Category Archives: Internet - Page 2

AXIS Bank website & services – reviews & suggestions

www.axisbank.com is official website of AXIS (formerly UTI Bank). The bank brands their Internet enabled services as iConnect. I eventually came through and accessed the website some time back.

Here is what I felt…

  • The website is simple, and belongs to the professional look. However according to the footnote, it’s friendly with IE only. Where did firefox & safari go?

    Home Page

    Home Page

  • The login window does not have virtual keyboard which is very important shield to fraud cases, when user keystrokes are being recorded. ICICI Bank and Bank of India provides this.

    Virtual Keyboard

    Virtual Keyboard

  • In any case, the script should be written so that browser cannot store username and / or password even if user forces. Again, ICICI Bank takes care of this. Disabling ctrl + C & ctrl + V is added advantage, that can be provided!

    Storing private data

    Storing private data

  • Once user successfully logs in, welcome page has menu bar on left. But, again, a usability suggestion When user selects anything from drop right menu (menu to be displayed after selecting main menu item) item, it should be closed. It gets hidden only when user mouse focus is lost! So few user might not feel, whether he / she has clicked to menu item or not.

    Drop Right Menu

    Drop Right Menu

  • Account bifurcation is simply good.

  • The eMail section is not so good. The email text is given less importance in user interface design. The eMail body text is shown in 8 or 9 lines only, user need the help of scrollbars. Better UI design is required.

    eMail Section

    eMail Section

  • Mobile banking service can only be enabled, there is no option to either disable or change number! The Input Area to mention mobile number is non editable! Also, the bank is charging for this services a sum of amount which is higher compared to its accuracy and conditions for SMS alerts etc.

    Mobile Banking - no second chance

    Mobile Banking - no second chance

  • Session management seems handled with respect to time & browser activities such as back and forward button clicks, which is good way to prevent misuse. However, if you click multiple menu items before the respective page being actually loaded, the last clicked item will load, and session will not be lost – this seems unusual!

These points are just to save the bank from future online fraud and legal procedures. Banks have always been soft target of attackers.

This bank belongs India’s one of the well reputed and old established and recently converted to private bank. Of course, banking services are poorer than an Indian nationalise (so called Government!!! :P) bank, charges are like normal private bank!

Few highlights of the banks’ unprofessional approach!

  • Irregular & sometimes irrelevant response.

  • Rare response to queries / request via authentic emails.

  • SMS server is less dependable in terms of timely delivery or acknowledgment to request SMSes. No error message for wrong SMS / inappropriate SMS sent to the bank!

  • Response from bank via email lacks proper formation of text. Just ctrl+C and ctrl+V.

By the time I am posting this, I received one simple screenshot of a duplicate website of ICIC Bank via alert email.

This is not ICICI Bank's official website - beware before you log in!

This is not ICICI Bank's official website - beware before you log in!

Security tips – mostly generic for all banks.

  • Never give your PIN, Card No., Internet banking username, passwords (login and transaction), etc. to anybody.
  • Changing login & transaction password regularly is good practise.
  • Never keep login and transaction password similar.
  • Keep an eye over URL of bank’s login page. It must be the bank’s original one. Someone may easily prank you by similar name. (as shown in ICICI Bank’s duplicate site – above)
  • No bank asks for whole 16 digit debit card number especially for any online purchase. It might ask very few randomly selected numbers for authentication, which is acceptable. ICICI Bank has introduced GRID Card which is really unique and addition to its security features.
  • In most cases, user ID will be required to log in, no account number or card number will help.
  • Avoid accessing net banking like services from public / shared computer.
  • Use virtual keyboard, on screen keyboard etc. utilities to enter username / password or any confidential information, especially if accessing website from someone else’s computer. In short avoide keystrokes, use mouse clicks!!
  • Last but not least, clear all URL, access history, form details from Browser Settings when you are done.
  • Close browser. All instances / tabs of the browser, if multiple are running.
  • And yet many more…. that you can contribute by comments. 🙂 Thanks in advance.

Wireless Security – a 5 star need of today

Market is flooding with a lot many wireless devices, for home and business applications. Also, many wireless devices, especially wireless routers / access points are available at attractable prices.

Many of us purchase them, set up them, and often forget the rest – once we get it functioning.

