Sunday, December 20, 2009

The Confessions of a Chief Executive and his lost laptop

The Confessions of a Chief Executive and his lost laptop

This is a nice fictional account of a CEO who lost his laptop and surely a tale worth sending out in the organization!

Tuesday, December 1, 2009

The IIM CAT debacle - egg in your face !

December 01, 2009

Indian Institute of Management (IIM) is the 'holy grail' amongst management institutes they run a tough entrance exam that goes by the acronym CAT.

Well they decided to automate the testing and got into a $40m relationship with Prometric.

On exam day hell breaks loose - and you can read stuff all over the net

Simply put - they bit off more than they could chew. These management gurus just did not do anything they teach (and I daresay that I have met some of the graduates who are yet to learn some basic lessons).

No one has done a risk assessment. No one seems to have done any capacity planning ... nothing. Prometric seems to be clueless about how to handle large orders ! They have been unable to put together adequate resources for handling 25000 exam takers in a day ! There is no contingency or recovery plan in place - talk about over-confidence.

These big-guys sitting in their ivory towers now say that it was a virus attack at a few centers. Thats so silly - they can't even get an excuse correct. I mean if you do not have the guts to say you goofed up in all honesty, then what is it that you teach these "best" brains ?

So will you teach them the 'art of glib statements' and 'excuses'.

Unfortunately this is another case of a system failing and causing stress to students and their parents. And the people who run the system are not bothered because they do not value the human being. These youngsters spend thousands of hours studying hard preparing for the exam day and these guys messed their preparedness by building a weak system.

Earlier this year the new online automated system for junior college admissions in Mumbai messed up really bad and thousands of students seeking admission were put to grief and stress. The college admissions system goof up was also explained off by excuses, and now we see excuses again.

In stark contrast we have the example of the US Secret Service who apologized for the lapse when a couple gate-crashed the dinner hosted by the President for the Indian PM.

High time we grow up and owned up our mistakes and made genuine efforts to correct ourselves.

Friday, November 6, 2009

Univ of Brighton research paper - bunchof lies !

I had forgotten this so called research paper but an article in the Economic Times prompted me to seek answers from the "researchers" at the Univ of Brighton.
These guys have a shallow paper based on heresy, misplaced / racist perceptions of the developing world and they pass judgement.

Then they do not have the decency to respond to any objection to their "paper" ... is it a problem to face up to your mistakes!

Phishing study: Bunch of lies
Kamlesh Bajaj / November 05, 2009, 0:46 IST

A team of researchers including professors of University of Brighton published a report in July 2009 titled “Crime online — Cybercrime and illegal innovation”. It was picked up by online news channels and quoted in news items to propagate lies about so-called cybercrimes in the business process outsourcing (BPO) industry of India. The report tries to present data from the annual reports of the Indian Computer Emergency Team, and Symantec in a way that suits its story, of India being a centre of cybercrimes and in general being a weak state. We want to set the record straight............... Read More

Now this is Dr Bajaj blasting them above and they deserve it.
I had written to them in August but they did not bother to reply, so now I am forced to put my email in the public domain:

Dear Messrs Howard Rush, Chris Smith, Erika Kraemer-Mbula and Puay Tang

I am writing to you with reference to your research report "Crime Online - Cybercrime and Illegal Innovation"

This report has been quoted as the source that states "India emerging as major cybercrime centre" and has obviously raised many doubts about the veracity of your study. A very alarming statement in your report says that cyber crime has increased 50 fold in India during the period three year period from 2004 - 07 and this is pure conjecture since you are referring to statistics for security incidents and not cyber crime and there is a BIG difference between these two.

A small search would have brought you to the Natoinal Criminal Record Bureau of the Government of India and you can easily get the cyber crime statistics.

While you are publishing your report in 2009 you are relying on news articles that date back to 2005 and your report uses these isolated incidents to irresponsibly pronounce judgement ! Sad, to say the least. Especially when you folks are living in the UK which is a "cybercrime-incident-a-day" country.

As I write to you I have this window open which is not something to be proud about.

I am also taking the liberty of forwarding a digest of discussions (# 1171 of Aug 21) between people on the India Infosec mailing list relating to this report. Brickbats all around for you, sadly, for trashing the BRIC countries. Do join this list to know more about the opinions of the security community.

Your papes has been quoted here :

My final word here is that there are so many "experts" sitting in their lofty citadels who are driven by the need to generate copy. Information Security trends, issues etc cannot be judged on the basis of old articles and researchers must first understand the subtle differences in the jargon used in the business. For example, as every IS professional knows there is a big difference between problem management or incident management !

In any case, with the large number of white papers, content, research on the net it is important that one is cautious about what to accept as true :)

Friday, January 30, 2009

Monster follows Heartland...

A monstrous data leak at has been announced.

It's customer databases has been hacked for the second time in six months. They have lost user information which includes IDs, passwords, e-mail addresses, names, phone numbers, birth dates, etc. How many records are compromised is not known except that this affects users in America and Europe.

So just take it easy if your name and personal information is used by someone you do not know.

The reason is simple - Heartland happened and now Monster and both maintain that your personal information is compromised and that they have a challenge to come up with any definite numbers. So you may be in it or may not be in the hole.

Wednesday, January 21, 2009

The New Year begins with a bang ! Break My Heart....

What a start to the New Year ! And they told me 2008 was a bad one.

