"Open Source Is Good For Both Experts And Beginners"
Aseem Jakhar, open security researcher and OSI Days speaker, talks about his passion for open source solutions and his upcoming project Jugaad that would be a one-shop-stop to learn about *nix malwares function, in an interview with LFY.
|About Aseem Jakhar|
Aseem Jakhar a.k.a "@" is the chief researcher at Payatu Technologies
Pvt Ltd (www.payatu.com), a startup in information security trainings
and consulting, with extensive experience in system programming,
security research and consulting. He has worked on various security
products and tools. He has been a speaker at various security
conferences including Defcon, Xcon, Blackhat EU, Hack.lu, IBM Security
& Privacy Bangalore, Cocon, ISACA Bangalore, Bangalore Cyber secuity
summit, Clubhack, National Police Academy Cyber crime seminar
He is well known in the security and hacking world as the
founder of null - the open security community (registered not-for-profit
organisation, http://null.co.in). The focus and mission of null is
advanced security research, awareness and assisting Govt./private
organisations with security relates issues. null currently has seven
active chapters throughout India--Pune, Bengaluru, Mumbai, Hyderabad,
Delhi, Chennai and Bhopal and is now planning to expand outside India as
well. One of the null initiatives is nullcon security conference
http://nullcon.net which is a favourite go-to destination for hackers
and security professionals in the Indian sub-continent.
Please tell us a little about your tryst with Linux and open source.
I am a *nix boy and have been working on *nix platform since I started my career. I just love the options provided by open source software in general. There is so much you can do, tweak and learn. If you don't like something you can just remove that part of the code or change it to suit your needs.
According to you, what role is open source playing in the technology world, currently, and going forward, how do you foresee the landscape evolving?
To start with, it allows one to research and innovate further. You have an open source solution for almost everything today, be it database, OS, web applications, CMS, etc. So it's a good thing for beginners to learn and for experts to innovate further. I also believe that open source holds a lot of promise for the future as well.
Linux completed 20 years this year; what according to you has been the landmark achievement/development in this space?
Linux has itself been an achievement. In spite of being maintained by the community, it is one of the most stable operating systems. That actually goes for *BSD systems as well. The way its development and the OS is managed is commendable. Every release adds some good features into the kernel.
What are the challenges in open source adoption at developers' and/or implementers' level, and how can these challenges be overcome?
Laziness is the biggest challenge! Adopters usually do not tend to understand the software fully before using or tweaking it. This causes a lot of security flaws and other bugs in the way it is implemented or tweaked. I think most of the security issues can be solved if developers and implementers take out time to go through the documentation/configuration/source and understand the issues involved in using the software and existing warnings by the authors.
Could you share some of the open source technologies/platforms/languages et al that you are excited about?
I'm super excited about the Sixthsense project by Pranav Mistry. It will change the way we interact with computers, objects and humans in the future. I'm also excited about my small little initiative, Jugaad. I plan to make Jugaad as the one-shop-stop to learn about ways in which *nix malwares function, so people interested in malware analysis and techniques can simply go through my code and understand how malwares do what they do. It's just a start and I'm far from it though.
Did you attend or participate in the event last year? If yes, how was your experience?
No. I can't wait to attend this year's event.
What are your expectations from the Summit this year?
As always, I look for initiatives and contribution from Indians when it comes to open source.
What are going to be the key highlights of your talk/session(s)?
I will be releasing the initial version of my toolkit called Jugaad. It currently has only one functionality implemented to infect remote processes on the same system with malicious code running as a thread within the context of the remote process without its knowledge. The key take away from the session would be to understand that bad things can be done using simple functionalities and features provided by operating systems, so one should be really careful when designing a solution and take security into consideration during the SDLC process.
Which sessions are you looking forward to attending at OSI Days (you may refer to the following link)?
I would focus more on Android/smartphone development sessions and kernel days as I am more interested in mobiles and kernel from the security perspective.