But, setting up primary security is a very next step after setting the device and testing it.

Recent terror attacks was a red signal for many wi-fi home users.

Here is a brief idea, how we can set up primary but essential security with the available wireless router.

  1. Change default user name and password, few routers do not support change in user name. Default user name is generally admin in most cases. Use combination of aLpHaNuM3R1C (alphanumeric) and $peC|@l (special) characters as password. Keep password as long as possible to avoid break by bruit force technique. Providing sp a ce (spaces) in between password character increases strength in most cases.

  2. Once password is tightened, now it’s time to reduce number of maximum (possible) users. In DHCP settings, generally a lot – like 100 of users can be connected. If in actual situation, say there can be maximum of 2 users at a time, keep maximum user figure as 2, or keep IP allocation in such a fashion that the DHCP will be in position to allocate only 2 IPs, even if more attempt to connect. Of course, disabling DHCP, and allowing only manual configuration, is always best practice, since it is difficult to guess the settings by hacker, if IP allocation is made smartly.

  3. Now, actual security comes into picture. Disable SSID broadcast, unless it is very important. This makes it difficult to identify network name in wireless coverage area without smart tools. You may also reduce connection idle time and other router specific features to reset connection with client device such as laptop or PDA in case of idle time.

  4. Keep the SSID difficult to guess. Always change default SSID of your router.

  5. MAC filtering is another and important feature. MAC is a universally unique number of any network equipment. Typically for known usage, set MAC filter with allow policy viz. Allow devices to be connected only with mentioned MAC numbers, reject rest. Of course, MAC spoofing is possible through few tools, however for an attacker, it is very difficult to guess correct MAC without touching the device, without making single connection, or unless the user reveals it. :p

  6. Next in picture comes software enabled security, typically Keys. Define and set different set of keys and use appropriate method of key to set up and avoid unauthorised access to network. This will deny network connectivity to the client in case it is just standing before the network door. Without a key, the router does not allow access. Of course, few techniques and few weak key algorithms are there, those can be broken. 🙁 But, combination of all mentioned techniques, here, is a fruitful solution to increase security.

  7. Port(s) blocking and service(s) disabling is also helpful, feature available in most of today’s routers.

A before buy tip – do not be trapped in marketing blues….. The salesperson will mostly encourage to buy best (in features and price too!) device. Go for a device which is good enough for security measures, and not really more that what you want – say wireless coverage area. If the need is max. 90 feet, a router with coverage up to 100 feet is best, no need to offer a chance to neighbor hacker, by purchasing a router with 150 feet coverage range! Of course, your needs are the best judge to decide suitable product, not always the sales person!! Buy and set the device in center area of its potential use, to utilise the covered radius area of connectivity.

Why to twit?

  • It’s daily diary / status update

  • It’s activities log with timestamp

  • It’s new media – share news, articles and anything to manythings – shortly

  • It’s sharing of quotations (and answers, too)

  • It’s open question

  • It’s microblogging, in general

  • Finally, for few, but not me – it’s chatting! 😉

I’m also on twitter

Back to IP era

When Internet emerged as a way to share information and documentation worldwide, another need to manage / remember different servers arose.

Solution was simple – DNS, in simple terms a map that will locate a server (or a website in today) by domain name, a human readable, understandable and remember able way.

People use to type and enter URL (combination od domain name and further path to locate perticular resource) to visit a website / document.

But now, time changed – requirement changed.

This is twitter era!!!

People want to share resources, blogs, pictures, news and almost anything, but in short way. The remember able domain name is less important, why? Just because everything is a click away.

TinyURL, bit.ly and many more are there just to shorten a URL with custom or random id, that directly locates to specific URL.

Also, you can create short URLs for your won website, for your server with Shorty.

Now many people don’t even remember website names (typically domains), thanks to Google and many!!!!! 🙂

It’s like back to pavilion like situation, don’t remember domains/URLs!!

Flexible Eclipse

Flex SDK is Free & Open Source but Flex Builder is neither free nor open source.

I googled if there is any way to use Flex SDK with Eclipse (because Flex Builder is built on Eclipse too) for development purpose.I found 2 useful results; Of course I haven’t tried yet.

http://cfsilence.com/blog/client/index.cfm/2007/3/26/Setting-Up-Eclipse-For-Flex-2
http://www.darronschall.com/weblog/archives/000182.cfm

Bhai Sahab Nahi Lagega

It has been never forgetful experience since we have / had subscribed BSNL services. Whether it’s mobile or Internet (Broadband – rarely on!).

