Suramya's Blog

Visit suramya.com Who am I?

April 25, 2015

There is no such thing as a completely secure OS

Filed under: Computer Security,My Thoughts — Suramya @ 1:47 AM

Every once in a while while talking to folks about computer security I am told that I should switch to Mac’s because they don’t have security issues or viruses. I find that very amusing and I think the following comic sums up the ‘apple fanboi’ thinking quite succinctly:

Even though it is funny, unfortunately a whole lot of folks still believe in the Myth that Apple computers/devices are secure/don’t get viruses. Now, don’t get me wrong, there are a lot of good points for the Mac OS and they just work for some people. I am not one of them but that doesn’t mean that I ‘hate’ Mac OS or Windows for that matter. I like Linux, others don’t. That is their choice and this is my choice. This post is to talk about computer security and high light some of the major flaws that have hit Apple computers over the past few months:

Firmware Boot kit: Thunderbird

This was discovered by Trammell Hudson back in Jan 2015. It allows a user to quietly, persistently and virally compromise Apple Macs from boot. Since the code is stored in the firmware it is very difficult to detect and remove. It works against all Macbooks released since 2011. Apple has released a fix but it is hard to ensure that your computer isn’t already infected before applying the patch.

Details are at: Thunderstrike shocks OS X with firmware bootkit.

Shellshock: Mac’s are vulnerable

Shellshock allowed attacker’s to insert malicious pieces of code from a remote location and get full system control of a victim’s machine. The scary part of the story wasn’t that Apple computers were vulnerable (plenty of systems were), it was the fact that Apple refused to acknowledge the issue and took over 15 days to release a patch for the problem, even though it was being actively exploited in the wild. Their justification was that “The vast majority of OS X users are not at risk to recently reported bash vulnerabilities… With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services”.

So basically if you don’t use your computer to do anything other than the default configuration you are good. (for the most part) Those of us who use Mac’s to actually code or develop stuff are not a priority for Apple.

Bypassing OS X Security (Gatekeeper & xProtect)

Patrick Wardle, director of research at Synack spoke at the RSA conference a few days ago about OS X security and as per him getting around the restrictions put in by the OS X Security tools is trivial.

“Gatekeeper doesn’t verify an extra content in the apps. So if I can find an Apple-approved app and get it to load external content, when the user runs it, it will bypass Gatekeeper,”

More details on the issue are at: Researcher Discloses Methods For Bypassing All OS X Security Protections

iOS WiFi Bug Allows Remote Reboot of All Devices In Area

This one is my favorite. It allows an attacker to cause all iOS devices (iPhones/iPads) in a particular area to Crash and/or reboot. It involves setting up a rogue wireless access point (WiFi hotspot) and manipulating the traffic to it to cause all apps and iOS devices in range to crash. The best part is that there is no fix for it. The only way to resolve the issue is to move out of range of the Access Point. Even putting your phone in Airplane mode doesn’t work. Which is scary on it’s own because that means that even when you are in Airplane mode the phone is still transmitting/receiving data from wireless networks.

Since there is no fix for it yet, the researchers have not released a lot of details on the exploit but once Apple releases a fix they will give more details it. Then I can just imagine someone setting up one of these using a Raspberry Pi at a conference hidden under a table causing a whole bunch of people a whole lot of pain/annoyance.

Additional details of the issue are at: Evil Wi-Fi kills iPhones, iPods in range

There are a whole lot more where these came from. So the moral of the story is that there is no system that is 100% secure. If you want to stay safe, follow best practices, update frequently and pray.

– Suramya

April 24, 2015

Some thoughts on the mails on how folks born in x-y range are the best

Filed under: My Thoughts — Suramya @ 1:04 AM

I am sure that you have received a lot of emails/sms’s/WhatsApp messages that claim that folks of a particular age range were the best and did the most with our lives as opposed to people in earlier/later generations who couldn’t have possibly done anything worthwhile. Today I got this forward and I thought about it and decided to share it and my thoughts/comments on it.

> We, the people born between 1950-1989, are the blessed ones…
> We are d awesome people. Our life is a living proof……….

Ok, if you say so. I am not sure what made us the blessed ones but fine if you think so. I think that is just conceited and egoistical. You might be awesome, but you sure don’t know how to spell or write.

> We were never treated like a pack of animals to carry our books to school.

Hmm, I distinctly remember carrying a lot of books to School. In fact we had 7 classes every day so I had to carry 7 books, 7 notebooks and other assorted stuff to class. I think you have forgotten about the thick math & Physics books that we all had to carry to school everyday.

