Monthly Archives: October 2009

NULL security forum meeting on “Malware Analysis” and “Bypassing Catpcha/Crpyto”

What: Meeting of the NULL security usergroup featuring talks on Malware analysis and an Open mail relay bypassing captcha and crypto
When: Saturday, 31 Oct, 5pm
Where: SICSR, Model Colony
Registration and Fees: This event is free for all to attend. No registration required
Link: Null Blog

Click on the NULL logo to see all PuneTech articles about NULL
Click on the NULL logo to see all PuneTech articles about NULL

Introduction to Malware Analysis

By DaH4cker

A short presentation on the techniques & tools used for malware analysis followed by a live example. I will be showing behavioral analysis approach which includes setting up a inexpensive, flexible environment & tools required for understanding inner-workings of malware.

Automated open mail relay, bypassing Captcha and Crypto

By Aseem Jakhar

Case study of an ironic web implementation.

Reblog this post [with Zemanta]

Software Process Improvement Network event on eGovernance – Thu, 29 Oct

What: The Software Process Improvement Network (SPIN) hosts a monthly event. This one is on eGovernance with Anupam Saraph, CIO of Pune City, and Gautam Pal, Director of ETDC.
When: Thursday, 29th October, 7:00pm to 8:30pm
Where: Hotel Ambassador, Shivajinagar, Pune
Registration and Fees: This event is free for all to attend. No registration required.

Details

1. Dr. Anupam Saraph, CIO of Pune City, will speak on the IT quality issues in the e-Governance domain.

2. Mr. Gautam Pal, Director, ETDC, will be sharing his thoughts and experience on e-Governance initiative across the country and the quality framework, Conformity Assessment Framework (CAF)

Reblog this post [with Zemanta]

Pune’s KQInfoTech is porting Sun’s ZFS File-System to Linux

Pune-based KQInfoTech is working on porting Sun‘s ZFS file-system to the Linux Platform. ZFS is arguably one of the best file-systems available today, and Linux is one of the most widely used operating systems for servers by new startups. So, having ZFS available on Linux would be great. And, With many years of experience in Veritas building VxFS, another one of best file-systems in the world, the founders of KQInfoTech do have the technical background to be able to do a good job of this. Check out the full announcement on their blog:

We have a ZFS building as a module and the following primitive operations are possible.

  • Creating a pool over a file (devices not supported yet)
  • Zpool list, remove
  • Creating filesystems and mounting them

But we are still not at a stage, where we can create files and read and write to them

See the full article, for more details and some interesting issues related to the license compatibility between ZFS and Linux.

About KQInfoTech

Pune-based KQInfoTech is an organization started by Anurag Agarwal and Anand Mitra, both of whom chucked high-paying jobs in the industry because they felt that there was a desperate need to work on the quality of students that is being churned out by our colleges. For the 2 years or so, they have been trying various experiements in education, at the engineering college level. All their experiments are based on one basic premise: students’ ability to pay should not be a deterrent – in other words, the offerings should be free for the students; KQInfoTech focuses on finding alternative ways to pay for the costs of running the course. See all PuneTech articles related to KQInfoTech for more details.

Reblog this post [with Zemanta]

PuneChips: Talk by Cliff Cummings on SystemVerilog FSM, Assertion, & RTL tricks for Design Engineers – 5 Nov

What: Talk by Cliff Cummings on SystemVerilog FSM, Assertion, & RTL Tricks for Design Engineers
When: Thursday, 5th November, 6:30pm to 8:00pm
Where: Venture Center, NCL Innovation Park, Pashan Road. To reach Venture Center, go past NCL towards Pashan, pass the cricket ground adjacent to NCL and then you’ll find NCL Innovation Park / Venture Center on the right hand side. Map
Registration and fees: This event is free for all to attend. No registration required.

The integrated circuit from an Intel 8742, a 8...
Click on the image to see all PuneTech articles about PuneChips. Image via Wikipedia

SystemVerilog FSM, Assertion, & RTL Tricks for Design Engineers

In the semiconductor and electronic design industry, SystemVerilog is a combined Hardware Description Language and Hardware Verification Language based on extensions to Verilog. As companies start migrating from Verilog to SystemVerilog it is becoming importatnt that they learn the tools of tread to effectively use it.

