Shubho's Blog

SolarWinds and Log4j  ha ve made software supply chain security a topic of intense and scrutiny for enterprises and governments around the world.  Software Supply Chain attacks, generally carried out by profit threat actors and nation state actors are constantly rising. It can have significant impacts to both digital and physical worlds. In 202 0,  a major U.S. IT firm,  S olarWinds, was breached when attackers launched malicious code via its IT monitoring and management software, a platform used by large enterprises and government agencies. The hackers infiltrated not only SolarWinds but their customers as well.  In 2021,  a remote execution vulnerability in Apache’s Log4j turned the security world on its ear and  left countless users and organizations susceptible to data breaches and attacks. Since 2021, there has been a 650% YoY increase in software supply chain attacks.  In 2021, the president of the United States highlighted the importance of...

When we talk about software world, what’s the first thing that comes to your mind? Programming - right? Developers play a very important role in turning technology ideas into reality. It’s ultimately the code that runs on the computer providing an interface to the end users or systems. Empowerment of developers has evolved over the last few decades from assembly level programming to more sophisticated software programming. It continues to evolve and provide enormous opportunities to transform the life of a developer which in turn transforms the business that relies on technology.   When I started my professional career in late 90s, the technology world was limited but fascinating. Computer technology was something that every technologist wanted to be associated with. We had only a few options to choose from and I was fortunate to work on programming languages such as Java, Visual C++, etc. My first programming language Fortran (as part of my undergraduate course) was really di...

Before Corona (Covid-19) Pandemic By Feb 2020, India had seen six successive quarters of declining GDP growth equalling the longest slowdown in the past 23 years. The GDP growth in second quarter of FY19-20 fiscal shrunk to 4.5% from 5% in the previous quarter. This was the sixth straight drop in India's quarterly GDP growth.  The slowdown was expected to be the third slowdown since 1996 and will be the longest in the past 23 years if the Q3 GDP falls below 4.5%. Note: From January 2015, the Central Statistics Office (CSO) updated base year for GDP calculation to 2011-12, replacing the old series base year of 2004-05. After Corona and 5+ weeks of lockdown During the Corona crisis and 5+ weeks of lockdown in response to contain it, we have already seen significant impact to Indian economy in various forms. Sensex and Nifty indices have crashed nearly 30-35% and BSE 500 stocks have crashed nearly 50% (before Corona, it had already crashed 50%) and m...

What started as an epidemic mainly limited to Wuhan in China has now become a global pandemic in no time as declared by the World Health Organization(WHO). Now, there is more than 320,000+ positive cases with nearly 14,000+ deaths worldwide. As far as India is concerned, we have nearly 390+ positive cases with 7 deaths. While this is believed to have started in China in Dec 2019, the first case in India was reported back in late Jan. However, it got everyone's attention in early Mar with more number of cases reported everyday. Now, in just few days it has touched nearly ~400 with only 16000+ tests done so far. Now actions are being taken everywhere but is it too late to contain such pandemic which has made everyone to get scared worldwide? But to contain it further or avoid similar situations in the future, don't we need a centralized system to collect, analyze and alert before the magnitude of the situation is seen on the ground? While medical experts are busy in doing r...

With the entry of Cloud with a promise of reducing infrastructure cost, enhancing security by leveraging shared infrastructure, etc, organizations are slowly moving to Cloud to get the advantages of it. With multi-fold advantages, one big concern stays as-is - “Security”. Security in on-prem world is of multiple layers - Network Security, Infrastructure Security, and Application Security. However, in Cloud the security is of multiple layers but with multiple dynamic moving parts. Also, because of the nature of Cloud the regulatory bodies are strict on ensuring regulatory compliances and bringing in additional regulatory requirements.  There are multiple challenges in the cloud -  Slowly the penetration and the attack surface is changing, particularly in cloud environment. The various workloads have different needs - some are public facing in a public subnet and remaining are in private subnet with a strict firewall for inter subnet communication.  Ear...

In today's world, "information" is the key. With IT enabled world, we collect large amount of data from various sources but how effectively we can use such large amount of data is always a challenge. Different domains such as Financial, Sales, Security, Retail, Energy, etc. initiate and collect large amount of data from various source for their day-to-day IT operations and management. For e.g. in our day-to-day operation of using e-services, we perform various activities and transactions and one such example is e-banking. Do we ever realize when we do an online transaction how much data is collected to ensure safety of the transaction? Now, when each and every  online activity is monitored, extracting meaning out of billions of activities is a big challenge in IT enabled domains. When billions of transactions are happening per day, how do we find out which one of those is a suspicious activity. With the world becoming more and more IT enabled, IT security becomes extreme...

Wanted to share one error that I got while installing Microsoft Office Professional 2013 for which I had to spend almost 3 days to find the root cause. I also googled and found that many people have also faced the same issue but did not get if anyone had the solution. Sharing the solution that worked for me. Thanks to Dhaval Metrani, my colleague, who also helped me with this. If you get the following error in the log file (in the %temp% folder) while installing Office 2013 Failed to install product OSMMUI.msi ErrorCode: 1603  and the detail log shows ERROR: The network address is invalid then the same is because of Task Scheduler service is not enabled on the machine. 1603 is a generic error and some people have mentioned that the same could be related to deleting/renaming  %programdata% /Microsoft Help but the solution seemed to be related to Task Scheduler when the exact error was related to 'Network address invalid'. By default in Windows 7 and Windows Vista ...