Remove eSignature Presentation Online

Cracked versions of software are created with the use of debuggers. (A debugger is a special type of software that lets programmers deconstruct their software into its constituent parts for the purpose of finding bugs, and thus de-bugging. Additionally debuggers can be used for reverse-engineering, or to see what is inside the software, to learn its logic. The latter method is used mostly by malware researchers to study what malware (or computer viruses) do on-the-inside. But it can be also used by an attacker to "crack" (or bypass) legal software registration, or at times, to alter normal behavior of software, for instance by injecting a malicious code into it.)For the sake of this example, I will assume that the software that is being "cracked" was compiled into a native code, and is not a .NET or a JavaScript based application. (Otherwise it will be somewhat trivial to view its source code.) The compiled native code is a bit more tricky "beast" to study. (Native means that the code executes directly by the CPU, GPU, or other hardware.)So let's assume that the goal of an attacker is to bypass the registration logic in the software so that he or she doesn't have to pay for it. (Later for lolz, he or she may also post such "crack" on some shady online forum or on a torrent site so that others can "use" it too and give him or her their appreciation.)For simplicity let's assume that the original logic that was checking for the software registration was written in C++ and was something similar to the following code snippet:In this code sample "RegistrationName" and "RegistrationCode" are special strings of text that a legitimate software user will receive after paying for the license. (The name is usually that person's actual name or their email address, and the code is some string of unique/special characters that is tied to the name.)In the logic above, the function named "isRegistrationCodeGood()" will check if "RegistrationName" and "RegistrationCode" are accepted using some proprietary method. If they are, it will return true. Otherwise false. That outcode will dictate which branch (or scope) the execution will follow.So the logic above will either show that registration failed and quit:Or, if the registration code and name matched, it will save the registration details in persistent storage (such as the File System or System Registry) using the function named "rememberRegistrationParameters()" and then display the message thanking the user for registering:A "cracker" will obviously want to achieve the second result for any registration code that he or she enters. But they have a problem. They do not have the C++ source code, part of which I showed above. (I hope not!)So the only recourse for an attacker is to disassemble the binary code (that always ships with software in the form of .exe and .dll files on Windows, and mostly as Unix executables inside the .app packages on a Mac.) An attacker will then use a debugger to study the binary code and try to locate the registration logic that I singled out above.Next you can see the flowchart for a snippet of code that I showed in C++, presented via a low-level debugger. Or, as the code will be read in the binary form after compilation:(For readability I added comments on the right with the names of functions and variables. They will not be present in the code that an attacker could see.)(To understand what is shown above an attacker will have to have good knowledge of the Assembly language instructions for the native code.)I also need to point out that having a disassembly snippet like the one above is the final result for an attacker. The main difficulty for him or her is to locate it among millions and millions of other similar lines of code. And that is their main challenge. Not many people can do it and that is why software "cracking" is a special skill.So having found the code snippet above in the software binary file a "cracker" has two choices:1) Modify (or patch) the binary.2) Reverse-engineer the "isRegistrationCodeGood()" function and copy its logic to create what is known as a "KeyGen" or "Key Generator."Let's review both:The first choice is quite straightforward. Since an attacker got this far, he or she knows the Intel x64 Instruction Set quite well. So they simply change the conditional jump from "jnz short loc_7FF645671430" at the address 00007FF645671418 (circled in red in the screenshots) to unconditional jump, or "jmp short loc_7FF645671430". This will effectively remove any failed registration code entries and anything that the user types in will be accepted as a valid registration.Also note that this modification can be achieved by changing just one byte in the binary code from 0x75 to 0xEB:But this approach comes with a "price" of modifying the original binary file. For that an attacker needs to write his own "patcher" (or a small executable that will apply the modification that I described above.) The downside of this approach for an attacker is that patching an original executable file will break its digital signature, which may alert the end-user or the vendor. Additionally the "patcher" executable made by an attacker can be easily flagged and blocked by the end-user's antivirus software, or lead criminal investigators to the identity of the attacker.The second choice is a little bit more tricky. An attacker will have to study "isRegistrationCodeGood()" function and copy it into his own small program that will effectively duplicate the logic implemented in the original software and let him generate the registration code from any name, thus giving any unscrupulous user of that software