Posts

Google User Search Logs – Is it Personal Data or Information as per LAW?

Image
Google User Search Logs – Is it Personal Data or Information? Privacy concerns relate to personally information or personal data, that is, as defined in The IT Rules under The ITAct, 2000 i.e “Personal information” means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person. I nformation which can be used to uniquely identify, contact, or locate a specific individual person. Federal privacy legislation protects personal data in a number of contexts, such as health information, financial data, or credit reports. Similarly, the European data protection framework applies to "personal data," defined as "any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by re

Google and Indian Privacy Laws (Part I)

Image
Google and Indian Privacy Laws (Part I) Search engines are the most important actors on the Internet today and Google is the undisputed king of search. Google dominates the Internet, guiding users to the information they seek through an ocean of unrelated data with astonishing precision and speed. It is a powerful tool, evoking ambivalent feelings. On the one hand, we adore Google for its simple, modest-looking interface masking a hyper-complicated algorithm, which is the very essence of online ingenuity. We admire it for providing superb services at no (evident) cost, a practical miracle in today's market economy. On the other hand, we grow wary of Google's increasing clout as the ultimate arbiter of commercial success ("to exist is to be indexed by a search engine") and as a central database for users' personal information, not only logging their search queries but also storing their e-mail (Gmail), calendars (Calendar), photos (Picasa), videos (Yo

New Malware to Steal your Credit or Debit Card Details

Your Ultimate Bank Money Stealer is Here..  A new malware is discovered called “Dump Memory Grabber,” which has already been used to steal debit and credit card information from customers using major US banks including Chase, Citibank and Capital One, The malicious code is evidently being installed directly into point-of-sale (POS) hardware (meaning registers or kiosks) and ATMs, and transmitting the harvested information straight out of the magnetic stripes on credit and debit cards - which includes everything from account numbers, to first and last names and expiration dates. How are attackers infecting physical systems? It is your favourite USB drives are the likely culprits, as modern register systems often have accessible ports, as well as direct connections to the Web. The harvested information is then used to produce cloned cards, and they are likely succeeding with the help of individuals with direct access to the POS systems and ATMs - which could include employees.

Denial-of-service (DoS) attack what it is ??

Denial-of-service (DoS) attack Now all major organizations face DDoS attacks on their public facing servers, mainly banking and finance companies face the most with demands of ransom from attackers sitting in any corner of the world. Old approaches and solutions sometimes seem to not work, but remaining educated about the same(DoS or DDoS Attacks) always helps. What is DoS ? In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts (banking, etc.), or other services that rely on the affected computer. The most common and obvious type of DoS attack occurs when an attacker "floods" a network with information. When you type a URL for a particular website into your browser, you are sending a req

Reasonable Security Practices and Procedures and Sensitive Personal Data in India-provisions required

ITA Reasonable Security Practices and Procedures and Sensitive Personal Data or Information Rules 2011 The Personal Information Security Rules were notified in April 2011 and serve as the most comprehensive form of data protection in India. The Rules prescribe procedures and protocol by which body corporate must adhere to. The Rules can be brought in line with the National Privacy Principles through the following changes: 1. Notice Existing Provisions o Privacy Policy: Anybody corporate that collects, receives, possesses, stores, deals, or handles information must provide a privacy policy that provides for clear and easily accessible statements of its practices and policies, type of personal or sensitive personal data or information collected, purpose of collection and usage of such information, disclosure of information, and reasonable security practices and procedures. Rule 4 o During Collection : While collecting information directly from the person
Image
Adv Prashant Mali took session for police officers from 4 states on "IT Act, 2000,Digital Evidence,Investigation etc " at the Rajasthan Police Academy,Jaipur for a course named "Investigation of Cyber Crime" Sponsored by Bureau of Police Research &Development(BPR&D) in India. Officers were found concentrating due to high number of Information technology related cases in almost all the police stations including those from rural areas

Computer Forensics Tools – Attacks-Legal Stand

Attacks on Computer Forensics Tools – Legal Stand Direct attacks on the computer forensics process are the newest type of Anti-Forensics and potentially the most threatening. There are six phases in the process of digital forensics; all are open to attack: 1. Identification refers to the method by which an investigator learns that there is some incident to investigate. This phase can be undermined by obscuring the incident, or hiding the nexus between the digital device and the event under investigation. 2. Preservation describes the steps by which the integrity of the evidence is maintained. This phase can be undermined by interrupting the evidence chain or calling into doubt the integrity of the evidence itself. 3. Collection is the process by which data from the evidence medium is acquired. This step can be undermined by limiting the completeness of the data being collected or calling into question the hardware, software, policies, and procedures by which