January '09 and we brought in memories of a tragic 26/11 here in Mumbai. And we did not celebrate the passing of the old year so was this due to the baggage we carried from the last year or a foreboding of the times to come.

Seems to be the latter... when we take stock on this 21st day of the year 2009 AD. (And when I think about the 344 odd days ahead a shiver runs through me)

First Satyam lives down it's name. Raju confessed that he was lying for the past 7 years and more. So a billion dollar behemoth shows it had no pants (maybe no underwear too) and all the good men running along with it also may be in the buff. That was a $ 1.2 b shocker and for those of you who do not know this, the word Satyam means "truth" in Hindi / Sanskrit.

Now Heartland breaks my heart by announcing the mother-of-all breaches. They say they have been compromised. Heatrland processes about 100 millin transactions every month and we can well imagine how bad this is going to be. TJX now may seem like small change because Heartland has beaten them to the tape.
It seems that they have a backdoor running on their systems for quite some time and that they have foind 'multiple' instances of malicious software on the network. Now they will work to make things better by bringing in "a next-generation program designed to flag network anomalies in real time".

Confickr a.k.a. Downadup is a big bad worm spread to over 3.5 million PCs worldwide and has the potential to create "one badass botnet" according to F-Secure. So users be warned about using your convenient USB sticks. Read more about this online before using your USB drives any more, or any autorun device.

So this is it, in three weeks we have three major events one in the east, one in the west and one worldwide. That's a nice number once a week.

And I am not yet talking about the seesawing markets or the billions that are still being handed out to the big banks and corporations to help them stay alive or afloat.

There it goes... the mantra for success : Incorporate and employ thousands, since the numbers are so big some fools will pay you for nothing (the numbers will impress and so will window dressing like sub-prime). In a few years go tell the Government (whisper to them) that you are going under and they will give you a billion or a trillion, then they will lower interest rates and generously fill your begging bowl.

We shall soon see a new elective - the art of becoming a C-level beggar.

Thursday, January 15, 2009

Governance... whats that ! Happy New Year !!

The New Year has got off with a bang. India's Big-4 IT company has shown that it does not have underwear - the king without clothes and all along we believed that they were the best. Satyam Computers is a billion dollar plus company doing great business, employing 50,000 people across the globe....... and living a fraud.

The boss man at Satyam confessed that he has been cooking the books of accounts since the past 7 years or more. And this fudging has snowballed into a huge $ 1.2 billion hole in the company's statement of cash in hand and bank deposits. If this was not enough, Raju also said that revenue figures had been and margin statements for the quarter were inflated !

Satyam board had approved the purchase of companies owned by Raju's sons and the shareholders smelt a rat and Satyam's stock tumbled 55% on NYSE. The decision was withdrawn in an hour but this action brought greater scrutiny and the house of cards collapsed within a few days.

Governance norms were thrown to the wind by this company which was recently recognized by an award for good Governance (Golden Peacock).

What is surprising is that the directors, auditors, accountants and managers all say that they did not know about this. And this fraud has been going on for so many years now. So we must assume that Raju is super human and a super-genius to be able to put a mask on so many players at the same time and be able to successfully cloak numbers in the account statements repeatedly.

According to Raju he could not get off the tiger he was riding. It is common knowledge that you sleep with the devil and you get burned. He started a con job and the con grew bigger and bigger and there was no way he (or his cronies) could handle it.

And all these cronies are crying out loud claiming innocence. The auditors say that they relied on documents provided by the management ! The CFO says he did not check the balance sheet and that it was prepared by his VP !! The Directors say they accepted what was presented to them - ta face value !!! It is highly irresponsible to sign on public documents asserting they are correct and then not being able to stand by the same documents. All these people were busy being wined, dined and rewarded with cash and gifts and never gave a thought to their responsibility towards the shareholders.

Hope they are brought to book too, and get to see a jail from the inside. The reason is that this is a typical line of thought - nothing will happen it is India. Our investors association hardly has any teeth to fight for rights and bring these large corporations to closure. Well for once they were wrong because they did not factor shareholder anger in the US.

And thank God for this wake up call. Companies must embrace the practices of good governance not for complying with public sentiment and regulatory requirement. Any corporate leader with a decent amount of common sense can reap benefits of good governance by way of efficient processes and increased brand value which will provide ROI in the form of savings and stakeholder / customer confidence. The trick is in implementing governance initiatives in the spirit and do not worry you are not exposing yourself but you will be cleaning your act.

Squatting does not pay

Cyber squatting followed by a ransom demand in full public view does not pay. International laws have converged into the norms set by ICANN and WIPO and these do not support any form of cyber squatting. Add a ransom and you have trouble while you squat.

Way back in 1995/96 in the early days of the Internet in India, I remember being asked by a client to book domain names of various established firms in India. I spent a few hours explaining to how it did not make sense and the problems he could face ahead for playing around with an established trade-mark. Cyber squatting was very much on the mind of the such people and some people must have made a killing but I would like to believe that a majority have been evicted without any gains.

This recent case should provide some guidance for deterrence to wannabe squatters and in-the-act squatters should vacate the domain names and garner some goodwill from their victims. The goodwill may generate rewards too, like any good deed brings some good by itself.

World's second richest man gets Web name back for free
Wed Jan 14, 2009 12:21pm EST
GENEVA (Reuters) - The world's second richest man, Mexican telecommunications tycoon Carlos Slim Helu, won control for free on Wednesday of a Web address in his name that an Indonesian had tried to sell him for $55 million.