CyberSecurity - New Tool - SecureOTP

    I have mentioned in the past of implementing very high cyber security standards. Pretty much the cyber security standards have been implemented and after much analysis the following bottlenecks were identified. The analysis has been performed based on the capabilities of the anonymous targeted hackers - R&AWMAAfia's equipment capabilities:

1) Possibility of OTP theft either OTP's received on Phone or OTP's received via EMail.

The need entering a OTP received on phone on a laptop or entering a OTP received on email in a laptop into an application on mobile. The OTP should NOT be displayed on screen. Instead the application would show XXXX - Copy/Transfer button.

With this use case identified a much needed tool for bridging this security loophole is needed.

I plan to develop this tool and release in the next few months. The tool would be developed using .Net MAUI. Lot of Operating Systems would be supported - iOS, Android, Windows, Mac. 

I am considering options such as communicating over bluetooth or local wifi - eliminating the need for server component.

In June 2022, I have wrote a blog post - An Architecture for Secure communication between two clients!. In this blog post, I have discussed an architecture for securely pairing two devices over the public internet without the need for any accounts. The architecture is like pairing of bluetooth devices over bluetooth, pairing of Netflix / Youtube with television but has few more steps for secure pairing and securely transferring data.

But, I don't want to develop the server component, because in this usecase the devices i.e laptop, mobile would be close enough and might be on the same wifi network. So, bluetooth, same wifi transfer would be appropriate. But the session specific public / private keypair generation for transferring data, pairing of devices part of the above mentioned architecture would still happen.

This would be developed along with WebVeta. And this would be completed almost in-time before the production release of WebVeta. I am thinking sometime around November 2023. This way, WebVeta production would be in a very secure environment and I am pretty much doing a thorough, holistic analysis of cyber security.

Thanks to great contributions by great people from around the world, the frameworks such as NIST, free courses and paid courses, documentation etc... have helped me in improving my knowledge of cyber security and figuring out ways to thwart the R&AWMAAfia hackers - who are violating human rights by hacking, privacy invasion by using mind reading equipment of invisible drones, doing identity distortion, identity theft, intellectual property theft.

I don’t have any fake aliases, nor any virtual aliases like the psycho spy R&AW traitors of India. NOT associated with the erra / yerra karan, kamalakar, diwakar, kareem, karan, erra / yerra sowmya, erra / yerra sowjanya, zinnabathuni sowjanya, bojja srinivas (was a friend and batchmate 1998 – 2002, not anymore), mukesh golla (was a friend and classmate 1998 – 2002, not anymore), erra sowmya, erra sowjanya, thota veera, uttam’s, bandhavi’s, bhattaru’s, thota’s, bojja’s, bhattaru’s or Arumilli srinivas / Arumilli uttam(may be they are part of a different Arumilli family – not my family). I don’t have any siblings by the name of Sowjanya or Sowmya, Srinivas, Uttam.

–

Mr. Kanti Kalyan Arumilli

B.Tech, M.B.A

Facebook

LinkedIn

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

Phone / SMS / WhatsApp on the following 3 numbers:

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)

kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu and 3 more rarely used email addresses – hardly once or twice a year.  

Roadmap for next few months!

Roadmap for next few months!

Here is the roadmap for the next 3 - 6 months for ALight Technology And Services Limited.

1) Implement NIST Cyber Security Framework

2) Alpha / Beta of a new Product - Alerts!

3) Use Alerts for all the internal alerts of ALight Technology And Services Limited.

Alerts would be done in a semi-open-sourced approach i.e anyone who wants to implement a similar solution can implement by following the technical blog. For example, if I am writing code for Slack integration, I would write a blog post and provide the code, similarly for any other integrations. I am definitely open for consulting for Architecture, AWS Cloud Architecture, .Net based development.

The concept of Alerts:

One platform to manage alerts with different sets of business rules.

For example, let's say an application was built and sends email alerts. And what if you want to use WhatsApp / Telegram / SMS alerts? The code has to be re-developed, tested, deployed. What if there was a simple API for sending alert and the targets can be configured? What if multiple targets are supported? What if based on application, time of day, escalation rules different targets can be used? This is a very small niche, but a necessity for every software company. Big companies would probably have their own internal implementations of Alerting Microservices. Smaller startups and mid-sized companies can benefit by focusing on product features rather than worrying about alerting integrations.

NOT associated with the erra / yerra karan, kamalakar, diwakar, kareem, karan, erra / yerra sowmya, erra / yerra sowjanya, zinnabathuni sowjanya, bojja srinivas (was a friend and batchmate 1998 – 2002, not anymore), mukesh golla (was a friend and classmate 1998 – 2002, not anymore), erra sowmya, erra sowjanya, thota veera, uttam’s, bandhavi’s, bhattaru’s, thota’s, bojja’s, bhattaru’s or Arumilli srinivas / Arumilli uttam(may be they are part of a different Arumilli family – not my family). I don’t have any siblings by the name of Sowjanya or Sowmya, Srinivas, Uttam.

–

Mr. Kanti Kalyan Arumilli

B.Tech, M.B.A

Facebook

LinkedIn

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

Phone / SMS / WhatsApp on the following 3 numbers:

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu and 3 more rarely used email addresses – hardly once or twice a year.

Roadmap for next few months!

Live C# development session - 2 on January 2nd at 09:20 a.m India Time

Live C# development session - 2 on January 2nd at 09:20 a.m India Time 

Another 20 - 30 minute live video while developing the free, open source tool.

NOT associated with the erra / yerra karan, kamalakar, diwakar, kareem, karan, erra / yerra sowmya, erra / yerra sowjanya, zinnabathuni sowjanya, bojja srinivas (was a friend and batchmate, not anymore), mukesh golla (was a friend and classmate, not anymore), erra sowmya, erra sowjanya, thota veera, uttam’s, bandhavi’s, bhattaru’s, thota’s, bojja’s, bhattaru’s.

–

Mr. Kanti Kalyan Arumilli

B.Tech, M.B.A

Facebook

LinkedIn

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

Live C# development session - 2 on January 2nd at 09:20 a.m India Time

Live C# development session - 1

Live C# development session - 1

As mentioned in previous blog posts - An approach for securing some sensitive content and The need for serious security I.T, current state of a sophisticated spies / hackers equipment, I am planning to do few live coding sessions over the next few days. Once the code is complete, the code would be available for anyone via Github. Any C# beginner interested in Cryptography, System.Diagnostics.Process are welcome to ask questions.

Live C# development session - 1

LightMonitor Initiation - Recorded Video

LightMonitor Initiation - Recorded Video

As mentioned in a previous blog post - LightMonitor Initiation - Live Streaming, I went live at noon on 15/12/2022. This video is about what LightMonitor is about, what is the current landscape of the market, what is the opportunity, some of the ways my product would be different. Some advanced hacking equipment being used by spies / hackers and how to minimize the threat, some secure development practices, some of my favorite software etc...  

NOT associated with the erra / yerra karan, kamalakar, diwakar, kareem, karan, erra/yerra sowmya, erra/yerra sowjanya, zinnabathuni sowjanya, bojja srinivas (was a friend and batchmate, not anymore), mukesh golla (was a friend and classmate, not anymore), erra sowmya, erra sowjanya, thota veera, uttam’s, bandhavi’s, bhattaru’s, thota’s, bojja’s, bhattaru’s.

–

Mr. Kanti Kalyan Arumilli

B.Tech, M.B.A

Facebook

LinkedIn

Founder & CEO

ALight Technology And Services Limited

LightMonitor Initiation - Recorded Video

Moved to India and Cyber Security

 Moved to India and Cyber Security

As mentioned in earlier blog posts, I did move back to India. I have updated my current address on my company - ALight Technology And Service Limited's official website. My current address: SF-3, Vinay Residency, Visalakshi Nagar, Visakhapatnam, India 530043.

I know I am the target of R&AW hackers, spies, shadows, identity thieves - uttam, thota's, thota veera, zinnabathuni sowjanya, erra's, erra diwakar / karan, erra sowjanya / sowmya, erra kanta / kantha / kantham, few deifferent identity thief female's who claim my first name - Kanti, bojja srinivas and whoever is an "is" (male / female who either lives in United Kingdom or India and somehow tries to associate with my family - Arumilli) - all of them are rogue R&AW spies with rotten (kullubothu) mindset. For all practical purposes they have violated human rights and should be considered as terrorists. They are freeloaders and trying to steal other people's hardwork, I would call them scumbags and pests of our planet.

These people tried to distort my identity by 1) shadowing me, signing randomly on unnecessary receipts (trash picker mindset) 2) foregering my signature

One of them - Either the erra's or uttam or thota veera or bojja srinivas did signature forgery. How can their signature be different from the signature on their passport? My name - Kanti Kalyan Arumilli, and my signature, same signature on my current passport, 2 expired passports, PAN card in India, student BRP card of United Kingdom, Tempe Police Department paperwork from 2014 when I had a DUI in Tempe, AZ when I was in AZ, USA on a valid H1B visa.

As promised, I am improving the security of ALight Technology And Services Limited. The first steap being implementing NIST Cyber Security Framework. Many thanks to Coursera, for offering free courses on NIST framework. For anyone interested here is the link for the specialization: 

Cybersecurity Risk Management Framework Specialization. This specialization has 3 courses:

1) NIST CSF - 4 Hours

2) NIST DoD RMF - 4 Hours

3) NIST 800-171 - 6 Hours

Signed up on coursera using my personal email address - kantikalyan@gmail.com

The next step after implementing NIST Cyber Security Framework is doing AWS Certified Security - Specialty. 

I cannot say exactly when but I am planning to complete the following certifications in 2023:

1) AWS Certified Database - Specialty (Q4 2022 or early Q1 2023, I took up a challenge with AWS from my company email address - admin@alightservices.com)

2) AWS Certified Developer - Associate (Q1 2023 or early Q2 2023)

3) AWS Certified Security - Specialty (Hopefully late Q1 2023 or Q2 2023)

4) AWS Certified Solutions Architect - Professional (Q2 2023 or Q3 2023)

Currently I hold AWS Certified Solutions Architect - Associate, (certification associated with my personal email address - kantikalyan@outlook.com, even my other certifications) along with few other certifications. The list can be found on my LinkedIn profile and my resume.

With the above measures in place, I cannot protect myself from I.P theft because of the spytards, but I can definitely protect consumer data and I do have several bio-metric protections in-place. That's why the spytards do screenshots but can't directly access my AWS infrastructure.

NOT associated with the erra / yerra karan, kamalakar, diwakar, kareem, karan, erra/yerra sowmya, erra/yerra sowjanya, zinnabathuni sowjanya, bojja srinivas (was a friend and batchmate, not anymore), mukesh golla (was a friend and classmate, not anymore), erra sowmya, erra sowjanya, thota veera, uttam’s, bandhavi’s, bhattaru’s, thota’s, bojja’s, bhattaru’s.

–

Mr. Kanti Kalyan Arumilli

B.Tech, M.B.A

Facebook

LinkedIn

Founder & CEO

ALight Technology And Services Limited

Moved to India and Cyber Security

The need for long tokens!

The need for long tokens!

Cross-reference post from https://kantikalyan.medium.com/the-need-for-long-tokens-4793cde26e69

    Most websites use tokens for various things such as password resets for example: htttps://www.domain.com/ResetPassword?id=12345abcde. In this example, the "12345abcde" is the token. The advanced spying equipment misusers easily misuse by looking at the token. Instead if the token is long enough say 1024 characters, in the email without showing the URL if a HTML link is provided, when the user clicks a link and the browser opens a new tab, the browser window would not show the entire 1024 characters and hackers/spies wouldn't be able to see the token.

    In an extremely worst-case scenario, some websites use tokens in the URL for session management and these websites become easy targets for session hijacking. Session hijacking is a method used by hackers to steal the session cookie value or session token value and use those in their own browsers. This is a very dangerous situation and an offense, yet some spies/hackers use these techniques online. And to hide their real identities they impersonate someone else because they are hackers online.

The need for long tokens!

ALight Technology And Services Limited is now Cyber Essentials Certified!

ALight Technology And Services Limited is now Cyber Essentials Certified!

    I am happy to anounce today that ALight Technology And Services Limited is now Cyber Essentials Certified! Have plans to get the Cyber Essentials Plus certification in the next 3 - 6 months timeframe! Honestly, thank you BulletProof for your guidance. Although, I had pretty much everything in place for being ready for certification, there were 1 - 2 minor issues that I overlooked and BulletProof has provided me the proper advice and proper controls that were necessary.

License Number: IASME-CE-027447

ALight Technology And Services Limited is now Cyber Essentials Certified!

How to secure Microsoft Account

How to secure Microsoft Account

With the Microsoft OneDrive integration feature coming soon in SimplePass. I wanted to make a blog post on how to secure your Microsoft account. Of course, once the integration is completed, there will be some additional tips on how to use OneDrive integration securely.

For those of you who haven't heard of Microsoft OneDrive, Microsoft OneDrive is a file hosting service from Microsoft. There is a web interface, Windows application, Android, iOS apps. The free version allows storing up to 5 GB. With Office 365, 1TB. For our purposes, we just need a few kb. This free service from Microsoft can be used for passwords synchronization across different devices.

The risk is that, if your Microsoft account gets hacked, your other Microsoft services such as email, files on OneDrive can get hacked. So, to minimize that risk, this blog post discusses how to secure your Microsoft account.

Microsoft along with a lot of other companies allow the use of MFA (Multi-Factor Authentication). There is even a page displaying recent activity, that shows recent login activity.

Navigate to https://account.microsoft.com/security?refd=account.microsoft.com, and login into your account.

Here you can see "Sign-in activity", clicking on that displays all recent login activity.

Click on Advanced Security, here turn on two-step verification. You can add an additional email or mobile number or Authenticator code or hardware key. My most preferred option is a hardware key like Yubico's Yubikey. But the drawback is that the hardware key costs money. I used to like Authenticator, but I recently saw a drawback in Microsoft's approach, and out of scope of current blog post. For now, I would say, if possible avoid the Authenticator option, for now. 

For example, if you add a different email, you need to secure that account. If you add mobile, be careful, that if you would lose access to your Microsoft account if you lose your mobile. A few months ago, I personally lost my mobile and it became a nightmare. Now, I have access to all my accounts. 

If you see any suspicious activity, scroll down and click "Sign me out" everywhere. Change your password. Periodically review your "Sign-in activity".

If you secured your Microsoft account, you can start using Microsoft OneDrive even today. Export passwords, upload to OneDrive. On the other device, log in into OneDrive, download, import. Then delete the file from your devices, recycle bin, and OneDrive, OneDrive's recycle bin. But if you exported passwords for the purpose of backup, you don't have to delete the file, but safeguard the file.

Stay safe from the prying online hacker's eyes.

How to secure Microsoft Account