Remove eSignature Presentation Secure

Cracked versions of software are created with the use of debuggers. (A debugger is a special type of software that lets programmers deconstruct their software into its constituent parts for the purpose of finding bugs, and thus de-bugging. Additionally debuggers can be used for reverse-engineering, or to see what is inside the software, to learn its logic. The latter method is used mostly by malware researchers to study what malware (or computer viruses) do on-the-inside. But it can be also used by an attacker to "crack" (or bypass) legal software registration, or at times, to alter normal behavior of software, for instance by injecting a malicious code into it.)For the sake of this example, I will assume that the software that is being "cracked" was compiled into a native code, and is not a .NET or a JavaScript based application. (Otherwise it will be somewhat trivial to view its source code.) The compiled native code is a bit more tricky "beast" to study. (Native means that the code executes directly by the CPU, GPU, or other hardware.)So let's assume that the goal of an attacker is to bypass the registration logic in the software so that he or she doesn't have to pay for it. (Later for lolz, he or she may also post such "crack" on some shady online forum or on a torrent site so that others can "use" it too and give him or her their appreciation.)For simplicity let's assume that the original logic that was checking for the software registration was written in C++ and was something similar to the following code snippet:In this code sample "RegistrationName" and "RegistrationCode" are special strings of text that a legitimate software user will receive after paying for the license. (The name is usually that person's actual name or their email address, and the code is some string of unique/special characters that is tied to the name.)In the logic above, the function named "isRegistrationCodeGood()" will check if "RegistrationName" and "RegistrationCode" are accepted using some proprietary method. If they are, it will return true. Otherwise false. That outcode will dictate which branch (or scope) the execution will follow.So the logic above will either show that registration failed and quit:Or, if the registration code and name matched, it will save the registration details in persistent storage (such as the File System or System Registry) using the function named "rememberRegistrationParameters()" and then display the message thanking the user for registering:A "cracker" will obviously want to achieve the second result for any registration code that he or she enters. But they have a problem. They do not have the C++ source code, part of which I showed above. (I hope not!)So the only recourse for an attacker is to disassemble the binary code (that always ships with software in the form of .exe and .dll files on Windows, and mostly as Unix executables inside the .app packages on a Mac.) An attacker will then use a debugger to study the binary code and try to locate the registration logic that I singled out above.Next you can see the flowchart for a snippet of code that I showed in C++, presented via a low-level debugger. Or, as the code will be read in the binary form after compilation:(For readability I added comments on the right with the names of functions and variables. They will not be present in the code that an attacker could see.)(To understand what is shown above an attacker will have to have good knowledge of the Assembly language instructions for the native code.)I also need to point out that having a disassembly snippet like the one above is the final result for an attacker. The main difficulty for him or her is to locate it among millions and millions of other similar lines of code. And that is their main challenge. Not many people can do it and that is why software "cracking" is a special skill.So having found the code snippet above in the software binary file a "cracker" has two choices:1) Modify (or patch) the binary.2) Reverse-engineer the "isRegistrationCodeGood()" function and copy its logic to create what is known as a "KeyGen" or "Key Generator."Let's review both:The first choice is quite straightforward. Since an attacker got this far, he or she knows the Intel x64 Instruction Set quite well. So they simply change the conditional jump from "jnz short loc_7FF645671430" at the address 00007FF645671418 (circled in red in the screenshots) to unconditional jump, or "jmp short loc_7FF645671430". This will effectively remove any failed registration code entries and anything that the user types in will be accepted as a valid registration.Also note that this modification can be achieved by changing just one byte in the binary code from 0x75 to 0xEB:But this approach comes with a "price" of modifying the original binary file. For that an attacker needs to write his own "patcher" (or a small executable that will apply the modification that I described above.) The downside of this approach for an attacker is that patching an original executable file will break its digital signature, which may alert the end-user or the vendor. Additionally the "patcher" executable made by an attacker can be easily flagged and blocked by the end-user's antivirus software, or lead criminal investigators to the identity of the attacker.The second choice is a little bit more tricky. An attacker will have to study "isRegistrationCodeGood()" function and copy it into his own small program that will effectively duplicate the logic implemented in the original software and let him generate the registration code from any name, thus giving any unscrupulous user of that software an ability to register it without making a payment.Vendors of many major software products understand the potential impact of the second method and try to prevent it by requiring what is known as "authentication." This is basically a second step after registration, where the software submits registration name to the company's web server that returns a response back to the software of whether the code was legitimate or not. This is done by Microsoft when you purchase Windows (they call it "Activate Windows") and also by signNow, and many other companies. This second step may be done behind-the-scenes on the background while the software is running, and will usually lead to cancellation of prior registration if it was obtained illegally.So now you know how software is "cracked".Let me answer why it is not possible to prevent it. It all boils down to the fact that any software code needs to be read either by CPU (in case of a binary native code) or by an interpreter or a JIT compiler (in case of JavaScript or .NET code.) This means that if there's a way to read/interpret something, no matter how complex or convoluted it is, an