Tag Archives: Internet

AXIS Bank website & services – reviews & suggestions

www.axisbank.com is official website of AXIS (formerly UTI Bank). The bank brands their Internet enabled services as iConnect. I eventually came through and accessed the website some time back.

Here is what I felt…

  • The website is simple, and belongs to the professional look. However according to the footnote, it’s friendly with IE only. Where did firefox & safari go?

    Home Page

    Home Page

  • The login window does not have virtual keyboard which is very important shield to fraud cases, when user keystrokes are being recorded. ICICI Bank and Bank of India provides this.

    Virtual Keyboard

    Virtual Keyboard

  • In any case, the script should be written so that browser cannot store username and / or password even if user forces. Again, ICICI Bank takes care of this. Disabling ctrl + C & ctrl + V is added advantage, that can be provided!

    Storing private data

    Storing private data

  • Once user successfully logs in, welcome page has menu bar on left. But, again, a usability suggestion When user selects anything from drop right menu (menu to be displayed after selecting main menu item) item, it should be closed. It gets hidden only when user mouse focus is lost! So few user might not feel, whether he / she has clicked to menu item or not.

    Drop Right Menu

    Drop Right Menu

  • Account bifurcation is simply good.

  • The eMail section is not so good. The email text is given less importance in user interface design. The eMail body text is shown in 8 or 9 lines only, user need the help of scrollbars. Better UI design is required.

    eMail Section

    eMail Section

  • Mobile banking service can only be enabled, there is no option to either disable or change number! The Input Area to mention mobile number is non editable! Also, the bank is charging for this services a sum of amount which is higher compared to its accuracy and conditions for SMS alerts etc.

    Mobile Banking - no second chance

    Mobile Banking - no second chance

  • Session management seems handled with respect to time & browser activities such as back and forward button clicks, which is good way to prevent misuse. However, if you click multiple menu items before the respective page being actually loaded, the last clicked item will load, and session will not be lost – this seems unusual!

These points are just to save the bank from future online fraud and legal procedures. Banks have always been soft target of attackers.

This bank belongs India’s one of the well reputed and old established and recently converted to private bank. Of course, banking services are poorer than an Indian nationalise (so called Government!!! :P) bank, charges are like normal private bank!

Few highlights of the banks’ unprofessional approach!

  • Irregular & sometimes irrelevant response.

  • Rare response to queries / request via authentic emails.

  • SMS server is less dependable in terms of timely delivery or acknowledgment to request SMSes. No error message for wrong SMS / inappropriate SMS sent to the bank!

  • Response from bank via email lacks proper formation of text. Just ctrl+C and ctrl+V.

By the time I am posting this, I received one simple screenshot of a duplicate website of ICIC Bank via alert email.

This is not ICICI Bank's official website - beware before you log in!

This is not ICICI Bank's official website - beware before you log in!

Security tips – mostly generic for all banks.

  • Never give your PIN, Card No., Internet banking username, passwords (login and transaction), etc. to anybody.
  • Changing login & transaction password regularly is good practise.
  • Never keep login and transaction password similar.
  • Keep an eye over URL of bank’s login page. It must be the bank’s original one. Someone may easily prank you by similar name. (as shown in ICICI Bank’s duplicate site – above)
  • No bank asks for whole 16 digit debit card number especially for any online purchase. It might ask very few randomly selected numbers for authentication, which is acceptable. ICICI Bank has introduced GRID Card which is really unique and addition to its security features.
  • In most cases, user ID will be required to log in, no account number or card number will help.
  • Avoid accessing net banking like services from public / shared computer.
  • Use virtual keyboard, on screen keyboard etc. utilities to enter username / password or any confidential information, especially if accessing website from someone else’s computer. In short avoide keystrokes, use mouse clicks!!
  • Last but not least, clear all URL, access history, form details from Browser Settings when you are done.
  • Close browser. All instances / tabs of the browser, if multiple are running.
  • And yet many more…. that you can contribute by comments. 🙂 Thanks in advance.

Wireless Security – a 5 star need of today

Market is flooding with a lot many wireless devices, for home and business applications. Also, many wireless devices, especially wireless routers / access points are available at attractable prices.

