India's tough hacker crackdown: IT security leaflets with every device
Vendors cry foul over packaging problems
India has reportedly concocted a plan to cut down on IT security problems: forcing hardware vendors to include a security awareness brochure with all desktop PCs, mobile phones and USB modems.
The plans were dreamt up to improve the country’s cyber security preparedness, in response to the increasing volume of online threats facing users, according to the Economic Times.
However, technology execs are apparently lobbying the government to modify its proposals, which were due to be rolled out at the beginning of the year.
Imported goods would cause particular headaches, according to one senior executive, who told the paper that the brochures would either have to be bundled with products at the relevant sea or airport before customs checks or even further back in the manufacturing process, at the time of packaging.
"We have the recipe for nothing short of a nightmare," he added.
USB-based products would apparently generate a slightly different packaging problem in that the hardware is smaller than the brochure.
It's not known if the un-named exec was a PC vendor, but it would be richly ironic if that were the case given crapware such companies load onto PCs. The exec's complaint is also odd given India has 22 official languages and speakers of many are concentrated in certain areas. Bengali, for example, is spoken by 83m Indians in three states (and 160m or so Bangladeshis). As the Bengali-speaking population of India alone is larger than that of many nations, vendors would almost certainly produce products tailored to that language, leaving the argument that bundling logistics are onerous holding little water.
Indian web users are certainly being targeted like never before, as increasing broadband penetration married to an expanding middle class means more are getting online, but often without appreciating the security risks.
A 2012 Symantec report found advanced, targeted attacks rose from 77 per day in 2010 to 82 by the end of 2011, with over half hitting SMBs.
While its plans to raise cyber security awareness are well-meaning, the Indian government is not exactly leading by example when it comes to defending its networks.
Over 100 government web sites were hacked in just three months at the beginning of 2012 and then last month over 10,000 email accounts belonging to top officials were compromised. ®
Re: Eadon's Tough New Security Plan
Thank you Eadon, you are the very reason I make a very good living advising companies how to strengthen there security after having a breach. How many times have I heard the phrase "well our adminitrators told us it was fine because it was running on XXXX".
Before Code Red the attack ratio of defaced machines was roughly 80/20 MS to *NIX based systems after Code Red it switched to 20/80. Why? because management were told MS bad, *nix good, but the real fact is that an ignorant MS admin is still an ignorant *nix admin.
Security is about people and process, not just assuming that technology X is good and tecnology Y is bad.
We don't seem to have a problem with multiple languages in leaflets for EU distribution (or even tins of baked beans), even though e.g. Latvian speakers tend to be concentrated in Latvia - we just get rather large leaflets (and large lables on the tins in Lidl)
And shirley the solution is to require *vendors* in India to include a brochure with each purchase? Pop a copy in the carrier bag or tape it to the box?
Re: Eadon's Tough New Security Plan
@Eadon, I believe the above said "malware." Not virus. There are plenty of Linux worms and viruses - oh, rarely the kernel, but the components that are packaged as part of various popular distributions are vulnerable enough to allow propagation. I have seen these in the wild.
Are infections the result of incompetent Linux/Unix/Mac admins? Yes. But by the same token, the same is true of Windows infections. Indeed; sometimes competent admins - or users - make mistakes. Nobody is perfect, and any engineer that doesn't take human fallibility into account when designing their system doesn't deserve their iron ring.
Every system - every single fucking one, including FOSS-based fuckery - has its many and varied flaws. Your job as an IT professional – whether that be self taught, engineer or otherwise – is to understand the systems you use and treat them appropriately.
That means understanding Windows before shooting your mouth off about it, something you clearly haven't done. And don't you dare give me bullshit about "anyone who understood Windows would never choose to use it" because that's fucking tripe and you goddamned well know it, sir. Windows isn't fit for purpose in some instances, but is perfectly workable – even the optimal, best fit! – in others. Open source is the best solution in some cases, absolutely the wrong choice in others.
You confuse your personal religious beliefs – which frankly border on a little nerdy jihad – with proper, objective consideration. Believe it or not, sir, you can be – and quite demonstrably have been, several times, in public on these very forums – wrong. More to the point, sir, your basic argumentation of "because you disagree with me and my opinion, you are No True Scotsman" is so deeply flawed that it is an elementary logical fallacy taught to primary school children in most first world nations.
Any system can be compromised; and every system can be compromised at a fundamental level. The selection of one versus another is a question of risk analysis, technical and legal requirements and – for some – personal ethics. Your constant and continued pigeonholing of everyone who disagrees with your take on the matter as shills, fanboys, or in some other way "A Microsoft" worshiper is tiresome, bothersome and ultimately irritating as fuck. You're like an anti RICHTO, and I put that clown on "ignore" for a reason.
The worst part of this all isn't even the constant, predictable, mind-numbing drumbeat of your thread-hijacking personal vendetta…it is that you are so very demonstrably wrong; you operate as much on outdated propaganda as anything, attacking those who dare speak up with ad homenim attacks. You use false tautologies and pre-canned rhetoric to make your "case," rarely pointing to objective analyses, only occasionally even attempting anything approaching evidence (preferably in the form of an HREF) and you refuse to accept for consideration any logic or evidence that would pierce the impenetrable bubble of your own belief system.
You are the individual manifestation of Fox News as a FOSS jihadi and just as culturally dangerous. FOSS itself – including Linux, and the many, many projects that are included with it in mainstream distributions – is a truly fantastic development for systems administrators, developers, engineers, and pretty much anyone in our society who needs to in any way rely on computers.
You sir, individually and personally are toxic. You are toxic to the open source movement you pretend to champion and you are toxic to a professional environment which ultimately should be considering all technologies objectively, dispassionately and carefully. It is clear you are intelligent, passionate and motivated. It is clear you have a great deal of knowledge. Your information dissemination techniques, however, are clearly inadequate when compared to the strength of your desire to communicate your beliefs.
You do yourself and your cause far more harm in your approach than you believe. You do the FOSS movement harm by making life difficult for those of us who in fact do have to work in heterogeneous environments and try to convince the very people you chide and berate in these forums to accept FOSS-based technologies as replacements or upgrades to existing or planned deployments.
In the real world; there is room for – and requirement for – both FOSS and proprietary technologies. Rather than attempting to libel proprietary vendors based on outdated (or outright false) information on a continual basis, how about working to update your knowledge of those systems so you can make more accurate and relevant arguments that will have the net result of convincing individuals to move towards open source?
Flies, sugar, and vinegar are all things to be considered. Now, back to testing samba 4…