Hostage on the Net

FLYNN REMEDIOS

FRIDAY, JULY 21, 2000 04:15:30 PM

It is very easy for cyber criminals, cyber terrorists and hackers to hijack a domain on the internet, or crack into a web server. The cracking tools are all there on the net itself.

Ever stopped to think how vulnerable you and your business is on the net? And did you ever realise that at any given point of time, there are probably thousands of online predators trying to pry their talons into your web server.

If you are still skeptical, here are some hard facts: According to Wired, Nike lost control of its homepage a few weeks ago to a group of activists demanding "global justice." "Global Justice is coming - prepare now!" the erstwhile Nike.com site read, directing surfers to the website of an Australian organisation called S-11. Meanwhile, Web Networks, a non-profit ISP that hosts websites for other non-profit organisations, is still assessing the damage after losing its domain, Web.net, to a thief recently. A single day doesn't go by with a few hundred sites losing their home pages to hackers, who disfigure them, either to post a message and make a statement or sometimes merely to gain some self-publicity.


A White House official recently confessed to a wire service that every day at least a hundred unsuccessful attempts to hack into the Pentagon, NASA or the White House are logged by the tracking devices and firewalls employed by these sites. Then again, ready-to-use programs that can cause a web server to `hang' - a term called Denial of Service are easily available on the net. Utilities with names like Satan, Crack and Lucifer are widely used with ease by amateur hackers to do their dirty deeds. We have also heard reports of domain squatters who register popular domains and brand names, hoping to sell them to the original owners at a super premium later on. In India itself, business houses have been at the receiving end of cyber-squatters. Not just brand names, cyber-squatters also hijack popular personalities. PramodMahajan.com and Vajyapee.com are some examples. Some Mumbai-based youth managed to register a domain under the name of the IT minister. Last year, a porn site vajyapee.com was online for a short while before it disappeared into the fathomless depths of the internet. But it stayed long enough to cause adequate damage.


Domain takeovers enable the hijacker to control the server associated with a domain name, such as nokia.com or Nike.com. Hijackers can then reassign the domain name to another Web server, or to no server at all, scuttling all traffic intended to go to the site.


Another deadly issue is the use of Internet Warfare or the blocking of sites by hackers from warring or discordant nations. So you have domain-name hijackers taking over hundreds of websites in a campaign rooted in tensions among Balkan states - back home, Pakistani hackers have claimed to have identified over 800 vulnerable Indian sites, that can be blocked or hacked in case tensions between the two neighbours hot up. Individuals listing Serbian and Albanian postal addresses recently have exploited a weakness in registrar Network Solutions and appropriated names registered through the company, only to re-register them anew.


A simple method of IP address redirection, ensures that genuine cyber citizens are redirected to other sites before they end up at the URL or portal of their choice. This means that an online business would use this method to divert customers from other competing sites to their own site. Another method called Spoofing creates a facade or a dummy site on the web. Surfers are presented with a page that looks like the real thing, but is really a Trojan that conceals a payload. Hackers also use sophisticated `sniffing' software and methods to detect IP addresses and packets that they sniff or decipher anonymously. The issue of prime concern is that such software is available for the asking on the Net - all free with the source code included that allows hackers to even change the original to include their own demonical creations. The free internet obviously seems to be serving cyber criminals as well.

The original article which was first published in The Economic Times can be found at: http://64.233.183.104/search?q=cache:vsyvHehT-1sJ:economictimes.indiatimes.com/articleshow/msid-16868050,prtpage-1.cms+%22Flynn+Remedios%22&hl=en&ct=clnk&cd=70&gl=in

Are you Net Enabled?

FLYNN REMEDIOS [FRIDAY, OCTOBER 08, 1999]

(This article was first published in the Economic Times/Corporate Dossier and can be found online at: http://72.14.235.104/search?q=cache:PPs47HQn-ZEJ:www1.economictimes.indiatimes.com/articleshow/14772184.cms+%22flynn+remedios%22&hl=en&ct=clnk&cd=73&gl=in)


There's a new FMCG in the market - the internet professional. Corporate Dossier checks out the training factories that are producing them. IT'S THE workspace that every executive hopes to inhabit. The Net world is in a whirl and anybody who's even slightly tech-aware is trying to get a finger into the pie. And since the workspace isn't limited by real estate, there's no end to the people it can employ. As the supply of Net professionals increases, so does the demand. With CEOs and housewives alike queuing up to get trained, churning out internet professionals is proving to be good business for training institutes that offer internet courses. As for the net professional, the web is the limit.

