The Pigeon Family

The Pigeon Family, a photo by Mehool Intwala on Flickr.

A few days back I had mentioned that the pigeons in my balcony were busy building their nest. Well it was for a very good reason and I was absolutely spot on about the mating dance. Earlier in the day today, the female laid 2 eggs. I wasn't sure why they were making all the different noises but I am sure it must be their happy song. I am beginning to understand their noises. I can tell if they are calling their respective mate versus if a new pigeon was in my balcony. The female is still very cautious to feed from my hand but the male is pretty comfortable with me. He even let me take his picture today..

Feeding Pigeon, a photo by Mehool Intwala on Flickr.

The male is very responsible flying off religiously and untiringly to fetch twigs and straws to expand their nest so that the eggs remain warm. The male and the female both take turns keeping the eggs warm while the other flies off in search of food. The understanding and co-ordination between them is worth noting and something that we all can learn from.

Pigeon, a photo by Mehool Intwala on Flickr.

The Pigeons

Pigeon, a photo by Mehool Intwala on Flickr.

I remember when I was a kid, we used to go to the temple every Friday. The temple had a big open space where lots of Pigeons used to come. There used to be close to 100+ pigeons. People would bring seeds along with them to feed the birds. Need-less to say as a kid I used to be all excited.

The really cool thing was that they would feed straight from your hand. I used to take a handful of seeds on my hand and try to stand still. Soon one of the pigeon would fly to my hand and start picking at the seeds one at a time. Occasionally there would be more than 1 pigeon feeding from your hand and at times the odd battle between them. I always loved pigeons and more so feeding them from the hand.

Flash forward 15+ years, and I still enjoy feeding pigeons as I recently realized. I moved to a new apartment a few months back and there are a few pigeons around. I started leaving seeds on the balcony for them and then they would come. I realized that there were 2 in particular that always used to come whenever I was in the balcony. I wanted to them to eat from my hand and so I started training them.

I used to sit with my hand touching the ground and few seeds nearby. Slowly they started to feed from my hand. A little cautious in the beginning with the slightest of movement but I think they got used my unsteadiness :). A few weeks later I had trained them feeding from my hand. I am so excited and makes me feel like a kid again.

So they are a pair (a couple), and it so happens that they like my balcony so much that they made there own cozy little nest at one end. It took them 2 days to make their nest. The male (I am assuming) used to get the twigs and the female used to arrange it and keep the nest warm. Interesting how well they co-ordinate. I also started observing the growling sound they make and soon realized it was there way of calling their mate. The female making the nest would start growling and in a few minutes the male would fly in. I also observed that they walk in a funny manner. The male would follow the female and walk with its neck stretched out. Funny if you ask me but wonder if it is some kind of mating dance. I wonder if they will start a family soon...

I was talking to a friend of mine a few weeks back and he was telling me about a recent decision he made which didn't go in his favor. Apparently he had taken advice from someone and how he wished he hadn't. Now, apparently this is not the first time this has happened. A few months back he was faced with the same situation and he took others advise and fell flat on his face - only to put the blame on the person giving the advise. Rather than trying to learn from his mistakes, he was busy blaming the people who had advised him.

Living alone for such a long time has taught me one important thing  - If you are in the drivers seat, then you are in control. You simply cannot give the steering wheel to someone on the passenger seat.

The biggest advantage of making a mistake is that you get to learn from it. No matter how many mistakes you make, you tend to end up being wiser after making one. You at least are conscious of what went wrong and would not try to get into a similar situation again. However when you let others make the decision for you, you end up blaming yourself for taking the advise rather than trying to understand what went wrong and learning from the mistake. 

Few people have told me that I am very stubborn and how I always have my own way. The only point which I would like to get across is that I like to learn from my mistakes. I am very open to suggestions, advise but when it comes to taking the decision, I take my own decision. This is my life and I am in control of it!

Always remember - You are the Only person to know the situation you are in and You are the Best person to take the Decision . You simply cannot let others make decisions for you.

Bay Bridge

Being in and around San Francisco presents an amazing opportunity for a photographer. On a clear night sky, the San Francisco skyline offers a breath taking view with the bay bridge as seen from Treasure Island.

