Recently several Indian Embassy websites were hacked by Kapustkiy & Kasimierz L 2 Pentesters from Netherland, using the most basic security hack of SQL Injection.

And it doesn’t end there:

Yes, they are making fun of India and the worst part is that they are right.

The Pentesters

Pentesters are White / Grey hat hackers that expose the loopholes in your security systems. When they are hired by an organisation to test their systems they are called White Hat Hackers. At other times they expose the vulnerabilities of systems without being actually hired, and are called Grey Hat Hackers. The hackers out of Netherland exposed the vulnerabilities in the security of the Indian Embassy websites and when they were not taken seriously, they went ahead and posted the database of the websites online, open to the entire world. The database consisted of important information like names, contact details, addresses of Indian Diplomats along with their username and passwords which was not even encrypted using basic hashing technologies.

What is Web Security and SQLi

Security is like a door to your home. If someone enters your home, they can not only steal your hard earned money but they can also air your private files as well as your dirty laundry to the rest of the world. In this analogy, an SQL Injection is the thief knocking on your door, pretending to be in need and asking for some water. You open the door to let them in and you are no longer the owner of the house.

SQL Injection is database code that the hacker maliciously injects into your database, to gain access to it, via input fields in a website. The code can be inserted into input fields or the URL of the website. It is designed to appear to be a part of the real code and once the computer allows the code to run, it gives unlimited access to the hacker to run any code in the database. That means he has a free hand to doing anything to the database where all of your precious data is stored. He can copy, move, add or even delete the entire database.

How difficult is it to hack a website using SQLi?

Not at all. It is very easy and only a matter of hit and trial to hack a website using SQLi. On the other hand, it is equally easy to prevent such an attack on your website.

Preventing such hacks doesn’t take an expert pentester to develop the website. Even a regular developer can avoid such attacks if they write the code correctly. It is all in the details.. The SQL Parameters must be passed in a certain way to avoid big hackers. Parse the text of input boxes and strip slashes to prevent small time hackers. At the least, encrypt the passwords that you are storing in your database using the freely available MD5 hashing technique. This means that even if someone is able to gain access to the SQL database, they will not be able to read the passwords without further decryption.

Our Take

With the increase in the number of cyber attacks all across the globe, it is high time that India picks up the pace in the battle against online security, otherwise, there will come a day when the economy will take a direct hit from a cyber attack. Recently there was a massive security breach in the Hitachi owned ATM Machines which lead to a leak of debit card information of National Banks of India. A bigger hack like this can bring the economy to a complete standstill.

The negligence due to lack of knowledge needs to end before more serious damage is done to our country. We need to provide proper training for our developers. We need to educate our children as well as our parents about what are the rules of security on the web. And this needs to happen now.

Ignorance may be bliss, but it comes with a cost.

It is time to invest in cyber security and more over to a proper legal system that is equipped to handle such situations. Cyber Security is still low priority. Even after so many advancements, our education system still lacks in proper training of cyber security. No importance is given to computer classes in schools. HTML and CSS training is given to 12 year olds when 6 yr olds are hacking full blown gaming consoles in the US. There is still massive shortage of security training centres and proper trainers. Anyone can watch videos on youtube to show stunts to their friends but it takes proper training to close all security issues. It is time to stop being a joke and be in the news for good.

The post Indian Embassy Hacks: A Joke On Us? appeared first on ICD | Blog.

“The 20th century was the Age of advertising,“ said the Undisputed Strategic Panjandrum, known with awe as USP, “right up to the Great Shift or the digitisation of everything.”

Digital advertising? I asked. Not quite, said the USP kindly.

We sat in his penthouse, piled high with books standing in counterpoint to the housing towers outside. On one pile sat our glasses: whisky for me, sparkling water for the famously teetotal advertising-marketing legend from the late Age. He took a slow sip and began.

In the Age, USP intoned, great brands were built by advertising. It delivered a consistent message, dramatised by an emotional connect, ideally with a claim of product difference. It created a personality you could ‘sense’, and also registered a distinct brand identity—logos, taglines, colours—and packaging, so consumers could recall it at the shop, and ka-Ching!, said USP, dropping an ice-cube into his glass.

In the Age, great brands were built by advertising. It delivered a consistent message, dramatised by an emotional connect.

A certain resistance to, and even distrust of advertising, said the USP, is putting the focus back on the product or service itself. But for some, it was always thus. Take banks, whose brand rests more on the quality of its customer relationships and the service than anything else.

Remember those nationalised banks with their dreary offices? Gandhiji, on the wall, saying “the customer is the purpose of our business”, while account holders queued up before officious, unhelpful staff. Though the odd genial branch manager did help, if you knew one.

A certain resistance and even distrust of advertising, is putting the focus back on the product or service itself.

The Great Shift wasn’t so much the crawling ‘computerisation’ of banks from the 1980s but the entry of private banks after 1994. The new big bank brands of today were built on polite service and pleasant branches, but crucially, on the convenience and empowerment offered by better technology (account statements on demand!), which changed consumer banking.

The biggest of these, web-based banking, has made for many more satisfied customers, at the cost of a reduced relationship with the human and physical elements that make up a brand.

web-based banking, has made for many more satisfied customers, at the cost of a reduced relationship with the human and physical elements that make up a brand.

So much so that many customers find dealing with people less desirable (and some remember old bank staff fondly). In part, it’s because your ‘relationship manager’ also pushes ‘products’, and so seems less of a banker. The mobile app has accelerated the shift, forcing extreme simplicity and giving the ultimate in granular, transactional satisfaction—human-free.

There’s a science to this, called user experience, or UX, a white-hot profession at the moment. These people build journey maps, and study how people figure out what to do, in very fine detail. How to invisibly lead them to their goals, while keeping them informed, re-assured—and thus, happy. Less is better; and anticipating what the user will want next, is best. And to do it all with a certain charm.

What this means, said USP, is that this software driven experience, is the vehicle of service, and thus the relationship that we have with it. One can say that UX is the brand. Branding? Now there’s an app for that.

One can say that UX is the brand. Branding? Now there’s an app for that.

There’s a great opportunity for brands like banks, to build themselves around superb interactions. But UX goes beyond digital and so should banks. My favourite mall is a pleasure to park in, with thoughtful, quality signage, clear visibility and all the details that let me effortlessly navigate it with assurance, convenience and even pleasure. It makes it likelier I’ll shop there.

Everything else ought to support this app-like UX, said USP, whether web sites, bank branches, staff behaviour and even advertising. While several banks have designed their web/app UX well, none has let it into the brand’s core.

While several banks have designed their web/app UX well, none has let it into the brand’s core.

Banks’ home pages still lead with advertising imagery and messaging, with interchangeable, well-worn themes. If your bank “cares for family prosperity”, let the interaction itself demonstrate it, in a few clicks. An interaction is, well, just that! You can ‘talk’ to the customer to learn and fulfil his needs. It’s salesmanship in clicks.

The best banks already have the best experiences, but there’s a lot of room for them, and follower brands, to be the fastest mover who will win in the medium term at least.

In the long run though, there are limitations. First, the logic of UX will lead to the same ‘best’ UX for all banks, which can (and should) be copied. In an ultimate, theoretical sense, UX isn’t strategic, but a moving horizon, an operational imperative that all brands must move towards.

In the long run though, there are limitations. The logic of UX will lead to the same ‘best’ UX for all banks.

Second, personality and differentiation, two pillars of the Age, are hard to own, because banking is so transactional. So where, asked USP, raising two thick eyebrows, will preference arise from, and what will you creative types do? I hid behind a raised glass.

The answer, said USP, is in the axioms of UX. Brands should sense and respond to what people want (or yearn) to do, rather than be sources of one-sided, static messaging. Interaction is about what the brand and customer can do together, not about what the brand says. The pervasiveness of the mobile is a huge gift-—not just for its reach, or to glean data. But to integrate the experience. Join up the mobile UX to the branch visit and the staff interactions.

Brands should sense and respond to what people want, rather than be sources of one-sided, static messaging. It should be about what the brand and customer can do together, not about what the brand says.

Ultimately these experiences will develop into a story, or a concept that forms through community consensus about a company’s journey and destination. Google has set out to organise, simplify (or own) the world’s information (or the world itself). Harley Davidson’s HOGs (Harley Owners Groups) license a sort of communal freedom.

These ideas are rooted in culture, in different ways. Even when they advertise! Culture means it’s back to people; just like it always was. Perhaps it’s time to bring back the genial brand manager and see where that goes?

And enough of USP, he said, draining his glass with an air of finality. I took my first sip of whisky and let it sink in.

The post Brand Is UX, Or Something Like That appeared first on ICD | Blog.

It Ain’t Necessarily So

Josh Constine of Techcrunch has successfully argued that the Facebook app has dropped the cryptic three-line menu bar from the top navigation and got better results. Contrarily, other research also shows that the mobile content consumer is totally aware of the hamburger menu, its functionality and its position on the phone and desktop.

It’s another matter that in its conception stage it could have been designed to read ‘ALL’, with a downward arrow, rather than the three lines.

It’s another matter that in its conception stage it could have been designed to read ‘ALL’, with a downward arrow, rather than the three lines. But for now it’s as much of a habit as the ‘pinch-to-increase’ icon on images.

When to Drop it, Move it or Keep it

Case 1. Apps or sites where the user is already signed in and has a specific content goal; like to get and give latest updates.

Here, the hamburger can move from the left top corner to another corner or become ellipses instead (the right-left-bottom debate isn’t over yet either).

These apps have recognised the user engagement pattern and placed the two or three most important things to do on top, with descriptive icons.

Note that mostly every icon is now supported with text. If only the hamburger did that in the first place.

Note that mostly every icon is now supported with text. If only the hamburger did that in the first place.

Case 2. The user may or may not sign in, and therefore you have no way to record the user preferences and customise the experience.

Here, the hamburger icon is a lifeline. You cannot always successfully predict the three most important things for every user; drop it and you risk alienating many users. The fear of alienating users makes it necessary to reveal the entire bouquet at a glance.

The fear of alienating users makes it necessary to reveal the entire bouquet at a glance.

How to do it is another subject. Here are some initial thoughts.

The challenge is for the content team to make what comes under these three lines as meaty as the patty, as crisp as lettuce and as satisfying as mayonnaise (okay, that’s going too far).

Even Facebook hasn’t killed the hamburger. It survives in the tab bar, now labelled ‘more’ and packs the world inside it.

Context Matters

It’s best to first weigh the merits of each use case to your application, before we join the campaign against the delicious hamburger, or move it from the familiar top-left corner to top-right or bottom right corner, per the dictates of phone ergonomics. Or calling it another name with another icon and starting this debate all over again, in say 3 months/years.

The post The Hamburger is an Important Part of My Web Diet. Don’t Kill it Just Yet. appeared first on ICD | Blog.