attacker with enough knowledge and persistence will be able to read it as well, and thus break it.There is an argument though that cloud-based software is more secure, which is true, since its (binary) code remains on the server and end-users do not have direct access to it. And even though cloud-based software is definitely the future, it has some major drawbacks that will never allow it to fully replace your conventional software. To name just a few:Not everyone has an internet connection, or is willing to upload their data online. Additionally someone’s internet connection can be very expensive or too slow to make the software run very laggy.Then there’s a question of distributed computing. For instance, Blizzard Entertainment would never make “World of Warcraft” to fully run on their servers due to immense computational resources needed to render every single scene for every player they have. Thus it is in their best interest to let each individual user’s computer to do the rendering instead.As a software developer myself, I obviously don't like when people steal software licenses. But I have to accept it and live with it. The good news is that there are not that many people who are willing to go extra mile and search for a cracked version of software. The main problem for those who do, is that by downloading a patched executable, or an attacker's KeyGen or a Patcher, they are effectively "trusting" him or her not to put anything "nasty" into it that was not "advertised on the package" (stuff like trojans, malware, or keyloggers.) So the question for those people becomes -- is it worth the cost of the software license to potentially infect your system with a nasty virus?On the other side of the equation, some developers react very negatively to any attempts to steal their software licenses. (I was there too.) They try to implement all kinds of countermeasures -- anything from tricking reverse-engineers, to adding booby traps in the code that may do something nasty if the code detects that it is being debugged, to obfuscating or scrambling the code, to enforcing all kinds of convoluted DRM schemes, to blocking users from certain countries. I personally try to stay away from all of those measures. And here's why:A) Any kind of anti-reverse-engineering tactics could be bypassed by an attacker with enough persistence. So why bother and waste my time when I can invest that time into adding something useful to my software that will make it more productive for legitimate users?B) Some code packers could create false positives with antivirus software, which is obviously not good for marketing of that software. It also creates unnecessary complexity for the developer to debug the software.C) Adding booby traps in the code can also “misfire” on your legitimate users, which will really infuriate them and can even lead to lawsuits.D) Any DRM scheme will probably catch some 100 illegal users and greatly inconvenience 10,000 legitimate ones. So why do it to your good customers?E) Our statistics show that about 75% of all illegal licenses come from China, Russia, Brazil, to name the worst offenders. (I also understand that the reason may be much lower incomes that people have in those countries.) The main issue for us though was the fact that if we enforce our DRM or add some strong registration authentication, many people that wanted to bypass our registration would simply use a stolen credit card number. And we had no control over it. Our system will use it to send them a legitimate license only to have the payment bounce in weeks time. As a result we would lose the money that were paid for the license, plus the credit card company will impose an additional chargeback fee to our account, which may range from $0.25 to $20 per bad purchase on top of the license cost.F) As was pointed out in the comments, some companies may actually benefit from allowing pirated copies of their software. Microsoft for instance gets a lot of free publicity from people using their Windows OS, the same goes for signNow with their Photoshop. That is a good point that I agree with.So my philosophy is now this -- if someone wants to go extra mile and steal our software, go for it! They went this far to do it anyway, so they probably have a good reason. On the positive side there are so many other customers that appreciate the work that goes into creating software that greatly outnumber those that don’t.PS. Thank you for all your feedback! It makes me feel good that the knowledge I shared is useful to others.

Very much true.The US military has massive power projection, more than any country in the history of man. The US has 11 (CATOBAR/STOBAR) Aircraft Carriers, while the next country has 1 which is, China, Russia, India, UK, and France. Also, the US Carriers are not just regular carriers, they are known as Super Carriers. Which is a term coined by the public to say that these carriers are so large that they exceed the definition of an Aircraft Carrier. Also, the US carriers were designed in the 70’s and countries are now just starting to make designs that could compete with the American Carriers. However, the US just redesigned the carrier and is coming out with the new Gerald R. Ford Class Carrier, which is supposed to be years possibly decades ahead of any other countries design. If you include Helicopter Carriers, and Amphibious Assault ships, that number jumps up to 20, soon to be 22. Then the next highest is tied between Japan and France with 4. My favorite part about the US having so many Aicraft Carriers is that if we divided them up between the major oceans, we could have 4 in each ocean… Crazy. The US carriers are also nuclear powered, they are the only carriers to be nuclear powered besides the French R91 Charles de Gaulle.Note the types of planes on the US Carriers. If you look at the USS Gerald R. Ford, it is fielding 5 different aircraft. 