The media is abuzz with the alleged reports hinting that the Government of India might soon ban VPNs to enhance cybersecurity. As swift, intelligent, and effective as that may sound, it is only as logical as banning scalpels to prevent murders. These recommendations cast a big question mark on our national understanding of the cyber domain and belie our image of a budding techno global power!

As a cyber threat enthusiast, I have found immense value in regurgitating various fringe cybersecurity documents — lawsuits, reports, walkthroughs, et al. While I still am regurgitating Amnesty International’s ‘Forensic Methodology Report — How to Catch NSO Group’s Pegasus.’ I couldn't help sharing my findings herein.

I went through the document, taking turns putting myself in the shoes of the following.

  • A Cyber Threat Enthusiast — Map the techniques on the report to the MITRE ATT&CK framework and flag voids.
  • An NSO Group’s operator steering the Project Pegasus — Lessons to prevent such scenarios.
  • An Apple Security Guy — so…

Monk and the Mill of Life

Mind, meditation, and monkhood — Having savored these intellectual groping for long, I finally checked in at the Dhamma Bodhi Vipassana Meditation Centre for a 10-day course earlier last month. I had been reading about Vipassana for a long time but never got around sparing ten days in a row for actually doing it. The thought of staying disconnected from the world and look-within was part interesting and part challenging. And, when I heard Yuval Noah Harari at the India Today, Conclave 2018 speak about this technique, I was genuinely motivated to sign up for it. …

What’s up? WhatsApp

Originally published at on 27 May 2021

The last few hours have seen a lot of furore over WhatsApp suing the Indian Government over user privacy issues; they claim they want to defend it for a change. Knowing WhatsApp’s Facebook connection, that’s surprising. It’s been quite some time since Facebook and Privacy have been used together in the same sentence! TRUMPets…

The main issue, as read by the lawsuit, concerns traceability. Simply put, traceability in this context implies technical feasibility and intent to identify the originator of specific content (text/image/video/file), which gets shared several times on…

CISOs fail all the time — here’s what needs to be done to save merciless attacks.

this article was originally published as a Quora answer.

Lets decipher what it takes to have bulletproof cybersecurity. More often than not, one is sprung a loooooong laundry list of check-boxes when he asks that question. This standard, that standard and all kinds of alien boxes from every company which ever blurted security even while sleepwalking. The checklists and boxes will save all the security attacks on your organization — nothing could be further from truth. …

Back in Christmas of 2015, while I was home with my sister, we got addicted to this great word-game from Microsoft — Wordament. It was pretty addictive a game and got us gripped for most of our time back then. Besides all the good things about the game, the only sore point was — I could never beat her.

The game works in a way that a new word puzzle is sprung at the world every two-minutes. Thereafter, all participants do their gig for another two minutes, before the scoreboard bearing their world rank is flashed. …

.. works well for the voyeur next door as well

Right this moment someone might be intercepting your calls (that’s to begin with) using a selfie-stickesque phony GSM DIY-tower. Such home-brewed cellphone interceptors masquerade as a normal tower to an average mobile phone. However, once the phone hooks on to this fake tower; doors to an array of “over-the-air” attacks open up. The attacks fall in the Man-In-The-Middle genre and can vary from mere eavesdropping on calls to silently pushing sophisticated zero-day exploits to your device.

Just to put things in perspective; interceptors are radio-equipped computers with software that can use covert cellular network protocols and defeat the contemporary encryption…

Introducing Derivable-Passwords

How many times have you found yourself trying a volley of passwords back to back over a humble web login page?

Most of us will have that dictionary-attacking experience over our own accounts. An average human being today is required to remember anywhere between fifteen to twenty login passwords. What makes that worse — they all ought to be different and complicated.

So how do we survive this password apocalypse?

A good password in simple terms is the one which makes you feel dyslexic while you recollect it. It is garnished by all possible characters which a gymnast could hit…

Seemingly #Facebook is Storing Our Passwords and using it for their Analytics.

While living in PRISM-olithic age, I ran into this issue that I’d like to highlight.

For one of the Facebook pages that I manage, the password that I use is of the form X-Y where X and Y are names of two girls - something like Samantha-Scarlett [ boy thing. huh!! ]

I have been using this password for about two months now. Surprisingly yesterday Facebook presented me with a friend suggestion which bore the same name “Samantha Scarlett” We had no mutual friends and no other connections. …

How-To Measure Data Usage on Your Mobile.

How Vodafone India is Harassing Customers and Minting Money

I am IT engineer with a work experience of about 8 years. My job entails dealing with computer network issues on daily basis. I want to highlight this issue which I ran into while subscribing to services of Vodafone. I have been using their postpaid service for about three years, but having gone through this; it really makes me wonder how they’d be treating a non-technical customer of theirs.

I’m using a postpaid data plan which offers me 1gb monthly data usage. The billing cycle for my plan, as I was made to understand, starts every 02nd of calendar month…


Peacekeeper. Pacemaker. Desingineer. Tech voyeur. Tech doer. Sunday photographer. Weekday wanderer. Part time rockstar. Full time awesome. Kinda big deal.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store