are presently undergoing. These initiatives are wasting hundred Crores of hard earned public money upon “computerisation” of traditional judicial function with no actual e-courts capabilities.

The worst aspect of this e-court fiasco and other judicial reforms is that there is neither accountability nor any transparency in these initiatives. The GOI is “blindly” allowing “Yearly Extensions” without asking for performance and accomplishments. Why the GOI allows an extension for even a single year when there is no development and performance in this direction is a big question?

Perhaps, some “miracle” would happen on 8th December, 2009 that would establish the first e-court of India. But the chances of the same are next to impossible and we are heading for “another extension” in the month of February 2010.