4 planes and 1 helicopter. We will look at the planes. Woden note, the USN has the 2nd largest Air Force in the world, right behind the USAF.First plane- McDonnell Douglas F/A-18 Hornet/Super Hornet: The plane is one of the most decorated planes, with thousands of successful missions, while requiring 3x less maintenance and failures than its counterparts. The plane has electronic warfare capabilities, air to air, and air to ground capabilities. Also, has spy and early warning capabilities. It was one of the first aircraft to heavily use multifunction displays, which at the switch of a button allow a pilot to perform either fighter or attack roles or both. The airframe is complex yet so simple, that a 4 man team can remove and install a new F404 engine in 40 minutes. Was also one of the very first 4th generation fighter on an aircraft carrier.Second plane- Northrop Grumman X-47B: This guy will be the very first and only Carrier based Drone. Northrop Grumman intends to develop the prototype X-47B into a battlefield-ready aircraft, the Unmanned Carrier-Launched Airborne Surveillance and Strike (UCLASS) system, which will enter service in the 2020s. So it’ll have strike options and surveillance capabilities.Third plane- Northrop Grumman E-2 Hawkeye: Many countries have AWAC systems or Airborne early warning and control. But only the United States have a Carrier based AWAC system. With the creation of this system, carriers that are hundreds of miles away from the nearest AWAC system, this plane gives the ability for a carrier strike group to potentially detect fifth-generation fighters like the Russian Sukhoi Su-57 and the Chinese Chengdu J-20 and Shenyang J-31 farther out. Also, gives the ability to guide fleet weapons, such as AIM-120 AMRAAM and SM-6 missiles, onto targets beyond a launch platform's detection range or capabilities.Fourth plane- Lockheed Martin F-35C Lightning II: This plane is the first and only carrier based 5th Generation Stealth fighter. The plane is meant as an air superiority fighter and a plane capable of ground support. It also has a very low, almost undetectable, cross section and radar signature. Besides radar stealth measures, the F-35 incorporates infrared signature and visual signature reduction measures. With the addition of a 5th generation stealth fighter, this gives the US military and Navy, the opportunity to do more damage and to have true air superiority over all other aircraft carrier based planes and land based planes. The US, in the event of a war, can now bring 5th gen fighters to the battle without the need of the Air Force against other 4th gen fighters, or possibly the few Chinese or Russian 5th gen fighters.Furthermore, the US have some of the best destroyers on the planet. With the highly acclaimed Arleigh-Burke Class Destroyer, and the brand new, low production Zumwalt Class Destroyer. The US has the most destroyers in the world with about double the next country, with another 4 undergoing sea trials and we are currently building 5 more and have awarded contracts for 5 more. By 2024 the US is expected to have 79 destroyers in service.Zumwalt Destroyer- The Zumwalt class warships are the largest destroyer ever built. The USS Zumwalt has unusual hull design optimized for wave piercing. There is a composite deckhouse. Angular shape minimizes its radar signature. The ship has hidden radar and sensors. The despite its size the USS Zumwalt has a radar signature of a fishing boat. Also it has reduced sound and infrared signature what makes this ship harder to detect. The ship is the First american surface warship to integrate electronic propulsion, it generates enough power to light up a small city. Sound levels of the Zumwalt are comparable with Los Angeles class submarines.Arleigh-Burke Destroyer- These guided missile destroyers entered service with the US Navy in 1991 were the first large US Navy vessel designed to incorporate stealth shaping techniques to reduce radar cross-section. Also these are one of the biggest destroyers in the world that incorporate highly advanced weaponry and systems. Hull profile of the Arleight Burke class signNowly improves seakeeping, permitting high speeds to be maintained in difficult sea states. The AN/SPY-1D phased array radar incorporates signNow advances in the detection capabilities of the AEGIS weapons system, particularly in its resistance to enemy electronic countermeasures. Missile are stored in vertical launch systems, that can also house smaller Evolved Sea Sparrow (ESSM) missiles, Tomahawk land attack cruise missiles, ASROC anti-submarine missiles. For point defense the ships are equipped with two Phalanx Close-In Weapon Systems (CIWS). Also there are 324 mm launchers for Mk.46 or Mk.50 torpedoes.Daily dose of freedom right here.Obviously, we can’t forget about the immaculate US submarine fleet. The US has some of the most advanced and quietest submarines. All of them use nuclear propulsion for extended range and stealth capabilities. The US has the…Ohio class (18 in commission) – 14 ballistic missile submarines (SSBNs), 4 guided missile submarines (SSGNs)- The U.S. Ohio-class submarines, of which 14 are Trident II SSBN, each capable of carrying 24 SLBMs. The first four which were all equipped with the older Trident I missiles have been converted to SSGN's each capable of carrying 154 Tomahawk guided missiles and have been further equipped to support Special OperationsSeawolf class (3 in commission) – attack submarines- The Seawolf class boats were intended to seek and destroy the latest Soviet ballistic missile submarines, such as the Typhoon class and attack submarines such as the Akula class. Seawolf class submarines are arguably the quietest submarines in the world ever constructed. It is exceptionally quiet even at high speeds. Most submarines need to keep their speed down to as little as 5 knots to avoid detection by passive sonar arrays, while the Seawolf class are credited with being able to cruise at 20 kots and still be impossible to locate. A Seawolf at 25 knots makes less noise than an older Los Angeles class submarine tied up alongside the pier. And these came out in 1989.Virginia class (11 in commission, 5 under construction, 2 on order) – fast attack submarines- The Virginia class submarines incorporate newly designed anechoic coating, isolated deck structures and new design of propulsor to achieve low acoustic signature. It is claimed that noise level of the Virginia is equal to that of the Seawolf class. The Virginia class submarines are fitted with 12 vertical launch system (VLS) tubes. These are used to launched Tomahawk land attack cruise missiles with a range of 1 700 km. Also there are four 533-mm torpedo tubes. These are used to fire a total of 26 Mk.48 heavyweight torpedoes and Sub-Harpoon anti-ship missiles. It is the first US submarine to employ a built-in Navy SEAL staging area allowing a team of 9 men to enter and leave the submarine.