Thursday, March 31, 2022

Not Attending – Network Event London, Meet Entrepreneurs, Business Owners, Investors, UK

Not Attending – Network Event London, Meet Entrepreneurs, Business Owners, Investors, UK


     Due to certain reasons, I am not attending the event tonight. I requested a refund from the organizers to allow me to attend a future event. Even if I don't get a refund, no worries! I forgot that I have some other important seminar to attend. If I plan to attend this event, I would be travelling at the time the seminar happens. The seminar is about "Life Long Learning". Hult International Business School, the university from where I pursued M.B.A between 2020 and 2021, has a "Life Long Learning" plan. Every year, I can attend one course for free  ($100 / course - general administrative fees) either in-person or through zoom. Today's seminar is about "Life Long Learning". I have been attending several business networking events anyway, so I am skipping attending today's business networking event for the sake of "Life Long Learning".

   Some people say great people like Bill Gates, Benjamin Franklin, Warren Buffet are lifelong learners. I am not comparing myself to great people like the above-mentioned names, but I can inspire and motivate myself and hopefully a few others.

For those of you, who didn't see it previously, here is my Graduation video clip:




Not Attending – Network Event London, Meet Entrepreneurs, Business Owners, Investors, UK

Thursday, March 24, 2022

Microsoft, Okta breached! Anonymous hackers online!

Microsoft, Okta breached! Anonymous hackers online!


    Hacker groups have breached big organizations like Microsoft and Okta. Obviously, the hacker groups would either sell data/source code in black markets / dark web or demand ransom/extortion. Either way, when the payments are made they would use bank accounts on stolen identities or bank accounts opened on other people's identities. That's how anonymous hackers work.

    Zero Trust computing, MFA are very important.


Microsoft confirms they were hacked by Lapsus$ extortion group



Microsoft, Okta breached! Anonymous hackers online!

Friday, March 18, 2022

Cross Reference Post - OTP thieves and what I.T should do

 Cross Reference Post - OTP thieves and what I.T should do


This is a cross-reference post for my Medium post: OTP thieves and what I.T should do.


OTP has become very common nowadays. And with R&AW’s (Research And Analysis Wing) advanced hacking equipment, spying, OTP theft has become very very easy! Shame on certain foreigners, for co-operating with spies from other countries (They should be called traitors of their countries because they are co-operating with spies of other countries to get into their country and hack/spy their own countries, in return for whatever benefits).

For example, adding a debit/credit card to NFC requires OTP and it’s very easy for spies to add someone else’s cards to their own mobiles. They might or might not use the cards but they would add to allow impersonation/anonymization in other words to conceal their real identities or anonymize the target.

I have Bank Of America mobile application on my Android phone. I have ICICI Bank mobile application on my Android phone. Let me explain the approaches taken by these two mobile applications.

Bank Of America requests OTP, but I don’t have to view SMS when using mobile application, the application automatically reads OTP without displaying on screen and logs in. An excellent approach in keeping away the prying wings.

ICICI when registering for the first time, generates some unique long code and sends the code as an SMS from the mobile phone and activates. I did reverse engineer ICICI but here is my assumption about the architecture: a) Send the mobile number to the app’s server, receive a unique one time code and obviously some kind of a session id. b) Send the unique one time code to the server using SMS c) The server would validate that the SMS with the unique one-time code came from the registered mobile number d) The client app would then login into the bank application.

In the above mentioned two approaches there is very very less scope of OTP theft. Mobile application developers should look into these approaches and maybe even more secure methods of login/verification considering the threat of terrorist wings!


Cross Reference Post - OTP thieves and what I.T should do

Tuesday, March 15, 2022

Social & Business Networking!

 Social & Business Networking!


     Now I am back in London and would be attending some Social and Business Networking events. I signed up for the yearly membership on London Connector + Global Net events on March 11th as soon as I came back to London. I might not attend all the events but definitely most. However, as most of you might have heard about the Indian R&AW "Just", "Focus", "Yuvas", "Players", in other words, the game of impersonation sponsored by the Ministry of External Affairs of India or should I say some major cover-up by India and Indian R&AW agents?