What made this shot a challenge was that I did not have a tripod with me. I went along the narrow stretch looking for that smooth surface which would give me the angle I was looking for. Not having a steady tripod, I also struggled with keeping my shot steady but I had a few tricks up my sleeves and was intent was getting my shot. I must admit, looking at this shot makes me very happy and that this journey of photographic adventures is only going to get more exciting...

Golden Gate Bridge

This will always be a special photograph for me. I recently bought a Nikon D5100 and being in California, the Golden Gate Bridge was the obvious 'subject'. I was accompanied by my roommate and we made our way towards San Francisco. It was freezing but luckily it wasn't foggy (or raining). It was almost close to midnight and after a short trek from where we parked, we reached this amazing spot which gave this breathtaking view of the Golden Gate bridge.

Having your machine infected with a virus is relatively simple these days. You really don't have to do much apart from visiting some weird sites and Bang! you are infected.

Tell you what, I was infected (not with a virus) recently from the internet (and I promise I was visiting all "legitimate" sites). Suddenly things start popping up on the screen for me. It was a spyware/adware program asking me to download it from the internet. It was suspicious so i quickly closed my browser (I was using IE 8 by the way) and then started the browser again. This time i was not able to connect to the internet yet i could however see the globe in the bottom right of the screen.. so i knew i was connected...

I tried opening couple of word documents but it wouldnt and poped an error saying "dll is corrupted". This basically happened for all the programs that i had installed on my machine (running windows vista 32 bit). So i started the machine in safe mode...

Luckily I had firefox on my machine.. so once in safe mode i installed firefox and viola, I was able to connect to the internet through firefox but IE8 still wasnt connecting to the internet. I was able to open all files in safe mode which i was not able to do so earlier....

Being from information security background, i got curious.. i knew my machine was compromised but wanted to know what was happening...

So i started the machine in normal mode and again the dll corruption error popped up... I started my machine couple of times to observer what the symtoms were. What i found was quiet astonishing - there was something happening when the machine booted and that started to show me the dll corrupted error without doing ablsoutely anything....

For one thing, i knew that the programs were all working correctly in safe mode so the dll was not corrupted.... I reckoned something was happening at start-up causing the dll to get corrupted or writing a part the memory which would get invoked everytime you tried opening a program giving a "fake" dll corrupted error...

Since I was not able to open control panel or anything, I went back ot safe mode. Since I assumed something was happening at boot-time, i decided to check msconfig file.... And yes, I was correct! There were some programs registered there to start at boot-time which was responsible for the "fake" corruption error. I unchecked those 2 programs and started in normal mode and Viola! everything worked fine - I was able to open all programs..

IE8 still gave me a prob though... When i started IE8, it said diagnose connection while on the firefox, i was able to connect ot the internet. In IE8, i went into Internet options > Advanced tab and resetted and restored the settings... and (again) Viola! it worked! It was a real "aha" moment....

SO this is what i thing happened: There seems to be a vulnerability which was exploited in IE8 resetting the security settings.. It provided an easy entry into the machine. Once in, it tampered registry settings for some of the files and wrote memory locations which caused the fake "corrupted dll" error message to pop up when ever I tried opening any program... It also registered itself in the msconfig thus when ever u restart, u face the same problem (my guess is that the memory location changed every time which is why the program had to find and rewrite the memory location every time but this is just a hypothesis)...

It is NEVER a good idea to have an infected machine.. I wrote this as
1) I was not able to find anything on the net about it
2) In case of an emergency eg: an exam the next day.. This would more of a quick fix but again AVOID it if u can...

:)

Economics of Security

There have been talks about how the products in the market are not “secured” and much of this talk has been centered from a technical perspective. Though many of the problems can be explained technically, much of the problem can be answered more clearly from an economist’s perspective, using simple economic evaluations, to help us get to the root cause of the problem.

Security has always been viewed as an externality. In the competitive market, where there are lots many choices and many similar products are available, consumers will be drawn towards the most popular and the one offering the best price. One of the major contributors to a product’s popularity is the early entry of the product in the market. As there is no competition for the product, consumers will buy it and this will lead to an increase in the popularity of the product. The rest of the consumers will soon buy the product merely because of its popularity as majority of people use it. All companies would like to build their products fast and enter the market before everyone else. Unfortunately for security, it has always been seen as an overhead or a burden leading to wastage of time, and is always compromised. Vendors would ignore security in the beginning to enter the market first. Once the product’s popularity has been established, they would come out with security patches to address the deficiencies of the initial release.