> While playing and riding bicycle, we never bothered to wear helmets.

I don’t think you need to wear a helmet even now while playing in the field (unless you are playing american football). Being safe is not a bad thing. Unless you are one of the idiots who think that it is cool to ride bikes/scooters without helmets?

> After school time we played until its dusk but never watched t-world (TV) by locking up ourselves in a room.

I know enough people who did that (watched TV all day) when we were kids and enough kids nowadays who spend their evenings in the field, or in the pool, or up a climbing wall etc etc. Don’t generalize.

> We played only with our real friends, not with NET friends.

What constitutes a ‘real’ friend? Actually, before you answer that let’s take a look at What a friend is… Dictionary.com defines a friend as “a person attached to another by feelings of affection or personal regard. “. You can be attached to a person even when you don’t meet every day. Or do you mean that anyone you can’t meet on a regular basis is no longer considered a friend. If that is true then anyone not in the same city as you automatically is demoted to an acquaintance.

I have friends whom I met online and then became really close to and after we met up in real life we stayed good friends. Just because you are not comfortable with maintaining friendships in mediums other than Face-to-Face, doesn’t mean that those relationships are any less meaningful.

> If we ever felt thirsty, we used to drink tap water but never searched for bottled water.

Ok, however the water was usually filtered. which is what we still do for the most part.

> We never got ill even after sharing the same juice with four friends.

You still don’t. (Unless one of them had the cold/flu)

> We were never put on weight even after eating plate full of sweets and rice everyday.

Umm… Not true. It depended on how much exercise you got playing, which is still the case. Kids who are active don’t get fat, those you are not get fat.

> Nothing happened to our feet even after roaming bare foot.

Not true. You could get blisters, get a thorn. Just that when that happened our parents didn’t freak out and try to wrap us in cotton when that happend.

> We never used any health supplements to keep ourselves healthy.

Speak for yourself. Most kids I knew got to take a ton of Vitamin tablets/cod liver oil etc on a periodic basis. Though we didn’t take as many antibiotics, those have gotten a lot more prevalent nowadays.

> We used to create our own toys and play with them.

Kids still do that. Watching my nephew and niece I see that for them anything is a toy. e.g. for my nephew a screwdriver is the worlds best toy. My niece loves playing with my watch and glasses. Older ones create whole worlds using games (both online and in real world). A few days ago I watched a bunch of kids play Lava Lava (the game where the entire floor is Lava and you die if you touch it).

> Our parents were not rich, they never ran behind money and wealth. They just searched for and gave only love.. not any worldly materials.

What makes you think people in past generations weren’t after money? If they were not then we would have a lot more ascetics in the world, instead we got Harshad Mehta, Chara Scam’s, 3g, 2g scams etc etc (these were done by folks our parents age).

> We stayed nearby to them so that they can communicate with us. Just one word by them was enough to communicate. hence we never required any mobile phones to communicate.

Just because people stayed near their parents didn’t mean they communicated, you can stay in the same house and not talk or stay in a different country and still talk daily. Which is why so many properties ended up getting divided. If I am so close to my parents that I need just one word to communicate with them, then I can do that over the phone as well. I don’t need to be in the same room to do that. I talk to my parents on a daily basis (for the most part) over the phone and I know people who haven’t talked to their parents in years even though they are in the same city.

> We never visited doctor when we got ill but the doctor visited us during our illness.

They still do. Just costs a lot more. ;)

> We never used to share our emotions just by emoticons in mobile phones.

Ok. I give you this one.

> We used to listen to the truth and voice of our conscience and used to write those things only in the letters, hence we never used to change our words.

Oh really? You mean to say that no one in our generation told lies, or cheated anyone? If you think that then I have some real estate that I need to sell that you would find very interesting.

> We never had cellphones, DVDs, Play stations, XBoxes, video games, Personal computers, internet, chat but we had many real friends.

So do kids in the current generation. You can have friends even when you have all the gadgets in the world as they are not mutually exclusive.

> We used to visit our friend’s home uncalled and enjoyed food with them. We never had to call them and ask their permission to visit their home.

Umm.. you still don’t have to. I see my cousins, nieces and nephew’s walk over to their friends place to play daily without having to ask for permission. At my sister’s place I see Vir’s friends over all the time and Vir is at their place just as frequently.

