Sunday, February 1, 2009

Happy Life

First thing in the morning,imagine yourself tremendously happy.Get out of bed in a very happy mood - radiant,bubbling,expectant - feeling that this day is not going to be an ordinary day - that something exceptional, extradionary is waiting for you; something is very close by. Try and remember it again and again for the whole day.Within seven days you will see that your whole pattern,your whole style , your whole vibration has changed.

When you go to sleep in night,just imagine that you are falling into divine hands...as if god is supporting you,that you are in his lap,falling asleep. Just visualize it and fall asleep. The one thing is to carry is that you should go on imagining and let sleep come so that the imagination enters into sleep; they are overlapping.

Don't imagine any negative thing , because if people who have an imaginative capacity imagine negative things,they start happening. If you think you are going to get ill, you get ill. If you think that somebody is going to rude to you, he will be. Your every imagination will create a situation.

So if a negative idea comes, immediately change it to a positive thought. Say no to it.Drop it down.Throw it away. Within a week you will start feeling that you are becoming very happy for no reason at all.

Always look at the brighter side of things .....

Thursday, April 3, 2008

My Simple Life at 2015

My Simple Life at 2015 (7 years later from now)

 Quiet mornings.
 Sing-a-long songs with my wife in the car.
 Playing in the sunset with my kids
 Runner’s high on a long run.
 Watching a good Tamil movie in the DVD with the family
 Walking outside with my son after it rains.
 My “life” talks with my eldest daughter in the car.
 Writing another story for my true fans
 Feeling sick and lying in bed all day without calling my own company members
 Showing my small kid the clear starry sky and sing “Twinkle Twinkle little star”.
 Cheering my kids on in their cricket games.
 Time alone with a good book.
 Freshly brewed mothers coffee.
 My hot veggie soup with my elder brother on a cold day.
 Writing before the sun rises.
 Fresh, cold berries with my grand parents.
 A long conversation with my friend on mobile.
 Playing football in the yard with my kids.
 The feeling of satisfaction after completing one more certification.
 Waking up to a clean, uncluttered living room.
 Laughing at my elder son’s sense of humor.
 Spending time with my mom and sisters on a Saturday afternoon, baking sweets.
 Letting a warm chocolate chip cookie melt in my mouth with my eyes closed.
 A long hot shower on a Sunday evening.
 Walking with the sand between my toes as the sun goes down.
 Listening to Illayaraja music.
 A hug and kiss from my sweet wife whenever I need it.

Saturday, March 1, 2008

Social Engineering

Social Engineering

Good Morning Sir. This is Peter from ABC Bank. Due to server issues, I need to reset your internet banking password… can you tell me your old one?

Help Desk or Social Engineering?

Social Engineering is the unauthorized acquisition of sensitive information or inappropriate access privileges by a potential threat source, based upon the building of an inappropriate trust relationship with a legitimate user of an information technology system.

The goal of social engineering is to trick someone into providing valuable information or access to that information.

Few other definitions of Social Engineering

Bernz 2: Social engineering is the art and science of getting people to comply to your wishes. It is not a way of mind control, it will not allow you to get people to perform tasks wildly outside of their normal behavior and it is far from foolproof.

Palumbo: An outside hacker’s use of psychological tricks on legitimate users of a computer system, in order to obtain information he needs to gain access to the system. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most cases the attacker never comes face-to-face with the victim.

Berg: Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures. Getting needed information (for example, a password) from a person rather than breaking into a system.

In an IT security survey, 90% of office workers gave away their password in exchange for a cheap pen. Can you believe this?

Users must be warned early and frequently not to divulge passwords or any other sensitive information to anyone for any purpose, even to legitimate system administrators. Do you know, in reality administrators of computer systems don’t need to know the user's password to perform administrative tasks.

Not all computer security problems are technological problems. Some are people problems. Just as talented hackers can use their programming skills to exploit applications, operating systems, and protocols to get inside your company’s network, talented social engineers can breach your network by using their “people skills” and powers of observation to exploit your company’s employees, partners, and others who have legitimate network access. They are adept at psychologically manipulating people into giving them access or the information necessary to get access using a variety of schemes.

Here's a look at some of the tactics and techniques commonly used by these intruders and what you can do to thwart them.

The one thing that everyone seems to agree upon is that social engineering is generally a hacker’s clever manipulation of the natural human tendency to trust. The hacker’s goal is to obtain information that will allow him/her to gain unauthorized access to a valued system and the information that resides on that system.

Another aspect of social engineering relies on people's inability to keep up with a culture that relies heavily on information technology. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. Frequently, social engineers will search dumpsters for valuable information, memorize access codes by looking over someone's shoulder (shoulder surfing), or take advantage of people's natural inclination to choose passwords that are meaningful to them but can be easily guessed. Security experts propose that as our culture becomes more dependent on information, social engineering will remain the greatest threat to any security system. Prevention includes learning the value of information; understand the need and protecting them, and increasing people's awareness of how social engineers operate.

Another example: The housekeeping staffs have access to our entire organization overnight while they're cleaning and maintaining. How do you know that they don't have a Ph.D. in computer science and malicious intent? You don't.

Here's a great story, and it's true: A CEO of a company goes on vacation. The day after he leaves, a consultant, wearing a suit, carrying all the right references, walks in the door of the office and says, Mr. Johnson hired me and asked me to take a look at your engineering plans. Apparently, there was a technical problem. Someone says, Oh, he just went on vacation, he's not here. The consultant responds: Well, you know, I came from United States; I'm only here for basically the one day. This is pretty important, and, frankly, you guys already paid me a lot of money. Is there anyone I could talk to about this? So this person sits down, spends an entire day going over the engineering plan, and walks out with copies because there are some issues that he needs to work on later. Meanwhile, the CEO gets back from vacation and says: What consultant?

How much more of an issue are these kinds of attacks today than they were five or 10 years ago?

If there's a worse anything, it's just that organizations have a higher reliability on their electronic systems, and oftentimes, if you think about 20 years ago, more people have access to those systems than ever had access to them before. But social engineering is a very well-known issue in the security community. It's also one that's a bit more difficult to address than a lot of the traditional security issues because, you know, you can't stop people being from being people, and as much as you'd like, your users are going to make mistakes and they'll be manipulated and everything else. I think it's been a consistent problem.

Pretexting is the act of creating and using an invented scenario (the pretext) to persuade a target to release information or perform an action and is typically done over the telephone. It's more than a simple lie as it most often involves some prior research or set up and the use of pieces of known information (e.g. for impersonation: date of birth, Social Security Number, last bill amount) to establish legitimacy in the mind of the target.
This technique is often used to trick a business into disclosing customer information, and is used by private investigators to obtain telephone records, utility records, banking records and other information directly from junior company service representatives. The information can then be used to establish even greater legitimacy under tougher questioning with a manager (e.g., to make account changes, get specific balances, etc).

Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well known and trustworthy Web sites. Web sites that are frequently spoofed by phishers include PayPal, eBay, MSN, Yahoo, BestBuy, and America Online.

Phishing is a technique of fraudulently obtaining private information. Typically, the phisher sends an email that appears to come from a legitimate business — a bank, or credit card company — requesting "verification" of information and warning of some dire consequence if it is not done. The letter usually contains a link to a fraudulent web page that looks legitimate — with company logos and content — and has a form requesting everything from a home address to an ATM card's PIN.

The prey is not just you but your children and elders as well

Monday, February 25, 2008

You Cannot Fail in ISO Certification Audits

You Cannot Fail in ISO Certification Audits

It is impossible to fail certification (unless you quit). The worst thing that can happen is that it might take a little longer and cost a little more. The final point that we wish to make in our discussion of the direct sequence manual is that you cannot fail an initial assessment, unless you simply quit. The worst thing that can happen is that is might take longer and cost more. This is an established fact for the initial systems assessment (certification assessment). One does not fail a third-party assessment; it is a part of the ISO mythology. One does get non-conformances that need to be corrected. The worst case is a major finding that could delay the certification process by up to three months and cost some more to pay the registrar’s lead assessor to come back and clear the nonconformance. But that is it. This is the primary reason that so many consulting groups will agree to guarantee certification/ registration

The steward’s task is to make sure that there are no major findings possible. This is accomplished via in-depth internal audits by well-trained auditors. The audits should be evenly distributed throughout the creation process and not left to the last moment prior to the document review. The audits not only increase the probability of a major nonconformance-free certification assessment, but they form the base of a dynamic corrective and preventive action program.

Inevitably there will be minor findings at the initial systems assessment, the first surveillance, the second surveillance, the recertification assessment, and the re-recertification assessment. That is what continuous improvement is all about. I still come up with nonconformances with clients that I have audited for over 8 years. Organizations undergo all manner of change over 3 years (e.g., top management changes; mergers; acquisitions; moves to new facilities; market ups and downs; national and international tragedies, including war, floods, and fires). Without sufficient audits, the documentation falls behind reality and even the act of auditing begins to evaporate. It is equivalent to firing the sales staff because sales are down. Find the root causes, make the necessary changes to match the changed scenario, and move forward. There, of course, can be major findings. By major findings we mean, for example, an ineffectual management review, a poorly managed training program, a lack of internal quality audits, a corrective and preventive action program that is uncertain and loosely managed. The stewards must pay close attention to these areas. One of the traps in the management review process is for the top manager to use the management review as a “rah rah” session instead of focusing on the enterprise’s deviations from its planned goals based on firm and quantitative metrics. You say, “Never happens”? It does. Another danger area is the loss of internal auditors due to downsizing, burnout, disinterest, and promotion. It is important to maintain a constantly trained group of auditors to cover such contingencies. A safe level of auditors depends on the organization’s size in both people and square footage and the degree of outsourcing. Today, we have situations where the organization consists
of one person in the site and everything else is outsourced. Your registrar will work with you to cover this event. It does happen and people get certified.