an ability to register it without making a payment.Vendors of many major software products understand the potential impact of the second method and try to prevent it by requiring what is known as "authentication." This is basically a second step after registration, where the software submits registration name to the company's web server that returns a response back to the software of whether the code was legitimate or not. This is done by Microsoft when you purchase Windows (they call it "Activate Windows") and also by signNow, and many other companies. This second step may be done behind-the-scenes on the background while the software is running, and will usually lead to cancellation of prior registration if it was obtained illegally.So now you know how software is "cracked".Let me answer why it is not possible to prevent it. It all boils down to the fact that any software code needs to be read either by CPU (in case of a binary native code) or by an interpreter or a JIT compiler (in case of JavaScript or .NET code.) This means that if there's a way to read/interpret something, no matter how complex or convoluted it is, an attacker with enough knowledge and persistence will be able to read it as well, and thus break it.There is an argument though that cloud-based software is more secure, which is true, since its (binary) code remains on the server and end-users do not have direct access to it. And even though cloud-based software is definitely the future, it has some major drawbacks that will never allow it to fully replace your conventional software. To name just a few:Not everyone has an internet connection, or is willing to upload their data online. Additionally someone’s internet connection can be very expensive or too slow to make the software run very laggy.Then there’s a question of distributed computing. For instance, Blizzard Entertainment would never make “World of Warcraft” to fully run on their servers due to immense computational resources needed to render every single scene for every player they have. Thus it is in their best interest to let each individual user’s computer to do the rendering instead.As a software developer myself, I obviously don't like when people steal software licenses. But I have to accept it and live with it. The good news is that there are not that many people who are willing to go extra mile and search for a cracked version of software. The main problem for those who do, is that by downloading a patched executable, or an attacker's KeyGen or a Patcher, they are effectively "trusting" him or her not to put anything "nasty" into it that was not "advertised on the package" (stuff like trojans, malware, or keyloggers.) So the question for those people becomes -- is it worth the cost of the software license to potentially infect your system with a nasty virus?On the other side of the equation, some developers react very negatively to any attempts to steal their software licenses. (I was there too.) They try to implement all kinds of countermeasures -- anything from tricking reverse-engineers, to adding booby traps in the code that may do something nasty if the code detects that it is being debugged, to obfuscating or scrambling the code, to enforcing all kinds of convoluted DRM schemes, to blocking users from certain countries. I personally try to stay away from all of those measures. And here's why:A) Any kind of anti-reverse-engineering tactics could be bypassed by an attacker with enough persistence. So why bother and waste my time when I can invest that time into adding something useful to my software that will make it more productive for legitimate users?B) Some code packers could create false positives with antivirus software, which is obviously not good for marketing of that software. It also creates unnecessary complexity for the developer to debug the software.C) Adding booby traps in the code can also “misfire” on your legitimate users, which will really infuriate them and can even lead to lawsuits.D) Any DRM scheme will probably catch some 100 illegal users and greatly inconvenience 10,000 legitimate ones. So why do it to your good customers?E) Our statistics show that about 75% of all illegal licenses come from China, Russia, Brazil, to name the worst offenders. (I also understand that the reason may be much lower incomes that people have in those countries.) The main issue for us though was the fact that if we enforce our DRM or add some strong registration authentication, many people that wanted to bypass our registration would simply use a stolen credit card number. And we had no control over it. Our system will use it to send them a legitimate license only to have the payment bounce in weeks time. As a result we would lose the money that were paid for the license, plus the credit card company will impose an additional chargeback fee to our account, which may range from $0.25 to $20 per bad purchase on top of the license cost.F) As was pointed out in the comments, some companies may actually benefit from allowing pirated copies of their software. Microsoft for instance gets a lot of free publicity from people using their Windows OS, the same goes for signNow with their Photoshop. That is a good point that I agree with.So my philosophy is now this -- if someone wants to go extra mile and steal our software, go for it! They went this far to do it anyway, so they probably have a good reason. On the positive side there are so many other customers that appreciate the work that goes into creating software that greatly outnumber those that don’t.PS. Thank you for all your feedback! It makes me feel good that the knowledge I shared is useful to others.

TCS ( ILP ) joining process and document preparationThe most important part of joining TCS is its documentation! This is just a general guide to the new ILP candidates. You should always strictly follow your Annexure ! So let’s do this fast!The Joining Process is Divided into seven parts:1.Accept the joining letter2.Complete the TCS Survey Monkey3.Complete the BGC form filling4.Fill the NSR (NASSCOM) ITPIN5.Fill the ON BOARDING forms6.Prepare the Agreements (Service Agreement & Affidavit/signNowd Undertaking)7.Prepare the supporting documentsAccept the joining letter:a). First you have to accept your joining letter by using your DT reference idTCS Next Step>>ILP corner>>Joining letter>>Acceptb). Download the Joining letterTCS Next Step>>ILP corner>> Joining letter >>DownloadNote: Accepting the joining letter is necessary to complete the other formalitiesSo first accept your joining letter (if you are going to join TCS)Complete the TCS Survey MonkeyYou have to complete the TSC survey monkey. TCS recruitment team will send you the link by mailRequired details:1. TCSL Reference id (DT reference id)& passwordhttps://www.surveymonkey.com/r/T...Complete the BGC form filling:You have to complete the Background Check Verification Before Your Joining datea). Fill BGC Form:i). Fill the Basic Details (Passport, PAN, Address Details)ii). Academic Details (CGPA or overall percentage)iii). Reference: You have to fill any two person’s following detailsØ NameØ Company/Institute NameØ DesignationØ Contact NoØ Email idØ Relationship with the applicantØ Period for which reference knows the applicantiv). Fill Security Detailsb). Declaration:Ø In declaration part you have to agree and submitØ Download the BGC completed formc). Documents uploading:You have to scan and upload the following documents in PDF or JPEG format each file size should be less than 2MBØ NSR e-cardØ Birth certificate or Birth AffidavitØ Permanent, present address proof(aadhaar / passport / ration card / EB, GAS, mobile Bill / credit, debit card / Bank statement)Ø PAN cardØ Passport / passport application receiptØ ID proof (voter id, ration card, driving license, bank passbook, aadhaar)Ø X- grade mark sheetØ XII-grade mark sheetØ All semester mark sheetsØ Non-Criminal Affidavit (first page of the stamp paper)Fill the NSR (NASSCOM) ITPIN:You have to enter your NSR ITPIN atTCS Next Step>>ILP corner>>National skill registry>>ITPIN(you have to complete the registration and bio-metric process of NSR before joining ILP (please visit site www.nationalskillsregistry.com). And they will send you a NSR-e card by mail or you can generate by yourself by login to your NSR profile)Fill the ON BOARDING formsYou are mandatorily required to fill and submit the Onboarding Forms before your joining date to smoothen your Onboarding process, failing which your joining formalities will not be completed. These forms are required to be filled as per statutory compliance norms.Onboarding forms consists of five forms:Ø Provident Fund (PF)/ Pension Scheme Nomination form (Form 2 — Part A and Part B)Ø Gratuity Form (GF)Ø Superannuation Form (SF) -only to eligible employeesØ Declaration Form (Form 9)Ø Group Life Insurance (GLI)You would have to fill all the Onboarding forms online and declare nominee(s) for the above mentioned forms. Submit a Hard copy of the completed forms on the day of Joining ILPTCS Next Step>>Onboarding>>Fill all the formsAfter filling these form, you can download these 5 documents at “Dashboard tab”-in the same pageSuggestion: 1. nominee is father or mother 2. share of money -100%Required information: Name, DOB of the nominePrepare the Agreements (Service Agreement & Affidavit/signNowd Undertaking):a) Service Agreement:1.Buy a Rs.100 stamp paper on your name2.Print the service agreement page 1Download.pdf3.Buy 5 demi (court paper) / green paper (court paper) / Legal / A4 papers4.Print the service agreement page 2 – 6 Download.pdfNote: page 6 is also called as surety verification formNote: Blanks should be written using pen it should not print or typeIt doesn’t matter how many pages in your agreement but make sure that proper page number and proper contentOther instructions:If Rs.100 stamp paper is not available, you can also do this in two Rs.50 stamp papers Make sure the text starts in the stamp paper. You can print first 3 Lines on first Rs.50 stamp paper and next some paras on another Rs.50 stamp paper and the remaining pages on other demi paper.Read the service agreement guidelines carefully before filling up anything. Many might find this silly but I prefer filling up Xerox copies first. It can save you the money for printing again in case something goes wrong! So we are here going to use a Rs.100 stamp paper for the first few lines(THIS AGREEMENT made at Mumbai on this 1.______________________________________ day of 2._________________, Two thousand and 3._______________________ between TATA CONSULTANCY SERVICES LIMITED,)and print the rest on simple A4 papers or Legal or demi papers. Fill everything up in CAPS, using a pen. Do not remove any clause, not even the page numbers! Don’t forget your signature and surety’s signature on the bottom of each page!! Service Agreement needn’t be signNowd.Surety Verification:This is a part of the Service Agreement. Any person who is an Income Tax Payee or has Land property can be your surety! Example: your father! So just make sure you place the signatures in proper places and have your surety fill up the “Surety Verification Form”. This form has to be attested by a Gazetteer Officer or the manager of a nationalized bank where the surety holds an account or employer of the surety! or public notaryØ Attested photocopies of the surety’s pan card.Ø Attested photocopies of the surety’s Form 16 (or)  Attested photocopies of the surety’s latest income tax returnNOTE: Make sure your surety’s signature everywhere matches with that done in his/her Pan Card or you are in some serious troubleb) Non-Criminal Affidavit:1.Buy a Rs.100 stamp paper on your name2.Print the Non-criminal affidavit page 1 Download.pdf3.Buy 2 demi (court paper) / green paper (court paper) / Legal / A4 papers4.Print the Non-criminal affidavit page 2 – 3 Download.pdf5.Get this affidavit signNowd by a notary public in court (signature in all the pages)Note: Make sure you choose non-blood relation people as witnesses! Example: Neighbors.Other instructions:If Rs.100 stamp paper is not available, you can also do this in two Rs.50 stamp papers Make sure the text starts in the stamp paper. You can print first 2 paras on first Rs.50 stamp paper and next some paras on another Rs.50 stamp paper and the witness page on another demi paper. just fill in the blanks with a pen DO NOT remove any clause.Prepare the supporting documents:1. Medical Certificate:Download medical certificate format from TCS next step portal and print it (Black & white is enough) Make sure The doctor signs and places his seal on the second page. He should also sign and place a seal on your photo. format download.pdfYou’ll need two attested copies of everything but make sure you keep more copies with you (many times it will help you)Here’s a list of the supporting documents you’ll need to get attested by:Ø Gazetteer Officer orØ Government higher secondary school head master orØ Tehsildar of the village in which the Applicants resides. orØ District collector of the district in which the Applicants resides1. Birth Certificate:(If your birth certificate is not in English, or your name/place of birth/date of birth is missing/the details are mismatching, then it is recommended that you apply for a new one before it’s too late.Otherwise, you need a signNowd affidavit on Rs.100 stamp paper, which is only atemporary arrangement.)2. Class X - mark sheet.3. Class XII-mark sheet.4. Consolidated Mark sheet (from your institution)5. Degree Certificate(or Provisional Certificate / course complete Certificate if you. Don’t receives your Degree Certificate yet)6. All Semester Mark sheets7. Transfer certificate (if you have)8. Your Pan Card9. Your Passport10. surety’s information:a) If Income tax payee : photocopy attestedi). Surety’s Form 16 ( or )Surety’s Income Tax Return / saral / form 2d / form12Bii). Surety’s PAN cardb) If Surety have landi). Surety’s land documents photo copy – Registered in Englishii). Latest land valuation certificate from the respective authority-photo copy with attestedc) Else Fixed deposit of Rs. 50,000 at nationalized bank on TCS name for two years) photocopy attested by bank manager11. your aadhaar card (if you have)12. your voter card (if you have)13. Ration card (if you have)You’ll need two self-attested copies of Following documents but make sure you keep more copies with you (many times it will help you)1. Joining letter2. Offer letter3. ID proof (Passport, Voter ID)4. Address Proof (Passport, Voter ID)- give a separate copy for permanent & (if Present) address5. Highest degree mark sheets (for BGC)6. Degree Certificate / Provisional / Course complete (if only degree certificate not provided byyour institution)(for BGC)7. NSR e-card printout (after you’re done with Biometrics, you’ll get your ITPIN and e-card with your picture, in your e-mail).8. Documents for break in education (if any otherwise no need)(i) Medical records, if the break was due to medical reasons.(ii) Certificates / Examination results, if the break was due to additional course done.(iii) Affidavit on a Rs.100 stamp paper with notary authorization, if the study break was due to other personal reasons.9. CID Form (if you are from Mumbai/ Navi Mumbai/ Thane City/ Thane Rural / Pune otherwise no need) You need to submit Self-Attested Criminal Investigation Division (CID) forms forthe respective region. (details about forms will be mailed to you just before your joining)10. 12+ copies Recent passport size photos11. All the documents Original compulsory. Don’t forget to take the originals with you!Advise: keep more copies of your documents and attested copies it may help you if any problem

Yes , it is mandatory to report your foreign bank accounts if your total balance(of all accounts) are over $10000 at any given time,It is a simple form and would not take more than 30 mins to complete. My tax consultant does this for me every year, but it’s pretty simple and you can do it yourself . If you fail to submit FBAR before deadline (Usually June 30) they may impose $10000 penalty per year delinquent.Also, if you are a US resident( i.e physically present in the U.S. during the year for 183 days or more.) it is required to open NRE account and convert your regular savings account to...

I recommend that anyone looking to test the entrepreneurial waters give e-commerce a start. You can actually sell goods without ever owning them.I got started with E-Commerce when I was just 13, buying custom bicycles and selling all of the parts separately.Later I realized that I could sell just about anything without owning it at all. When a customer would place an order with me, I would get their money and use it to place an order with my supplier straight to my customer’s house.The difference in price and cost is my profit to keep. This is a business model known as dropshipping.A customer places an order on my website, I then buy much cheaper from a supplier and ship the order straight to my customer’s house.Keys to success:Start with one product (or a very small niche selection, if you must). Remember, Amazon started with Books on the internet.That flagship product should cost you less than $10, and sell for $29. In my experience, $30 is the maximum strangers are willing to spend with a stranger on the internet, with no recommendations from trusted sources or other social proof.Most people stress over what they will sell. The truth is, it’s all about angle. Super generic products are totally fine, when combined with the right audience.That last point is very, very important. I’ll share an idea I had the other day to help you better understand—I recently left a job that provided a company car. I’m out on my own for the first time, and despite making more money now, I’m still stressed over losing my steady, predictable income.So, I’m driving my sister’s old Lexus SUV. I love it.Leather interior, good gas mileage, has a little more get up and go…But the ONLY audio input is a cassette player!!So, I put in a little Casette-to-Auxiliary adapter that I sell through my B2B dropship business.I connected that device to another product I sell B2B— bluetooth-to-auxiliary adapter…I connected my phone via bluetooth, and voila!! I was playing Spotify wirelessly to/through a cassette deck!To my surprise, the audio quality was actually EXCELLENT.These two devices cost $6 combined.Find out what cars only have tape/cd decks and no auxiliary, and figure out how to target owners of those cars. Sell the combo for $29.BAM. Hungry audience, fantastic margin.Craigslist? Facebook ads?I haven’t fleshed that part out yet.Go ahead, steal my idea :)

There is no documented evidence to that effect. Here is a report by liveMint reporter.“The world’s platform for change (Change.org) was launched by Stanford University graduate Ben Rattray in 2012; but although it has a dot org domain name, it is actually a company. Rattray, however, stresses the essential non-profit character of the business model.One of its best-known campaigns was led by a South African woman, LGBT (lesbian, gay, bisexual, and transgender) activist Ndumie Funda, against the horrific practice of corrective rape, where lesbians are raped to “straighten" them, a practice that has been reported in India as well. After Funda’s petition made its way around the world, causing outrage and prompting signatures in an astounding 175 countries, the South African government legislated to outlaw the practice.In India, one of the more recent and high-profile petitions on The world’s platform for change was over attempts to censor the Bollywood movie Udta Punjab—about drug abuse in Punjab. The movie has been cleared by the Bombay high court with a single cut against the 13 sought by the Central Board of Film Certification. I asked The world’s platform for change India head Preethi Herman what this bewildering array of petitions told her about India.I asked Herman to list out some of her favourite Indian “victories" (that’s what they call successful petitions), and it turned out to be a pretty formidable list. There are many—500-600 according to Herman—but one stands out. In July 2014, a six-year-old girl was raped by a school gym instructor and security guard. The incident sparked outrage in India, where 36,735 rapes took place in 2014.Amid calls for hanging the rapists, a woman petitioned for guidelines to be drafted for the safety of children in schools. It attracted 200,000 signatures. “A minister called her and within a week, the guidelines were done," Herman said. Who started the petition? “It was just regular person with a two-year-old child."Celebrity petitioners have included entrepreneur and lawmaker Rajeev Chandrasekhar (petition on child sexual abuse); the Confederation of Indian Industry (pass the goods and services tax, end Parliament logjam); ex-banker and Aam Aadmi Party leader Meera Sanyal (remove coal mounds from Mumbai); filmmaker Onir Char (save indie cinema); Shashi Tharoor (scrap Section 377) and lawmaker Milind Deora (make Mumbai mayor accountable).The The world’s platform for change petition on Section 377 failed in Parliament, but that’s not the point. The petitioner’s last mile cannot just be the Indian Parliament. The last mile is the creation of awareness through informed debate, which is one hallmark of representative democracy.”[1]Let us see the Legal Aspects of Online Petitions.Parliament of India: The right to petition Parliament“What is petitioning? Petitioning is a formal process that involves sending a written appeal to Parliament. The public can petition Parliament to make MPs aware of their opinion and/ or to request action.Who petitions and how? Anyone can petition Parliament. The only requirement is that petitions be submitted in the prescribed format, in either Hindi or English, and signed by the petitioner. In the case of Lok Sabha, the petition is normally required to be countersigned by an MP. According to the Rules of Lok Sabha, "This practice is based on the principle that petitions are normally presented by members in their capacity as elected representatives of the people, and that they have to take full responsibility for the statements made therein and answer questions on them in the House, if any, are raised." Petitions can be sent to either House in respect of:Any Bills/ other matters that are pending before the HouseAny matter of general public interest relating to the work of the Central GovernmentThe petition should not raise matters that are currently sub-judice or for which remedy is already available under an existing law of the Central Government. Petition formats can be accessed at: Lok Sabha; Rajya SabhaWhat happens to the petition once it has been submitted? Once submitted, the petition may either be tabled in the House or presented by an MP on behalf of the petitioner. These are then examined by the Committee on Petitions. The Committee may choose to circulate the petition and undertake consultations before presenting its report (For instance, the Petition praying for development of Railway network in Uttarakhand, Himachal Pradesh and other Himalayan States). It may also invite comments from the concerned Ministries. The recommendations of the Committee are then presented in the form of a report to the House. Previous reports can be accessed at the relevant committee pages on the Lok Sabha and the Rajya Sabha websites.”[2]Supreme Court Of India“In attempts to make justice less expensive, more accessible and speedy the e-filing in the Supreme court commenced in India from 2 October 2006. This electronic innovation gained a strong recognition through its subsequent endorsement in the e-court project approved by government of India in February 2007. As a part of this project a user-friendly program with interactive features has been prepared by the National Informatics Centre (NIC).Apart from the Supreme Court, Delhi High Court also commenced E-filling facility from October, 2013.IT began for taxation and company courts in a phased manner but soon it would be introduced in civil and criminal courts.”[3]Petitioners in person can file online petitions in Hon’ble Supreme Court. See the details at EFILING INSTRUCTIONS :Supreme Court of India and Supreme Court of IndiaHence it is clear that the person who initiates a petition on The world’s platform for change (change.org) has to apply in person as petitioner for the Supreme Court to act on it or through an Advocate-on -record.The world’s platform for change (change.org) is simply an online aggregator of supporters for an online petition merely as a lobby group. It does not lead to an automatic registration as petition with wither the Parliament of India or the Courts of India. A formal PIL through NGO or in person by the originator as petitioner has to be lodged for any effective and legally binding addressal.Footnotes[1] What change.org tells us about India[2] The right to petition Parliament[3] How To File A Case Online in India | LawLex.Org

Here are some of the quick facts about National Encryption Policy, presented in a timeline format. This may help you to judge if we should be worried or not.What is the national encryption policy?As stated in the proposed draft, the policy demands all the citizens to store plain-texts of encrypted information for 90 days from the date of implementation.In order to meet the demands of law and concerned department, users should be able to produce the plain-text whenever required.The responsibility of regulating algorithms and key sizes for encryption will rest with Indian government only.Encryption: meaning and historyEncryption refers to modification of the electronic data into a form that can be read by the person who knows translation of codes. Julius Caeser used this technique to shuffle letters, during the Roman Empire.Need for encryption - PurposeAs the policy states, it aims at providing the privacy of information to the citizens and the protection of business related data.Another reason behind this policy is to establish coherence, credibility and stability among various information networks and systems.However, the fact that few other parts of the policy contradict its sole primary purpose, can't be overlooked.Government to soon regulate encryption standards (22nd Sep 2015)Soon after the National Encryption Policy is put into effect, removing whatsapp and google hangout messages will be counted as illegitimate.The online businesses will be asked to keep the confidential information of users, like passwords by saving as plain text.The policy has been framed by a body working under the Department of Electronics and Information Technology (DeitY).Encryption policy: A cause of concern (Drawbacks)The range of services Indian citizens can access gets narrow as they can only use those services, whose vendors have registered in India.Deleting messages from applications like Whatsapp becomes illegal.Storage of all the data is practically not as easy as ABC.One of the major reasons for resentment of this scheme is that it violates the privacy of netizens.Scheme for execution of policy (Regulation)Soon, the formation of an administrative group to monitor the implementation of the policy, will be seen.The agency will specialize in agreement of the service providers and the government to ensure proper registration as well as evaluation of the encrypted products.The policy instructs that export of encrypted products would be carried only after the approval of the designated group.Legal dimension in information technologyIndian law system readily allows such measures to be implemented.Information technology act has been formulated, that paves way for establishment of such policies. For encryption, sec 84A and for decryption, sec 69 have been added.Moreover statements listed in IT act don't restrict themselves to this zone of coding or decoding only. They meticulously define specialised technical-terms like hashing algorithms, digital signatures etc.Draft open to suggestionsThe draft of the policy has been published on the internet in order to seek suggestions and viewpoints of individuals.The email id akrishnan@deity.gov.in is open to receive comments and suggestions by netizens till October 16.Pranesh Prakash calls the scheme as a "bad idea conceived by people who do not understand encryption."Raman Singh, the policy director, Access says this policy corrodes security.Encryption controversy: Social media and whatsapp exempted (22nd Sep 2015)As the draft of the proposed encryption policy was made public, there was a huge outrage among the netizens.The government has immediately clarified that whatsapp and other social media sites, banking services and e-commerce platforms will be exempted.These businesses are however expected to store all communication in encrypted and plain-text form; they are expected to share the security-key with government when asked.Disclaimer: The above information has been extracted from Government to regulate encryption standards.I am one of the founders of NewsBytes (NewsBytes - Daily News Digest! - Android Apps on Google Play) and thought this information could be useful to people here.

Hello concerned user, You are worried about a suspicion that a spyware or keylogger might be installed on your computer? If yes… I would like to educate you more about spyware/keyloggers, what to look for and how to totally get rid of them. For this, I would use the Blazing tools perfect keylogger as a detailed example for you to really understand how spywares work;The Blazing Tools Perfect Keylogger has been chosen for analysis because it has been found hidden in so many Trojans on the Internet and it’s be taught extensively how to get it out totally out of a computer permanently at Rehabculture Hack store. It's a good example of a common hook-type keylogger, although Blazing Tools markets its products to IT administrators and parents, the presence of their keylogger in many Trojans illustrates how people can package legal code and use it for malicious activities. The following features of the "Perfect Keylogger" are of use to anyone trying to spy on an unsuspecting user:Stealth Mode. In this mode no icon is present in the taskbar and the keylogger is virtually hidden.Remote Installation. The keylogger has a feature whereby it can attach to other programs and can be sent by e-mail to install on the remote PC in stealth mode. It will then send keystrokes, screenshots and websites visited to the attacker by e-mail or via FTP.Smart Rename. This feature allows a user to rename all keylogger's executable files and registry entries.This keylogger was installed on a test PC to show you how it works and what to look out for. The following capture, with the help of a tool such as SNAPPER, shows the changes in the files after installing the keylogger, as shown below in Figure 1.Figure 1. File changes made by the Perfect Keylogger.With the help of a free anti-spyware application such as Microsoft Antispyware, the registry entries made by the keylogger as well as its DLLs and EXEs can be seen below in Figure 2.Figure 2. Registry entries, .dll files and .exe files of Keylogger.The keylogger also runs as a background process which can be seen with the help of a tool such as SysInternals' Process Explorer, as shown below in Figure 3.Figure 3. Spyware process running in the background.This same keylogger was next installed on a different test PC through another program's installer and then configured to send keystrokes captured in an email to a test email-id. Ironically, the program used for this example was Spybot Search & Destroy, a legitimate freeware tool that does a good job of detecting spyware. This is a good example of how other legitimate applications can also be used to install spyware, unbeknownst to the reader.The procedure as described above is the Remote Installation feature. The information sent by email was then captured with the help of a network sniffer. For ease-of-use, Ethereal and the corresponding TCP stream is shown below in Figure 4 and Figure 5.Figure 4. Ethereal captures the keylogger's outgoing email.Figure 5. TCP stream of Ethereal capture.Since the content of this email is base64 encoded, the actual output can be seen only after decoding it with a base64 decoder. After passing the output through a base64 decoder, the part of the output of significance is shown as follows:Tuesday, 23 JanuaryIexplore.exe, 10:42 AMPaladion Networks: The Internet Security Architects - Microsoft Internet Explorerahmed_mobarak_1986eg@hotmail.com|alexander    [PASSWORD CAPTURED: alexander]It can be seen that the email-id (ahmed_mobarak_1986eg) and the password (alexander) are captured. Similarly, the keylogger can be used to capture all types of passwords including passwords used for proxies, email accounts, and online banking applications. It can also capture programming code typed by a developer, instant messaging text, and the URLs of websites visited by the user.New approaches:With the market being inundated with new anti-spyware products, spyware creators have now resorted to unorthodox methods of sustenance. One such example is the nasty ability of the spyware code to keep reinstalling itself. Although anti-spyware applications can remove the spyware's registry entry from one location, most of them are found lacking in cleaning hidden registry entries that try to have the software reinstalled on boot. Another approach is to make the spyware application load into memory very early in the boot process (before the Operating System loads user-level processes). In this case, when a user tries to uninstall the software with an anti-spyware application, the OS will not allow this as it tries to protect the integrity of a running program (spyware) that it doesn't control.Detection and removal:A spyware application is inherently very different in behavior and operation from a traditional virus or a worm, and therefore to most antivirus software, it may appear as a legitimate program. The fact is, virus signatures are very different from spyware signatures. Firewalls also are ineffective in dealing with them as spyware is either piggybacked with legitimate applications, hidden in a regular image file, or can occur as normal port 80 web traffic.Therefore, the essence of any spyware prevention exercise is first to ensure the operating system is fully patched to known vulnerabilities. The best prevention, aside from switching to less vulnerable operating systems like Mac OS X and Linux, is to educate users that it is not safe to click on anything and everything found on the Web, and they must also install only what is needed. Freebies on the Internet, ones which are often typically advertised in pop-up banners, must be totally abstained from. Other methods of avoiding spyware are to ensure the browser used is configured securely, and to have at least one good spyware detection and removal tool installed. Microsoft Antispyware, Ad-Aware, PestPatrol, and Spy Sweeper are some of the free tools that help in detecting and removing spyware.Please note that spyware is largely, but not exclusively, a problem with Microsoft's Internet Explorer. The user of more modern, feature-rich browsers such as Mozilla Firefox can virtually eliminate the spyware problem altogether. However, it is still the case that some websites are coded to only work with IE, and therefore switching to Firefox may not be a solution for 100% of a user's web surfing needs.Ultimately, the only protection and removal of these spywares/keyloggers is to get a computer security engineer to scan and get rid of these malwares permanently. You can get one at Rehabculture Hack store, because that was where we were taught how to detect and upgrade our system against all trojan horse worms and virus. Be informed, as “Information is power”…