We come up with these lists to show how much better off we were as kids but to me they tell a different story. The lists tell me that our parents did an awesome job in raising us and maybe we are not doing that great a job of raising the next generation. If the kids today are anti-social (in your eyes) or don’t go out to play then they are not to blame. I blame us (the parents/previous generations). The kids will do what they get trained to do.

We are the ones who freak out when the kids go out and don’t get back home exactly on time. We are the ones who tell kids not to play in front of the house. We are the ones who protect our kids to the extent that they don’t know how the real world works.

Relax, stop protecting the kids so much. Give them some leeway to make mistakes as that’s how they will learn. If you remember we made our fair share of them, so now it’s time for the next generation to make their mistakes and learn from them. Let the kids know that you are there for them if they need you but give them some space as well and you will see them blossoming.

Well this is all for now, I need to crash for the night so will write more later.

– Suramya

April 17, 2015

How to find information when Google can’t find it

Filed under: Computer Tips,Interesting Sites,Knowledgebase,Techie Stuff — Suramya @ 10:36 PM

For most people if you can’t find something on Google then it’s not there on the internet. However that is not true and there are other ways to find the information you are looking for even if Google can’t find it. Now some of you might be wondering, how can something be online without Google knowing about it because don’t they index everything? Unfortunately, that is not true. According to studies there are a lot of sites out there that are not indexed by any search engine. This part of the internet is called the Deep Web. Deep web is not to be confused with Dark Net which contains sites that can’t be reached via the regular internet. Deep Web sites are accessible via the regular internet and it is a lot bigger than the visible internet. In-fact some estimates suggest that the deep web is 400 to 550 times larger than the surface web.

So how do you find something that is in the Deep web or just not indexed by Google? Well, you can always try one of the following options depending on what you are looking for.

Wolfram Alpha

For example, if you are making factual queries about data (e.g. facts, figures, etc) then you should take a look at Wolfram Alpha. Their Wikipedia page explains how the engine works:

Users submit queries and computation requests via a text field. Wolfram Alpha then computes answers and relevant visualizations from a knowledge base of curated, structured data that come from other sites. The curated data makes Alpha different from semantic search engines, which index a large number of answers and then try to match the question to one.

Using the Mathematica toolkit, Wolfram Alpha can respond to natural language questions and generate a human-readable answer.

Topsy

Topsy maintains a comprehensive index of tweets and since Twitter is the best place for real-time sharing of thoughts/news then it is a good place to search for current events/trending topics. I just tried it out and it looks to be pretty effective and efficient.

Image Search

If you are trying to identify an image, or find more information about a particular Image then you can always try Google image search. However if that doesn’t return any relevant results then you should try out specialized Image search engines like Tin Eye or yandex.ru. I use a Firefox Extension called Who Stole my Pictures that lets you search across multiple engines in one shot from your context menu. Side note: This also search on Bing but 99.99% of the time Bing doesn’t return any results no matter what you search for.

On the other hand if you are just searching for images you should try PicSearch.com which is a image search service allowing a user to search across over 3 billion pictures (as per the site).

WebForums and Discussion boards

Another great way to find answers is to search on enthusiast forums and discussion boards. These forums have a whole community of folks who are passionate about that particular topic and would love you to point you in the right direction or walk you through figuring out the solution. Just ensure that you are asking Questions The Smart Way.

BoardReader.com allows you to search across multiple discussion boards and forums available on the net. Reditt.com has subreddits that focus on thousands of topics and most of them have actual relevant information as not all of the site is dedicated to cat video’s.

IRC

IRC stands for Internet Relay Chat and is designed to facilitate group communication in discussion forums, called channels hosted on IRC servers. There are channels dedicated to pretty much any topic you can think of on some IRC server somewhere and you can get answers to questions or help with a problem in real time.

The difficult part is finding the appropriate channel to ask your question.

I have used IRC Search in the past to find channels with a good success rate. Another option is ixirc.com/.

In addition to the options listed above, you should also check out the following resources for additional information and search options/methods that you can try out when searching for data:

That pretty much covers what I wanted to talk about in this post so this is all for now. Will post more later.

– Suramya

April 16, 2015

Pretty cool time waster

Filed under: Interesting Sites — Suramya @ 9:39 AM

If you are tired of working or just need a break then you should try playing Escapa!. It is a very simple game that requires coordination and patience. Try it out and don’t blame me if you end up wasting a whole lot of time at the site.

– Suramya

April 15, 2015

Please defend Internet Freedom in India

Filed under: Computer Related,Interesting Sites,My Thoughts,Techie Stuff — Suramya @ 1:34 AM

Not content with watching the US and certain other countries screw around with net neutrality the Telecom Regulatory Authority of India (TRAI) has decided to pitch in and make a mess of things (again) in India. These are the same brilliant folks who decided in 2007 that an entire IRC network (undernet.com) should be blocked in India because there are a few channels on it that promoted piracy. It took a few years for the stupid ban to get lifted. Even now a bunch of URL’s are blocked but for the most part things are ok.

Unfortunately that is not going to be the case for long if the telecom lobbyist’s have their way. They want to break up the internet access to Paid and free access with the Telecom’s deciding what content should be available to a user. If a site doesn’t pay then they would either get blocked or get put on a ‘slow-lane’ where traffic to the site is artificially slowed down to give more bandwidth to paying sites. In short they want to take away net neutrality. So what exactly does net neutrality mean? In short it means:

  • All sites on the internet must be equally accessible (that means that no site’s traffic is given priority)
  • The same access speed at the telco/ISP level for each (So assuming all else is the same then all sites will be accessible at the same speed)
  • The same data cost for access to each site (per KB/MB). (No reducing of data cost to sites that pay Telecom’s money)

TRAI has released a consultation paper with 20 questions and wants you to send them an e-mail by 24th of April, 2015. Please visit Save the Internet to submit your responses to TRAI. It is as simple as going to the site, reviewing the email with the answers and then sending it out. Your 5 mins just might save the net in India.

More information on this issue is available at the following sites:

Once you have emailed your responses please help in spreading the word to others via Social Media/Email/Smoke Signals.

– Suramya

April 8, 2015

Hacking is unrealistic in TV shows and Movies… No really?

Filed under: My Thoughts — Suramya @ 9:02 PM

Over the past few months I have seen multiple posts/comments/rants about how Hacking is not portrayed realistically in media. Is it really that big a surprise that like all things, Hacking is also portrayed unrealistically in TV & Movies? Or did you really think that this is how cars are driven or that people can run around after getting shot multiple times with a machine gun without bleeding to death? TV/Movies are meant to entertain, and sometimes that requires stretching the truth a bit ’cause guess what, real life doesn’t look that great on the screen.

Now I am not saying that some shows don’t take it to such an extreme that you are left wondering what on earth just happened but for the most part it is ok to stretch the truth. If I really wanted to look at a someone spending hours trying to figure out why some piece of code is not working then I don’t have to go to the movies for it, I can just go to work and look at the folks around me. (Not that watching them is not entertaining at times ;) ).

All that being said, at times you do feel like finding the director or producer of a particularly WTH depiction of technology and smacking them on the head. Few of the gems that stand out in my memory are:

  • In Scorpion, the heroes need to get a backup for the ATC software from a plane which has the only non-corrupted version of the software (apparently the IT admins there haven’t heard of multiple backups). The only way to get it off the plane is to dangle an Ethernet cable from the plane to a laptop in a car racing under the plane.
  • In Bones, a genius hacker creates marks on bone that when scanned to create a 3D model of the body somehow automatically convert to code and make the CPU fry itself. The best part is that they can’t replace the burnt boards and be back up and running because apparently backups are for wimps.

Some of the others are listed here and here. There are a ton of such instances, but for the most part I don’t care as I am watching to be entertained. As long as they don’t get to a point where the issues distract from the show I am fine with it.

That is not to say that I don’t appreciate movies/shows where they do research and the techno-babble makes some semblance of sense. Those are a treasure and need to be appreciated like fine wine. This site has a list of some of the more realistic hacking portrayals in the media.

After talking about all this I feel a desire to go watch Wargames again. Or maybe Hackers. ;) So this is all for now, I will write more later.

– Suramya

April 7, 2015

Comic Con Bangalore 2015

Filed under: My Life — Suramya @ 12:54 AM

This weekend was Comic Con Bangalore 2015. It should have been named T-Shirt Con 2015, or maybe nicknack Con 2015. There were very few stalls for Comics or books. Last year was a lot better with a bunch of artists and authors making it to the show. This year most of the con was focused on Game of Thrones and since I don’t like the show that much (I have already tried to watch it 4 times but still haven’t managed to finish Season 1). I prefer the books than the show. I did end up buying a T-Shirt and a sticker for my car.

Thankfully I didn’t buy the 3 day pass as I was initially planning to, but when the Con schedule wasn’t available even 3 days before the show I had a bad feeling about the entire thing. I ended up leaving within about 3 hours of getting there.

Hopefully the next one will be better.

