Thursday, December 31, 2009

E-Commerce Vs. Social Networking

E-Commerce and i-series stuff from Apple started out a hype that is still not realized fully in all senses. The concept of taking business to the internet level has been old, and the early implementations started in the 90's.Then we had the ".com" boom of the 2000! By 2001-2002 around 75% dot coms in North America have been shut down the total percentage world wide should be around 60% at least. For more info do get to these urls:
http://www.cnet.com/1990-11136_1-6278387-1.html
http://www.witiger.com/ecommerce/dotcomfailures.htm
http://www.allbusiness.com/sales/internet-e-commerce/234152-1.html
I am not going by struct statistics as the point of concern is E-Commerce has not been so successful as Social Networking, going just by number of visits and by profits margins when put to similar evaluation conditions. Now another point that must be borne in mind id the various natures/operating models that E-Commerce has, for instance say B2B (Business TO Business) or B2C (Business TO Consumer)  or C2B (Consumer TO Business) and C2C (Consumer TO Consumer) models.
To get a brief overview:

  • B2B (Business TO Business) 
    • Business-to-business (B2B) describes commerce transactions between businesses, such as between amanufacturer and a wholesaler, or between a wholesaler and a retailer.
  • B2C (Business TO Consumer) 
    • Business-to-consumer (B2C, sometimes also called Business-to-Customer) describes activities of businesses serving end consumers with products and/or services.
  • C2B (Consumer TO Business)
    • Consumer-to-business (C2B) is an electronic commerce business model in which consumers (individuals) offer products and services to companies and the companies pay them. This business model is a complete reversal of traditional business model where companies offer goods and services to consumers (business-to-consumer = B2C).
  • C2C (Consumer TO Consumer)
    • Consumer-to-consumer (C2C) (or citizen-to-citizenelectronic commerce involves the electronically-facilitated transactions between consumers through some third party. A common example is the online auction, in which a consumer posts an item for sale and other consumers bid to purchase it; the third party generally charges a flat fee or commission. The sites are only intermediaries, just there to match consumers. They do not have to check quality of the products being offered.

Difference between Traditional Business/Commerce and E-Commerce/Business :