Therefore we pronounce full form of Bharat Sanchar Nigam Limited as Bhai Sahab Nahi Lagegaa (Sir, It won’t get connected)!!

Although it is the pioneer behind all telecommunication services, I guess the management needs to be improved, learn something from others.

Although it has wide (or perhaps most) coverage in all senses, it’s not being utilised.

Recently the management has appointed third parties for their services and fault resolution for broadband. However, due to lack of power, those third parties seem helpless. The higher management is still the same one. Of course, it’s not that BSNL does not have skilled manpower. My personal experience with higher level personel is quite good.

Many times mobile network of BSNL gets congusted, you cannot reach a person even in case of emergency. Internet services had been quiet good few months back. But now a days they have sever technical issue that has not been solved yet. Almost every 5 minute, the Broadband service (DataOne) gets disconnected or very slow like dial-up and reconnected! Accroding to TRAI, it is not true Broadband – always on.

I just hope for better management so that we feel pround of an truely Indian (yes 100% Indian) service provider with maximum privillages!

Online Forms : Wufoo v/s Google Forms

Both services provide form interface for end users – to collect some information may be for surveys or for feedbacks.

What so good?

Wufoo – a really impressive interface, wide category of field types and validation, email updates, customizable and much more. (http://wufoo.com/features/)

Payment integration and security (SSL) is perhaps most attractive feature.

GDocs Form – a very simple, easy to use, partially customizable, directly associated with google spreadsheet (like excel sheet), simply publishable / embeddable like wufoo. It’s free!! No limitations ofr posts per month / day.

Again, Forms is a part of Google Docs. So naturally, I can’t expect something more like wufoo – a perfect solution for online forms and integration.

Then what’s bad?

Wufoo – free edition is limited to 3 forms and 100 posts/month only. Need remember another account (wufoo is another service not associated with any other) – whereas google docs are part of google services, so not required for another sign up.

GDocs Form – not really impressive interface, just simple. Can directly share the collected data (essentially spreadsheet) for collaboration.

Conclusion…

If user requirements is not much complex and security is not essentially in consideration, Google Docs and Forms are good option, whereas if security and branding is important – wufoo is the best choice among two.

Few advanced features like validations of input as well as online payment is only achievable in wufoo.

Thanks to Mr. Karania http://www.ashokkarania.com/blog/2008/09/great-tool-wufoo this post drove my attention to wufoo.

Wufoo – http://wufoo.com/


Google docs (Forms are part of this suite) – http://docs.google.com/

WebApp wrapper – Mozilla Prism

Recently, I come to know a new project by Mozilla Labs – Named as Mozilla Prism

I am really impressed with the idea that started the project. These days, of course, slowly, desktop applications are being replaced by web applications. Still, internet connectivity is nightmare at some places. If this limitation is overcome, I guess future is web applications!

I have also experimented with Mozilla Firefox – about the plug-ins. There is a rich set of useful add-ons for your specific requirement. Platform (hardware & OS) may not be in consideration once we are used to with webApps.

Yes, Prism is on the way too. It basically frames particular URL, that provide webapp and make you feel like a desktop application, although it is using resources from URL you specified. (more on http://labs.mozilla.com/2007/10/prism/)

I have created simple shortcut for GMail, now although I use the webmail it gives feeling as if it were a desktop client. Of course, AJAX also plays important role for ‘my feelings’!

Here we go… http://labs.mozilla.com/projects/prism/

Security Tip : Prism is not sharing Mozilla Firefox or any other browser’s resources. So it hides history, passwords, cookies & session too. So I feel it quite secure. GMail opened with Prism won’t keep its session available for Firefox too.

Ten Years Public Domain for the Original Web Software

Document1Document2

“CERN’s decision to make the Web foundations and protocols available on a royalty free basis, and without additional impediments, was crucial to the Web’s existence. Without this commitment, the enormous individual and corporate investment in Web technology simply would never have happened, and we wouldn’t have the Web today.”

Tim Berners-Lee, Director, WWW Consortium

%d bloggers like this: