India's tough hacker crackdown: IT security leaflets with every device India has reportedly concocted a plan to cut down on IT security problems: forcing hardware vendors to include a security awareness brochure with all desktop PCs, mobile phones and USB modems. The plans were dreamt up to improve the country’s cyber security preparedness, in response to the increasing volume of online threats …
We don't seem to have a problem with multiple languages in leaflets for EU distribution (or even tins of baked beans), even though e.g. Latvian speakers tend to be concentrated in Latvia - we just get rather large leaflets (and large lables on the tins in Lidl)
And shirley the solution is to require *vendors* in India to include a brochure with each purchase? Pop a copy in the carrier bag or tape it to the box?
Latvian speakers tend to be concentrated in Latvia - ordinarily a fair assumption, but.....
I wouldn't be at all surprised if close to half of the economically active Latvians weren't in Latvia anymore.
And only about 3% plan on coming back, long-term.
For many the choice is leave now, or starve/freeze or get ill and then have to leave later anyway.
Main destinations are Ireland, UK, Norway, Germany, Nordics, Canada, Australia, USA.
They often don't tell their home country, but the EU destinations are reporting up to 400,000 arrivals since the crisis began. That's about a 20% loss of population, mostly young working-age, over about the last 3.5 years, and accelerating.
Hence your food labels.
" the solution is to require *vendors* in India to include a brochure with each purchase?"
That depends on what the problem you want to solve is. If the problem is that insufficient regulatory claptrap paperwork is being printed, shipped, and thrown away unread, then you've got a viable solution.
If the problem the Indian government want to solve is user IT security, then they'll have to come up with a better approach. And there's some easy things they could do, like mandate in law that manufacturers have a responsibility for fixing security problems, and that (as shipped) all products must have automatic updating which is fully enabled. Mandate sensible rules for password setting for consumer facing businesses, minimum standards (eg 2FA) for on line banking. Mandate ISPs and phone companies to promote best practice (not really expecting them to do much, but enabling the government to punish the real security stragglers as an incentive to the rest). Mandate routine ISP blocking of malware destination sites, and automatically disconnect devices that are showing signs of malware activity (on the basis that if your average PC user's device is part of a botnet, then their ISP is far more likely to know than the user).
And make service providers of all kinds (from ISPs, phone companies, Facebook, banks) responsible from making users aware of security threats, particularly those that don't have a major tech aspect (eg social engineering attacks).
Why would it require bundling at the manufacture or customs level? Why wouldn't it be down to distributors or vendors to include the document with the equipment?
Stock a bunch of those sticky-backed windows (larger versions of the sort stuck to parcels when sending them via the post) and just slap one on each box?
With the USB one, simply have a stock in the store, and when someone brings one to the counter, hand one over with the product.
FFS, who pays any real attention all the packing docs these days? Long gone are the times when you had to dig around for the mail-in warranty validation. The extra paper will just go straight to the recycling/trash along with the packing etc. If they really wanted to get the point across they would force a security tutorial app to run on first boot/start/whatever on each device before it could be put to use. This is just another waste of trees.
you have all missed the point - this is India: the point of regulations (and there are millions) is so that underpaid jobsworths can go round and confiscate what they fancy and/or get a bung because it's in breach of some rule - last week they were confiscating phones here because they didn't have a best before date.
They could just do what the Indian Govt itself does, stick with Hindi and English communications only.
English is good for when the individual states can't, or don't want to be forced to, speak Hindi to the Government, which may well not be their state's main language. Which is why English hasn't been dropped yet. Or so says WikiPedia, at any rate.
So English is a kind of secondary Lingua Franca (bad joke alert!)
And yeah, I think it's an excellent idea to have basic security warnings. Nice one, India!
Ironic, this, when only two days ago I was autodialed by some Indian claiming to work "for Windows" who was concerned that my "computer has a virus that it is spreading all over the internet".
I didn't have time to play with the dolt so just provoked him into saying he couldn't talk about IP Adresses because doing so over the phone was illegal before I hung up and went for breakfast.
If you get a call from someone working "for Windows" it might be worth stringing him/her along for a bit to see what else you can get them to say.
I would have liked to have mine talk about giving credit card details for whatever bogosity he was about to try on me, then casually drop into the conversation that the FBI were monitoring my phone because I am a foreign national in America and could he please hold the line, as the little light on my phone was flashing which meant an agent wanted to speak to him - just to see how his script was written for that sort of contingency.
But as I said, Eggs Benedict were calling to me.
We had a user who reported receiving a similar phone call recently.
Much to my surprise the user (who is not normally the swiftest when it comes to computers) did the right thing and kept asking questions, didn't do anything the phisherman asked, demanded to speak to a manager, etc until he hung-up on her in frustration.
I have always wanted to get one these calls myself. I think it would be tremendous fun to see how long I could keep them on the line pretending to do what they ask while having the darndest problems... "Gosh thanks so much for calling me, I don't want 'the haxors' to steal all my desktops and megapixels from the inter-cloud! Oh dear, the screen's gone all blue again... Can you help me fix that too?"
Already had these chumps many moons ago - and me and my friends made it our mission to hold them on the phone for as long as humanly possible!
It was amazing - they'd get incredibly irate and abusive after a while - only to get even more frustrated when they discovered they were in a virtual machine with very few options of recourse. "Don't piss me off, I'll crash your computer!" "AHAHAHAHAHA Good luck with that buddy" *click*
Then they'd keep autodialling our number. I think my number eventually got blacklisted by them - but at times we'd get dialled and I'd answer - ready to troll them some more - only to discover their call had mysteriously dropped the moment I answered! I thank 2talk for this probably unintentional benefit when I decided to port the phone number to their VoIP service.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