Consider two companies A and B selling similar products and assuming they hit the market at the same time. Product A provides a better security, maintaining privacy of its users, etc. Product B on the other hand only claims of providing security, but doesn’t provide one. Product A is priced high at $100 compared to product B which is priced at $50. Since the consumers have no means to measure the security, they will go by the claim and go for the cheapest product, which in this case is product B. Though product A provides all the necessary security, it will loose out in the market and will be forced to withdraw. The next strategy for company A might be to reduce the cost of product A to re-enter the market. Usually the hardware costs are inevitable. Security being viewed as a burden and also time consuming (not to mention effects on performance in the case of HTTPS websites) is often compromised to get the price statistics correct. This would probably explain why there are lots many good / popular products in the market with security vulnerabilities.

One way to tackle this issue and making vendors more responsible of their products is by public disclosure of vulnerabilities. This will serve two purposes. First, it will make the users aware of the vulnerability in their software and make necessary changes, so that an attacker cannot take undue advantage of the vulnerability. Second, it will make the vendors responsible for the vulnerability. If vendors are made responsible publicly, they will be forced to fix the vulnerability and come out with a patch for it quickly. More the vulnerabilities in a particular product are made public, less will be the trust of the people in the product will be. This would eventually result in the declination of the sale of the product. As more vulnerability in a product would mean a negative image being built in the market of the vendor, vendors will become more responsible and will concentrate on the security of the product.

One of the questions which would arise would be if public disclosure of vulnerabilities is one way of making the vendors more responsible and getting them to concentrate more on security, then why are there so many products in the market which have vulnerabilities? One answer to this problem is lack of incentives. Tough the vendors can create more secure product, however there is little or no incentives provided to them. Many vendors adopt a policy of “sell first, build later”, where they have already committed on the shipping date of the product before the product has actually been designed. This would lead to stringent deadlines for the product’s design and development. With little or no time being devoted to proper testing, as it is also considered as time consuming, it would eventually open doors for products entering the market with vulnerabilities.

Once the security flaw has been found in a product, patches are sent to the users. There is however a co-ordination risk which user exposes to in case the other user has not updated his/her patches. The co-ordination risk involved can be explained with the help of the game theory concept. Consider the case of Bonnie and Clyde using software in which a recent vulnerability has been identified and a patch has been released for its fix. In a scenario where both Bonnie and Clyde have updated the patch, then both of them are secured / protected. In the opposite case where both Bonnie and Clyde have not updated their patch, then both of them run the risk of being attacked. However in a case where Bonnie has updated the patch and Clyde has not, Bonnie is still not secured as he still runs the risk of the attacker using the vulnerability in Clyde’s software and exploiting it against Bonnie. Similar is the case when Clyde has updated the patch and Bonnie has not.

The reason why many people run the risk of being attacked by an attacker is because they lack the knowledge. For eg: many individuals might not know that their email travels in a plain text format when passing through the network. A network tap can be easily used by the attacker to sniff the data and its contents. Many emails come with an option of selecting HTTPS for their mails, which would allow messages to travel in an encrypted form through the network. The other reason would be that the users simply lack motivation or incentives.

Incentive centered design works towards providing incentives to the weakest link, which would motivate them and help make the system more secured. For eg: a password which would contain only alphabets is considered as a weak password and can be broken easily using brute force or dictionary attacks. Where as, a password containing alphanumeric characters is considered a strong password which would be difficult to break by an attacker. Since the passwords are chosen by the user, certain incentives have to be provided to the user which will motivate him/her to choose a stronger password. For eg: a user would be constrained to choose a password which would contain a combination of alphabets and numeric characters in order for him to create his email account. In this case incentive centered design helps the user in choosing a strong password.

Economics of security is about aligning incentives. Any misalignment in the system would cause the system to fail. The product vendors and the users form the two ends in the system. On one hand public disclosure provides incentive to vendors to build secured products, while on the other hand incentive can be provided to “induce human behavior”. Any misalignment of incentives at one end would cause the system to break and easy for the attacker.