Security News

There's one nation where outrage about Pegasus has been constant for nearly a year and shows little sign of abating: India. A quick recap: Pegasus was created by Israeli outfit NSO Group, which marketed the product as "Preventing crime and terror acts" and promised it would only sell the software to governments it had vetted, and for approved purposes like taking down terrorists or targeting criminals who abuse children.

The Indian government has issued new directives requiring organizations to report cybersecurity incidents to CERT-IN within six hours, even if those incidents are port or vulnerability scans of computer systems. The most notable new requirement is that any internet service provider, intermediary, data center, or government organization, shall report these incidents to CERT-In within six hours of noticing them.

India's Computer Emergency Response Team has given many of the nation's IT shops a big job that needs to be done in a hurry: complying with a new set of rules that require organizations to report 20 different types of infosec incidents within six hours of detection, be they a ransomware attack or mere compromise of a social media account. The national infosec agency stated the short deadline is needed as it has identified "Certain gaps causing hindrance in incident analysis."

India's government and the European Union have signed up to create a "Trade and Technology Council" - an entity the EU has previously only created to enhance its relationship with the United States. Details of the Council's scope of operations have not been revealed, but the EU/US version of the entity works on standards for emerging technologies, tech supply chains, information security, data governance, preventing misuse of technology when it threatens security and human rights, and SME access to and use of digital technologies.

UADAI arranges for collection of the biometrics needed to create an Aadhaar - ten fingerprints, two iris scans, and a facial photograph - through enrollment agencies and registrars and provides authentication-as-a-service using Aadhaar numbers. More than a billion Aadhaar IDs have been issued and over 99 per cent of India adults have enrolled in the scheme.

India has revealed the identities of companies that have applied to build semiconductor manufacturing facilities on its soil under a $10 billion subsidy scheme - and none are substantial chipmakers. As The Register reported last week, a consortium of Taiwan's Foxconn and Indian firm Vedanta committed to build a plant under the scheme, despite neither company having any previous experience in the field.

The deputy governor of the Reserve Bank of India, T Rabi Sankar, has delivered an extremely unflattering assessment of cryptocurrencies - worse than Ponzi schemes, wreckers of economies, and richly deserving of a ban within India. Speaking at the Indian Banks' Association's 17th Annual Banking Technology Conference, Sankar argued that cryptocurrencies are poorly named, as unlike fiat currencies they "Do not have an issuer, they are not an instrument of debt, nor commodities, nor do they have any intrinsic value."

The Reserve Bank of India has warned the nation's finance sector that outsourcing information technology jobs could "Expose them to significant financial, operational and reputational risks." A quick reminder: since the late 1990s, India has championed outsourcing IT services and profited mightily as a result.

Sri Lanka has decided to adopt a national digital identity framework based on biometric data and will ask India if it can implement that nation's Aadhaar scheme. The island nation had previous indicated it would work with the Modular Open Source Identity Platform, an organisation based in India that offers tools governments can use to create and manage digital identities.

Most modern chat systems are entirely proprietary: proprietary clients, talking proprietary protocols to proprietary servers. There's no need for this: there are free open standards for one-to-one and one-to-many comms for precisely this sort of system, and some venerable clients are still a lot more capable than you might remember.