About the speaker – Cliff Cummings

Cliff Cummings is President of Sunburst Design, Inc., a company that specializes in world class Verilog, SystemVerilog and synthesis training. Mr. Cummings is an independent consultant and trainer with 27 years of ASIC, FPGA and system design experience and 17 years of Verilog, SystemVerilog, synthesis and methodology training experience. Mr. Cummings has completed many ASIC designs, FPGA designs and system simulation projects, and is capable of answering the very technical questions asked by experienced design engineers.

About PuneChips

PuneChips is a special interest group on semiconductor design and applications. PuneChips was formed to foster an environment for growth of companies in the semiconductor design and applications segment in the Pune area. Our goal is to build an ecosystem similar to PuneTech for companies in this field, where they can exchange information, consult with experts, and start and grow their businesses.

PuneChips has been started by Abhijit Athavale, president and CEO of Markonix, and a high-tech marketing consultant. He has 16+ years of high-technology industry experience. Prior to Markonix, Abhijit spent over 11 years at Xilinx, Inc. in various engineering, applications and marketing roles. In his role as a marketing consultant, he has held executive management positions at several companies. He has a masters degree in electrical engineering from Texas A&M University and a bachelors degree in electrical engineering from University of Pune. He is an accomplished speaker and author of several publications including a book.

For more information, see the PuneTech wiki profile of PuneChips, and/or join the PuneChips mailing list.

Please forward this mail to anybody in Pune who is interested in semiconductors, chip design, VLSI design, chip testing, and embedded applications.

Reblog this post [with Zemanta]

Business Continuity Management Lifecycle and Key Contractual Requirements

(This overview of Business Continuity Management is a guest post by Dipali Inamdar, Head of IT Security in Geometric)

In emergency situations like pandemic outbreaks, power failures, riots, strikes, infrastructure issues, it is important that your business does not stop functioning. A plan to ensure this is called a Business Continuity Plan (BCP), and it is of prime importance to your business to ensure minimum disruption and smooth functioning of your operations. Earlier most companies would document business continuity plans only if their clients asked for it and would focus mainly on IT recovery. But scenarios have changed now. Corporations of all sized have now realized the importance of keeping their business functioning at all time and hence they are working towards a well defined business continuity management framework. Business continuity (BC) is often understood as a process to handle events that could disrupt business. However, BC is more than just recovery. The plan should also ensure proper business resumption after recovering from the disruption.

Business continuity management is a continuous life cycle as follows:

Business Continuity Planning Lifecycle
Click on the image to see it in full size

How does one start with BCM?

Business Impact Analysis (understanding the organization)

The first step is to conduct a Business Impact analysis. This would help you to identity critical business systems and processes and how their outage (downtime) could affect your business. You cannot have plan in place for all the processes without considering financial investments needed to have those in place. CEO’s inputs and client BC requirements also serve as input for impact analysis.

Defining the plan (Determining BCM strategy)

The next step is to identify the situations that could lead to disruption of the identified critical processes.

The situations could be categorized as:

  • Natural and environmental: – Earthquakes, floods, hurricanes etc
  • Human related: – Strikes, terrorist attacks, pandemic situation, thefts etc
  • IT related: – critical systems failure, virus attacks etc
  • Others: – Business Competition, power failure, Client BC contractual requirements

It might not be feasible to have plans for each and every situation, as implementing the defined plans needs to be practically possible. After the situations have been identified one needs to identify different threats, threat severity (how serious will be the impact on business if threat materializes) and their probability of occurrence (likelihood of threat materialization). Based on threat severity and occurrence levels critical risks are identified.

Implementing the plan (Developing and implementing BCP response)

The identified risks and additional client specific BCP requirements serve as inputs to the creation of BCPs. BCPs should focus on mitigation plan for the identified risks. BCP should be comprehensive, detailing roles and responsibilities of all the response teams. Proper budget needs to be allocated. Once the plan is documented the plan should be implemented.

The different implementation as per BCP could include having redundant infrastructure, signing up Service Level Agreements (SLAs) with service providers, having backup power supply, sending backup tapes to offshore sites, and training people in cross skills, having proper medicines or masks for addressing pandemic situations.

BCP should also have proper plans in place to resume business as usual. Business resumption is a critical and very important aspect of business continuity framework.

Testing and improving plan (Exercising, maintaining and reviewing)

Once the plans are documented and implemented the plans should be regularly tested. The tests could be scheduled or as and when the need arises. One can simulate different tests like moving people to other locations, having primary infrastructure down, testing UPS and diesel generator capacity, calling tree tests, evacuation drills, having senior management backups to take decisions, transport arrangements etc.

The tests will help you identify areas which need improvement in the BCP. The gaps between the expected and actual results need to be compared. The test results needs to be published to senior management. The plan needs to be reviewed regularly to update latest threats and have mitigations for the critical ones which will result in continuous lifecycle. One can schedule internal audits or apply for BS25999 certification to ensure proper compliance to BCP requirements.

Pune faces threats of irregular power supply, pandemic out break etc which could lead to business disruptions. One needs to have detailed plans for critical threats to ensure continuity of critical operations. The plans should also have detailed procedure to ensure proper business resumption. Plans may be documented but actual action during emergency situations is very important.

Important note: Contractual requirements

When signing off specific contractual requirements with clients, certain precautions must be taken as follows:

  • Before signing stringent SLAs it should be checked that there is a provision for exclusions or relaxations during disaster situations as you will not be able to achieve SLAs during disaster scenarios
  • When BCP requirements are defined in client contracts the responsibilities or expectations from the clients should also be clearly documented and agreed to ensure effective execution of the BCP
  • BCP requirements can only be effectively implemented when proper budget allocations are planned. So for specific BCP requirements cost negotiations with the client are important. Usually this is ignored, so it is important that the sales team should be appraised before agreeing on BCP requirements with the client.
  • Do not sign-off on vague BCP requirements. They should be clear, specific and practically achievable
  • Before signing off any contract which has a penalty clause, it should be reviewed thoroughly to ensure that compliance to those clauses is practically possible

About the author: Dipali Inamdar

Dipali Inamdar, Head – IT security in Geometric Ltd, has more than 11 years of experience in Information Technology and Information Security domain. She is a certified CISA, ISO27001 Lead Auditor, BS25999 Lead Auditor and ISO2000 Internal auditor. She has worked in sectors spanning BPO, IT and ITES companies, Finance sector for Information Security and Business Continuity Management. She is currently operating out of Pune and is very passionate about her field. See her linked-in profile for more details.

Reblog this post [with Zemanta]

The Venture Center Library for Entrepreneurs and Innovators in Pune

Pune’s resource for startups, the Venture Center has yet another service that could be valuable for Pune’s startups. The Venture Center Library has been created specifically to support and enhance the entrepreneurial ecosystem in and around Pune. They are targeting entrepreneurs, scientific researchers, technology innovators, IP & technology commercialization professionals and venture investors to take advantage of their collection of books, periodicals, reports and research services.

Click on the Venture Center Logo to see all PuneTech articles about Venture Center
Click on the Venture Center Logo to see all PuneTech articles about Venture Center

Here are key features of the Venture Center Library:

  • ~ 1000 books – with an emphasis on technology innovation, commercialization & entrepreneurship
  • Many *good* magazines (MIT Tech Review, SciAm, etc.)
  • Book collection listed online & searchable: http://www.vcenterlibrary.org/book.php
  • Increasing data base on electronic articles and e-books
  • Open Mon-Sat, ample parking
  • Internet access, scanning, etc. available
  • Events featuring books, videos, etc. http://www.vcenterlibrary.org/events.php

If you just want to browse/read books at the library itself, it is free until the end of 2009, and after that it will cost Rs. 400 per year. If you want to check out books, there’s a Rs. 2000 refundable deposit and a Rs. 400 yearly fee – which allows you to check out 2 books for up to 14 days each. Look here for details of membership and fees.

About Venture Center

Venture center is an incubator mainly targeted towards startups in biotech, chemical and material sciences. It has been set up using government funds, and is housed in NCL‘s premises, but is planned as an independent entity that needs to become self-sustaining in a few years (based on taking equity/fees from the startups it helps). Check out the venturecenter tag on PuneTech for all PuneTech articles about Venture Center.

Reblog this post [with Zemanta]

Moblin (Mobile Linux) roadshow for developers – 22 Oct

Image representing Intel as depicted in CrunchBase
Image via CrunchBase

(Thanks Amit Karpe for forwarding this info to PuneTech)

Moblin is short for ‘mobile Linux‘, is an open source operating system and application stack for Mobile Internet Devices (MIDs), netbooks, and nettops. Built around the Intel Atom processor, current builds are designed to minimize boot times and power consumption to create a netbook and MID-centric operating system. The netbook/desktop version of Moblin currently supports other chipsets based on the SSSE3 instruction set, such as the Core2 and some Celeron processors.

On Thursday, 22 October, 10am to 4pm, in Le Meridien, Pune, Intel will hold a free, seminar to help developers understand this platform, the surrounding ecosystem, and also to meet key players in this ecosystem. Basically, any Linux/mobile developer interested in building rich internet and media experiences on mobile devices (phones, handhelds, netbooks, nettops, in-vehicle infotainment and embedded systems) should attend to understand the Moblin ecosystem, and also to meet key players like Novell, Phoenix, Wind River and explore new business opportunities.

In addition, this event will also talk about Intel’s Atom Developer program. Here is the pitch for that program:

The netbook has become a one of the most popular consumer devices in the market today, but its true potential has been limited by applications that are not optimized for its mobility and small screen size. The Intel Atom Developer program helps developers to create innovative new applications for mobile devices using the Atom processor. The program gives developers access to multiple classes of customers, and allows them to target Moblin and Windows based devices using a single toolset. This event will also give an overview of this program, the validation procedure, the APIs and the app marketplace framework.

Details

What: Moblin v2 for Atom roadshow by Intel
When: Thursday, 22 Oct 2009, 10am-4pm
Where: Le Meridien, Pune
Registration and Fees: This is free for all to attend. Register here.

Reblog this post [with Zemanta]

Suggest ways for Pune Techies to collaborate online and win a Google Wave invitation

Update: the competition is over – Sandeep Gautam has won the Google Wave invitation for this suggestion.

The offline tech scene in Pune is thriving, as one look at the PuneTech events listing and the PuneTech calendar will show.

And there are a whole bunch of online places for techies in Pune to hang out:

Most of these are basically mailing lists, and forums. I wonder whether there are other ways in which techies in Pune can find other like-minded people, and collaborate in more ways. Would chat be interesting, like proto.in uses? Or IRC? Should we be focusing on Orkut or Facebook or both? Is there something intersting that can be done with YouTube?  Can we use some new technology in new ways to bring people closer together? Maybe Google Wave?

Give your suggestions in the comments section below. The best suggestion gets a Google Wave invitation. You can get the invitation for yourself, or you can use it to invite someone else. If you’re not interested in the invitation, please say so in your comment.

Give a specific suggestion for online collaboration/communication amongst Pune’s techies. Don’t just give the mechanism of collaboration – also give the purpose. For example, saying, “use an online chat room” is useless. Much more useful is something like “use an online chat-root where students from engineering colleges can ask questions about career to people from industry.” Also, a suggestion that is easy to implement is much more valuable than a suggestion that is going to require a lot of setup and/or effort. And, you get lots of plus points if you’re also willing to drive the effort. (And if you like somebody else’s suggestion, and would be willing to help/join that effort, please leave a comment indicating that.)

(Thanks to Amit Somani for graciously agreeing to donate one of his Google Wave invitations for this purpose.)

Reblog this post [with Zemanta]

PMI Pune Seminar: “Chanakya’s Project Mgmt Ideas” & “Setting expectations from Test Automation” – 10th Oct

What: Project Management Institute, Pune Chapter’s monthly meeting, consisting of two sessions – 1. Chanakya‘s Project Management ideas by Anuraag Gupta. 2. Setting correct expectations around test automation by Shrikant Dhamal
When: Saturday, October 10th, 10:00 am to 12:30 pm
Where: Cummins Auditorium, Pune Shramik Patrakar Sangh, 193 Navi Peth, Ganjwe Chowk, Near Alka Talkies, Garware bridge & S. M. Joshi hall, Pune 411030. Reception (Tel) – +91(20) 24534190
Registration: This event is free for all, and no registration is required

Chanakya’s Project Management ideas by Anuraag Gupta

Anuraag has a 1st class Bachelors of Commerce degree from Mumbai University. He currently works with Laymen Consultants – a Mumbai based Training Company as Financial Trainer & Speaker on Finance. He also works as Chief Investment Officer with Profound Consulting Pvt. Ltd., Mumbai – a Proprietary Trading and Investment company investing in various Asset Classes. He is a visiting faculty at Garware Institute of Career Education and Development, Mumbai University and a Speaker at Rotract club seminars for Wealth Building and Stock Picking. He is founder and chief convener of Mumbai Investors Group – a closed investor forum.

Chanakya is the world’s oldest management Guru. He lived in 3rd Century BC and his book Kautilya’s Arthashastra has guided generations on good governance. It is also a book of management and has various ideas and principles that can be applied in the field of modern project management. From planning of projects, to understanding a project in detail, execution of projects and successful completion of projects he has left nothing untouched. These ideas are simple to understand and practical in its application. The session will bring out the age of ideas of Chanakya in detail.

Setting correct expectations around test automation by Shrikant Dhamal PMP®

Shrikant has over 10 years of industry experience with last 7 years in Software testing domain. He currently heads the Test Automation Center of Excellence in SQS India, the offshore wing of SQS Group, world’s largest independent software testing & quality management services provider. He has been actively involved in all the aspects of functional and automated regression testing having delivered more than 30 business-critical projects to customer satisfaction. He comes from mechanical engineering industry and has specialized in test automation using open source tools like Auto IT, Selenium etc. He has rich experience in various domains spanning Network monitoring and management, IT Information Security, HealthCare Insurance, Telecom, PLM, Credit Cards, Airline, CAD tools, Storage Area Network, Service Management Systems, CRM, and Wireless Security. He is also conducted corporate training for many Industry houses in and around Pune

Test automation becoming the key for executing routine and repetitive tests to catch up with ever increasing tests release after release of product and ever shrinking schedule. Many organizations are initiating test automation projects also for saving on efforts / cost of testing. Setting right expectations of stakeholders around test automation (output, effort, time and resources required) is the key to the success of project. Shrikant will point out considerations to set correct expectation around test automation project with the help of selected questions, which you should ask to stakeholders. Shrikant will cover following topics in his presentation:

  • Quick introduction to regression test automation
  • Regression test automation methodology
  • Questions and considerations to set correct expectations around test automation.

For more information about PMI Pune, see it’s PuneTech wiki profile

Reblog this post [with Zemanta]

ISACA Monthly Meet: Q and A on Information Technology Law in India

The Pune Chapter of ISACA (Information Systems Audit and Control Association) presents their monthly meeting, in which they have a Questions and Answers session with Pavan Duggal, Chairman ASSOCHAM Cyberlaw Committee, an advocate of the Supreme Court of India, and President of Cyberlaws.net.

What: Q&A session with Pavan Duggal
When: Saturday, 10th October, 6pm-8:30pm
Where: SICSR, 4th floor
Registration and Fees: Free for all to attend. No registration required

Pavan has been associated with the Ministry of Communication and Information Technology, Government of India on Cyberlaw and Electronic Governance legal issues. While a practicing Advocate, Supreme Court of India, Pavan Duggal has made an immense impact with an international reputation as an expert and authority on Cyberlaw and E-Commerce law.

Reblog this post [with Zemanta]