Posted
19 November 2002 @ 9 AM

Tagged
security

7 Comments

hacker cracker and hype

This Mid-day article seems to mislead people a lot[via Mahesh and S Anand] . To blast away your myths, refer to ESR's jargon for hackers, crackers, cracking and phreaking. My take at the MidDay article -

In May, he helped cops free up HDFC Bank's payment gateway, which was blocked by a hacker.
Does it mean that the cracker were squatting on the gateway till someone came and shooed him away? And as far as I can recollect, atleast a thousand security firms have laid claim to have secured HDFC's banking infrastructure. Of them, me having seen HDFC's infrastructure, only 2 are genuine. So who is this Anand Khare?
He freed the online banking system of IDBI, whose website was hacked into in September
Another ridiculous statement. Was the website stolen or something? If you call it incidence response, doesn't the bank have a simple incidence response policy that they have to take help of a third person? If no, they don't deserve to go online.
...he helped track down online transactions...
It is not possible tracking online transactions alone. You need access to logs of the transacting banks, rather they give you only specific info, provided you prove your eligibility to access. If you are a cracker, forget it, unless you crack into the bank log server itself. ;-)
Inviting your response.

7 Comments (closed)

Posted by
S Anand

20 November 2002 @ 7 PM

You're quite right, Nilesh. I was taken in by the sensationalism of the policy growing cyber and didn't look into the believability. What's the bit about HDFC's infrastructure? I mean, was there a problem with it, and which are the 2 genuine claims you mention?

Posted by
Nilesh

21 November 2002 @ 2 AM

Codey, I have had that 'Dilbert' experience unumerable times. And I have succeeded in thwarting a couple a similar deal. :-)

Posted by
Nilesh

21 November 2002 @ 2 AM

Anand, I was talking about the break in attempts. There were indeed. There is one firm doing managed security and other having setup the security architecture. And I have found, in many of our meetings with some security firms, that they literally lie about having worked with HDFC bank for its security. This, in presence of an ex-HDFC guy sitting beside me. :-)

Posted by
Nilesh

20 November 2002 @ 8 AM

Amit, actually what you say is true. We know how these papers cook up stories with lot of spice. But then we atleast need to tell those gullible readers, right?

Posted by
Amit 'Netahoy' Agarwal

19 November 2002 @ 11 PM

don't waste time reading such stories in papers..... half are all made up rest half never make sense thxs for Mr. Journalist playing a game of English. _peace_ ;)

Posted by
Codey

19 November 2002 @ 10 PM

helped cops free up HDFC Bank's payment gateway: hahahahhaa...... sounds more or less like a case of someone using a packet of drainex. But this is nothing new, I think it was the Independent (the UK based paper) where there was a report on a Brit running amok on the .mil network. It ended with a full two paragraphs of comments from a discussion on the same from slashdot and hardly any real perspective on the issue. The way ./ comments were quoted was really funny. It was almost as if they were qouting some credible source. If you think that was horrible, there is one chap called Sameer Kochar who runs a consulting group called as Kotch or Scotch.... he did a Windows XP review and instantly gave the VPN features a great OK. Later he explains it had nice wizards, though he did not try using it ever. To imagine these are the people who reccomend large scale purchases for big IT firms.. now wonder your cute red daemon is lagging behind in deployment ;-)

Posted by
Monish Tambe

25 November 2004 @ 1 PM

hi, I am research associate in mumbai based institute. I have been through this news and what makes me surprise is if the media is publishing the names of these peoples openly then don't they require any protection, becasue many bad names I have found in that article. If that guy is helping a police out then whts the wrong in that ? Why don't you guys see, wht is happening in other countries. People actually take help from Ex-Hackers. I think this news is true becasue my father works in HDFC and I have already asked him that if some news like this appearing in the papers than why your banks not taking action ? so he told me that may be this news is based on truth and that is the reason why bank is not taking any action against the news reporter. any comments ?