Many of us purchase them, set up them, and often forget the rest – once we get it functioning.

But, setting up primary security is a very next step after setting the device and testing it.

Recent terror attacks was a red signal for many wi-fi home users.

Here is a brief idea, how we can set up primary but essential security with the available wireless router.

  1. Change default user name and password, few routers do not support change in user name. Default user name is generally admin in most cases. Use combination of aLpHaNuM3R1C (alphanumeric) and $peC|@l (special) characters as password. Keep password as long as possible to avoid break by bruit force technique. Providing sp a ce (spaces) in between password character increases strength in most cases.

  2. Once password is tightened, now it’s time to reduce number of maximum (possible) users. In DHCP settings, generally a lot – like 100 of users can be connected. If in actual situation, say there can be maximum of 2 users at a time, keep maximum user figure as 2, or keep IP allocation in such a fashion that the DHCP will be in position to allocate only 2 IPs, even if more attempt to connect. Of course, disabling DHCP, and allowing only manual configuration, is always best practice, since it is difficult to guess the settings by hacker, if IP allocation is made smartly.

  3. Now, actual security comes into picture. Disable SSID broadcast, unless it is very important. This makes it difficult to identify network name in wireless coverage area without smart tools. You may also reduce connection idle time and other router specific features to reset connection with client device such as laptop or PDA in case of idle time.

  4. Keep the SSID difficult to guess. Always change default SSID of your router.

  5. MAC filtering is another and important feature. MAC is a universally unique number of any network equipment. Typically for known usage, set MAC filter with allow policy viz. Allow devices to be connected only with mentioned MAC numbers, reject rest. Of course, MAC spoofing is possible through few tools, however for an attacker, it is very difficult to guess correct MAC without touching the device, without making single connection, or unless the user reveals it. :p

  6. Next in picture comes software enabled security, typically Keys. Define and set different set of keys and use appropriate method of key to set up and avoid unauthorised access to network. This will deny network connectivity to the client in case it is just standing before the network door. Without a key, the router does not allow access. Of course, few techniques and few weak key algorithms are there, those can be broken. 🙁 But, combination of all mentioned techniques, here, is a fruitful solution to increase security.

  7. Port(s) blocking and service(s) disabling is also helpful, feature available in most of today’s routers.

A before buy tip – do not be trapped in marketing blues….. The salesperson will mostly encourage to buy best (in features and price too!) device. Go for a device which is good enough for security measures, and not really more that what you want – say wireless coverage area. If the need is max. 90 feet, a router with coverage up to 100 feet is best, no need to offer a chance to neighbor hacker, by purchasing a router with 150 feet coverage range! Of course, your needs are the best judge to decide suitable product, not always the sales person!! Buy and set the device in center area of its potential use, to utilise the covered radius area of connectivity.

Back to IP era

When Internet emerged as a way to share information and documentation worldwide, another need to manage / remember different servers arose.

Solution was simple – DNS, in simple terms a map that will locate a server (or a website in today) by domain name, a human readable, understandable and remember able way.

People use to type and enter URL (combination od domain name and further path to locate perticular resource) to visit a website / document.

But now, time changed – requirement changed.

This is twitter era!!!

People want to share resources, blogs, pictures, news and almost anything, but in short way. The remember able domain name is less important, why? Just because everything is a click away.

TinyURL, bit.ly and many more are there just to shorten a URL with custom or random id, that directly locates to specific URL.

Also, you can create short URLs for your won website, for your server with Shorty.

Now many people don’t even remember website names (typically domains), thanks to Google and many!!!!! 🙂

It’s like back to pavilion like situation, don’t remember domains/URLs!!

Ten Years Public Domain for the Original Web Software

Document1Document2

“CERN’s decision to make the Web foundations and protocols available on a royalty free basis, and without additional impediments, was crucial to the Web’s existence. Without this commitment, the enormous individual and corporate investment in Web technology simply would never have happened, and we wouldn’t have the Web today.”

Tim Berners-Lee, Director, WWW Consortium

%d bloggers like this: