What: Meeting of the NULL security usergroup featuring talks on Malware analysis and an Open mail relay bypassing captcha and crypto When: Saturday, 31 Oct, 5pm Where: SICSR, Model Colony Registration and Fees: This event is free for all to attend. No registration required Link: Null Blog
Introduction to Malware Analysis
A short presentation on the techniques & tools used for malware analysis followed by a live example. I will be showing behavioral analysis approach which includes setting up a inexpensive, flexible environment & tools required for understanding inner-workings of malware.
What: The Software Process Improvement Network (SPIN) hosts a monthly event. This one is on eGovernance with Anupam Saraph, CIO of Pune City, and Gautam Pal, Director of ETDC. When: Thursday, 29th October, 7:00pm to 8:30pm Where:Hotel Ambassador, Shivajinagar, Pune Registration and Fees: This event is free for all to attend. No registration required.
1.Dr. Anupam Saraph, CIO of Pune City, will speak on the IT quality issues in the e-Governance domain.
2.Mr. Gautam Pal, Director, ETDC, will be sharing his thoughts and experience on e-Governance initiative across the country and the quality framework,Conformity Assessment Framework (CAF)
Pune-based KQInfoTech is working on portingSun‘s ZFSfile-system to the Linux Platform. ZFS is arguably one of the best file-systems available today, and Linux is one of the most widely used operating systems for servers by new startups. So, having ZFS available on Linux would be great. And, With many years of experience in Veritas building VxFS, another one of best file-systems in the world, the founders of KQInfoTech do have the technical background to be able to do a good job of this. Check out the full announcement on their blog:
We have a ZFS building as a module and the following primitive operations are possible.
Creating a pool over a file (devices not supported yet)
Zpool list, remove
Creating filesystems and mounting them
But we are still not at a stage, where we can create files and read and write to them
See the full article, for more details and some interesting issues related to the license compatibility between ZFS and Linux.
Pune-based KQInfoTech is an organization started by Anurag Agarwal and Anand Mitra, both of whom chucked high-paying jobs in the industry because they felt that there was a desperate need to work on the quality of students that is being churned out by our colleges. For the 2 years or so, they have been trying various experiements in education, at the engineering college level. All their experiments are based on one basic premise: students’ ability to pay should not be a deterrent – in other words, the offerings should be free for the students; KQInfoTech focuses on finding alternative ways to pay for the costs of running the course. See all PuneTech articles related to KQInfoTech for more details.
What: Talk by Cliff Cummings on SystemVerilog FSM, Assertion, & RTL Tricks for Design Engineers When: Thursday, 5th November, 6:30pm to 8:00pm Where: Venture Center, NCL Innovation Park, Pashan Road. To reach Venture Center, go past NCL towards Pashan, pass the cricket ground adjacent to NCL and then you’ll find NCL Innovation Park / Venture Center on the right hand side. Map Registration and fees: This event is free for all to attend. No registration required.
SystemVerilog FSM, Assertion, & RTL Tricks for Design Engineers
Cliff Cummings is President of Sunburst Design, Inc., a company that specializes in world class Verilog, SystemVerilog and synthesis training. Mr. Cummings is an independent consultant and trainer with 27 years of ASIC, FPGA and system design experience and 17 years of Verilog, SystemVerilog, synthesis and methodology training experience. Mr. Cummings has completed many ASIC designs, FPGA designs and system simulation projects, and is capable of answering the very technical questions asked by experienced design engineers.
PuneChips is a special interest group on semiconductor design and applications. PuneChips was formed to foster an environment for growth of companies in the semiconductor design and applications segment in the Pune area. Our goal is to build an ecosystem similar to PuneTech for companies in this field, where they can exchange information, consult with experts, and start and grow their businesses.
PuneChips has been started by Abhijit Athavale, president and CEO of Markonix, and a high-tech marketing consultant. He has 16+ years of high-technology industry experience. Prior to Markonix, Abhijit spent over 11 years at Xilinx, Inc. in various engineering, applications and marketing roles. In his role as a marketing consultant, he has held executive management positions at several companies. He has a masters degree in electrical engineering from Texas A&M University and a bachelors degree in electrical engineering from University of Pune. He is an accomplished speaker and author of several publications including a book.
(This overview of Business Continuity Management is a guest post by Dipali Inamdar, Head of IT Security in Geometric)
In emergency situations like pandemic outbreaks, power failures, riots, strikes, infrastructure issues, it is important that your business does not stop functioning. A plan to ensure this is called a Business Continuity Plan (BCP), and it is of prime importance to your business to ensure minimum disruption and smooth functioning of your operations. Earlier most companies would document business continuity plans only if their clients asked for it and would focus mainly on IT recovery. But scenarios have changed now. Corporations of all sized have now realized the importance of keeping their business functioning at all time and hence they are working towards a well defined business continuity management framework. Business continuity (BC) is often understood as a process to handle events that could disrupt business. However, BC is more than just recovery. The plan should also ensure proper business resumption after recovering from the disruption.
Business continuity management is a continuous life cycle as follows:
The first step is to conduct a Business Impact analysis. This would help you to identity critical business systems and processes and how their outage (downtime) could affect your business. You cannot have plan in place for all the processes without considering financial investments needed to have those in place. CEO’s inputs and client BC requirements also serve as input for impact analysis.
Defining the plan (Determining BCM strategy)
The next step is to identify the situations that could lead to disruption of the identified critical processes.
The situations could be categorized as:
Natural and environmental: – Earthquakes, floods, hurricanes etc
Human related: – Strikes, terrorist attacks, pandemic situation, thefts etc
IT related: – critical systems failure, virus attacks etc
Others: – Business Competition, power failure, Client BC contractual requirements
It might not be feasible to have plans for each and every situation, as implementing the defined plans needs to be practically possible. After the situations have been identified one needs to identify different threats, threat severity (how serious will be the impact on business if threat materializes) and their probability of occurrence (likelihood of threat materialization). Based on threat severity and occurrence levels critical risks are identified.
Implementing the plan (Developing and implementing BCP response)
The identified risks and additional client specific BCP requirements serve as inputs to the creation of BCPs. BCPs should focus on mitigation plan for the identified risks. BCP should be comprehensive, detailing roles and responsibilities of all the response teams. Proper budget needs to be allocated. Once the plan is documented the plan should be implemented.
The different implementation as per BCP could include having redundant infrastructure, signing up Service Level Agreements (SLAs) with service providers, having backup power supply, sending backup tapes to offshore sites, and training people in cross skills, having proper medicines or masks for addressing pandemic situations.
BCP should also have proper plans in place to resume business as usual. Business resumption is a critical and very important aspect of business continuity framework.
Testing and improving plan (Exercising, maintaining and reviewing)
Once the plans are documented and implemented the plans should be regularly tested. The tests could be scheduled or as and when the need arises. One can simulate different tests like moving people to other locations, having primary infrastructure down, testing UPS and diesel generator capacity, calling tree tests, evacuation drills, having senior management backups to take decisions, transport arrangements etc.
The tests will help you identify areas which need improvement in the BCP. The gaps between the expected and actual results need to be compared. The test results needs to be published to senior management. The plan needs to be reviewed regularly to update latest threats and have mitigations for the critical ones which will result in continuous lifecycle. One can schedule internal audits or apply for BS25999 certification to ensure proper compliance to BCP requirements.
Pune faces threats of irregular power supply, pandemic out break etc which could lead to business disruptions. One needs to have detailed plans for critical threats to ensure continuity of critical operations. The plans should also have detailed procedure to ensure proper business resumption. Plans may be documented but actual action during emergency situations is very important.
Important note: Contractual requirements
When signing off specific contractual requirements with clients, certain precautions must be taken as follows:
Before signing stringent SLAs it should be checked that there is a provision for exclusions or relaxations during disaster situations as you will not be able to achieve SLAs during disaster scenarios
When BCP requirements are defined in client contracts the responsibilities or expectations from the clients should also be clearly documented and agreed to ensure effective execution of the BCP
BCP requirements can only be effectively implemented when proper budget allocations are planned. So for specific BCP requirements cost negotiations with the client are important. Usually this is ignored, so it is important that the sales team should be appraised before agreeing on BCP requirements with the client.
Do not sign-off on vague BCP requirements. They should be clear, specific and practically achievable
Before signing off any contract which has a penalty clause, it should be reviewed thoroughly to ensure that compliance to those clauses is practically possible
About the author: Dipali Inamdar
Dipali Inamdar, Head – IT security in Geometric Ltd, has more than 11 years of experience in Information Technology and Information Security domain. She is a certified CISA, ISO27001 Lead Auditor, BS25999 Lead Auditor and ISO2000 Internal auditor. She has worked in sectors spanning BPO, IT and ITES companies, Finance sector for Information Security and Business Continuity Management. She is currently operating out of Pune and is very passionate about her field. See her linked-in profile for more details.
Pune’s resource for startups, the Venture Center has yet another service that could be valuable for Pune’s startups. The Venture Center Library has been created specifically to support and enhance the entrepreneurial ecosystem in and around Pune. They are targeting entrepreneurs, scientific researchers, technology innovators, IP & technology commercialization professionals and venture investors to take advantage of their collection of books, periodicals, reports and research services.
Here are key features of the Venture Center Library:
~ 1000 books – with an emphasis on technology innovation, commercialization & entrepreneurship
Many *good* magazines (MIT Tech Review, SciAm, etc.)
If you just want to browse/read books at the library itself, it is free until the end of 2009, and after that it will cost Rs. 400 per year. If you want to check out books, there’s a Rs. 2000 refundable deposit and a Rs. 400 yearly fee – which allows you to check out 2 books for up to 14 days each. Look here for details of membership and fees.
On Thursday, 22 October, 10am to 4pm, in Le Meridien, Pune, Intel will hold a free, seminar to help developers understand this platform, the surrounding ecosystem, and also to meet key players in this ecosystem. Basically, any Linux/mobile developer interested in building rich internet and media experiences on mobile devices (phones, handhelds, netbooks, nettops, in-vehicle infotainment and embedded systems) should attend to understand the Moblin ecosystem, and also to meet key players like Novell, Phoenix, Wind River and explore new business opportunities.
In addition, this event will also talk about Intel’s Atom Developer program. Here is the pitch for that program:
The netbook has become a one of the most popular consumer devices in the market today, but its true potential has been limited by applications that are not optimized for its mobility and small screen size. The Intel Atom Developer program helps developers to create innovative new applications for mobile devices using the Atom processor. The program gives developers access to multiple classes of customers, and allows them to target Moblin and Windows based devices using a single toolset. This event will also give an overview of this program, the validation procedure, the APIs and the app marketplace framework.
What: Moblin v2 for Atom roadshow by Intel When: Thursday, 22 Oct 2009, 10am-4pm Where: Le Meridien, Pune Registration and Fees: This is free for all to attend. Register here.
Most of these are basically mailing lists, and forums. I wonder whether there are other ways in which techies in Pune can find other like-minded people, and collaborate in more ways. Would chat be interesting, like proto.in uses? Or IRC? Should we be focusing on Orkut or Facebook or both? Is there something intersting that can be done with YouTube? Can we use some new technology in new ways to bring people closer together? Maybe Google Wave?
Give your suggestions in the comments section below. The best suggestion gets a Google Wave invitation. You can get the invitation for yourself, or you can use it to invite someone else. If you’re not interested in the invitation, please say so in your comment.
