Learning Security with Mayur

Ramnath was quite happy when he received the “card” from the bank. This was no ordinary “card” given to him. He could withdraw money from his account at any point of time by using this card and could also swipe it at any shop to buy goods for his family. The villagers thought it to be a Magic Card. You may think as to why would anyone consider a debit card as so special and extraordinary. Well, for Ramnath and other villagers in his village, this was the first time they had seen such a card. The bank had opened a new branch in this remote village and opened a new bank account for every villager under the “Khata Yojna” of the bank. Ramnath was also a beneficiary of this scheme. The villagers were then encouraged to deposit some amount in their bank accounts. Ramnath decided to put all his savings of Rs. 18000 in his bank account. He had saved this amount over years for the higher education of his only daughter, Kalavati. Kalavati wanted to be a doctor from childhood. She h

                              Manish is invited to a conference as a chief guest to speak about his industry experience in the field of pharmaceuticals. Having worked in the industry for around 25+ years, Manish is a big name in this field. He is currently the Vice President of the firm, handling all the pharma clients in his company “ IloveITSolutions ”. Our story begins when Manish receives a call from his CEO reminding him about the 1B $ deal about the new pharma client. Manish is supposed to prepare the company’s pitch and present it to that client. Manish steps into his car attending the call and signals the driver to take the car at the location of the conference. He promises the CEO that he would be working on this presentation after attending the conference today. Manish arrives at the conference and shares his experiences about how he has clinched every deal in the pharma sector. He advises newbies to work on the domain knowledge as this is extensively requir

Varun was excited about the new phone which he had ordered yesterday. He couldn’t believe his luck when he got that message yesterday. Excited, he had immediately forwarded the message to his friends. Varun was imagining as to how would he showcase his new iPhone X with a swag at his college. He was lost in his thoughts when the doorbell rang. He jumped off his chair at the sound. He was pretty sure that it would be the courier boy who would be delivering his new phone. It turned out to be a salesman selling soaps from door to door. Disappointed, Varun came back to his room and decided to check his order status. He was pretty sure that the order date was today. Varun logged onto his computer and quickly typed in the site’s name “wesellphonesonly.com”. The order status read “Delivery by 3.00pm today”. Varun looked at his watch. It was 3.30pm and there was no sign of the new iPhone X which he had ordered. Well, he decided to play Candy Crush on his old phone just to pass the ti

The Internet is abuzz with reports of two major vulnerabilities codenamed “Meltdown” & “Spectre”. These vulnerabilities were independently reported by security researchers at Cyberus Technology, Google, and the Graz University of Technology.  Thousands of articles have already been written over this. So what’s new in this blog post? I did read a lot of this information available on the internet before writing this article and found this: a)Some of the articles contain highly technical information and jargon which doesn’t make sense for the common man. b)Most of the articles do not explain what the real deal is and just touch upon the basics of good information security practices. c)Leading press houses have taken this opportunity to thrash the tech companies on such vulnerabilities. So if you just want to understand as to what “Meltdown” & “Spectre” mean in extremely simple terms … read on to find out. The Speculation Problem Do you have a favori

Hi Guys, It gives me great pleasure to tell you that you Learning Security With Mayur has now a twitter presence too. You can connect and spread the love on Twitter too. Use #LearningSecurityWithMayur when you retweet the posts on Twitter. My handle is @LearnWithMayur. Looking forward to meeting you there. Follow @LearnWithMayur

Anjali was sitting and surfing the internet on the computer at her desk when the phone rang. Startled, she picked it up and heard a rough voice at the other side. “Is this Miss Anjali?” asked the rough voice. “Yes, this is” answered Anjali. “There is a parcel for you in the mail room. Collect it as soon as possible” and the phone hung up. Anjali was disgusted by the voice and the manner of this person. Surprised as to who would have sent her a package, she dragged herself to the mail room. She reached the mail room and asked the fat lady at the desk to give her the package. “Name Please,” asked the lady to which Anjali replied her name. She pulled the package from the drawer at her side and handed over the box. The parcel read: “To, Ms. Anjali Mathur, ILoveIT Solutions, New Delhi”, “ From Security Conference, New Delhi”. Anjali worked as a Security Analyst in her company ILoveIT solutions and had attended a security conference last week. Well, it was quite natural for ven

As a security professional, you may agree to the fact that security awareness and training is an ongoing exercise in any organization. Most people in your organization would not even bother to think about security when working on their projects to meet their deadlines. As a security professional, we need to devise new ways to make people understand about security. It may be through web-based training or an awareness session or mailers or some innovative mechanism which you have thought of. Whatever mechanism you employ to impart any security awareness training; it is often seen that security professionals start delivering sermons where they only reiterate the organization’s security policies. Cybersecurity Awareness, however, should not only be limited to the organizational policies when delivered. In my opinion, the next time you send a mailer or a training session, you can try sharing certain fictitious or original security scenarios. Users generally don’t appreciate when