(Improved) Los Angeles class (34 in commission, 2 in reserve) – attack submarines- The Improved submarines are much quieter. It is described that improved Los Angeles class boats are 7 times quieter than the original Los Angeles class boats. The class features a very potent weapon array, including Mk.48 torpedoes, Sub-Harpoon anti-ship missiles and Tomahawk land attack cruise missiles. Tomahawk missiles can be launched from torpedo tubes of from dedicated vertical launching systems. These boats can operate under ice where the Russian ballistic missile submarines tend to hide.Surfacing of a US Submarine.Let’s move onto the air. While the USN has a quite capable Air Force. But that is dwarfed by the sheer magnitude and strength of the United States Air Force. The Air Force articulates its core missions as air and space superiority, global integrated ISR, rapid global mobility, global strike, and command and control. The USAF flys a multitude of different planes and helicopters. The USAF is the largest Air Force in the world, here is the list of what America flys. Most of these are at the cutting edge of innovation, with two of them being 5th generation stealth fighters. That’s really really good because no other country has an active 5th gen while the US has 2. The USAF also has the largest bomber, tanker, fighter, and transport fleets in the world. The USAF has so many staging areas around the world, that the US can have bombers or any other planes on station, anywhere around the world in a matter of hours.Attack: A-10, AC-130, MQ-1, MQ-9Bomber: B-1B, B-2, B-52HElectronic warfare: E-3, E-8, EC-130Fighter: F-15C, F-15E, F-16, F-22 (5th gen), F-35A (5th gen)Helicopter: HH-60, UH-1NReconnaissance: MC-12, RC-135, RQ-4, RQ-170, U-2, U-28Trainer: T-1, T-6, T-38, T-41, T-51, T-53, TG-16Transport: C-5, C-12, C-17, C-21, C-32, C-37, C-130, C-40, CV-22, VC-25Tanker: KC-10, KC-135Let’s look at the two of my favorite ones and the most technologically advanced planes in the world.F-22 RaptorThe F-22 Raptor air superiority fighter is almost invisible to radars. This aircraft carries a powerful array of weaponry. It is the most advanced and most expensive production fighter aircraft to date. Many of sensors and avionics of this plane remain classified. Engines of the raptor allow the aircraft to supercruise over long ranges, while thrust-vectoring nozzles, combined with a triplex fly-by-wire flight control system, make it exceptionally maneuverable. The highly integrated avionics systems also include a data-link, inertial navigation system with embedded GPS for high-accuracy navigation, and advanced electronic warfare, warning and countermeasures systems. Two central computers manage the automatic switching of the sensors between completely passive and wholly active operation, according to the tactical situation. Artificial intelligence algorithms fuse data from the sensors and present only relevant information to the pilot to reduce workload while at the same time improving tactical awareness. The datalink allows tactical information to be shared with other F-22s. The tech is so special that other countries, not even NATO allies are given the chance to procure the plane.B-2 SpiritThe B-2A Spirit is the silver bullet of US policy, reserved for use against targets of the highest priority. The B-2's stealth characteristics enable the undetected penetration of sophisticated anti-aircraft defenses and to attack even heavily defended targets. This stealth comes from a combination of reduced acoustic, infrared, visual and radar signatures (multi-spectral camouflage) to evade the various detection systems that could be used to detect and be used to direct attacks against an aircraft. Composites are extensively used to provide a radar-absorbent honeycomb structure; the bomber has a minimal IR signature, does not contrail and uses its shielded APQ-181 radar only momentarily to identify a target just before attacking. The onboard DMS is capable of automatically assessing the detection capabilities of identified threats and indicated targets. The DMS will be upgraded by 2021 to detect radar emissions from air defenses to allow changes to the auto-router's mission planning information while in-flight so it can receive new data quickly to plan a route that minimizes exposure to dangers. Also, most of the B-2s are stationed in Missouri, and they are capable of bombing any target in the world despite being in the heart of America.Now for the US ARMYThe US army it self is massive in numbers, coming in at 1.01 million personnel, it self is one of the biggest standing armies in the world, and that's just one branch of the US military. Also, in the US military, it is the largest branch out of them all surpassing any other branch by almost 600,000 personnel. They provide the bulk of security for the US's foreign interests. The mission of the U.S. Army is to fight and win our Nation's wars, by providing prompt, sustained, land dominance, across the full range of military operations and the spectrum of conflict, in support of combatant commanders. Which is mainly air domination and land domination. They mainly engage is conventional warfare, and asymmetrical warfare. The US Army's main responsibilities is preserving the peace and security and providing for the defense of the United States, the Commonwealths and possessions and any areas occupied by the United States, Supporting the national policies, Implementing the national objectives, Overcoming any nations responsible for aggressive acts that imperil the peace and security of the United States. The US Army is also home to some of the most dangerous, prestigious and hardest working special forces teams in the world such as the frontline special force, the Rangers, we also have the green berets and the iconic 1st Special Forces Operational Detachment-Delta (Airborne) also known as Delta Force. The US army is thought to be one of the most battle tested and battle proven militaries in the world. With the mobility of the USAF an army QRF can be anywhere on earth in less than 24 hours. The US ARMY uses the M1A2 Abrams tank. One of the most badass, heaviest, fastest, and battle hardened tanks in the world.This tank has incredible technology and armor. Also it has seen combat. It is one of the most feared MBTs. The M1A2 offers signNow protection against all well-known anti-tank weapons. This main battle tank uses advanced armor, reinforced with depleted uranium layers. The M1A2 has signNow level of protection against all known anti-tank weapons. It can also employ counter-IED equipment. The tank is armed with the same 120-mm M256 smoothbore gun as its predecessor. Range of effective fire is in excess of 4 km. This main battle tank is powered by a Honeywell AGT1500 gas turbine engine, developing 1 500 hp. The tank is one of the fastest in the world, clocking in (with no governor) at 60 mph while being THE heaviest tank in the world. As of April of 2018, the US has no combat losses with the Abrams, the Abrams has only been lost due to friendly fire, never to enemy fire.I don’t think I need to explain the marines. Just know that they use the same tech as the Army (with some exceptions) but they are also the main invasion force for the US. And they are badass.The US military signNow is massive with the Aircraft carriers and the 700+ military bases around the world. The US is truly the most powerful military in the world. The fact that they can have a men anywhere in the world in less than 24 hours and being able to bomb any place on earth, just proves how powerful the US military is.

TCS ( ILP ) joining process and document preparationThe most important part of joining TCS is its documentation! This is just a general guide to the new ILP candidates. You should always strictly follow your Annexure ! So let’s do this fast!The Joining Process is Divided into seven parts:1.Accept the joining letter2.Complete the TCS Survey Monkey3.Complete the BGC form filling4.Fill the NSR (NASSCOM) ITPIN5.Fill the ON BOARDING forms6.Prepare the Agreements (Service Agreement & Affidavit/signNowd Undertaking)7.Prepare the supporting documentsAccept the joining letter:a). First you have to accept your joining letter by using your DT reference idTCS Next Step>>ILP corner>>Joining letter>>Acceptb). Download the Joining letterTCS Next Step>>ILP corner>> Joining letter >>DownloadNote: Accepting the joining letter is necessary to complete the other formalitiesSo first accept your joining letter (if you are going to join TCS)Complete the TCS Survey MonkeyYou have to complete the TSC survey monkey. TCS recruitment team will send you the link by mailRequired details:1. TCSL Reference id (DT reference id)& passwordhttps://www.surveymonkey.com/r/T...Complete the BGC form filling:You have to complete the Background Check Verification Before Your Joining datea). Fill BGC Form:i). Fill the Basic Details (Passport, PAN, Address Details)ii). Academic Details (CGPA or overall percentage)iii). Reference: You have to fill any two person’s following detailsØ NameØ Company/Institute NameØ DesignationØ Contact NoØ Email idØ Relationship with the applicantØ Period for which reference knows the applicantiv). Fill Security Detailsb). Declaration:Ø In declaration part you have to agree and submitØ Download the BGC completed formc). Documents uploading:You have to scan and upload the following documents in PDF or JPEG format each file size should be less than 2MBØ NSR e-cardØ Birth certificate or Birth AffidavitØ Permanent, present address proof(aadhaar / passport / ration card / EB, GAS, mobile Bill / credit, debit card / Bank statement)Ø PAN cardØ Passport / passport application receiptØ ID proof (voter id, ration card, driving license, bank passbook, aadhaar)Ø X- grade mark sheetØ XII-grade mark sheetØ All semester mark sheetsØ Non-Criminal Affidavit (first page of the stamp paper)Fill the NSR (NASSCOM) ITPIN:You have to enter your NSR ITPIN atTCS Next Step>>ILP corner>>National skill registry>>ITPIN(you have to complete the registration and bio-metric process of NSR before joining ILP (please visit site www.nationalskillsregistry.com). And they will send you a NSR-e card by mail or you can generate by yourself by login to your NSR profile)Fill the ON BOARDING formsYou are mandatorily required to fill and submit the Onboarding Forms before your joining date to smoothen your Onboarding process, failing which your joining formalities will not be completed. These forms are required to be filled as per statutory compliance norms.Onboarding forms consists of five forms:Ø Provident Fund (PF)/ Pension Scheme Nomination form (Form 2 — Part A and Part B)Ø Gratuity Form (GF)Ø Superannuation Form (SF) -only to eligible employeesØ Declaration Form (Form 9)Ø Group Life Insurance (GLI)You would have to fill all the Onboarding forms online and declare nominee(s) for the above mentioned forms. Submit a Hard copy of the completed forms on the day of Joining ILPTCS Next Step>>Onboarding>>Fill all the formsAfter filling these form, you can download these 5 documents at “Dashboard tab”-in the same pageSuggestion: 1. nominee is father or mother 2. share of money -100%Required information: Name, DOB of the nominePrepare the Agreements (Service Agreement & Affidavit/signNowd Undertaking):a) Service Agreement:1.Buy a Rs.100 stamp paper on your name2.Print the service agreement page 1Download.pdf3.Buy 5 demi (court paper) / green paper (court paper) / Legal / A4 papers4.Print the service agreement page 2 – 6 Download.pdfNote: page 6 is also called as surety verification formNote: Blanks should be written using pen it should not print or typeIt doesn’t matter how many pages in your agreement but make sure that proper page number and proper contentOther instructions:If Rs.100 stamp paper is not available, you can also do this in two Rs.50 stamp papers Make sure the text starts in the stamp paper. You can print first 3 Lines on first Rs.50 stamp paper and next some paras on another Rs.50 stamp paper and the remaining pages on other demi paper.Read the service agreement guidelines carefully before filling up anything. Many might find this silly but I prefer filling up Xerox copies first. It can save you the money for printing again in case something goes wrong! So we are here going to use a Rs.100 stamp paper for the first few lines(THIS AGREEMENT made at Mumbai on this 1.______________________________________ day of 2._________________, Two thousand and 3._______________________ between TATA CONSULTANCY SERVICES LIMITED,)and print the rest on simple A4 papers or Legal or demi papers. Fill everything up in CAPS, using a pen. Do not remove any clause, not even the page numbers! Don’t forget your signature and surety’s signature on the bottom of each page!! Service Agreement needn’t be signNowd.Surety Verification:This is a part of the Service Agreement. Any person who is an Income Tax Payee or has Land property can be your surety! Example: your father! So just make sure you place the signatures in proper places and have your surety fill up the “Surety Verification Form”. This form has to be attested by a Gazetteer Officer or the manager of a nationalized bank where the surety holds an account or employer of the surety! or public notaryØ Attested photocopies of the surety’s pan card.Ø Attested photocopies of the surety’s Form 16 (or)  Attested photocopies of the surety’s latest income tax returnNOTE: Make sure your surety’s signature everywhere matches with that done in his/her Pan Card or you are in some serious troubleb) Non-Criminal Affidavit:1.Buy a Rs.100 stamp paper on your name2.Print the Non-criminal affidavit page 1 Download.pdf3.Buy 2 demi (court paper) / green paper (court paper) / Legal / A4 papers4.Print the Non-criminal affidavit page 2 – 3 Download.pdf5.Get this affidavit signNowd by a notary public in court (signature in all the pages)Note: Make sure you choose non-blood relation people as witnesses! Example: Neighbors.Other instructions:If Rs.100 stamp paper is not available, you can also do this in two Rs.50 stamp papers Make sure the text starts in the stamp paper. You can print first 2 paras on first Rs.50 stamp paper and next some paras on another Rs.50 stamp paper and the witness page on another demi paper. just fill in the blanks with a pen DO NOT remove any clause.Prepare the supporting documents:1. Medical Certificate:Download medical certificate format from TCS next step portal and print it (Black & white is enough) Make sure The doctor signs and places his seal on the second page. He should also sign and place a seal on your photo. format download.pdfYou’ll need two attested copies of everything but make sure you keep more copies with you (many times it will help you)Here’s a list of the supporting documents you’ll need to get attested by:Ø Gazetteer Officer orØ Government higher secondary school head master orØ Tehsildar of the village in which the Applicants resides. orØ District collector of the district in which the Applicants resides1. Birth Certificate:(If your birth certificate is not in English, or your name/place of birth/date of birth is missing/the details are mismatching, then it is recommended that you apply for a new one before it’s too late.Otherwise, you need a signNowd affidavit on Rs.100 stamp paper, which is only atemporary arrangement.)2. Class X - mark sheet.3. Class XII-mark sheet.4. Consolidated Mark sheet (from your institution)5. Degree Certificate(or Provisional Certificate / course complete Certificate if you. Don’t receives your Degree Certificate yet)6. All Semester Mark sheets7. Transfer certificate (if you have)8. Your Pan Card9. Your Passport10. surety’s information:a) If Income tax payee : photocopy attestedi). Surety’s Form 16 ( or )Surety’s Income Tax Return / saral / form 2d / form12Bii). Surety’s PAN cardb) If Surety have landi). Surety’s land documents photo copy – Registered in Englishii). Latest land valuation certificate from the respective authority-photo copy with attestedc) Else Fixed deposit of Rs. 50,000 at nationalized bank on TCS name for two years) photocopy attested by bank manager11. your aadhaar card (if you have)12. your voter card (if you have)13. Ration card (if you have)You’ll need two self-attested copies of Following documents but make sure you keep more copies with you (many times it will help you)1. Joining letter2. Offer letter3. ID proof (Passport, Voter ID)4. Address Proof (Passport, Voter ID)- give a separate copy for permanent & (if Present) address5. Highest degree mark sheets (for BGC)6. Degree Certificate / Provisional / Course complete (if only degree certificate not provided byyour institution)(for BGC)7. NSR e-card printout (after you’re done with Biometrics, you’ll get your ITPIN and e-card with your picture, in your e-mail).8. Documents for break in education (if any otherwise no need)(i) Medical records, if the break was due to medical reasons.(ii) Certificates / Examination results, if the break was due to additional course done.(iii) Affidavit on a Rs.100 stamp paper with notary authorization, if the study break was due to other personal reasons.9. CID Form (if you are from Mumbai/ Navi Mumbai/ Thane City/ Thane Rural / Pune otherwise no need) You need to submit Self-Attested Criminal Investigation Division (CID) forms forthe respective region. (details about forms will be mailed to you just before your joining)10. 12+ copies Recent passport size photos11. All the documents Original compulsory. Don’t forget to take the originals with you!Advise: keep more copies of your documents and attested copies it may help you if any problem

Hi,The MCA (Ministry of Corporate Affairs) has been working on various steps to identify businesses which are registered under the Companies Act but are not doing any business. Action taken by the authorities to delete the names of thousands of such Companies from the register records for not carrying out any business activities, which also resulted in their directors disqualification. The present move of Active Tagging Of Companies with Geo-tagging are all aimed at tracking the shell (fraud) companies and cracking them down thereby tightening the system.Virtual Office Spaces, Virtual Offic...

Seeing this message ? Don’t despair, you are among more than 200,000 computers in 150 countries which have been affected.(Know more at: WannaCry ransomware: Everything you need to know, Why the WannaCry cyber attack is so bad, and so avoidable - Video)Although, it was initially reported that the impact on India will be HUGE. It is now being reported that the impact will be MINIMAL/ Sporadic.(Ref: WannaCry ransomware cyberattack fails to paralyse India; some businesses hit - Times of India)But, the caveat is that the impact may go under reported. Experts say that the rampant use of pirated software in India may leave Indian companies unable to report if they have been affected by the Wanna Cry cyber attack.(Ref: WannaCry ransomwares impact in India may go under-reported due to rampant use of pirate software)So yes, It may do more good than harm. We do hope that this attack will instigate the people and the gov of India to take major steps against internet piracy and to implement advanced computer networks and security measures. But it is up to each and every user and network administrator, to secure their own systems.It is incorrect to say that India was most affected because it is least protected. In fact, the impact was much lesser than expected. The government too tried to dispel rumors about banking telecom or aviation being hit by the outbreak. "There is no major impact in India unlike other countries. We are keeping a close watch. There have been isolated incidents in Kerala and Andhra Pradesh," Union information and technology minister Ravi Shankar Prasad said.Prasad said a Cyber Coordination Centre will start operating from next month to take precautions against such attacks in future. Besides, the cyber security arm of the Centre has asked banks, stock exchanges, and other vital institutions to safeguard their systems against the malware.The IT ministry has also signNowed out to agencies such as the RBI, NPCI and UIDAI, to warn them about the risks associated with WannaCry, and help to secure their systems, in order to make sure that digital payments in India are not affected.The Reserve Bank of India has notified all banks to operate their ATMs only after updating software systems to avoid being infected by ransomware. Automated teller machines are vulnerable to such malware attacks as they currently run on an older version of Microsoft's Windows XP, making the update highly necessary.There are a total of 2.2 lakh ATMs in India, of which many old ones run on Windows XP, for which Microsoft has officially ended support in 2014.IMPORTANT: If your PC has been infected, the following information will be of help:- (Source: Cyber Swachhta Kendra: Wannacry/ WannaCrypt Ransomware)The WannaCry ransom ware is writing itself into a random character folder in the 'ProgramData' folder with the file name of "tasksche.exe" or in 'C:\Windows\' folder with the file-name "mssecsvc.exe" and "tasksche.exe".Ransomware is granting full access to all files by using the command:Icacls . /grant Everyone:F /T /C /QUsing a batch script for operations:176641494574290.bathashes for WANNACRY ransomware:5bef35496fcbdbe841c82f4d1ab8b7c2775a0631fb8229b2aa3d7621427085ad7bf2b57f2a205768755c07f238fb32cc7f7ccaa16fb15eb1c7399d422f8363e88495400f199ac77853c53b5a3f278f3e84c82835a5d21bbcf75a61706d8ab54986721e64ffbd69aa6944b9672bcabb6d8dd63adb68ef053e044a5a2f46e0d2cdb0ad5902366f860f85b892867e5b1e87d6114ba5f10ad67a4131ab72531f02dadb349b97c37d22f5ea1d1841e3c89eb4e372d07207b4da75b3434584cd9f3450f529f4556a5126bba499c26d67892240Use endpoint protection/antivirus solutions to detect these files and remove the sameUsers and administrators are advised to take the following preventive measures to protect their computer networks from ransomware infection/ attacks:In order to prevent infection users and organizations are advised to apply patches to Windows systems as mentioned in Microsoft Security Bulletin MS17-010Microsoft Patch for Unsupported Versions such as Windows XP,Vista,Server 2003, Server 2008 etc. http://www.catalog.update.micros...To prevent data loss Users & Organisations are advised to take backup of Critical DataBlock SMB ports on Enterprise Edge/perimeter network devices [UDP 137, 138 and TCP 139, 445] or Disable SMBv1. https://support.microsoft.com/en...Apply following signatures/rules at IDS/IPSalert tcp $HOME_NET 445 -> any any (msg:"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response"; flow:from_server,established; content:"|00 00 00 31 ff|SMB|2b 00 00 00 00 98 07 c0|"; depth:16; fast_pattern; content:"|4a 6c 4a 6d 49 68 43 6c 42 73 72 00|"; distance:0; flowbits:isset,ETPRO.ETERNALBLUE; classtype:trojan-activity; sid:2024218; rev:2;)(http://docs.emergingthreats.net/bin/view/Main/2024218)alert smb any any -> $HOME_NET any (msg:"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Request (set)"; flow:to_server,established; content:"|00 00 00 31 ff|SMB|2b 00 00 00 00 18 07 c0|"; depth:16; fast_pattern; content:"|4a 6c 4a 6d 49 68 43 6c 42 73 72 00|"; distance:0; flowbits:set,ETPRO.ETERNALBLUE; flowbits:noalert; classtype:trojan-activity; sid:2024220; rev:1;)alert smb $HOME_NET any -> any any (msg:"ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response"; flow:from_server,established; content:"|00 00 00 31 ff|SMB|2b 00 00 00 00 98 07 c0|"; depth:16; fast_pattern; content:"|4a 6c 4a 6d 49 68 43 6c 42 73 72 00|"; distance:0; flowbits:isset,ETPRO.ETERNALBLUE; classtype:trojan-activity; sid:2024218; rev:1;)Yara:rule wannacry_1 : ransom{meta:author = "Joshua Cannell"description = "WannaCry Ransomware strings"weight = 100date = "2017-05-12"Strings:$s1 = "Ooops, your files have been encrypted!" wide ascii nocase$s2 = "Wanna Decryptor" wide ascii nocase$s3 = ".wcry" wide ascii nocase$s4 = "WANNACRY" wide ascii nocase$s5 = "WANACRY!" wide ascii nocase$s7 = "icacls . /grant Everyone:F /T /C /Q" wide ascii nocaseCondition:any of them}rule wannacry_2{meta:author = "Harold Ogden"description = "WannaCry Ransomware Strings"date = "2017-05-12"weight = 100strings:$string1 = "msg/m_bulgarian.wnry"$string2 = "msg/m_chinese (simplified).wnry"$string3 = "msg/m_chinese (traditional).wnry"$string4 = "msg/m_croatian.wnry"$string5 = "msg/m_czech.wnry"$string6 = "msg/m_danish.wnry"$string7 = "msg/m_dutch.wnry"$string8 = "msg/m_english.wnry"$string9 = "msg/m_filipino.wnry"$string10 = "msg/m_finnish.wnry"$string11 = "msg/m_french.wnry"$string12 = "msg/m_german.wnry"$string13 = "msg/m_greek.wnry"$string14 = "msg/m_indonesian.wnry"$string15 = "msg/m_italian.wnry"$string16 = "msg/m_japanese.wnry"$string17 = "msg/m_korean.wnry"$string18 = "msg/m_latvian.wnry"$string19 = "msg/m_norwegian.wnry"$string20 = "msg/m_polish.wnry"$string21 = "msg/m_portuguese.wnry"$string22 = "msg/m_romanian.wnry"$string23 = "msg/m_russian.wnry"$string24 = "msg/m_slovak.wnry"$string25 = "msg/m_spanish.wnry"$string26 = "msg/m_swedish.wnry"$string27 = "msg/m_turkish.wnry"$string28 = "msg/m_vietnamese.wnry"condition:any of ($string*)}Best practices to prevent ransomware attacks:Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.Establish a Sender Policy Framework (SPF),Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) for your domain, which is an email validation system designed to prevent spam by detecting email spoofing by which most of the ransomware samples successfully signNowes the corporate email boxes.Don't open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization's website directly through browserRestrict execution of powershell /WSCRIPT in enterprise environment Ensure installation and use of the latest version (currently v5.0) of PowerShell, with enhanced logging enabled. script block logging, and transcription enabled. Send the associated logs to a centralized log repository for monitoring and analysis.Application whitelisting/Strict implementation of Software Restriction Policies (SRP) to block binaries running from %APPDATA%, %PROGRAMDATA% and %TEMP% paths. Ransomware sample drops and executes generally from these locations. Enforce application whitelisting on all endpoint workstations.Deploy web and email filters on the network. Configure these devices to scan for known