Individual Privacy Act, 2018 (2075) Nepal- A legislative framework

December 28, 2024

 

The Privacy Act, 2018 of Nepal, officially known as the Individual Privacy Act, 2075 (2018), is a legislative framework aimed at protecting the privacy and personal data of individuals. The act will aligns with the principles established in the Constitution of Nepal, 2015, particularly the right to privacy as a fundamental right under Article 28. Here are the key aspects of the act:


 Key Features of the Privacy Act, 2018

  1. Right to Privacy

    • The Act emphasizes that every individual has the right to privacy, covering personal, family, and confidential information.
    • Unauthorized surveillance, interception, or disclosure of private information is prohibited.

  2. Scope of Privacy

    • Protects the confidentiality of:
      • Personal information (identity, health, finance, etc.).
      • Private communications.
      • Private residences and locations.
      • Digital and physical data.

  3. Data Collection and Usage

    • Organizations collecting personal data must:
      • Obtain explicit consent from the individual.
      • Inform individuals about the purpose, duration, and use of the data.
    • Data collection is restricted to what is necessary for the stated purpose.

  4. Prohibited Activities

    • Publishing, broadcasting, or sharing private information without consent.
    • Misusing private data for fraud, defamation, or unauthorized commercial purposes.
    • Conducting unauthorized surveillance or monitoring of individuals.

  5. Government Surveillance

    • Allows government surveillance under strict legal provisions, ensuring that it does not violate individual privacy unnecessarily.
    • Requires a court order or legal authorization for any surveillance or monitoring.

  6. Protection of Sensitive Information

    • Strict rules for handling sensitive data, such as financial records, health information, and biometric data.
    • Institutions managing sensitive data must implement robust security measures.

  7. Penalties for Violations

    • Violations of privacy rights can lead to:
      • Fines for individuals or organizations.
      • Imprisonment for severe breaches.
      • Compensation for victims of privacy violations.

  8. Digital Privacy

    • Covers digital platforms, ensuring online data and communications are secure.
    • Addresses cybercrimes involving unauthorized access, hacking, or data breaches.

  9. Oversight Mechanism

    • Establishes mechanisms to monitor and enforce the provisions of the Privacy Act.
    • Encourages individuals to report violations of their privacy rights.

Implications of the Privacy Act, 2018

  • For Individuals: Ensures a legal framework to safeguard personal and digital privacy.
  • For Businesses: Requires companies to adopt transparent practices for collecting, storing, and processing personal data.
  • For the Government: Balances the need for security and surveillance with the protection of individual rights.

The Privacy Act, 2018 is a significant step in Nepal’s legal landscape, addressing modern privacy concerns and aligning with global trends in data protection and cybersecurity.

Disclaimer: This article is for informational purposes only and should not be considered legal advice.

Note: This article provides a general overview of the Privacy Act, 2075. For a comprehensive understanding, it is recommended to consult the full text of the Act and seek professional legal advice.

 

Tags # GRC Continue Reading
By at
Tags

Digital Smoke and Mirrors: Understanding Anti-Forensics Techniques

December 27, 2024

In the world of digital forensics, My job in the field of cyber crime investigator brings constant challenges: anti-forensics techniques. These methods are specifically designed to prevent or complicate digital investigations. Let's discussed this fascinating yet challenging aspect of cybersecurity.


 

What is Anti-Forensics?

Basically anti-forensics refers to methods used to prevent the discovery, collection, and analysis of digital evidence from the computer system or digital devices. Think of it as a criminal wiping their fingerprints from a crime scene (we probably saw this kind of situation in the movies) – but in the digital world.

Think of it as a digital cover-up. Anti-forensics involves any action taken to:
Obscure or Delete Data: This includes techniques like data wiping, overwriting files, and using data encryption.   

Manipulate System Logs: Altering system logs can make it difficult to track the actions of an attacker.  
Create False Leads: Planting misleading information or creating decoys can divert investigators' attention.  
Evade Detection: Employing techniques to avoid detection by security systems and antivirus software.  

Why is Anti-Forensics Important for Digital Forensics Investigators?

Understanding anti-forensic techniques is crucial for several reasons:

Staying Ahead of the Curve: As attackers become more sophisticated, so too must the techniques used by investigators. By understanding anti-forensic methods, investigators can develop countermeasures and improve their investigative capabilities.

Identifying and Countering Techniques: Recognizing the signs of anti-forensic activity is essential for investigators to effectively analyze evidence and uncover the truth.   

Building Stronger Defenses: Understanding how attackers attempt to conceal their tracks can help organizations improve their security posture and better protect their data.

