headermask image

header image

[OT] Sad demise of Guru Ammannur Madhava Chakyar

July 2, 2008 – 8:36 pm

This post is not technical. However, being a SPICMACAYite and an Indian, I felt compelled to let my readers know about the sad news; especially when the news channels are not finding any slot for this legend.

Koodiyattam exponent Ammannur Madhava Chakyar, recipient of the Padma Shri as well as the Padma Bhushan honours by the Govrnment of India. He was not only responsible for bringing the art form Kutiyattam (or Koodiyattam) out of temples, but also with reviving it.

Ammannur Madhava ChakyarThe following news article from The Hindu provides other details.

Koodiyattom expert Ammannur Madhava Chakyar died at his residence, Ammannur Chakyar Madom, at Irinjalakuda, near here, on Tuesday. He was 92.
The end came around 9.30 p.m.
The history of modern Koodiyattom is inexorably entwined with Madhava Chakyar’s life and art.
He did not want Koodiyattam to be restricted to the temple arena. His major contribution to the art was to take it beyond traditional confines.
Ammannur’s debut performance was at the age of 11 at the Thirumandhamkunnu temple, Angadipuram. He played the role of Sutradhara in the play ‘Balacharita.’ His first-ever Prabandha Koothuwas held at Trikkovil temple at Chendamangalam.
He trained under the princes of the royal family of erstwhile Kodungallur. He played his first major role, Sreerama in ‘Soorpanakankam’ at the Koodalmanikya temple in Irinjalakuda. He was a recipient of Padma Bhushan, Kalidasa Samman, Kerala Sangeeta Nataka Akademi Award and Kendra Sangeet Nataka Akademi Award. He is survived by his wife Parukutty Nangiaramma.

May his soul rest in peace.

Bipin Upadhyay | music, news, off-topic | Comments (0)

Adieu, Billy Boy!

June 30, 2008 – 5:47 pm

Taken from Joy of Tech

by Joy Of Tech -- geekculture.com

On a personal note, you did change the world Billy Boy. Hope you do the same again. :)

p.s. BTW, Joy Of Tech guys are good. Subscribe to them if you like a laugh once in a while.

Bipin Upadhyay | Bill Gates, humour, microsoft | Comments (0)

Reviving OWASP Bangalore Chapter

June 29, 2008 – 7:53 pm

The OWASP Bangalore Chapter met after almost an year today, and I was priviledged to be a part of it. As happens often with technical groups, including LUGs (Linux User Groups), they tend to loose participation and go to indefinite hibernation mode. OWASP-Bangalore’s fate was no different.

Meeting room stencil graffiti by -- flickr.com/photos/clagnut/252185030/

Anyhoo! The important point is that we finally met today. There were around 12 peole who turned up, and boy, It’s always an honour to meet enthusiastic people from the Security community. Minutes of the meeting will be posted by Hari, Chapter coordinator, pretty soon on the OWASP-Bangalore mailing list. To cut things short, we discussed and decided on a couple of points to revive the Bangalore Chapter. I’ll personally be looking forward to spreading the information to younger audience. So, just in case you are a part of some College around Bangalore, feel free to drop me a note. We’d love to visit your campus and deliver talks, free of charge. :)
As for the regular meetings, we’ve decided to meet every fourth Wednesday of the month. Venues will of course, keep changing.

p.s. I love the song “Jaane Kya Baat Hai” from the movie Sunny. But somehow, I am not able to get the other song,”Aur Kya Ahde Wafaa Hote Hain”, out of my mind since morning. Not that I am complaining ;)

Aur Kya Ahede Wafa…
Bipin Upadhyay | life, music, news, security, webappsec | Comments (0)

SecurityCamp is here, where are you?

June 25, 2008 – 6:04 pm

Update: OWASP Bangalore Chapter is meeting on 29th June, i.e. Sunday, morning at 9:00 AM at Indian Coffee House. M.G. Road, Bangalore. Join us, if you can.

I feel extremely glad to announce that Security Camp, the first security Barcamp in Bangalore (as far as as I know) is on12th of July. It’s being hosted by RSA.

by flickr.com/photos/place_light/15355970/

Being a FOSS and NGO enthusiast, I am big fan of communities and highly respect the power they can unleash towards the motive. I have always felt that the Security community in India could be a little more organized and visible. Unfortunately, all I have seen till now is a couple of mailing lists (which are really good btw), some hacker gamers (who game all night long :) ), and a couple of small conferences (like Club Hack, OWASP’s Mumbai meet). Although these deserve respect in their own right, but there’s always scope for a lot more, especially the visibility factor. Now, this BarCamp isn’t going change everything overnight (in fact the number of registrations are pretty low), but I am happy to see yet another one popping up. Luckily, Harinath, the chapter lead of OWASP-Bangalore, has called for revival of the chapter. I am hoping that we meet at Security Camp and come up with a survival plan :)

But again, firstly I wish I can make it to the Security Camp. We, at office, are expecting some OpenSocial related work in the first week of July, which probably means no Saturdays and no Sundays :| I was also hoping to visit the meet with my Geeky-partner Johnny ;), but he’d be out of town. No complaints though, he’d be talking at GUADEC :) (uh, who came up with that acronym?)

I am sincerely hoping to be able to make it (and may be take my team there too). If I do, I’ll probably talk about a small research I did towards Designing a Phishing/Fraud IDS. Apart from the fact that I tried talking about it during DevCamp (where my lappy didn’t work with the projector and I’d to hold it in my hand :( ), I’ve been sleeping on it. Mostly because there’s lot to be done to reduce the false-positives, which is anyways the case with all IDSes.

Bipin Upadhyay | news, security, webappsec | Comments (2)

Bittu’s back :)

June 12, 2008 – 5:01 pm

Bittu, my wife, got revamped. For unemotional people, it simply means I bought a new laptop :)

She is red, and she’s hot!

Bittu

She’s a Dell XPS M1330. Other features include:

1. Intel Core-2 Duo, 2.1 GHz (My first intel. I used to be with AMD)
2. 200GB HD , 7200rpm
3. 128 MB Nvidia graphics card (the games run awesomely, and I have re-entered the gaming arena. Currently re-re-replaying Serious Sam, Second Encounter)
4. Pre-Loaded Vista :(  (I am still a little confused, whether I go ahead with OpenSuse 10.3 or wait 6 more days for OpenSuse 11 to arrive. ;) )
5. and other regular features like DVD writer, fingerprint scanner, built-in webcam, etc. etc. etc.

I should have updated about her by now, but have been very very busy with an official work involving OpenSocial till yesterday. Hoping to publish other draftified articles soon.

Bipin Upadhyay | Uncategorized, life, news | Comments (11)

Slashdot, uh! :|

May 21, 2008 – 1:01 pm

Slashdot is supposed to be a respectable (news) portal for geeks and nerds. It’s punch line says News for nerds, Stuff that matters. I must admit that there was a time when I used to start my day with Slashdot, trying not to miss even a single news. That phase, however, is over. The two biggest problems with Slashdot today are:

1. The Slashdot community, which is getting reduced to people who lurk around to post comic and sarcastic comments. It’s very seldom that you come across an intelligent and insightful comment.
2. The news, if I may say so, itself.


By flickr.com/photos/nesster/


This rant is a direct result of a news titled Google Assists In Arrest Of Indian Man, posted on 19th. First of all this is an Old News. In fact I’d used the context to post a legal analysis of the impact of another Orkut worm, as per my knowledge and belief. I have nothing against reading old news, but for God’s sake, don’t claim it to be new.

Secondly, the post cites Shivaji as a saint. He was not a saint. He was a king and a warrior. Do your homework before posting, or rather approving such news.

Thirdly, the tone in which the post is written is as vague, if not more, as the point the post tries to make. If you wish to blame Google, get proper info before doing that. Google has a pact with Indian law enforcement. They are bound to provide such info. If you wish to convey the news that a false person was convicted, say it. If you wish to bring about the role of Yahoo! and Google in such cases, do it properly.

Being said all that, I don’t think I’ll completely stop reading /. . However, the prestige of being Slashdotted now seems to be just about traffic now.

Bipin Upadhyay | Uncategorized, google, irony, rant | Comments (1)

A new home for us :)

May 6, 2008 – 11:57 pm

Link

People who know me, know that I desist Social networking portals. Don’t worry, this post isn’t another rant. It’s more of an announcement that I’ve joined a Social Network :)

Yup! The guys at GNUCitizen have started a social network for hackers, and very intelligently named it House of Hackers. I’d like to call it HoH (as in Hah!) :)

House of Hackers

A few motives cited for creation of the network are:

  • To provide platform for hackers to exchange ideas, communicate, or/and even form groups -elite or otherwise. Although Slackers is an amazing place to communicate, web is never big enough for two similar houses. Moreover, they aren’t same, just similar
  • Create a Hacker recruitment market. Recruiters could advertise to recruit/hire people from here. The best part of this, as cited, would be that HoH would eliminate any middleman (or you employer), and hence help you earn more. Pretty obviously, this holds meaning for elite ones only. But then I have always believe that you can learn only to the extent you can challenge yourself… and good company definitely challenges you :)
  • Fund Research programs from time to time. Not so long ago, Ronald came up with idea of Router Hacking Challenge, where you had to hack your own router and make the findings public. The _cutest_ hack would be regarded the best. GNUCitizen (Ronald is now a part of GNUCitizen) hosted the contest. I mention this just to affirm that I really like the guys at GNUCitizen, and I am really excited to know that they’d be encouraging the community (and funding them too). The money is expected to come from the recruitment advertisements.

Needless to summarize that I am keeping my eyes open, fingers crossed and hoping that this turns out to be a great venture for the community.

Just one concern, these %*^*@#$ hackers will keep screwing the portal networking portal, you know. ;)

My profile link.

Bipin Upadhyay | Uncategorized, hackers, news, security, webappsec | Comments (0)

iHacker

April 30, 2008 – 1:36 am

I have a special likeness for T-Shirt with quotes. More Geeky the quote, more geekier… I mean better.
I got this T-Shirt made for myself a couple of days ago.
I case you didn’t get, it’s a mockery of the crippled iPhone.

iHcaker

Oh by the way, this is my first post on the new blog, and this pic is a response to Swenny’s post on Adding an “i” :)

Bipin Upadhyay | Uncategorized, apple, hackers, humour, life | Comments (2)

How about a Better & Cheaper MacBook Air!

January 31, 2008 – 5:34 pm

Those were the days when I used to be a Apple fan.
aah.. the harsh reality that they produce nothing more than crippled products at sky-high prices.

Moreover, Apple isn’t just about cut-throat business. It’s also about making people feel bad about themselves.
Don’t trust me?
See here yourself.

Bipin 3 Upadhyay | apple, humour, irony, life, script | Comments (5)

A Phish floating in Google Survey!

January 29, 2008 – 9:24 pm

Demo

1. Phizy-Phizy-Phizy

I have always loved making this phizy-phizy-phizy sound purposelessly, which I once heard in a Rob Schneider movie (which, if I remember correctly, was a pathetic movie). Anyhoo! I, now, have a set of very strong reasons to move around repeating the same lines.
First, we received a request to be involved in a discussion for a Risk Assessment Model for a Banking site. This model had to be focussed on Two Factor Authentication and Phishing. This brainstorming gave me a couple of interesting avenues to work on. Hopefully, I’ll be writing more in this pretty soon.
Secondly, Peter Thomas (one of my amazing Bosses), forwarded me the link about the latest research by Nitesh Dhanjani & Billy Rios. They virtually infiltrated the Phishers ecosystem and have come up with some very interesting information.
Thirdly, my friend Swen called me up to let me know about a phishing mail, claiming to be a Google survey, that had landed in his mailbox. He was excited for two reasons:
a) He had received a phishing mail for the first time, and I guess you all remember the excitement the first time you discovered your first phishing mail.
b) He is one of the Google fans, and is worried about the safety of the vast majority of user-base Google has. Obviously, his concern isn’t without reasons.
by-mcbeth www.flickr.com/photos/mcbeth/235875/

2. A Phish named GoogleSurvey

As I mentioned Swen informed me about the shiny phish called GoogleSurvey. It presents you a page that looks completely similar to the Google Login page and requests you to login in order to complete the survey. If you login, you are presented with 3 questions on by one. At the end you are thanked for completing the survey.

3. Anatomy of Google-Survey-Phish gills

The Google Survey Phish isn’t sophisticated y ANY standards. Clearly, it’s done by some n00b, and was probably deployed using a very cheap Phishing Kit. However, it’s really interesting to understand how it works.
The first page the you encounter while analyzing is http://www.googlesurvey.co.nr/, which I must admit, looks very similar to the Google Mail login page. A look at the source code reveals that this is not the original page. The google mail look-alike page is alike page is actually located at http://googlesurvey.99k.org/. http://www.googlesurvey.co.nr/ only frames the page at with 100% width and 0px border.

Another interesting point to note is that the phisher used a free hosting service http://www.zymic.com/free-web-hosting/. Thus, theoretically he/she cannot be traced. Not via the hosting service, at least. :)

Now, when you enter your id and password, the data is sent to a php script on the server located at http://googlesurvey.99k.org/LoginAuth.php. Quite obviously, this script stores/mails your credentials for someone who’s not a very pleasing person.

4. Demo: Farming your own Phishes for fun & profit *cough*

The world of Phishing is so dark, deep, safe, easy, and seductive that a person with even a slight malign would be tempted to this farm his/her own phishes and make easy money. I set up my phishing domain for educational purposes. It also shows how quickly you can setup your very own phishing portal, sometimes even without a phishing kit. The domain I’ve setup has the following flaws (introduced to prevent me getting screwed by some half-witted law enforcer) :
1. The domain points at Yahoo!, while the page displayed is similar to the GMail login page.
2. The information entered is NOT stored. You can check it by entering garbage data.

I have used the same page used by the GoogleSurvey Phish, and also used the same free hosting service.

5. Conclusion

It’s almost impossible to prevent users from getting Phished. People will continue to click on links they receive in their inbox and </sarcasm> proceed to win an ipod </sarcasm>. Reducing phishing requires a number of things to be in place -sensible developers, well informed end user, smart browsers with phishing aware features (IE7, Fx2 etc.), a few toolbars like NetCraft to be installed, etc. etc. And even doing all this doesn’t guarantee to save a user ignorant of phshing. I mean how do you save a person who doesn’t even know that such a kind of fraud exists.
Moreover, the URI vulnerabilities have added another dimension to the whole phishing scene. :)

Bipin 3 Upadhyay | demo, education, google, hackers, life, news, phishing, script, security, webappsec | Comments (4)