Wish you all the best to get certified for ISO.

Friday, February 15, 2008

10 things I love about IT

#1: The people
The people in IT are an amazing group. IT is a diverse industry, and the people who work in it tend to have a high level of passion for the job. Sure, there are a few mercenaries who are in it just for the money, but they are thankfully relatively rare. Overall, I cannot say enough good things about the people in this industry, and I love working with, around, and for them.
#2: The energy
The only industry with nearly as much raw energy as IT is marketing, and I don’t find branded pens terribly interesting. IT people are excited about their jobs and excited about the work they are doing. IT as an industry offers enough variety and choices of employers and projects so that there’s no reason for those who love IT to be doing work they hate, once they get past entry level in their career. And it shows in the passion that IT workers bring to the office. Accountants don’t argue about “EBIDTA vs. pro forma” in quite the same way that programmers get worked up over “Java vs. VB.NET.”
#3: The education requirement
A minority of people in IT have degrees in an IT-related major (computer science, computer engineering, etc.). In fact, a significant portion of people in IT do not have degrees at all. Like the dress code, there is an unwritten assumption throughout much of IT: Experience counts for an awful lot. Sure, there are a few niches in IT where that science and math background is needed. But for average business-level usage, it is not necessary. Add in the fact that the technology becomes obsolete so quickly and the fact that the industry is obviously working just fine without the requirement of a degree, and you have a field that is very welcoming. I challenge you to find another job where people with a high school diploma, some self-taught knowledge, and a good attitude have such a good chance to do well for themselves.
#4: The dress code
One of the great things about IT is that it grew up in the corporate basement. Way back when, the business folks liked to lock us up in the dungeon and occasionally throw down a bowl of gruel for the nerds. As a result, they didn’t care if we had long hair or beards or pizza stains on our ratty, hardware-vendor T-shirts. Granted, this has changed significantly at most shops. There are now some dress code standards for IT workers. But they don’t seem to be as strictly enforced as they are for the rest of the company. There is an underground, unspoken conspiracy among IT managers that a loosened dress code is practically part of the standard compensation. Sure, if programmers or system administrators really want to come in dressed to the nines, they are welcome to, and no one will knock them for being too GQ. But if your idea of style is less refined, IT as an industry doesn’t mind.
#5: The environment
Much like the dress code, the environment in most IT shops is fairly informal compared to the typical office. Posters for anime films, books all over the place, whiteboards with goofy cartoon drawings, Nerf ball fights… only when you put a dozen nerds together in the same room with a geek boss (or a boss who “gets” geeks) could this be called a work environment. Yet despite all of that, IT workers tend to put in just as many hours, if not more, than most office employees. We just have a lot more fun with it.
#6: The adaptable learning curve
In the IT industry, you can do the same tasks day after day if you want to, or you can take a job that is constantly evolving. It is really up to you! Some programmers are still using COBOL after 10 years, and others have used 10 languages in 10 years. Unlike most industries, some areas of IT move slowly enough for those who are not comfortable with regular upheavals, while much of the industry moves quickly enough for those who like a more rapid pace. When you are in IT, you can find a job that fits your style.
#7: Flexible work conditions
IT is amenable to “flextime” workers and telecommuting. It’s also relaxed about the working hours. IT pros may work a few more hours than the average worker, but that extra time is traded off with some flexibility in when they put in those hours. Indeed, much of IT work occurs after business hours, and there is an unwritten rule in most shops that the workers who do a lot of nighttime/weekend work get some slack on clock-in, clock-out, and lunch times. Most other professions seem to be stuck on 8:00 to 5:00, with a one-hour lunch. If you like a flexible schedule, or prefer to not be in the office on a periodic (or even ad hoc) basis, IT is a great industry to be in. In fact, IT is so flexible, it’s quite possible to run a business you’re your home, dorm room, or garage. Just look at Apple and Dell!
#8: Variety in pacing
Most IT work jobs are cyclical. They all have a different rhythm, but it is there. They go from being insane, 60-hour-a-week jobs for two months at the end of the project to “in-the-office vacations” at other times in the project cycle. Some IT pros get the constant rush like in any other profession, but most of us get a pace that swings between insanely busy and snoozefest. This keeps the job from getting boring. The caveat here is that some employees are stuck in high gear with few pauses, which leads to burnout. But I would rather fight being overworked than struggle with having nothing to do.
#9: Geography
IT is not an industry dominated by a particular city, region, or country. The U.S. IT market has a lot of workers from other countries. On the flip side, if you want to see the world, IT can be your ticket. Even if you are domestically minded, IT has a strong presence in many hip, cool towns like New York City, San Francisco, Seattle, Dallas, Austin, and Atlanta. If you’re looking to move off the farm and into the Big City, IT can do that for you. But the demand is widespread enough so that if you want to work in a less urban area, there is plenty of opportunity to do so as well.
#10: Pay day
Hey, let’s be real. Despite the grumbling, IT pros are well compensated, especially after taking into account the high percentage of them without college degrees or even certifications. Would I work in IT if it paid like other professions? I sure would. Nevertheless, it is awesome to be paid pretty well to do work you love surrounded by great people.