– Suramya

April 1, 2015

But we Indians never follow rules…

Filed under: My Thoughts — Suramya @ 11:52 PM

A couple of days ago I was told, you might follow rules, but we are Indians and we Indians never follow rules. This is a statement that never fails to annoy the hell out of me when I hear it and for some reason I seem to hear it quite often, usually from folks who should know better.

I will admit that there are folks who don’t follow rules and drive on the wrong side of the road and ultimately end up as road-kill. However to say that all Indian’s are that way is wrong. I know enough people who will go out of the way to follow the rules, will be at a place on time, behave like normal human beings that use the brains that god gave them. Some of them are Indians, some are Americans, some British etc etc. On the flip side I also know people who don’t think twice about driving drunk, jumping red lights and thinking that they are Gods gift to mankind. Guess what, some of those idiots are Indian’s, others are Americans, a few are Russian and a few British etc etc. India doesn’t have a monopoly on idiots.

The same people who make such statements are the ones, who when visiting other countries will follow their rules exactly. That proves that they can follow rules, they just don’t want to. I am sorry but if you are an idiot who believes that following rules somehow makes you weak or something then please do me a favor and don’t club me with you. It is not a matter of pride that you break rules. It is not something that makes you great. Actually, scratch that. It does make you great… a great moron.

You know what the worst part is? The fact that these people proudly make such statements in front of foreigners. It just shows that you don’t have any pride in your country and if that is the case then you are more than welcome to migrate to a different country. Goodbye and good riddance! Don’t let the door hit you on the way out. A person who is doesn’t take pride in his country, his people is not someone I want around me. However we do need to be careful that we don’t become so proud of ourselves that we go to the other extreme where we think that we are the only people who can do anything correctly. That is what starts wars and is the cause of a major part of the world problems right now.

I am proud of being an Indian, that doesn’t make me blind to our faults. But the only way we can ever think of fixing these faults is if we first admit that there is an issue and start working on it. Making our faults a matter of pride is one of the most idiotic moves that I can think of and it will cause no end of trouble.

Before you complain about folks jumping red lights or driving on the wrong side of the road, ask yourself a question. Do I do this? If your answer is yes then you have no right to complain about others doing exactly the same thing as what you do. All we need to improve things is for each person to look at themselves and stop taking the easy way out. If even a fraction of people start doing this then improvements will be obvious and slowly over a period of time others will follow as well. If nothing else you will be a good role model for the next generation coming up.

Well this is all for now. I am done with my rant and will go back to trying to fix my computer.

– Suramya

March 30, 2015

Bought a whole lot of books today

Filed under: My Life — Suramya @ 11:59 PM

This is what happens when you get an email telling you about a massive sale going on at your favorite online bookstore and you have some time to kill. Ended up ordering 9 books before forcefully convincing myself that it was was more than enough. Although considering the sale is going on till tomorrow night I think I should avoid going online till tomorrow morning. Which is something that I don’t see happening in the near future.

I should log off for the day before I am tempted to log back on to the site and place more orders… Well, atleast I will have enough to read when I take my next vacation. I am going to crash now before my credit card decides to go on strike and stop working.

– Suramya

March 29, 2015

Rosetta Stone for Unix/Linux

Filed under: Knowledgebase,Linux/Unix Related,Techie Stuff — Suramya @ 9:53 PM

If you have been in the industry for a while then you have been in a situation where you need to do something on the server but have no idea what the appropriate command is because you always worked on a different variant/version of the Operating System. Think having to work on Solaris or Linux when all you have worked on is the Mac OS. To make things easier for the poor admins that have to keep switching OS’s, Bruce Hamilton has created a site he calls the ‘Rosetta Stone: A Sysadmin’s Universal Translator‘. This site has a list of tasks and the corresponding command that you would have to run for each of the OS’s. The Stone supports the following OS’s:

  • AIX
  • A/UX
  • DG/UX
  • FreeBSD
  • HP-UX
  • IRIX
  • Linux
  • Mac OS X
  • NCR Unix
  • NetBSD
  • OpenBSD
  • Reliant
  • SCO OpenServer
  • Solaris
  • SunOS 4
  • Tru64
  • Ultrix
  • UNICOS

and covers tasks in the following categories:

  • hardware
  • firmware
  • devices
  • disks
  • kernel
  • boot
  • files
  • networking
  • security
  • software
  • patching, tracing, logging

Check it out, bookmark it. It will save you some grief down the line the next time you are in this situation.

– Suramya

Older Posts »

Powered by WordPress