Even a fresh engineering graduate with requisite software qualifications and a project experience of between six months and two years in C, C++, Java and other related subjects (see box) like RDBMS can earn an equivalent of Rs1,50,000 per month in an international organisation. Inspite of widespread interest in the internet, there is a severe dearth of well-trained Internet programmers who are proficient on a range of platforms. As a result, international companies offer unbelievable salaries to good professionals even at the entry level. And they aren't looking for people who've done a four-day course to familiarise themselves with the internet.

The internet professional is also the darling of placement agencies that swoop in on them with a slew of offers. What limits the availability of these people is the fact that the internet bug invariably bites along with the entrepreneurial one. "With venture capitalists and angels making a beeline for India, most trained people prefer to start on their own," says Madhura Samarth, director at Liquid Equity Capital, a Mumbai-based venture capital consultancy. Since there are hundreds, if not thousands of institutes offering web courses, it is imperative for the student to select a course cautiously. Particularly because a serious course could cost anywhere between Rs25,000 and a couple of lakh, depending on the modules you select and the duration of the course. Toral Patel of ABC Consultants regrets that students haven't got the mix right. "Students should realise that just doing a 3-month course in Java or Netscape cannot get them a great job. They need to have an in-depth knowledge of networking and various Internet programming languages (see box) to get a high-profile job at the Project Manager level," she says.

For CIOs and Webmasters, the course duration should be ideally six months, whereas the writers could even sign up for a weekend course. Says Murtuza Mithani, MD, Wintech Computers: "It is very easy today to get a job at the entry level, something compared to the data entry operators of yore, but to qualify at the project manager level, the student needs to put in a lot of effort. It's 100 per cent perspiration." Wintech computers was among the earliest to jump on to the internet training bandwagon. Others offering comprehensive internet courses include Wintech, Karrox, WWW, VMCI, Aptech, NIIT and Datapro.

Selecting a course is easier if you have a fair idea of what you want to be. The tricky part is selecting the institute. There are just a handful of reputable institutes in the country and a whole bunch of others that have been started by anyone who's even just completed an internet course. They promise placements, loans, you name it, all if you join them. And of course, within six months you could be drawing a six figure salary - that's what most of them claim. There are enough people who've fallen prey to this advertising rhetoric only to be fooled. "Students think that if they have paid a huge amount for a course, they will get a good job. They don't realise that training and project experience are the deciding factors," says Dewang Mehta, president of NASSCOM.

Even the good institutes don't always have good faculty. "Anybody who's a good programmer gets a good job in a company and training institutes aren't able to attract well-trained people as faculty," says Vivek Bansal, chairman of World Wide Web Institute. It isn't enough if students just learn these programming languages. Just as important is the hands-on experience that a student should get by actually designing projects. It could be a very different thing learning a software in a controlled environment and actually implementing a project, working with various other software running simultaneously. Secondly students should evaluate their future prospects and figure out which platforms they want to specialise in. For e.g.: If you chose Microsoft then select training courses that use Microsoft products, if you select Solaris or other Unix platforms, then select programming languages accordingly.

The lessons are simple. Make the right choices and don't expect the moon. Then you just may get it. The Three Net Types There are three broad categories of internet software careers to choose from. The first one is for project managers, webserver designers and of course the chief technical officers of internet companies. There are three broad categories of internet software careers to choose from. The first one is for project managers, webserver designers and of course the chief technical officers of internet companies. The technical officers may not do any programming themselves, but should ideally know all that goes into a webserver including SDK, TCP/IP, ActiveX, Java 2, DCOM/CORBA and Enterprise Java Beans.

The second level would be Webmasters or people who maintain and update the website. These people do not design new webservers, they only update the data or change layouts or colour without changing the framework. These people would need to know things like Apache/IIS, OS administration, sizing the webserver, HTML/FrontPage. At the third level are the content providers or Internet writers. These people merely provide the news or features or articles that are posted on the site. This category of people need not know any internet programming at all but need basic computer knowledge and software like Corel Draw/Quark or FrontPage/HTML Editors. Of course, these people would have to update their knowledge if they have to move to a different level. Darshan Shah, chairman of Karrox is of the opinion that middleware training is a hot topic today. Says Shah, "Any executive desirous of forging a career as an internet programmer must also learn the basics of networking and operating systems, besides other programming languages."