Most of you might know, I have been the target of a anonymous group of hackers over the past several years. They have a very powerful spying equipment - swarm of invisible micro drones capable of viewing, recording, listening, whispering and even mind reading.
With the production launch plan for WebVeta soon, I have been reviewing the security procedures and closing any small loopholes. In other words, assume if a hacker is seeing, listening, recording, mind-reading yet, I want to secure WebVeta.
Tool - 1: Securely transferring small pieces of info between client and server
In the past, I did mention the need for such a tool.
1) Lets say I have some key that needs to be transferred to the server and I don't want to edit the config files i.e I don't want to display in plain text.
2) Lets say I have key generated on server and I need access and I don't want to see the text in plain text on screen.
Tool - 2: Browser plugin for hiding keys
Recently, I did a video - https://www.youtube.com/live/JywnpvBXLuU?feature=share for sending alerts using Slack. In the video at about 6:30 minutes - https://youtu.be/JywnpvBXLuU?t=390, I made the browser window small, because I didn't want to show the complete webhook URL.I thought what if I create a small chrome browser plugin that can hide the URL and show a copy button? Not just slack, but there are several other usages and websites where sensitive information gets displayed in plain text.
Another scenario is where we copy and paste keys, for example Github -> Deploy Keys. There is a large text box for pasting the key. But I don't want the key to be shown. I can make the browser window small or textbox size small, but what if there is a browser tool that does that?
Both of these tools are going to be open source and would be available on ALight Technology And Service Limited's GitHub repository - https://github.com/ALightTechnologyAndServicesLimited/
Other scenario:
When it's about sensitive keys, developers, project managers, product owners put some effort for example:
1) Don't show keys in plain-text
2) If prompting for keys, don't echo the key
3) If keys are used for communication, allow IP based restrictions
etc... based upon your product's integration needs.
If the R&AW spies misrepresented and lied under oath in whatever "eye witness testimony", why am I being harassed, framed, blamed and why are they demanding extortion?
I don’t have any fake aliases, nor any virtual aliases like the psycho spy R&AW traitors of India. NOT associated with the erra / yerra karan, kamalakar, diwakar, kareem, karan, erra / yerra sowmya, erra / yerra sowjanya, zinnabathuni sowjanya, bojja srinivas (was a friend and batchmate 1998 – 2002, not anymore), mukesh golla (was a friend and classmate 1998 – 2002, not anymore), erra sowmya, erra sowjanya, thota veera, uttam’s, bandhavi’s, bhattaru’s, thota’s, bojja’s, bhattaru’s or Arumilli srinivas / Arumilli uttam(may be they are part of a different Arumilli family – not my family). I don’t have any siblings by the name of Sowjanya or Sowmya, Srinivas, Uttam.
-
Mr. Kanti Kalyan Arumilli
B.Tech, M.B.A
https://www.facebook.com/kanti.arumilli
https://www.linkedin.com/in/kanti-kalyan-arumilli/
https://www.threads.net/@kantiarumilli
https://www.instagram.com/kantiarumilli/
https://www.youtube.com/@alighttechnologyandservicesltd
https://www.youtube.com/@kantikalyanarumilli
https://twitter.com/KantiKalyanA/
https://kantikalyan.medium.com/
https://www.facebook.com/ALightTechnologyAndServicesLimited/
https://www.linkedin.com/company/alight-technology-and-services-limited/
Founder & CEO, Lead Full-Stack .Net developer
ALight Technology And Services Limited
Phone / SMS / WhatsApp on the following 3 numbers:
+91-789-362-6688, +1-480-347-6849, +44-07718-273-964
+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)
No comments:
Post a Comment