Wednesday, February 28, 2007

Dwell on the past

Dwell on the past -- but not the negative past, not the pain of the
past nor the sadness. Dwell on the good. Be consumed by past joys
and obsessed with gratitude...

Dwell upon the moments that uplifted you, the times you laughed and the memories of love
shown to you by friends and family...

Not everything should be remembered, and those who live well know
what to forget and what to cherish...

"There is no future in the past." But there is joy, love and kindness...

Choose things to remember...

Monday, January 8, 2007

Excellent Painfull Story....

I was walking around in a store. I saw a
cashier hand this little boy his money back saying
"I'm sorry, but you don't have enough
money to buy this doll."

Then the little boy turned to the old woman
next to him: ''Granny, are you sure I don't have
enough money?''

The old lady replied: ''You know that you
don't have enough money to buy this doll, my dear.''

Then she asked him to stay there for 5
minutes while she went to look around. She left
quickly.

The little boy was still holding the doll in
his hand.

Finally, I walked toward him and I asked him
who he wished to give this doll to.
"It's the doll that my sister loved most and
wanted so much " I have to Give the doll to my mommy so that
she can give it to My sister when she goes there."

His eyes were so sad while saying this. "My
sister has gone to be with God.

Daddy says that Mommy is going to see God very soon too, so I
thought that she could take the doll with her to
hive it to my sister.''

My heart nearly stopped.

The little boy looked up at me and said:
"I Told daddy to tell mommy not to go yet. I need her
to wait until I come back from the mall."

Then he showed me a very nice photo of him
where he was laughing. He then told me "I want mommy
to take my picture with her so she won't forget me."

"I love my mommy and I wish she doesn't have
to leave me, but daddy says that she has to go to be
with my little sister."

Then he looked again at the doll with sad
eyes, very quietly.

I quickly reached for my wallet and said to
the boy. "What if we checked again, just in case you
do have enough money?''

"Ok" he said "I hope that I have enough."I
added some of my money to his without him seeing and
we started to count it. There was enough for the
doll and even some spare money.

The little boy said: "Thank you God for
giving me enough money!"

Then he looked at me and added "I asked
yesterday before I slept for God to make sure I have
enough money to buy this doll so that mommy can give
it to my sister. He heard me!''

"I also wanted to have enough money to buy a
white rose for my mommy, but I didn't dare to ask
God for too much. But He gave me enough to buy the
doll and a white rose.''

"My mommy loves white roses."

A few minutes later, the old lady came again
and I left with my basket.

I finished my shopping in a totally
different state from when I started. I couldn't get the little boy
out of my mind.

Then I remembered a local newspaper article
2 days ago, which mentioned of a drunk man in a truck, who hit
a car, where there was one young lady and a little girl.

The little girl died right away, and the
mother was left in a critical state. The family had
to decide whether to pull the plug on the
life-assisting machine, because the young lady would
not be able to recover from the coma.

Was this the family of the little boy?

Two days after this encounter with the
little boy, I read in the newspaper that the young
lady had passed away.

I couldn't stop myself as I bought a bunch
of white roses and I went to the funeral home where

The body of the young woman was exposed for people
to see and make last wishes before burial.

She was there, in her coffin, holding a
beautiful white rose in her hand with the photo of
the little boy and the doll placed over her chest.

I left the place, teary-eyed, feeling that
my life had been changed forever. The love that this
little boy had for his mother and his sister is
still, to this day, hard to imagine.

And in a Fraction of a second, a drunk
driver had taken all This away from him.