The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
Blockchain is the buzzword & Goldman Sachs explains this in one of the best way.

A new technology is redefining the way we transact. If that sounds incredibly far-reaching, that's because it is.

Blockchain has the potential to change the way we buy and sell, interact with government and verify the authenticity of everything from property titles to organic vegetables.

It combines the openness of the internet with the security of cryptography to give everyone a faster, safer way to verify key information and establish trust.





Visit the page below & scroll using mouse. 

It explains the whole Block chain concept in fantastic way.

The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
Microsoft Security Response Center (MSRC) designed and developed an analysis tool to help determine the vulnerability type and root cause of memory corruption flaws. The tool was built on top of two internally developed tools, namely Debugging Tools for Windows (WinDbg) and Time Travel Debugging (TTD).

WinDbg was created as a Windows debugger that has recently received a user interface makeover, while Time Travel Debugging is an internally developed framework designed to record and replay execution of Windows applications.

VulnScan begins the analysis process from the crash location then progresses to determine the root cause. VulnScan includes support for five different classes of memory corruption issues - Out of bounds read/write, Use after free, Type confusion, Uninitialized memory use and Null/constant pointer dereference.





The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
An open source tool to audit wireless networks. It allows the user to deploy advanced attacks by directly using the web interface or by sending messages to it. Initially the application was created to be used with the Raspberry-Pi, but it can be installed on any Debian based system. 

FruityWifi v2.0 has many upgrades. A new interface, new modules, Realtek chipsets support, Mobile Broadband (3G/4G) support, a new control panel, and more.It is possible customize each one of the network interfaces which allows the user to keep the current setup or change it completely.

FruityWifi is based on modules making it more flexible. These modules can be installed from the control panel to provide FruityWifi with new functionalities.




Within the available modules you can find URLsnarf, DNSspoof, Kismet, mdk3, ngrep, nmap, Squid3 y SSLstrip (code injection functionality), Captive Portal, AutoSSH, Meterpreter, Tcpdump and more. AutoSSH allows the user to create a reverse ssh connection, restarting it in case that the connection has been closed or dropped. It is useful to keep a permanent connection with FruityWifi.

FruityWifi now supports Mobile Broadband (3G/4G). We can use this module to connect a 3G/4G dongle and give internet access to FruityWifi without the need of Wifi or Ethernet.


The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
Srikrishna Committee on data protection issued a white paper on 27 November 2017. The nine-member expert committee, headed by former Supreme Court judge Justice BN Srikrishna, was set up on July 31 by the Union government. 




The white paper covers wide range of issues and asks questions related to the protection and ownership of citizens’ data and its use by interested parties.

The white paper lays out seven key principles for a data protection framework:

1. Technology agnosticism- The law must be technology agnostic. It must be flexible to take into account changing technologies and standards of compliance.

2. Holistic application- The law must apply to both private sector entities and government. Differential obligations may be carved out in the law for certain legitimate state aims.

3. Informed consent- Consent is an expression of human autonomy. For such expression to be genuine, it must be informed and meaningful. The law must ensure that consent meets the aforementioned criteria.

4. Data minimisation- Data that is processed ought to be minimal and necessary for the purposes for which such data is sought and other compatible purposes beneficial for the data subject.

5. Controller accountability- The data controller shall be held accountable for any processing of data, whether by itself or entities with whom it may have shared the data for processing.

6. Structured enforcement- Enforcement of the data protection framework must be by a high-powered statutory authority with sufficient capacity. This must coexist with appropriately decentralised enforcement mechanisms.

7. Deterrent penalties- Penalties on wrongful processing must be adequate to ensure deterrence.

The members include 
  • Ajay Bhushan, CEO of the Unique Identification Authority of India; 
  • Ajay Kumar, additional secretary, Ministry of Electronics and Information Technology; 
  • Aruna Sundararajan, secretary of Department of Telecom; 
  • Gulshan Rai, National Cyber Security Coordinator; 
  • Arghya Sengupta, research director, Vidhi Centre for Legal Policy; 
  • Rama Vedashree, CEO of Data Security Council of India, 
  • Rishikesha T. Krishnan, Director of IIM Indore, 
  • Rajat Moona; and director of IIT Raipur.

This is a very well written 243 page document. The paper includes questions to which stakeholders can respond by 31 December 2017, after which the panel will go ahead with drafting the data protection law.

You can submit responses to this whitepaper on below URL or physical address.

https://innovate.mygov.in/data-protection-in-india/

OR

Shri Rakesh Maheshwari
Scientist G & Group Co-ordinator, Cyber laws
Ministry of Electronics and Information Technology (MeitY),
Electronics Niketan, 6, CGO Complex,
Lodhi Road, New Delhi- 110003.

The deadline for submission of responses is 31st December, 2017.

Copy of White Paper on Data Protection is embedded below.


The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
Google launched new Beta program developed over the past years with the Core Infrastructure Initiative community. This program will provide continuous fuzzing for select core open source software.

Errors like buffer overflow and use-after-free can have serious, widespread consequences when they occur in critical open source software. These errors are not only serious, but notoriously difficult to find via routine code audits, even for experienced developers. That's where fuzz testing comes in. By generating random inputs to a given program, fuzzing triggers and helps uncover errors quickly and thoroughly.

Google's OSS-Fuzz has a goal to make common software infrastructure more secure and stable by combining modern fuzzing techniques with scalable distributed execution. OSS-Fuzz combines various fuzzing engines (initially, libFuzzer) with Sanitizers (initially, AddressSanitizer) and provides a massive distributed execution environment powered by ClusterFuzz.


Graphics Credit: Google

OSS-Fuzz has already found 150 bugs in several widely used open source projects (and churns ~4 trillion test cases a week). OSS-Fuzz is launching in Beta right now, and will be accepting suggestions for candidate open source projects. In order for a project to be accepted to OSS-Fuzz, it needs to have a large user base and/or be critical to Global IT infrastructure.


The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
Chip vendor Qualcomm has a bug bounty programme in a bid to improve the security of its Snapdragon family of processors, LTE modems and related technologies. Qualcomm claims the programme to be one of the first from a major silicon vendor.

Security researchers can find vulnerabilities with rewards of up to $US 15,000 (£12,000) per vulnerability as well as recognition in either the QTI Product Security or the CodeAuroraForum Hall of Fame, depending on the nature of the submission. 

Program Rules

Hardware - Vulnerabilities affecting the following chip set families are in scope:
  • Snapdragon 400
  • Snapdragon 615
  • Snapdragon 801
  • Snapdragon 805
  • Snapdragon 808
  • Snapdragon 810
  • Snapdragon 820
  • Snapdragon 821
  • Snapdragon 835
  • Snapdragon X5 Modem
  • Snapdragon X7 Modem
  • Snapdragon X12 Modem
  • Snapdragon X16 Modem
Software components
  • Linux kernel code that is part of "Android for MSM"
  • Privileged user space programs (i.e. running as root or system)
  • Bootloader (all boot stages)
  • Cellular modem
  • WLAN and Bluetooth firmware
  • Qualcomm Secure Execution Environment (QSEE) on TrustZone



Rewards
Security Rating: Critical
Software Category: Cellular modem - Reward: $15.000
Software Category: TEE - Reward: $9.000
Software Category: Bootloader - Reward: $9.000
Software Category: Application processor software and all other qualified components - Reward: $8.000

Security Rating: High
Software Category: Cellular modem - Reward: $5.000
Software Category: TEE - Reward: $5.000
Software Category: Bootloader - Reward: $5.000
Software Category: Application processor software and all other qualified components - Reward: $4.000

Security Rating: Medium
Software Category: All qualifying components - Reward: $2.000

Security Rating: Low
Software Category: All qualifying components - Reward: $200-$1.000

The Secure Planet, Cyber Security, Audit Compliance, Digital Forensics, Corporate training, CISSP, CISA, CISM, Information Security consulting
There are 2 good IDS tools designed to help analysts test rules for intrusion detection systems (IDS) and intrusion prevention systems (IPS) such as Snort and Suricata.

Flowsynth and Dalton

Flowsynth - Flowsynth rapidly models network traffic and generates libpcap-formatted packet captures. It leverages the Scapy packet manipulation tool, but Flowsynth's input is a text-based, structured intermediate language that is simple to create and understand. It allows for programmatic network flow definitions as well as ad hoc and custom network traffic creation.




Dalton - It allows users to quickly and easily run network packet capture (pcap) files against IDS/IPS engines using bespoke rules and/or existing rulesets. It includes a controller component, which provides a web interface and an API for retrieving job results and communicating with agents. These agents, which represent the second component of the tool, run on IDS sensors and provide an interface between the controller and the IDS engine.