Give a specific suggestion for online collaboration/communication amongst Pune’s techies. Don’t just give the mechanism of collaboration – also give the purpose. For example, saying, “use an online chat room” is useless. Much more useful is something like “use an online chat-root where students from engineering colleges can ask questions about career to people from industry.” Also, a suggestion that is easy to implement is much more valuable than a suggestion that is going to require a lot of setup and/or effort. And, you get lots of plus points if you’re also willing to drive the effort. (And if you like somebody else’s suggestion, and would be willing to help/join that effort, please leave a comment indicating that.)
(Thanks to Amit Somani for graciously agreeing to donate one of his Google Wave invitations for this purpose.)
What: Project Management Institute, Pune Chapter’s monthly meeting, consisting of two sessions – 1. Chanakya‘s Project Management ideas by Anuraag Gupta. 2. Setting correct expectations around test automation by Shrikant Dhamal When: Saturday, October 10th, 10:00 am to 12:30 pm Where: Cummins Auditorium, Pune Shramik Patrakar Sangh, 193 Navi Peth, Ganjwe Chowk, Near Alka Talkies, Garware bridge & S. M. Joshi hall, Pune 411030. Reception (Tel) – +91(20) 24534190 Registration: This event is free for all, and no registration is required
Chanakya’s Project Management ideas by Anuraag Gupta
Anuraag has a 1st class Bachelors of Commerce degree from Mumbai University. He currently works with Laymen Consultants – a Mumbai based Training Company as Financial Trainer & Speaker on Finance. He also works as Chief Investment Officer with Profound Consulting Pvt. Ltd., Mumbai – a Proprietary Trading and Investment company investing in various Asset Classes. He is a visiting faculty at Garware Institute of Career Education and Development, Mumbai University and a Speaker at Rotract club seminars for Wealth Building and Stock Picking. He is founder and chief convener of Mumbai Investors Group – a closed investor forum.
Chanakya is the world’s oldest management Guru. He lived in 3rd Century BC and his book Kautilya’s Arthashastra has guided generations on good governance. It is also a book of management and has various ideas and principles that can be applied in the field of modern project management. From planning of projects, to understanding a project in detail, execution of projects and successful completion of projects he has left nothing untouched. These ideas are simple to understand and practical in its application. The session will bring out the age of ideas of Chanakya in detail.
Setting correct expectations around test automation by Shrikant Dhamal PMP®
Shrikant has over 10 years of industry experience with last 7 years in Software testing domain. He currently heads the Test Automation Center of Excellence in SQS India, the offshore wing of SQS Group, world’s largest independent software testing & quality management services provider. He has been actively involved in all the aspects of functional and automated regression testing having delivered more than 30 business-critical projects to customer satisfaction. He comes from mechanical engineering industry and has specialized in test automation using open source tools like Auto IT, Selenium etc. He has rich experience in various domains spanning Network monitoring and management, IT Information Security, HealthCare Insurance, Telecom, PLM, Credit Cards, Airline, CAD tools, Storage Area Network, Service Management Systems, CRM, and Wireless Security. He is also conducted corporate training for many Industry houses in and around Pune
Test automation becoming the key for executing routine and repetitive tests to catch up with ever increasing tests release after release of product and ever shrinking schedule. Many organizations are initiating test automation projects also for saving on efforts / cost of testing. Setting right expectations of stakeholders around test automation (output, effort, time and resources required) is the key to the success of project. Shrikant will point out considerations to set correct expectation around test automation project with the help of selected questions, which you should ask to stakeholders. Shrikant will cover following topics in his presentation:
Quick introduction to regression test automation
Regression test automation methodology
Questions and considerations to set correct expectations around test automation.
What: Q&A session with Pavan Duggal When: Saturday, 10th October, 6pm-8:30pm Where: SICSR, 4th floor Registration and Fees: Free for all to attend. No registration required
Pavan has been associated with the Ministry of Communication and Information Technology, Government of India on Cyberlaw and Electronic Governance legal issues. While a practicing Advocate, Supreme Court of India, Pavan Duggal has made an immense impact with an international reputation as an expert and authority on Cyberlaw and E-Commerce law.