bad domains, sources, and addresses; block these before receiving and downloading messages. Scan all emails, attachments, and downloads both on the host and at the mail gateway with a reputable antivirus solution.Disable macros in Microsoft Office products. Some Office products allow for the disabling of macros that originate from outside of an organization and can provide a hybrid approach when the organization depends on the legitimate use of macros. For Windows, specific settings can block macros originating from the Internet from running.Configure access controls including file, directory, and network share permissions with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.Maintain updated Antivirus software on all systemsConsider installing Enhanced Mitigation Experience Toolkit, or similar host-level anti-exploitation tools.Block the attachments of file types, exe|pif|tmp|url|vb|vbe|scr|reg|cer|pst|cmd|com|bat|dll|dat|hlp|hta|js|wsfRegularly check the contents of backup files of databases for any unauthorized encrypted contents of data records or external elements, (backdoors /malicious scripts.)Keep the operating system third party applications (MS office, browsers, browser Plugins) up-to-date with the latest patches.Follow safe practices when browsing the web. Ensure the web browsers are secured enough with appropriate content controls.Network segmentation and segregation into security zones - help protect sensitive information and critical services. Separate administrative network from business processes with physical controls and Virtual Local Area Networks.Disable remote Desktop Connections, employ least-privileged accounts.Ensure integrity of the codes /scripts being used in database, authentication and sensitive systems, Check regularly for the integrity of the information stored in the databases.Restrict users' abilities (permissions) to install and run unwanted software applications.Enable personal firewalls on workstations.Implement strict External Device (USB drive) usage policy.Employ data-at-rest and data-in-transit encryption.Carry out vulnerability Assessment and Penetration Testing (VAPT) and information security audit of critical networks/systems, especially database servers from CERT-IN empaneled auditors. Repeat audits at regular intervals.Individuals or organizations are not encouraged to pay the ransom, as this does not guarantee files will be released. Report such instances of fraud to CERT-In and Law Enforcement agenciesGeneric Prevention Tools:Tool (NoMoreCry) to prevent Wannacry Ransomware by CCN-CERT:https://loreto.ccn-cert.cni.es/i...Sophos: http://Hitman.Prohttps://www.hitmanpro.com/en-us/...Bitdefender Anti-Crypto Vaccine and Anti-Ransomware (discontinued) https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-released/Malwarebytes Anti-Ransomware(formally Crypto Monitor)https://blog.malwarebytes.com/malwarebytes-news/2016/01/introducing-the-malwarebytes-anti-ransomware-beta/Trendmicro Ransomware Screen Unlocker tool:https://esupport.trendmicro.com/...Microsoft Enhanced mitigation and experience toolkit(EMET)https://www.microsoft.com/en-us/...Referenceshttps://technet.microsoft.com/li...http://www.catalog.update.micros...https://blogs.technet.microsoft....https://www.symantec.com/connect...https://securelist.com/blog/inci...https://securingtomorrow.mcafee....https://www.us-cert.gov/ncas/cur...http://blog.talosintelligence.co...https://www.trendmicro.com/vinfo...https://www.us-cert.gov/ncas/ale...http://blogs.quickheal.com/ms17-...http://blogs.quickheal.com/wanna...Wannacry/WannaCrypt Ransomware Presentation of CERT-In(PS: Thanks for reading/ upvotes. I write more here:- Jay Maan)

Have you ever felt that something(like taking backup of files, deleting old files etc.) should automatically happen when you connect your pen-drive to your system?Let us take an example, Suppose your teacher wants you to copy your assignments into his pendrive in front of him. The pen drive contains your final examination paper. You want your ubuntu system to automatically copy all the data from that pen drive to your hard disk automatically in the background (without even opening a copy dialogue). Here is how to do it on ubuntu:1] First let us write a simple shell script which we want to execute whenever a pen drive is connected to our system. Let us write a simple script which copies all data from the connected device to your home directory.First open a new fileemacs $HOME/script.shand add following lines to that file.#!/bin/bash sudo mkdir -p /tmp/test sudo mkdir -p $HOME/device_data sudo mount /dev/sdb1 /tmp/test sudo cp -r /tmp/test/* $HOME/device_data/ sudo umount /tmp/test Save and close the file.This script essentially creates a new directory named "device_data" inside your home folder and copies all the data from the pen drive into device_data directory.(Note: You can write ANYHTING into this script, so use it wisely :P)Now let us make this script executable.sudo chmod +x $HOME/script.sh As this script needs sudo permissions, we need to make it sudo runnable. To do this add the name of the script into sudoers file.Open sudoers file.sudo visudo -f /etc/sudoers Now after the 25th line (%sudo…) add this line ALL=(ALL) NOPASSWD: /home//script.sh So now this script will run with sudo rights but will not ask for password! :)2]Now we need to tell our system to follow OUR rules (i.e execute our script) whenever a pendrive is connected. For this we need to create our own "udev rules" file. This file should be created in '/etc/udev/rules.d' directory.cd /etc/udev/rules.d Open a new file (with sudo rights):sudo emacs 91-myrules.rules Make sure the file name starts with "91". This gives your rules priority over other rules.Now add these lines into that fileACTION=="add", ATTRS{idVendor}=="****", ATTRS{idProduct}=="****", RUN+="/paht/to/your/script.sh" Make sure you enter proper path into RUN variable.Done!!Now plug any pendrive into your system and test this!Note: 1] When you connect your external drive this script will be run and your system won’t be able to use it unless this script execution is complete! So have some patience! :p 2] This answer is written for educational purposes only! Do not misuse it.Thanks Mehak Sharma for promoting the answer!