Hacks Drugs and Rock n Roll

Marketing HiTech Products for startups

noreply@blogger.com (Rudra) — Wed, 14 May 2008 12:55:00 +0000

This isn't rocket science, but it does represent a kind of discipline. And it is here that high-tech management shows itself most lacking. Most high-tech leaders, when it comes down to making marketing choices, will continue to shy away from making niche commitments, regardless. Like marriage-averse bachelors, they may nod in all the right places and say all the right things, but they will not show up when the wedding bells chime. Why not?First, let us understand that this is a failure of will, not of understanding. The following example makes the things clearer and what the mistakes to avoid during marketing in high tech products in startups.

In the first year of selling a product—most of it alpha and beta release—the emerging high-tech company expands its customer list to include some technology enthusiast innovators and one or two visionary early adopters. Everyone is pleased, and at the first annual Christmas party, held on the company premises, plastic glasses and potluck canapés are held high.

In the second year—the first year of true product—the company wins over several more visionary early adopters, including a handful of truly major deals. Revenue meets plan, and everyone is convinced it is time to ramp up—especially the venture capitalists who note that next year's plan calls for a 300 percent increase in revenue. (What could justify such a number? The technology adoption profile, of course! For are we not just at that point in the profile where the slope is increasing at its fastest point? We don't want to lose market share at this critical juncture to some competitor. Strike while the iron is hot!) This year the company Christmas party is held at a fine hotel, the glasses are crystal, the wine vintage, and the theme, a la Dickens, is "Great Expectations."

At the beginning of the third year, a major sales force expansion is undertaken, impressive sales collateral and advertising are underwritten, district offices are opened, and customer support is strengthened. Halfway through the year, however, sales revenues are disappointing. A few more companies have come on board, but only after a prolonged sales struggle and significant compromise on price. The numbers of sales overall is far fewer than expected, and growth in expenses is vastly outdistancing growth in income. In the meantime, R&D is badly bogged down with several special projects committed to in the early contracts with the original customers.

Meetings are held. The salespeople complain that there are great holes in the product line and that what is available today is overpriced, full of bugs, and not what the customer wants. The engineers claim they have met spec and schedule for every major release, at which point the customer support staff merely groan. Executive managers lament that the sales force doesn't call high enough in the prospect organization, lacks the ability to communicate the vision, and simply isn't aggressive enough. Nothing is resolved, and, off line, political enclaves begin to form.

Third quarter revenues results are in—and they are absolutely dismal. It is time to whip the slaves. The board and the venture capitalist start in on the founders and the president, who in turn put the screws to the vice president of sales, who passes it on to the troops in the trenches. Turnover follows. The vice-president of marketing is fired. It's time to bring in "real management." More financing is required, with horrendous dilution for the initial cadre of investors—especially the founders and the key technical staff. One or more founders object but are shunted aside. Six months pass. Real management doesn't do any better. Key defections occur. Time to bring in consultants. More turnover. What we really need now, investors decide, is a turnaround artist. Layoffs followed by more turnover. And so it goes. When the screen fades to the credits, yet another venture rides off to join the twilight companies of Silicon Valley—enterprises on life support, not truly alive and yet, due in part to the vagaries of venture capital accounting, unable to choose death with dignity.

… What the company staff interpreted as a ramp in sales leading smoothly "up the curve" was in fact an initial blip—what we will be calling early market—and not the first indications of an emerging mainstream market. The company failed because its managers were unable to recognize that there is something fundamentally different between a sale to an early adopter and a sale to the early majority, even when the company name on the check reads the same.

Creating Successful Products- The Rock n Roll way

noreply@blogger.com (Rudra) — Thu, 17 Apr 2008 13:03:00 +0000

"I can explain everything better through music. You hypnotize people to where they go right back to their natural state and when you get people at their weakest point, you can preach into their subconscious what we want to say." —JIMI HENDRIX

Last year I had the opportunity to visit an Iron Maiden gig at Bangalore. So interested was I that I flew all the way down from Calcutta to witness the historic gig in India. I was spelled bound by the amount of fan following this classic band have even in India. The crowd was mad, banging, and screamed at each pitch of the band. I thought if the same sort of "fan following" is possible in business ventures for creating successful brands and products. It was more interesting for me as the start-up I work for, iViZ, is on the way of creating path breaking technology of doing security assessment. Until recently I read a write-up by Roger Blackwell about the rock and industry which ignited the thought of correlating the successes of rock n roll industry with successful brand and products.

Think of what happens when U2, the Rolling Stones, Janet Jackson, or Pink Floyd enters the stage in front of a crowd of 50,000. People scream as a band member walks toward their side of the arena, they cheer at the opening riffs of their favorite tunes, they belt out the words to most of the songs, and they dance, jump, and rock for hours. The power of music is undeniable; the loyalty showered upon those who create it, unmatched; and the lessons for corporate business leaders, boundless. It is difficult to think of any product or industry that evokes more emotional intensity from its followers than rock and roll. Their attitudes and behavior shatter the traditional measures of customer loyalty in terms of reach, quantity, and degree to define outright fanaticism—the ultimate level of devotion a firm can hope to receive from its customers. What is it about music and rock stars that transform people's emotions, behavior, and lives? Enlightened marketers have asked the question, but few have ever bothered to look for the answers. Yet corporate executives sit day after day scratching their heads, looking for insight as to how their brands might inspire even a fraction of such emotional response, loyalty, and commitment. They benchmark the success of others; analyze what promotional and design strategies have worked in the past; and review their advertising and promotional campaigns. And while marketers have been proficient in analyzing how to create successful brands and satisfy customers, most of their strategies mirror those that other businesses have already implemented.

Ok so without emphasizing more on the impact of music, let me try to put forward some phenomenon which we, as business leaders, can adopt and create breakaway brands and products. I attribute some of my views to Roger Blackwell and Tina Stephan to the marvelous work they have done in accumulation of the traits of some of the most successful rock bands in history so far.

Practice reverse customer intimacy. While most of the "wannabe successful" business is focused on CRM programs that help companies understand their customers better, many rock bands find ways to let fans get to know them more intimately. The better fans know a band through special information and personal experiences, the more likely they are to maintain a relationship with it. Aerosmith allows customers to get to know the band more intimately with remote staging and backstage tour packages, helping fans feel that they have a special relationship to the band. When the affective (emotional) components of attitudes toward a brand are firmly anchored in the cognitive (knowledge) components of an attitude, they are highly resistant to change or competitive encroachment.

Keep angel fans engaged. Angel fans discover bands before they become stars, investing time, money and emotion in the success of the band. They take pride in the ultimate success of the band and are rewarded with bragging rights for picking a winning brand. John Mayer, 2003 Grammy winner, tells his angel fans to take tape recorders to his concerts and tape his music, which keeps them engaged in the concert experience and helps them create memories. This actually increases the likelihood that fans will buy the CD, because they will want a good-quality version of what they heard live. Harnessing the support of angel fans is key to the adoption of new products ranging from Google to iPhone.

Involve customers in the brand experience. There is a magical moment in Billy Joel and Elton John's Face to Face concert in which the stars stop singing and let the audience take over. Thousands of people sing the lyrics to "Piano Man" in one collective voice—it is total fan involvement in the John and Joel brands. Similarly, Harley-Davidson fans experience total brand involvement when they tour on their hogs and congregate for weekends with other enthusiasts. Though the company organizes the experiences, it mostly enjoys the ride that goes hand-inhand with owning a brand that becomes a lifestyle.

Develop information and emotional exchanges with customers. Brands and customers should exchange information beyond normal and typical flow like manuals, brochures etc. Brands and fans should go one step further and exchange emotions, from feelings of nostalgia to outright elation, that fans receive from the brand, relay back to it, and convey to others. Web sites, blogs are becoming increasingly important in this area. Whether it's Amazon.com or Madonna.com, fans are more likely to become and remain engaged with a brand when they can communicate with it.

Deliver on Fans' Expectations When fans attend a Rolling Stones or Eagles concert, they expect to hear a string of hits they can sing along with, performed with topnotch sound quality and delivered with high energy. Firms must ask themselves, "Do our products really deliver the attributes customers consider most important?"

Evolve but remain true to your core sound or strength. Bands that stray too far from their core sound often alienate the fans they took so long to acquire. Aerosmith's remake of "Walk This Way" spurred a brand reinvention with the perfect balance of familiarity and newness. Evolution is required if a brand is to stay relevant in the culture, but radical changes in look, feel, brand promise or personality may make the brand so different from what fans expect that it breaks the emotional ties between fan and brand.

Fan retention depends on brand relevance. Famed songwriter and performer Bob Dylan had always played folk music at the acoustic level, but as the Byrds, the Rolling Stones, and the Beatles changed the landscape of music, he ran the risk of being evolved right out of the market. Subsequently, he took folk music electric and contemporized himself. The songs were the same, the words were the same, but the delivery was altered and the relevance enhanced. Fans stuck with Dylan because he evolved to reflect changes that fans seemed to follow among other musicians.

Next time the Rolling Stones, KISS, Elton John, Aerosmith, Madonna, Neil Diamond, Iron Maiden or any other legendary band invades your town, go to the concert. Experience firsthand the emotions you and the thousands of people around you feel, and think about how to capture some of that in your brand, whether that brand is a product or yourself. These bands prove that forging emotional connections with fans and fortifying them over time leads to long-term revenue streams. That requires getting under their skin, into their souls, and connecting to something even fans have a difficult time describing. But they feel it; they know it's there. It's what happens when girlfriends get together and dance around to "Holiday" by Madonna. Or when guys get together and play air guitar to AC/DC's "You Shook Me All Night Long." The emotions are different, the intensity the same. The combination of emotion and intensity creates within people a devotion to the music they love and the bands that create it. It's what keeps classic rockers performing night after night, city after city. It's what keeps people buying new releases of old favorites. It's what brings audiences to their feet, screaming for another encore when the band has already played three.

It's what turns customers into fans.

Ajax Security

noreply@blogger.com (Rudra) — Wed, 06 Feb 2008 06:07:00 +0000

| View | Upload your own

The world is flat

noreply@blogger.com (Rudra) — Mon, 04 Feb 2008 13:21:00 +0000

A Brief History of the Twenty-First Century is a national bestseller book by Thomas L. Friedman, analyzing the progress of globalization with an emphasis on the early 21st century. The title is a metaphor for viewing the world as flat or level in terms of commerce and competition, as in a level playing field —or one where all competitors have an equal opportunity. As the first edition cover indicates, the titles also alludes to the historic shifts in perception once people realised the world was not flat, but round and how a similar shift in perception —albeit figurative— is required if countries, companies and individuals want to remain competitive in a global market where historical, regional and geographical divisions are becoming increasingly irrelevant.Here is a brief presentation on it.

| View | Upload your own

Web2.0 application security

noreply@blogger.com (Rudra) — Mon, 04 Feb 2008 13:07:00 +0000

SOA, RIA, and Ajax are the backbone behind the now widerspread Web 2.0 applications such as MySpace, GoogleMaps, and Wikipedia. Although these robust tools make next generation web applications possible, they also add new security concerns to the field of web application security. Yamanner, Samy and Spaceflash type worms are exploiting “client-side” Ajax frameworks, providing new avenues of attack and compromising confidential information. Portals like Google, NetFlix, Yahoo and MySpace have witnessed new vulnerabilities in the past. These vulnerabilities can be leveraged by attackers to perform Phishing, Cross-site Scripting (XSS) and Cross-Site Request Forgery (XSRF) exploitation.

| View | Upload your own

Critical business success factors

noreply@blogger.com (Rudra) — Tue, 25 Sep 2007 09:25:00 +0000

Success leads to the damaging behaviors of a lack of urgency, a proud and protective attitude, and entitlement thinking. This leads to the tendency to institutionalize legacy thinking and practices. Essentially, you believe that what enabled you to become successful will enable you to be successful forever.

After reviewing this problem in many companies, I believe there are nine dangerous traps into which successful people and organizations often stumble.

Trap 1: NEGLECT

Sticking with Yesterday's Business Model

By business model, I mean what you do and how you do it. It includes such issues as deciding what industry you will be competing in and what approaches you will use in carrying out all the processes necessary to compete in that industry. Will we manufacture something or contract it out? How will we sell our products or services?

Do we go through retail channels? How should we organize our sales force? Which segments of the industry do we want to ignore, and which do we want to compete in? What is the structure of our support staff? Which parts of the organization do we out source? What are our approaches to distribution and inventory management? What are the cost targets of the various components of the organization, like information technology costs and human resources costs? Does our model leave us satisfied with our gross margins, profit margins, and other such figures?

Organizations should be consistently reviewing all aspects of their business model, looking for areas that are weak and need to be overhauled. By weak, we mean out of date, too costly, too slow, or not flexible. In which areas of the business model are you at parity? In those areas, are there any bright ideas on how to achieve a competitive advantage?

TRAP 2: PRIDE

Allowing Your Products to Become Outdated

You may be super proud of your product or service today, but you have to assume that it is going to become inferior to the competition very soon. You need to hustle ad beat your competition to that better mousetrap, and you need to do it over and over.

The amazing thing about success is that it leads to a subconscious entitlement mentality that cause you to believe that you no longer need to do all the dirty work of getting out and studying consumer behavior in details, analyzing different sales approaches, jumping on the latest technology to generate improved products, and everything else that is required to stay ahead. The attitude is often one of believing that you have done all of that and have figured it out, and now things are going to be fine.

Until the early 1970s, typewriters were used to prepare documents. The IBM Selectric model was the standard. Then along came Wang Laboratories' word processor in 1976, providing a completely new approach. It displayed text on a cathode ray tube (CRT) screen that was connected to a central processing unit (CPU). In fact, you could connect many such screens to that CPU in order to handle many different users. Wang's device incorporated virtually every fundamental characteristic of word processors as we know them today, and the phrase word processor rapidly came to refer to CRT-based Wang machines. Then, in the early to mid-1980s, the personal computer emerged. Wang saw it coming but made no attempt to modify its software for a personal computer. PC-based word processors like WordPerfect and Microsoft Word became the rage, and Wang died. Wang fell into the trap of not updating its products, even though it basically invented the word processor industry.

We saw this behavior very clearly with the General Motors example. Its cars, while highly distinctive back in the 1970s, were allowed over time to look more and more alike, and the excitement factor for the customer disappeared.

TRAP 3: BOREDOM

Clinging to Your Once-Successful Branding after It Becomes Stale and Dull

Constantly achieving uniquencss and distinctiveness for a brand and also keeping it fresh and contemporary is hard work. Once a brand achieves some success, the tendency is to sit back and pat yourself on the back, allowing your brand to become dull and ordinary.

The Plymouth automobile was introduced by Chrysler for the 1928 model year as a direct competitor to Ford and Chevrolet. It was a sturdy and durable car that attracted a legion of loyal owners. Plymouth became one of the low-priced three from Detroit and was usually number three in sales, just behind Ford and Chevrolet. For almost two decades, Plymouth sold almost 750,000 cars per year and had a solid brand reputation in the low price range of being reliable but having a bit more flair than Chevrolet or Ford. Older readers may remember the 1957 Plymouth with the huge fins, as well as its Road Runner (beep beep!) model. Plymouth had a very clear brand positioning.

In the 1960s, the Plymouth brand began to lose its uniqueness. Chrysler decided to reposition the Dodge, reducing its price so that it was quite close to Plymouth's. Chrysler came out with low-priced compact and intermediate-size models under both the Plymouth trademark and the Dodge trademark. By 1982, Dodge, was outselling Plymouth. Throughout the late 1980s and the 1990s, Plymouth offered nothing unique. Sales continued to decline, while Dodge was quite healthy. In 1999 Chrysler announced that the Plymouth brand would be discontinued. The lesson is simple: when you allow brands to get stale, they die.

TRAP 4: COMPLEXITY

Ignoring Your Business Processes as They Become Cumbersome and Complicated

Successful organizations often reward themselves by adding more and more people and allowing processes to become fragmented and nonstandardized. This is often done under banner of refining the management of the business. It is also caused by business units and subsidiaries seeking more autonomy, which leads them to develop their own processes and staff resources. Before you know it, getting any kind of change made is very complicated.

Over and over again you read stories about organizations experiencing weak financial results, then finally coming to grips with the problem, laying off thousands of people and simplifying the organization.

We saw in our Toyota case study how aggressive that company is at constantly improving each and every process. Keeping that mindset of constant improvement is very difficult. Success usually leads to a decrease in the intensity with which you tackle such challenges. Also, success leads to a belief that since we are doing so well, we probably need to reward the people in the organization who are asking for their own building and lots of extra people to get them to the next level. Importunely, all those extra costs often lead to bloated processes and further fragmentation of how work gets done.

TRAP 5: BLOAT

Rationalizing Your Loss of Speed and Agility

Successful organisations and individuals tend to crate complexity. They hire a lot of extra people, since clearly things are going well, and those people find things to do, often creating layers of bureaucracy, duplicating capabilities that already exist in the organization, and making it very hard to react quickly to change.

Getting an organization to constantly think about retaining simplicity and flexibility is not easy. The account given in the previous chapter of Toyota's Global Body Line is a good example of doing it right. Toyota thought about agility ahead of time, and when it came time to build a brand-new car, such as the Prius, it didn't have to build a new plant or a new line. This enabled Toyota to get to market fast and save tens of millions of dollars compared with traditional approaches.

TRAP 6: MEDIOCRITY

Condoning Poor Performance and Letting Your Star Employees Languish

When organizations are successful, they have a tendency to stop doing the hard things, and dealing with poor performance is a really hard thing. It also becomes hard to move new people into existing jobs, because there is the burden of getting the new person up to speed and the perception that you are losing valuable expertise. Also, the really strong performers and to get ignored. Consequently, what happens in many successful organizations is that people are left in their jobs too long and poor performance is not dealt with as crisply as it should be. Unfortunately, this also leads to strong players not being constantly challenged.

Successful organizations are especially vulnerable to this trap, since companies that achieve success often have high morale and pride. And who wants to spoil the fun by dealing with the tough personnel issues, which is an onerous task for most managers? Any excuse to put it aside will be embraced.

TRAP 7: LETHARGY

Getting Lulled into a Culture of Comfort, Casualness, and Confidence

Success, and the resulting tendency to become complacent, often leads organizations and individuals to believe that they are very talented, have figured things out, have the answers to all the questions, and no longer need to get their hands dirty in the trenches. They lose their sense of urgency � the feeling that trouble might be just around the corner.

Considering our case studies on GM and Toyota, the contrast between their cultures is really striking. GM seems to exude pride and an attitude of "we are the real pro in the industry," while Toyota has a more humble personality that is all about constant improvement.

The leader of a group really sets the tone on this cultural complacency issue. The tendency is to become very proud of your success and protective of the approaches that got you there. It is those very tendencies that lead to an insular, confidence culture that makes people believe that they are on the wining team, while in reality, the world is probably passing them by.

TRAP 8: TIMIDITY

Not Confronting Turf Wars, Infighting, and Obstructionists

Success often leads to the hiring of too many people and the fragmentation of the organization. Business units and subsidiaries work hard to be as independent as possible, often creating groups that duplicate central resources. Staff groups fragment as similar groups emerge in the different business units. Before long, turf wars and infighting emerge, as who is responsible for what becomes vague.

Even worse, the culture gets very insular, with an excessive focus on things like who got promoted, why am I not getting rewarded properly, and a ton of other petty issues that sap the energy of the organization.

Another source of turf wars and infighting is lack of a clear direction for the organization and slow decision making on critical issues. When these kinds of management deficiencies occur, people are left to drift and end up pulling in different directions. That often leads to tremendous amounts of wasted time as groups argue to have it their way.

TRAP 9: CONFUSION

Unwittingly Providing Schizopherenic Communications

When an organization is success or stable, its managers often fall into the trap of not making it clear where the organization is going from there. Sometimes this is because they don't know, but they don't admit that, and they don't try to get the company's direction resolved. They do everything they can to keep all option open, with no clear effort to get decisions made and a plan developed. Such behaviors lead to speculation by the troops, based on comments that they pick up over time. Often those comments are offhand remarks that the leaders have not thought through. Or the troops hear conflicting statements coming form a variety of folks in leadership positions in the organization.

When employees receive confusing and conflicting messages and don't have a clear picture of where the organization is gong or whether progress is being made, they feel vulnerable and get very protective of their current activities. In late 1991, IBM's CEO,John Akes, announced that in the future, IBM would look more like a holding company and that "clearly it's not to IBM's advantage to be 100 per cent owners of each of IBM's product lines."

During the next 12 months, everybody was trying to figure out what he meant. And IBM made no attempt to start publishing separate financial information by product line in preparation for possible spin-offs. IBM also ignored Wall Street's suggestion that it create separate financial entries, with their own stock exchange symbols, for the products that were to be spun off. Employees and investors were confused. The IBM board of directors finally ended the drama in early 1993, announcing that Akers was leaving and a new CEO would be hired quickly. From 1987 to 1993, IBM shareholders lost $77 billion of market value.

Communications from the head of the organization, be it a small group or an IBM, are critical. People want to know where they are headed and how things are going. When the words and actions don't match, confusion reigns.

In the remaining parts of this book, I will discuss these traps in detail. In each part, I will give detailed examples of companies and individuals that in some cases have been hurt and in other cases have avoided these problems. My objective in each part is to provide specific actions that people can take to avoid the particular trap, or to rid themselves of the problem.

Excerpted from:

Seduced by Success by Robert J Herbold.

Next generation markets

noreply@blogger.com (Rudra) — Mon, 17 Sep 2007 11:29:00 +0000

Well well i generally have lots of plans stored for the weekend. Watever fascinating that needs a call to be tried out is automatially pushed to the saturday night and sunday slot. However this weekend i simply grazed on my bed watching the 20-20 world cup and pondering over different thoughts that were crossing my mind. Sunday morning itself i went for a breakfast invitation to one of my neighbours home. The idea was to discuss the next steps for his budding son who is hardly 14 years old. Never could have imagined parents being so consious at such a tender age!! Quickly i felt the gap in this generation of parents and how kids are grown up amidst lots of tension and expectations from parents. The idea behind telling you all these prelude is to make you feel how i felt after meeting that kid and what thoughts ignited in my mind.

So.. he was a kid of average look and seemed very introvert when i first talked with him. He insisted that i make myself comfortable in his own room instead of sitting along with his parents. I accompanied him but what a scene i saw!! 2 computers placed side by side and CDs and DVDs lying rampant in the floor. I dwelved into what he normally does in his 2 computers after which i figured out that one computer was for his study related issues and the 2nd one was his other world. Loads of amazing softwares which even i was unaware of and collection of movies and songs for almost all types. I quicky considered myself as to how i was at his age!! perhaps only things that could found in my room apart from books and magazines was my cricket set (which i used to practice in front of the huge mirror to get my positions right). As i went ahead and discussed various softwares and games (i'm not a avid gamer though) i essentially disovered how things got changed in last couple of years. Although i had witnessed the days of pre and post internet never could i have thought that guys at such an age could build his own world in the virtual reality. I deduced two things very strongly:

a) The world is moving away and has moved away from the HITS phenomenon. What i meant to say is that at my age we friends used to watch the same channels, read the same newspapers , go through the same magazines and listen to the same radio station. Its not because they were superb but options were limited. With the advent of internet there are thousand sources which can be shared and with the boom of mass media options got still wider. But how do all such companies survive?? i questioned myself huge number of times and desparately tried to figure out probable answers. But then i discovered the plain law of economics doesn't hold anymore i.e law of scarcity which states that if you have limited space in your shelf you only dump it with the best CD or DVD collection so that it gets sold of quickly. So what is that's in? Its probably the 98% rule..

b) 80-20% rule is still getting teared apart from very few service structured companies and high end enterprise application development companies. Returning back home i researched a bit on this front and had a very critical look at the upcoming Web2.0 business models. Fortunately enough i came upon a research report published by frost and sullivan and the data there is truly amazing!! One of the survey question went as follows: How much of the total songs recorded in iTunes got sold atleast once in a quarter?? Honestly i thought it to be somewhere between 30-40% bcoz in our conventional industry never would you come across a company who has exhausted more than 20% of different product suite's inventory in a quarter. So optimistically coz of the internet i arrived logically at the figure of 30-40%. But the result truly made me interestered further. It says that almost 90% of all iTunes songs sold atleast once in a quarter. So probably my guess of 98% rule is true :)

I went ahead and did some study on Amazon further and there also i discovered the same phenomenon. Albums produced in 80's or 90's weren't made thereafter which includes hits like eagles, pink floyd, led zapplein etc. Most to my suprise the financial statistics of amazon itself stated that revenues gathered from one or two time sell of unknown (read lesser) known songs or artists amounted to almost 4 times the revenue they amassed from selling the HITS. Its good that now everybody has an audience and the very idea of "broadcast" is getting changed. Our days' radio station could play its song to 1 million listeners but it couldn't have brought 1 million songs to 1 listener. The internet is doing just that. Most importantly we are moving towards a market of "NICHE" products and such the traditional market of HITS is getting changed. Immediately i correlated these findings and thoughts to our start-up iViZ which deals in niche security product like an automated penetration testing tool. We were seldom asked by VCs and interested investors that whats the market size that we are trying to address. We substantiated that with data from research firms like Gartner and IDC but most importantly i found a different answer void of statistics.

Well very intersting isn't it?? Let me work a bit more and surely i will come up with further interesting findings and understanding. Thinking of the next big business idea?? keep these things in mind and you will cater well to this next generation market and hopefully own a private runway at NASA :)

We are among the Top 5 Security Startups

noreply@blogger.com (Rudra) — Fri, 17 Aug 2007 10:29:00 +0000

These days we are going through lots of excitement and thrill for all the new things that is happening in our unique start-up i.e iViZ. Security is itself a challenging and exciting space these days. Added to it is our innovative automated solution for penetration testing that will redefine the way security assessment is carried out. We are going through raising our fund for scaling up business operations and hitting the market as fast as we can and become a leader in security. Our dream: A global security product based company from India which the world would know simply by its mere name " iViZ" and moving towards delivering a true sense of security. Yesterday i was doing the usual thing of desperately trying to bring things in place at iViZ. Suddenly came a mail which heightened the excitement like a fresh dose of esctasy :) We got selected as the top 5 security startups in the Global security challenge in the asian leg. Here is a bit of what this means: The Global Security Challenge is the first annual business plan competition to find and select the most promising security technology startups in the world- jointly conducted by London school of Business, Department of Homeland security, US and Pentagon. Security is a top priority for governments and companies as terrorist and criminal attacks continue to threaten major cities and economies. But while this market is growing, it remains difficult for innovators to break through the barriers of government procurement and to appear on the radar-screens of integrators and VCs. The Global Security Challenge aims to change this by giving entrepreneurs the chance to find capital, partners and customers. After being elected as one of the Top innovative technological startup last year by Intel and UC Berkley, yet this is another feather to our cap and to assure that the next big thing in security has just yet started. Cheers!

Web3.0 Is Coming

noreply@blogger.com (Rudra) — Sat, 17 Feb 2007 06:56:00 +0000

Web3.0 Is Coming

Yahoo's privacy

noreply@blogger.com (Rudra) — Wed, 31 Aug 2005 13:40:00 +0000

Yahoo is now using something called "Web Beacons" to track Yahoo Group
users around the net and see what you're doing and where you are going
(similar to cookies). Yahoo is recording every website and every group
you visit. Take a look at their updated privacy statement:

- http://privacy.yahoo.com/privacy

A little over half-way down the page, in the section on cookies, you
will see a link that says "web beacons". Click on it to be taken to
this page:

- http://privacy.yahoo.com/privacy/us/beacons/details.html

That will bring you to the Web Beacons page. Look in the section
"Outside the Yahoo! Network" (2nd one down). The last sentence in the
last "bulleted" paragraph reads "Please click here to opt-out." -
click where indicated to be brought to this page:

- http://pclick.yahoo.com/p?optout

Once you have clicked that link (or visited the link above), you are
exempted. (Notice the "Success" message at the top of the page.) Be
careful because on that page there is a "Cancel Opt-out" button that,
if clicked, will *undo* the opt-out. How thoughtful of them to include
such an easy way to get back in, yet making getting out a 4 step
process...

Windows Genuine Advantage???

noreply@blogger.com (Rudra) — Sun, 31 Jul 2005 18:15:00 +0000

Microsoft "Genuine Advantage" cracked in 24h: window.g_sDisableWGACheck='all' AV sez, "This week, Microsoft started requiring users to verifiy their serial number before using Windows Update. This effort to force users to either buy XP or tell them where you got the illegal copy is called 'Genuine Advantage.' It was cracked within 24 hours." Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter:

javascript:void(window.g_sDisableWGACheck='all')

It turns off the trigger for the key check.

There are other work arounds but this seems to work fine for me

Open source BEER..!!

noreply@blogger.com (Rudra) — Mon, 25 Jul 2005 19:21:00 +0000

How can beer be open source?

The recipe and the whole brand of Our Beer is published under a Creative Commons license <http://creativecommons.org/licenses/by-sa/2.0/> , which basically means that anyone can use our recipe to brew the beer or to create a derivative of our recipe. You are free to earn money from Our Beer, but you have to publish the recipe under the same license (e.g. on your website or on our forum) and credit our work. You can use all our design and branding elements, and are free to change them at will provided you publish your changes under the same license ("Attribution & Share Alike").

http://www.voresoel.dk/main.php?id=70

Research on Information Intelligence

noreply@blogger.com (Rudra) — Sun, 24 Jul 2005 12:25:00 +0000

The Advanced Research and Development Activity (ARDA) is a U.S. intelligence community (IC) center for conducting advanced research and development related to information technology (IT). ARDA sponsors high risk, high payoff research designed to produce new technology to address some of the most important and challenging IT problems faced by the intelligence community. The research is currently organized into five technology thrusts: Information Exploitation, Quantum Information Science, Global Infosystems Access, Novel Intelligence from Massive Data, and Advanced Information Assurance. More information is available at http://cryptome.org/traceback.htm .

The IC uses a specialized information infrastructure and a unique security environment that must be able to acquire, retain, and provide access to highly sensitive information for many years. In this environment, relying solely on the commercial sector to satisfy IC information assurance requirements is unacceptable. Relying on COTS for certain security-critical components within the IC information infrastructure incurs even greater risk when these components are developed outside the purview of the IC or IC-sponsored organizations. The Advanced Information Assurance (IA) research thrust within ARDA's overall R&D program is tasked with providing tailored security solutions for the IC to fill any perceived security gaps in the IC's information infrastructure. Its program is currently focused in the following areas: (1) countering the insider threat; (2) cyber intelligence; (3) high assurance for IC information infrastructure; (4) new defensive concepts; and (5) quantum cryptography.

As part of its overall IC security research program, ARDA's Information Assurance research thrust is initiating research in traceback within information networks used by the intelligence community, such as NIPRNET, SIPRNET, JWICS, and IC enclaves.

Parineeta

noreply@blogger.com (Rudra) — Tue, 21 Jun 2005 13:33:00 +0000

After a long dearth of good hindi movies Parineeta finally impressed me. Everything was good about the movie except one thing... was there any need of breaking the wall towards the end of the film..?? The songs are excellent with a classic blend of classical music. Pradip Sarkar has done a really good job. Thums up....

Distributed identity system

noreply@blogger.com (Rudra) — Mon, 23 May 2005 10:34:00 +0000

OpenID (http://www.danga.com/openid/), developed by the creators LiveJournal, is another attempt at a single sign-on system. The system is similar TypeKey and Password, but focused more towards blogs and promises to actually be "distributed".

"An OpenID-enabled site/blog lets you authenticate using your existing login from your homesite (whether that's on your own server or a hosted service) without giving away your password to the 3rd-party site you're visiting, or making a new account there, or giving away your email address. And it's secure, and can run entirely in the browser without extensions, without moving between pages."

The overview mentions the possible use of SAML, which might be of interest to the conversation of about placing XML services in Ajax thread.

There is also a demo available using Ajax: http://www.danga.com/openid/demo/demo.html

and detailed system specifications: http://www.danga.com/openid/specs.bml

Critical flaws in IPsec protocols

noreply@blogger.com (Rudra) — Tue, 17 May 2005 04:18:00 +0000

Flawed cryptography is leaving people using IPsec security protocols vulnerable to hacking, according to the UK's National Infrastructure Security Coordination Centre (NISCC).The organisation has released an advisory about the discovery of three key flaws in the Encapsulating Security Payload (ESP) that provides base-level encryption of data, typically travelling though virtual private networks.

"An attacker could modify sections of the IPsec packet, causing either the cleartext inner packet to be redirected or a network host to generate an error message," warned NISCC.

"In the latter case, these errors are relayed via the Internet Control Message Protocol. Because of the Protocol's design, these messages directly reveal segments of the header and payload of the inner datagram in cleartext.

"The attacks have been implemented and demonstrated to work under realistic conditions."

The organisation rates the flaws as 'highly critical' and added that the Authentication Header protocols that guarantee the authenticity of data packets are also vulnerable.The advisory provides three ways to work around the problem, including reconfiguring the ESP system and using Authentication Header and ESP simultaneously to defeat eavesdroppers.

IP Security (IPsec) is a set of protocols developed by the Internet Engineering Task Force (IETF) to support secure exchange of packets at the IP layer; IPsec has been deployed widely to implement Virtual Private Networks (VPNs).

Three attacks that apply to certain configurations of IPsec have been identified. These configurations use Encapsulating Security Payload (ESP) in tunnel mode with confidentiality only, or with integrity protection being provided by a higher layer protocol. Some configurations using AH to provide integrity protection are also vulnerable. In these configurations, an attacker can modify sections of the IPsec packet, causing either the cleartext inner packet to be redirected or a network host to generate an error message. In the latter case, these errors are relayed via the Internet Control Message Protocol (ICMP); because of the design of ICMP, these messages directly reveal segments of the header and payload of the inner datagram in cleartext. An attacker who can intercept the ICMP messages can then retrieve plaintext data. The attacks have been implemented and demonstrated to work under realistic conditions. http://www.vnunet.com/news/1163022

Virus versus backdoors in popularity

noreply@blogger.com (Rudra) — Sun, 08 May 2005 16:05:00 +0000

A reader pointed out that "backdoor.hackdefender" was rather popular at virustotal. Looking at the top 10, it shows that most of the top 10 are backdoors.

Perhaps time to make a mental note that although backdoors typically don't have fast rates to spread they do seem to be widely available in the wild.

Add to that that cleaning up from a backdoor is tricky business: what else was installed/changed/... while the backdoor was installed ? Typical viruses are much more predictable and therefore easier to clean up.

As such it might be a good moment to check the risk levels of backdoors in your organization and perhaps take some more measures.

Let me know what you think about it. If you do have extra measures in addition to the typical anti-virus measures to counter the threat of backdoors, let me know which.

Cheers M$

noreply@blogger.com (Rudra) — Thu, 05 May 2005 11:01:00 +0000

Is it the Win 95 on C64..?? hah..sure to get lost..!!

Botnets and phising

noreply@blogger.com (Rudra) — Wed, 04 May 2005 18:22:00 +0000

A recent post to the Dailydave mailing list, titled Distributed Phishing, described an incident similar to the report we received yesterday. The report outlined a large organization's battle against a botnet that implemented a phishing attack against the organization's customers. The trend to use bots for hosting phishing websites on compromised systems is not new, and was documented in the Register article titled Phishers Tapping Botnets to Automate Attacks. Using bots in this manner makes it difficult to shut down the malicious site, because the attacker can quickly modify the domain record to point to another compromised system. One way to defend against such attacks is to work with the company hosting the DNS server that resolves the malicious domain name to remove or modify the offending records.

Attacks that we're observing now are becoming more elaborate. In the most recent report, the attacker was using a botnet to host not only the malicious websites, but also the DNS servers that provided domain resolution services for the targeted domain name. This setup allowed the attacker to move to a new DNS server when one of the malicious servers got shut down. An organization battling this threat typically has to deal with the registrar of the malicious domain, instead of attempting to shut down the individual DNS server. Unfortunately, many domain registrars don't have formal procedures for dealing with such requests, which makes it difficult for organizations to defend against such attacks.

Some ISP can help their customers combat such attacks by implementing a type of domain hijacking, intercepting and redirecting malicious DNS traffic that traverses their network. While this approach does not entirely mitigate the issue, it does mitigate it within the ISP's network; it is particularly effective if implemented by a large ISP. Considering the limitations of this mechanism, having domain registrars develop processes for addressing this attack scenario would be very helpful.

Still changing the thoughts...

noreply@blogger.com (Rudra) — Wed, 04 May 2005 15:23:00 +0000

Several companies which fear hackers will think after reading this - "f*ck, we have to tighten the "new employee" process". But I will tell you something: Too late ... we are already everywhere. In all major consultant, audit and software development, banks and IT security companies are former hackers. And guess what? The world is not crumbling down in despair. