Why are Indian companies not venturing into next level of tech such as cloud storage, cyber security?

 In a country with the requisite expertise, it’s surprising that few have ventured into the next level of technology such as cloud storage, cyber security and software-defined networking.

But a few startups have bucked the trend and are profiting from it. Take for instance Lucidous Tech, founded by 23-year-old Saket Modi. The two-year-old company is one of the few Indian players in the cyber security space and works with companies like IBM, Microsoft and KPMG.

“The barrier to entry is very high. Even if you’re a worldclass hacker, organisations will not trust a startup,” said CEO Modi, who built credibility by giving seminars on ethical hacking and cyber forensics across India.

His cyber security firm in New Delhi works with about 415 enterprises to develop security products and hacks into their systems to detect vulnerabilities in codes. The company is soon going international and has tripled its revenue since last year.

“It’s very lucrative. Companies will pay a huge price for gaining momentum in this space,” said Ravi Gururaj, chairman of Nasscom Product Council.

With the internet of things becoming a global phenomenon, the security software makers have a chance to build software in uncharted territories. The market is pegged at $95.60 billion (.`5.8 lakh crore) in 2014 and will grow to $155.74 billion (. `9.5 lakh crore) by 2019, according to research firm MarketsandMarkets.

These core technologies power the next generation of computing and lay the foundation for enterprises. But the dearth of Indian companies is glaring.

“There are very few companies. This is the best kept secret in the industry ,” said Jay Pullur, founding member of software product thinktank iSpirt.

Pullur, also the CEO of Hyderabad-based Pramati Tehnologies, said iSpirt talks to global MNCs regularly and have been told that such companies are easy acquisition targets.

Also the market size and opportunity in these technologies have been more than validated.

Take software-defined networking as an example. In simple terms, SDN will do to networking, what cloud did to servers–eliminate physical data centres and virtualise the hardware aspects of networking, untying software from legacy hardware.

So why are there so few entrepreneurs? It is not the lack of expertise. Bangalore hosts the development centres of at least two Silicon Valley-based companies in SDN–Avni Networks and Versa Networks. “We aren’t using our India team for mundane development tasks, like maintenance and bug fixes–a big mistake of many larger companies in tech. Quite the opposite,” said Kumar Mehta, CEO of Silicon-Valley based Versa Networks. The twoyear-old company has received $14.4 million (Rs 87.5 crore) in funding from Sequoia till date.

“The India team is working on the core solution, writing code around the clock with their Silicon Valley peers,” said Mehta, a former employee of Juniper Networks.

Last year, research firm CB Insights said deal activity jumped 75% on the back of large acquisitions by Juniper Networks and VMWare. Between mid-2012 to 2013 to SDN-related startups have raised nearly $416 million (Rs 2,500 crore) across 35 deals.

Cloud storage is another largely unnoticed area.

courtesy:etcio.com

Advertisements

India digital Security market to grow 8% in 2014

Delhi: Digital security vendor revenue (hardware, software and services) in India will grow from $882 million in 2013 to $953 million in 2014. Security spending will continue to grow to in 2015 when revenue is projected to reach $1.06 billion. Security services revenue accounted for more than 55 percent of this total revenue in 2013 and this trend will continue into the foreseeable future, says a Gartner report.

“Enterprises in India that traditionally did not focus on, or invest in, a lot of security technologies are now beginning to realise the implications that a weak security and risk posture can have on their business,” said Sid Deshpande, principal research analyst at Gartner.

Vertical markets, such as banking and financial services, that have had a strong focus on security are now preparing themselves for the next wave of digitalisation by investing in technology approaches that can enable them to grow their business securely while embracing digital business models. Though this heightened awareness is creating increased budget allocations for security, there is still a skills deficit in the security space in India, consequently driving up the market opportunity for security consulting, implementation and managed security services.

BlackBerry buffs up security credentials with Secusmart deal

NEW YORK: BlackBerry Ltd is buying a privately held German firm that specializes in voice and data encryption, it said on Tuesday, in a bid to burnish its credentials with highly security-conscious clients like government agencies.

The Waterloo, Ontario-based smartphone maker did not disclose the terms of its deal to acquire Secusmart GmbH, which specializes in encryption and anti-eavesdropping services for governments, companies and telecommunications service providers.

The acquisition is the latest by the smartphone pioneer to build on niche areas in an attempt to reinvent itself under new Chief Executive John Chen and recover ground ceded to Apple Inc’s iPhone and Samsung Electronics Co’s Galaxy devices.

“It is a really reassuring sign that BlackBerry is now less focused on firefighting and more focused on identifying and building for the long-term into enterprise services,” said CCS Insight analyst Geoff Blaber.

Still, BlackBerry shares fell 4 per cent to $9.54 on Nasdaq and C$10.45 on the Toronto Stock Exchange.

Chen wants to remain a competitor in the smartphone segment, but is focused on building on BlackBerry’s strong mobile device management abilities by beefing up its security and corporate app offerings.

Secusmart’s technology is being used to protect the devices of government officials in both Canada and Germany, including the BlackBerry device used by German Chancellor Angela Merkel in the wake of the US spying scandal last year.

“Everybody wants to talk about eavesdropping, but it really isn’t just that. Both governments and enterprises are now more and more focused on security in the mobile world,” Chen said in an interview, adding that the Secusmart deal gives BlackBerry yet another leg up on the competition in relation to device security.

Besides the new line of BlackBerry 10 devices, Secusmart’s technology is also used to secure the landline phones of corporations and government agencies.

“This is going to be where monetization is really going to lie for BlackBerry in the future and they have to start building value,” CCS’s Blaber said. “That first and foremost is the most reassuring sign from this acquisition.”

ON A GROWTH FOOTING

Chen said the company, which has gone through a rough and extended restructuring process over the last two years, will be soon getting back on a growth footing with the last of its lay-offs likely to be completed by the end of July.

“We are already starting to turn on our machine to now hire people,” said Chen, adding that any headcount growth is likely to be moderate for now.

“I want to make sure that we don’t get carried away and get ourselves into trouble again financially, but then again, we do need to invest in certain areas, if we want to compete in the future,” said Chen, a well regarded turnaround expert in the technology industry, who took the reins at BlackBerry some nine months ago.
The firm has also been expanding its enterprise sales team.

Chen said he expects the company’s revenue to grow midway through the next calendar year after the firm rolls out its Passport and BlackBerry Classic devices, and an updated version of its mobile device management software.

“Knock on wood. I feel pretty good about where we are in terms of the turnaround,” said Chen. “We still have work to do, so I wouldn’t say we’ve completed the turnaround, but the tough decisions and the tough thinking have already been taken or are done.”

courtesy:economic times

How to Hack Someone’s Account? Ask Them for the Password!

ESET Ireland has been following a surge of phishing emails redirecting users to faked banking, PayPal and Microsoft account sites for harvesting login details, including a username and password.

Although a surprisingly large number of people still use passwords like “12345” or “password” for their various accounts, cybercriminals have taken an easier route than trying to hack into peoples’ accounts. “Ask and you shall receive” seems to be their motto, so they send out emails that pretend to be coming from legitimate sites, notify the user of some unusual activity, and ask them to confirm or deny that activity by “signing into the service”. Except that the service in question isn’t actually there but a faked site instead, which diligently logs all usernames and passwords entered and delivers them to happy scammers.

In the past weeks, ESET Ireland has received several different emails of the same nature, and here are some examples:

1. An email purporting to come from Bank of Ireland, claiming your account requires an update and providing a fake link “Click here to complete update”. The email has some bad spelling errors that give it away.

2. An email pretending to be from iTunes thanking you for purchasing “World Of Go” for €9.65 , then adding “If you did not authorize this purchase, please visit the iTunes Payment Cancellation Form within the next 12 hours in order to cancel the payment,” which requires you to “log in” to the fake iTunes site.

3. An email looking like a detailed payment receipt, mimicking PayPal, with all the usual PayPal visual clues, claiming you paid $208.00 USD to Agoda Company online hotel booking site, adding “If you haven’t authorized this charge, click the link below to dispute transaction and get full refund – Dispute transaction (Encrypted Link).” The link, of course, isn’t encrypted and simply leads to a PayPal lookalike login harvesting site.

4. An email abusing Microsoft’s name, with the subject line “Microsoft account unusual sign-in activity” that claims they detected unusual sign-in activity into your account, supposedly from South Africa, which is meant to make people suspicious. It then offers a solution: “If you’re not sure this was you, a malicious user might have your password. Please verify your account, and we’ll help you take corrective action.” Of course the only action they’ll be taking is signing into your account with the login details you just provided.

What should you do?

First of all, stay informed. The scams you know about are less likely to catch you off guard. We regularly keep you updated on our blog.eset.ie.

Read such mails carefully, checking for clues. If the email has spelling errors or uses poor language, it is likely a scam. A lot of the scammers come from countries where English is not their first language, thereby giving themselves away. Also, the same goes for Gaeilge, where they likely used Google translate to try to fool native Irish speakers.

Do not click on links in emails. Even if you do have a Microsoft account and are alarmed by the email, you would be better off opening your browser and going to Microsoft’s official site directly. Also make sure the website’s address looks correct. In the case of the fake Microsoft one above, the website address reads “yazarlarparlamentosu.org”, which is clearly not “windows.microsoft.com”

If you suspect you may have fallen for one of these tricks, change your passwords. You should change them periodically anyway.

If the email you received looks like it’s coming from your bank, pick up the phone and ring them instead of just clicking on an unknown link. Banks are accustomed to scams like these and will be happy to advise you appropriately.

Think before you click, and enjoy safer technology!

For images of examples above, go here: http://blog.eset.ie/2014/07/15/how-to-hack-someones-account/.

courtesy:eset

Yes, your smartphone camera can be used to spy on you…

Yes, smartphone cameras can be used to spy on you – if you’re not careful.

A researcher claims to have written an Android app that takes photos and videos using a smartphone camera, even while the screen is turned off – a pretty handy tool for a spy or a creepy stalker.

University student Szymon Sidor claimed in a blog post and a video that his Android app works by using a tiny preview screen – just 1 pixel x 1 pixel – to keep the camera running in the background.

Now that most smartphones come with a camera (or two), and camera use is popular with apps like Instagram that encourage photo sharing, hackers are finding sneaky ways to exploit them.

Spyware of this sort has been around for a long time for Windows – the malware called Blackshades for example, which hackers have used to secretly record victims with their computer’s webcam.

This is the latest instance of an Android application that can hijack a smartphone or tablet’s camera for the same devious purpose.

According to Sidor, the Android operating system won’t allow the camera to record without running a preview – which is how Sidor discovered that he could make the preview so small that it is effectively invisible to the naked eye.

Sidor demonstrated how the app works in a video, using his Nexus 5 smartphone.

Sidor said his app worked so well it was “scary”:

The result was amazing and scary at the same time – the pixel is virtually impossible to spot on Nexus 5 screen (even when you know where to look)!

Also it turned out that even if you turn the screen completely off, you can still take photos, as long as the pixel is still there.

Allowing the camera to run in the background – without an indicator in the notification bar – is “inexcusable” and should be fixed by Google’s Android team, Sidor commented in his blog post.

Selfie spies

smartphone-spycam-170There are other Android spyware apps readily available, such as mSpy, that allow snoops to access a device’s activity such as text messages, location, and even make audio recordings.

In March 2014 we reported at Naked Security about a spyware app for Google Glass that could take photos without the Glass display being lit.

Mike Lady and Kim Paterson, graduate researchers at Cal Poly, in California, uploaded to Play Store a Google Glass spyware app (disguised as a note-taking app called Malnotes).

Google only discovered the Glass spyware and took it down from Play Store when the pair’s professor tweeted about their research experiment.

Perhaps the researchers were wrong to knowingly violate Google’s developer policies to serve up their spyware – but it’s a warning sign that even the all-powerful Google can’t completely secure Google Play against malicious apps.

The best advice we have for Android users still applies here and in many other examples of bad apps:

Stick as far as possible to Google Play.
Avoid apps that request permissions they don’t need.
Consider using an Android anti-virus that will scan apps automatically before you run them for the first time.

Hackers can attack your PC even without internet

One of the go-to strategies for securing a computer network when a machine is infected with malware is to remove that machine from the network. This effectively prevents the malware from spreading to other devices.

The technique is called “air-gapping” – network admins are building a “roadblock” quite literally made out of air to stop malicious computer code from propagating throughout a network. With no cables connecting the affected machine to the rest of the network, malware has no “road” by which to travel.

But air-gap malware has no need for a road. It travels through the air as sound waves to infect machines that it is physically near, no matter what network they may be a part of.

What is it and how does it work?
Air-gap malware is that which is able to jump the air-gap by “translating” malicious computer code into high-frequency sound, then transmitting that sound to infect nearby computers.

Engin Kirda, professor at Northeastern University and a co-founder of Lastline, a company specializing in advanced malware, said, “Recently, researchers have started to show proof-of-concept implementations of how malware could leak data from an air-gapped machine using peripheral devices such as microphones and sound cards.”

That’s right: sound as virus. Computer data can’t travel over the air in its raw form, but your computer’s sound card is more than enough to “broadcast” the malware as inaudible sound that interacts with other machines. It doesn’t care what network a computer is on.

Kirda said that one can “think of it as a technique that is similar to how modems work and how machines communicate over phone lines.”

The diagram below comes from a paper about air-gap malware by Michael Hanspach and Michael Goetz. Even if you remove a computer from a network, air-gap malware plays on the computers’ shared physical environment to spread itself.

Where did it come from? There’s not a good answer to this question, but the idea that sound can leak or reveal information from a machine is not a new one. It doesn’t even have to be a modern computer. Research has shown that the sounds of a dot matrix printer can be used to reverse-engineer the content being printed.

Teaching computer malware to play on this technique, however, is new.

How worried should you be about air-gap malware?
For being such an effective method of crippling computers, air-gap malware thankfully doesn’t pose much of a threat to casual computer users. Kirda said: “This is all not trivial…The attacker would probably have to be very sophisticated to be able to pull of something like this.”

There’s not really a way to proactively protect yourself from air-gap malware, but that’s okay for now. The techniques that go into employing air-gap malware are complex and can only be orchestrated by a very skilled hacker.

Put another way, this isn’t the type of malware you accidentally get from installing bum software. It’s the kind you get when someone is coming for your network specifically.

Virtru: New encryption tool to secure emails

It’s time to face reality: Pursuing digital security should be as much of a no-brainer as locking your door before you leave the house. Identity theft, corporate security breaches and an increased interest in personal privacy are forcing some changes. Many of us are choosing stronger passwords and changing them more often, locking down social media accounts and being more conscious of how we communicate. If you haven’t taken these steps, you should.

But one of our favourite forms of electronic communication email remains one of the hardest to secure. Security experts say email is a lot more like a postcard than a letter inside an envelope, and almost anyone can read it while the note is in transit. The government can probably read your email, as can hackers and your employer.

What’s the solution? Make your email more like a letter inside an envelope. The best way to do this is with a process known as encryption, which scrambles a message into unreadable code that needs a key to be unlocked, providing a layer of protection if someone intercepts your email.

The downside to encryption tools is that they are usually difficult to install and use. In addition, they require the person on the other end to be using the same tools. Thanks to a renewed focus on privacy and security, however, new tools are arriving regularly that should make it easier to encrypt email.

One promising new encryption tool is Virtru, a feature that can be added to Chrome and Firefox browsers or installed on the Mail program on the Mac and for Outlook on Windows. One of Virtru’s big selling points is that it works with web-mail services like Gmail, Yahoo and Hotmail. There are also apps for iOS and Android.

Another big benefit of Virtru is that recipients don’t have to be using the service or any other encryption program to see your email. They receive an email that contains a link to your encrypted message. Once they click a button to verify their email address, they can read the unencrypted message in a separate web page and reply.

Their responses won’t be encrypted unless they also use Virtru, but your original email won’t be included in the response, so it remains hidden from prying eyes.

While Virtru is not a completely seamless experience, it is a walk in the park compared with some of the other options, which require signification coordination with the recipient of your messages.

To install the browser plug-in, click the Get Virtru button on the company’s website and it will detect what browser you’re using. Click to download and the extension will install itself, all quickly and easily. You don’t even have to restart your browser. (The company says support for Internet Explorer and Safari is coming soon.)

The next time you compose a new email, you’ll see a blue bar at the top of your email window with a little toggle button that lets you turn Virtru encryption on or off and access other options. Then, type your email normally and hit send. Emails and attachments are encrypted on your computer or mobile device and decrypted on the other side so-called end-to-end encryption, which means they can’t be read in transit and they can’t be decrypted without a key if they are intercepted.