The Evolving Landscape

The world of anti-forensics is constantly evolving. As new technologies emerge, so too do new methods for concealing digital evidence. This ongoing arms race between investigators and adversaries requires continuous learning and adaptation.

In Conclusion 

Anti-forensics poses a significant challenge to digital forensics investigations. By understanding the techniques employed by adversaries, investigators can develop more robust methodologies, improve their analysis techniques, and ultimately bring cybercriminals to justice.  

Tags # Digital Forensics Continue Reading
By at
Tags

The Importance of Cybersecurity Awareness Training: A Must-Have for Every Organization

December 27, 2024

Hey there! Have you ever wondered how to keep your computer and information safe from bad guys on the internet? Well, that's what cybersecurity awareness training is all about! Let's learn why it's super important for every company.


What is Cybersecurity Awareness Training?

Think of it like learning the rules of the road before driving a car. Just like we need to know traffic rules to stay safe on roads, we need to know internet safety rules to stay safe online. This training teaches people how to spot dangers online and protect themselves.

Why Do We Need It?

Imagine your computer is like your house. You wouldn't leave your front door open when you go to sleep, right? The same goes for your computer and information! Bad guys (we call them hackers) are always trying to trick people into giving them access to important stuff.

Here's what could happen without proper training:

  • Someone might steal your passwords
  • Bad programs (called viruses) might hurt your computer
  • Tricky emails might fool you into giving away secret information
  • Someone might pretend to be your friend online

How Does the Training Help?

  1. Spotting Fake Emails You learn how to tell if an email is real or fake, just like how you learn to spot strangers who might not be friendly.
  2. Making Strong Passwords Instead of using simple passwords like "password123", you learn to make super-strong ones that are hard to guess!
  3. Safe Internet Use You discover which websites are safe to visit and which ones might be dangerous.
  4. Protecting Personal Information Just like you don't tell strangers your home address, you learn what information to keep private online.

Fun Tips to Stay Safe Online

  1. The Password Game Make your password like a secret code! Mix up letters, numbers, and symbols. For example: "IlovePizza!" becomes "1L0v3P!zz@"
  2. The Email Detective Before opening emails, play detective! Look for clues that show if it's real or fake, like spelling mistakes or weird email addresses.
  3. The Update Hero Keep your computer healthy by installing updates when they pop up. Think of it like giving your computer vitamins!
  4. The Share-Smart Champion Before sharing anything online, ask yourself: "Would I tell this to a stranger?" If not, keep it secret!

Why Everyone Should Care

Even grown-ups can fall for computer tricks! That's why every company needs to teach their workers about staying safe online. When everyone knows how to protect themselves:

  • The company stays safe
  • People's personal information stays private
  • Bad guys have a harder time causing trouble
  • Everyone feels more confident using computers

Remember!

Staying safe online isn't hard - it just takes a little knowledge and practice. Just like you learned to look both ways before crossing the street, you can learn to be safe on the internet too!

Fun Fact

Did you know? Most computer problems happen because someone made a simple mistake, not because of super-clever hackers. That's why learning about cybersecurity is so important!

Tags # CyberSecurity Continue Reading
By at
Tags

Sextortion Spam.

January 12, 2019

If you received such a mail(See below), it means that cybercriminals have already collected your email address. Don't panic, this is just a trap to trick you. Here's an example of what the email might look like.

The email you received was sent from a fake email address. This means it wasn't actually sent from the address it appears to be from.

Even though your company uses a strong security system like Office 365 ATP (Advanced Threat Protection), this email was able to bypass it using the reputed email service provider.

When this email was received, security systems like VirusTotal (VT) didn't detect it as malicious (while writing this post). This is because the attackers may have used new or previously unknown techniques."

Key points:

  • Email compromise: Your email address has likely been collected from previous data breaches or online activities.
  • Phishing attempt: The email is a phishing attempt designed to trick you into clicking on links, downloading attachments, or revealing sensitive information.
  • Spoofed email address: The email address shown is fake and doesn't belong to the sender.
  • Bypassed security: The email was able to bypass sophisticated security measures, indicating a sophisticated attack.
  • Evasion techniques: The attackers may be using new or previously unknown techniques to evade detection by security systems.

In simpler terms:

Imagine someone found your home address and is trying to trick you into opening a suspicious package. They might use a fake return address and try to make it look legitimate. Even though you have a strong security system at home, the package might still get delivered. This is similar to how this email was able to bypass your company's security.

Important Note: This explanation is for informational purposes only. Always exercise caution when dealing with any suspicious emails. Never click on links or open attachments from unknown senders. If you suspect a phishing email, report it to your IT department immediately.

X-BESS-REASON: bbl
X-BESS-REASON-EXTRA: 175.117.27.170
Received: from [175.117.27.170] (unknown [175.117.27.170]) by mx4.eu-west-2a.ess.aws.cudaops.com; Wed, 09 Jan 2019 18:31:24 +0000
Message-ID: <003e>
From: <cust>
To: <cust>
Subject: Your account has been hacked! You need to unlock.
Date: 10 Jan 2019 11:03:17 +0800
MIME-Version: 1.0
Content-Type: text/plain;
 charset="ibm852"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-BESS-ID: 1547058684-889006-11704-54424-1
X-BESS-VER: 2018.16_20190108.1920
X-BESS-Apparent-Source-IP: 175.117.27.170

Hi, stranger!

I hacked your device, because I sent you this message from your account.
If you have already changed your password, my malware will be intercepts it every time.

You may not know me, and you are most likely wondering why you are receiving this email, right?
In fact, I posted a malicious program on adults (pornography) of some websites, and you know that you visited these websites to enjoy 
(you know what I mean).

While you were watching video clips,
my trojan started working as a RDP (remote desktop) with a keylogger that gave me access to your screen as well as a webcam.

Immediately after this, my program gathered all your contacts from messenger, social networks, and also by e-mail.

What I've done?
I made a double screen video.
The first part shows the video you watched (you have good taste, yes ... but strange for me and other normal people),
and the second part shows the recording of your webcam.

What should you do?

Well, I think $645 (USD dollars) is a fair price for our little secret.
You will make a bitcoin payment (if you don't know, look for "how to buy bitcoins" on Google).

BTC Address: 1GjZSJnpU4AfTS8vmre6rx7eQgeMUq8VYr
(This is CASE sensitive, please copy and paste it)

Remarks:
You have 2 days (48 hours) to pay. (I have a special code, and at the moment I know that you have read this email).

If I don't get bitcoins, I will send your video to all your contacts, including family members, colleagues, etc.
However, if I am paid, I will immediately destroy the video, and my trojan will be destruct someself.

If you want to get proof, answer "Yes!" and resend this letter to youself. 
And I will definitely send your video to your any 17 contacts.

This is a non-negotiable offer, so please do not waste my personal and other people's time by replying to this email.

Bye!


Tags # fraud # sextortion # threat Continue Reading
By at
Tags , ,

MongoDB Failed to start lsb an object-document-oriented database

December 28, 2018
MongoDB could not started after installation of 3.6 version, However downgrade to the 3.4, still the Mongodb couldn't start and show below error message.


Search don't help to resolved the issue. After so much hit and trail nothing work. One Chinese forum posted this command and its works for me. 

cd /var/lib
sudo rm -rf ./mongodb
sudo mkdir mongodb
sudo chown -R mongodb mongodb/
sudo serivce mongodb restart
Tags # Database # linux Continue Reading
By at
Tags ,

UBUNTU Files not Opening

February 05, 2017
Suddenly My Ubuntu 16.04 LTS giving me a issue, I can't open files manger as well as screenshots app.  So I dig into the problem and found this temporary solution for file manager. Still searching for permanent solution. Ubuntu is very buggy since and then, not stable any way.

Step 1:

@jpudasaini:~$ nautilus -q

(nautilus:6210): GLib-GIO-CRITICAL **: g_dbus_interface_skeleton_unexport: assertion 'interface_->priv->connections != NULL' failed

(nautilus:6210): GLib-GIO-CRITICAL **: g_dbus_interface_skeleton_unexport: assertion 'interface_->priv->connections != NULL' failed

(nautilus:6210): Gtk-CRITICAL **: gtk_icon_theme_get_for_screen: assertion 'GDK_IS_SCREEN (screen)' failed

(nautilus:6210): GLib-GObject-WARNING **: invalid (NULL) pointer instance

(nautilus:6210): GLib-GObject-CRITICAL **: g_signal_connect_object: assertion 'G_TYPE_CHECK_INSTANCE (instance)' failed

Step 2:

jpudasaini@jpudasaini:~$ nautilus
Nautilus-Share-Message: Called "net usershare info" but it failed: Failed to execute child process "net" (No such file or directory)



New your file manager is ready to used.

HTH
Tags # linux Continue Reading
By at
Tags

Cisco ASA in GNS3

January 23, 2017
Here is another tutorial running Cisco ASAv on GNS3 using Qemu.

For Configure GNS3

In My case I have used ASAv952-204.qcow2

Go to the GNS3>Edit>Preferences>QEMU>Qemu VMs>New
Follow on screen procedure. 

 Don't forget to enable kvm and memory allocation. 

Now you can see I can run ASAv 9.5.2

 Blank Password.

Tags # cisco # GNS3 # network Continue Reading
By at
Tags , ,