   Either way, because I maintain clarity amid chaos, I decided to create an official webpage on the company's official website to specifically mention the particular Social and Business Networking events that I would be attending in person. The events page can be accessed at https://www.alightservices.com/events/.


Social & Business Networking!

Friday, March 11, 2022

Back in London!

Back in London!


    I am back in London. This morning I landed in London. I am slightly busy this week, but hoping to meet everyone at some business networking events in a few weeks.


-

Kanti Kalyan Arumilli


Back in London!

Wednesday, March 9, 2022

The need for long tokens!

The need for long tokens!

Cross-reference post from https://kantikalyan.medium.com/the-need-for-long-tokens-4793cde26e69

    Most websites use tokens for various things such as password resets for example: htttps://www.domain.com/ResetPassword?id=12345abcde. In this example, the "12345abcde" is the token. The advanced spying equipment misusers easily misuse by looking at the token. Instead if the token is long enough say 1024 characters, in the email without showing the URL if a HTML link is provided, when the user clicks a link and the browser opens a new tab, the browser window would not show the entire 1024 characters and hackers/spies wouldn't be able to see the token.

    In an extremely worst-case scenario, some websites use tokens in the URL for session management and these websites become easy targets for session hijacking. Session hijacking is a method used by hackers to steal the session cookie value or session token value and use those in their own browsers. This is a very dangerous situation and an offense, yet some spies/hackers use these techniques online. And to hide their real identities they impersonate someone else because they are hackers online.


The need for long tokens!

Monday, March 7, 2022

Crazy hackers

Crazy hackers


    Indian R&AW agents have again hacked into my accounts, this time into https://www.brighttalk.com/ and signed up for some webinar on my admin@alightservices.com email account. Seriously? Can't you sign up for a webinar on your own email account? Or is this some kind of imposter syndrome? Most likely the online whatever propaganda group of R&AW shadows. I deleted my https://www.brighttalk.com/ account.


Crazy hackers

Saturday, March 5, 2022

05/03/2022 - update

05/03/2022 - update


        Pretty much the development of the internal tools has been complete for now. Of course in the future, based upon the need and as the company grows, additional internal tools would be built. Over the next few months, there will be some alpha launch of a commercial product. I have not decided on the pricing model yet, but certainly have some exciting use cases and features planned that would be useful for most companies that have an online presence. I have added a separate webpage to the main website at: https://www.alightservices.com/corrupted-raw-online-not-associated/ that clears some of the misconceptions regarding me, my identity, my company, the so-called online group of extremists, human rights violators, impersonators, identity thieves, hackers, source code thieves, dacoits and low lives. The web page lists all the possible culprits, various propaganda that they might have created and how I might be framed by them. Now, if they steal source code or do parallel development, etc... it would mean that Indian R&AW agents would be doing Intellectual Property theft of a United Kingdom-based company. They are dacoits anyway, but this would absolutely mean that, that particular group of hackers are trained and sponsored by India to perform cyber warfare against western nations and/or businesses of western nations. Well done India! Shame on India! I am ashamed to be an Indian citizen.


05/03/2022 - update

Wednesday, March 2, 2022

Mid week update 03/03/2022

Mid week update 03/03/2022


This week has been a slow week, some automated backup related work has been happening. In other words, a cost-efficient resilient, error-tolerant, extensible, secure cloud environment is being built. In the next 4 - 5 weeks, this would be completed and might pivot into product(s) development. As a one-man company, I have been my own product owner, architect, developer, tester, devops, sys admin, cloud admin.  


Mid week update 03/03/2022

WebVeta has been accepted into Athena.vc, actual details not finalized yet!

  My Software as a Service (SaaS) product, WebVeta , has been accepted into Athena.vc . Athena.vc is a venture capitalist firm with a stron...