As evident from the image on the left, the two models are just the opposite. And that is what makes it entrepreneur friendly, look at the bottom, a dot com business, can theoretically started without any/minimal capital! Well of course not counting any venture capitalist for the capital would be wrong, but to get a person/organization to invest a dot com was more lucrative than traditional ones as they were a new horizon, theory (blackboards and ppts) showed astronomical growth in record time. And as time tested new theoretical models there was catastrophe! But today we are out of that state, passed through a recession/deep depression of 2007-2008-2009. Last two years have been literal nightmares! With real estate going for a toss in U.S, bad debts crippling banks and business houses to stock markets worldwide.
Look at the Social Networking sites now.The Social Media Revolution is already talked about much (see videos on the right pane/check out the previous entry), and it has taken the youth and aged alike, an epidemic in which everyone is bit by the SN-bug(Social Networking-Bug). Now these sites do generate revenue just by clicks, and by advertisements (mainly). Wait a second, advertisements ? Ads of what, taditional and i-series products, newer services  offered physically or virtually administered through the web. So isn't it a part of E-Commerce? I think so.
I believe we are going to the next steps of an evolution of mankind. We have successfully bridged the gap (as much as possible with technological knowhow that we have) between the virtual and the real.The various models as proposed in the early days still remain valid and are changing or molding themselves if not done already in innovative ways to create new e-commerce opportunities. Social Networking has been a hit and e-commerce is taking that to its advantage, by featured as well as "word of mouth" campaigns!
How did Social Networking sky rocket to the top? Firstly it is either cheap or absolutely free!! Now a service that does not entail shipping or travelling or physical delivery is ought to be cheaper by dimes than traditional services. Also take this for a thought, the ISD/STD charges for a standard phone call to home, old grand-parents or just relatives and friends separated geographically by huge distances, and the free skype/gmail/yahoo chat services and their cheap calling rates (thanks to VoIP technology). Chatting is an imporatant corner stone for boom of the Social Networking, add to it status updates or scrapbook facilities and small flash games! Whoa, a flurry of activities you can do sitting before a desktop or reclining with your laptop with a mug of coffee/tea in the lazy weekend afternoon. Instant friendship, say whatever you feel like may be deep hidden secrets, as the person you are chatting is a total stranger(may be on other side of the globe) and it gets easier to shed inhibitions/apprehensions that creep up even when among close friends!
Look at the e-commerce facilities now, you cannot touch and see the product in 3-D. It is easy to make a picture look lot better than the real counterpart, and business men being shrewd enough do that most of the times, is what people have in mind. This plays an important role as trust is one factor that cannot be ignored in any kind of business or transaction.
Another bottle neck for E-Commerce has been secure transactions in the virtual world. Not many banks had core banking back then, and customers in the third world/developing countries were not confident of the power credit cards come with, and how to keep the nuisance over over credit at bay! With time scenarios have changed and there is a rise in number of payment gateways, core banking implementations. People are recognizing the power of credit cards, and finding them helpful enough.Actually if you remain withing limits with self restraint, you can do more with credit cards.
Most of the E-Commerce sites are also in a bad shape, in terms of design and  navigability. A lot of things clutter up on the Home Page making it difficult for surfers to make enough sense out of it, and the initial heckle shuts off future business opportunities along with the present at times!
I am sure there can be a million ways to reject a new thing around the corner, but there must be a single way which will allow to make any new thing popular. Though e-commerce has been around the corner for 10 years it would be frugal to say it has not covered any ground! But surely it has a lot of potential as we advance to the next generation of the internet and software / hardware (say, surface computing, mobile commerce and computing e.t.c) and I am sure say 20/40 years down the line(hope global warming does not wipe us out by then, Amen!) e-commerce should be a primary mode of Business/Commerce as the social networking might venture into the world of Virtual Reality!!

And last but not the least ... I would like to know what your thoughts are?


Also this is my last post for the year 2009.
Have a Happy and Prosperous New Year 2010. Let's usher the new decade with new hope :)
Posted by Neo at 6:20 AM
0 comments

Thursday, October 15, 2009

Social Media Revolution

I joined Orkut in 2006, to be li'l more specific February, 2006. By the time I joined Facebook it was 2009, and in these three years bebo, twitter and bharatstudent (in india) has already taken the world by storm. MySpace , Digg , hi5 e.t.c were already there from 2003/2004, but wasn't really popular amongst Indian Students (at least may group). There are many others who have stepped into the bandwagon, some seeing success some still searching for it. Social Networking, the concept as popularized by Orkut and Facebook worldwide, seems to have moved cities and states into the virtual world. We are in the age of Social Media Revolution, and it is coming up strongly. With a strong sense of bonding and opportunity to keep in touch these sites offer a lot of services apparently for free to the normal user, in turn building up a cult of followers which can be and in cases is a potential market for advertising and product endorsements.

Social Media refers to the explosion of data and information disseminated everyday though the social networking sites. It allows a brand to get closer to people by the people, penetrate our lives.The only advertisement strategy that both produces sales as well as builds up a strong loyal customer base is till now Word Of Mouth  and these sites have started to use / exploit it lately. There is a potential market hidden and it requires patience and skills to tap it without destroying the ecosystem.

To look into the statistics, Orkut has got around 50% users from Brazil and around 18% users from India and it has around 30 million users! Facebook has 250 million, Digg has around 240 million visitors, twitter has above 5 million regular users (twitter ranking by Alexa is 13[todays figure]) similar figures follow for hi5, bharatstudent and others. Since these sites people to be the guide, say in making friends, often people find old or new friends on these sites (with a different approach in case of twitter) sometimes they tend to be localized in terms of craze or hype. But nevertheless they present a perfect platform for a range of things, say a product launch, affiliate marketing, events tracking, audio and visual entertainment (allowing users to subscribe to say a YouTube channel ... advertising or selling music maybe?), word of mouth propaganda and lastly most of them allow formation of communities which safeguard to some extent loyalty of a customer.

This is a Image search result for Social media Revolution, that summarizes it all (thanks Florian Lainez) :



Though on pen and paper it looks mushy to the novice, the scenario in reality is a bit twisted. Being on Internet was never going to be easy and safe, as on the highways. Hence a number of plagues cripple the systems almost regularly, starting with spams(in any form, scraps in Orkut, tweets by bots e.t.c), worms, viruses and unsolicited friend requests. Orkut has been plagued by FrandShippers, facebook being attacked by koobface e.t.c. There has been lots of controversies regarding these sites and facilities that they provide, as these are exploitable in a wrong manner as in any other form of science(nuclear energy was not to be made into atom bombs). Nevertheless Social Media has evolved over the years from being a closed group of networks to a open world, where developers of these sites have started sharing API's for better integration of a site to another, or your own site, thereby increasing reach, coverage and better interaction between the consumer and the merchandiser.

The real potential of these sites are the fact that people who have once been in one social network would remain there or move into another, but social network !

To have a better look at the revolution this is a must watch video:
http://www.youtube.com/watch?v=NhPgUcjGQAw
Posted by Neo at 4:15 PM
Labels: , , , , , , ,
0 comments

Wednesday, October 14, 2009

SIEM Insights

Organizations worldwide have to follow regulations, thwart attacks against their Websites and Networks, in order to grow exponentially and expand geometrically! Leaving aside a plethora of business issues, on thing that consciously bugs almost all is security. The need for security and regulations is more for Banks, Financial organizations, Insurance dealers and who deal in all or mix and match parts of the three.

Hence, today we stand at a point, where we have this huge WEB, WWW. Internal networks, making the different company locations and data available at any point any time. Thus increases the need for better infrastructure, and command over the network, both internal and external. It is becoming seemingly difficult to be informed, let alone be managed about the various security and compliance violations taking place across the length and breadth of any given organization.

SIEM tools, or Security Information and Event Management tools provide a better look and allow management of these security incidents in a practical, real-time environment. There has been a lot of research going on, blogs or news being generated about them, and is at a commendable position, apart from Application Security. Though they are related, but application security focuses of implementation flaws, or bugs in general programming constructs as well as provide insights to design flaws, they concentrate on the applications more from a vulnerability stand point. SIEM in turn provides a platform and reports which just not caters to applications alone but to various network devices and network or sometimes local events as well.

Each day IDS/IPS sensors, Firewalls and various applications write millions of lines of logs. Human parsing of all log events in real time is not difficult but Impossible in it's most optimistic usage. SIEM tools accumulate these logs parse them with some intelligence and presents to the security analyst with a hawk eye view of the events that could be a possible security violation. To put it in detail, there are these network devices (IDS/IPS,Firewalls,Routers e.t.c) and the Domain controllers, Antivirus agents, applications (Enterprise & coustom) generating huge amount of log data. The connectors for the SIEM tool collect these data, preferably over HTTP (local deployment of connectors is a scenario, but there are other issues, discussed later) parse them picking up the most relevant fields, required for the Manager / Server that is the heart of the tool and houses the more intelligent parsers and or a correlation engine. The Correlation Engine finds out relations between diverse or similar events, coming form the different or same device(s), with the help of various Rules written by the security analyst/expert. Thus it flags an alert based on the conditions that are relevant for a certain organization, to the security analyst/expert. This provides relief from hand sieving huge amount of data (I presume this would again entail the usage of log analyzers), and yet getting the right event to focus upon in real time.Also a SIEM tool has its own database of events that it captures from various devices, for past data analysis and or for proof of a security breach.

Below is one probable Architecture of a SIEM tool.
(The thin lines show inward flow of events/logs. The thick lines show the events being transfered to the console and the events database)





SIEM allows better incident management compared to conventional methods, along with more reliability. It requires a full insight on the network and it's behavior to achieve the near perfect scenario of never missing a single security event in real time. It requires a lot of effort from both the analyst (Level 1/Level 2 of support) and the expert (Level 3/Level 4 of support) to devise accurate rules, making it sure that almost nothing is missed out. These tools allow one to track all kinds of malicious attempts to scan, gather information (one type can be of SQL injection on well known tables of various implementations of a database) or compromise of a network as well as regulation issues as SOX compliance.

Todays SIEM tools both open source and proprietary softwares, provide various facilities from detection to reporting of incidents. Reporting in the security incident scenario being is an important function, these modern tools provide a plethora of stylish and meaningful reports, with functionalities like that of a BI(Business Intelligence) drill down report. These tools alert about web attacks, such as SQL Injection, Script injection e.t.c, to low level scans of devices and servers to probing servers for information as well as they detect network traffic anomaly, device misconfiguration to failed password attempts and presence of unauthorized softwares to name a few.

How does a SIEM tool or platform assist in day to day event management? The implementation of the network and the tool decides the method of operation, but the basics goes like this.
An organization decides to put an SIEM tool to monitor the production environment. It engages some security analysts to monitor the network(ideally on a 24X7 basis). These analyst start with the stock rules present in the tool, finds out security incidents that are applicable to the organization and alerts the security expert or alternatively to system administrators or network engineers. They also do analysis on events that were not considered by the SIEM vendor for an incident and gathers data, which in turn provide information to the experts to formulate new rules, as and when required. The rules accumulate, undergo threshold or correlation changes to slowly evolve into a system that caters to every security or regulations
 need by the organization.

There are many vendors of SIEM tools, catering to both individual customers as well as MSSPs (Managed Security Service Providers). To name a few would be ArcSight, RSA, Cisco, Check Point, High Tower, Tri Geo, NetIQ.

The selection of a SIEM tool entirely depends on the use cases or scenarios that an organization is focused on to. Also for a mid size company huge customization costs will deter it to invest into one, but if the out-of-the-box functionalities fulfill the needs, it seems to be a good investment. But again huge International business houses are the one that have both the power and urgency to implement one, keeping them safe and consistent in the security arena.
Posted by Neo at 10:34 AM
Labels: , , , , , , , , , , , ,
0 comments

Tuesday, October 13, 2009

Remembering Strong Passwords

There are a lot of blogs articles and websites making you knowledgeable on how to be safe on the Internet. But we mostly do forget the basics and end up compromising our accounts! Now that hundreds of hotmail accounts have a public display of private information, allegedly hacked by some more geek(or nerd) being/beings, I felt there is a need to go through the basics again.
For more details and authenticity of this news please visit these sites
http://www.neowin.net/news/main/09/10/05/thousands-of-hotmail-passwords-leaked-online
http://www.articlesbase.com/internet-articles/microsoft-hotmail-servers-have-possible-been-hacked-you-hotmail-account-is-in-danger-1305637.html
Google as usual will provide with more links :-)

To start with the basics, you can protect your account much better than it is now if you haven't already done something like putting in a really strong password. Yes strong is emphasized, as some days back there has been a speculation and proof[http://www.geeksaresexy.net/2008/01/30/yahoo-captcha-cracked/] as CATPCHA(Completely Automated Public Turing Test to Tell Computers and Humans Apart) being cracked!! What weird thing is CAPTCHA?? Simply put it is the weird looking text (alphabets/words/mixture of letter and numbers) that is presented to you by some sites(secure ones as well) commonly while registering, may be while logging in or after a failed password attempt or some other transaction that must be done by a human, not a bot or malware in the wild.

Now, what is a strong password? Technically a password that mixes alphabets with numbers and sometimes special characters. Then what comes is to take care is that, the password is not easily guessable, that is to use words out of the dictionary! To make it really strong one needs to increase the number of letters or digits or special characters as well as have a diligent mix of them all, taking care it does not become a dictionary word or phrase e.t.c. By the way this dictionary i am referring to is not released by Oxford, it's harvested and enriched by hackers and crackers and Information security researchers all over the world!
To give an example: say the username is xyz@abc.com Now lets take a look at bad/undesirable passwords
EASILY GUESSABLE/WEAK PASSWORD : "xyz" (most of the modern websites don't accept these) or "zxcasd" or "1234567" or "password" or "letmein" or "asdfgh" or "pass123"
The realm of weak passwords is so huge that there can be hundereds of examples.
Take a look at this published list of 500 worst passwords of all times
Also you can go through this:
http://www.smartplanet.com/technology/blog/thinking-tech/how-to-avoid-the-500-worst-passwords-of-all-time/908/?tag=shell;main&gclid=CMC_iaCouJ0CFU8wpAodE0ibjA

Hopefully your password did not feature there. Or did it show up? If it has have a li'l more patience to finish this blog and make a really good password.

Most common problem with uncommon passwords is to remember that junk the computer might have thrown to you as a suggestion or onetime password that needs to be changed at first logon. I hope to show you how to make complex and uncommon passwords, which are already featuring in some blogs or other forms of information dissemination. Why would you read this? Because may be I will be able to show you how to remember them as well.

Lets start with one weak password from the above list(500 worst password list): "dallas" features at no. 50 in the list. Lets convert "dallas" into "d@ll@s" ! This makes it a little stronger, but 8 characters is the least for a strong password. Why? We'll get to it later on. So play with dallas more. If your name is Rick, try this d@ll@s#R1ck. Sure this will be considered a strong password, by many of the password checkers! Do you think it's a password to complex for you to remember?

I am sure it isn't. But this is a stepping stone only, going forward you will see that this example is not good enough as per the experts.Anyways please go through it, as without "a-b-c" one cannot make words, let alone sentences! Well, coming back to the topic, the trick is to find letters in your password that could be replaced by similiar looking special characters as well as numbers. To give you a clue small "a" can be thought as @, while capital "A" as 4.You can make your own substitutions and make a cryptic language of your own. Just one word of caution as with passwords, keep it to yourself and yourself only! Now if you want to make it even lil' different, try this D4l1s$r1cK. Hope it's again easy to remember :-) You can make out hundreds of combinations like this I am sure.
Now you can go for a mix of more than 3 words to make it even harder to crack. Say you can add the last 4 numbers of you cell phone or reverse your birth year in between, like this. If Rick from dallas was born in 1976, he can make this as a password, d@1L5-6719-r1Ck. Once you get started with simple patterns you'll start remembering complex ones quickly. incerase the length of your passwords overtime(don't make it years!), as and when you think you have mastered one level. As far I know no one imposes limits on password length (Microsoft recommends 14 character for a pretty good password). But be very sure you can remember the pattern and reproduce it, as an when required. Another good practice is not to use the same pattern for multiple accounts.

The example I gave above is to get one started with complex passwords, but it is just a stepping stone. Beware converting merely "password" to p@sswor0d" won't protect you well, the funda is to make the passwords tricky for a guess, but easy for you to remember. So try out a different approach each time, say make out a phrase you will easily remember as, "India is my home country and I love it the most" Now take out first letters of the phrase, it becomes -->> IIMHCAILITM It is a good password but lacks numbers or special characters. So lets make it complex: "iIm#C4I7!T|\/|" or "i Im# C4i7 ! t /\/\" But one problem that you can face is like some websites won't allow spaces, some don't allow all the special characters, but don't stop trying various combinations(use your imagination to the maximum!). Also this example is redundant by the use of same letters as initials. So make sure you have lesser, ideally no repetation of characters.

I know all these combinations and pattern stuff can overheat your natural processors, hence it is always a good idea to write them down. But in that case, do remember to keep that piece of paper in the most secure way you can.Guys, it could be your purse, Gals, may be your kinda purse.
Also there are a lot of products in the market (both for a price and free) which store all your passwords in the disk in an encrypted format.All you need to do is create a "Master Password" for accessing the software.
Here is one for quick reach: http://passwordsafe.sourceforge.net/
When you reach the download page search for the .exe format for download.

Do check this out, this is from the experts:
Good luck with your very strong passwords!
Posted by Neo at 1:06 PM
Labels: , , , , ,
0 comments
Subscribe to: Posts (Atom)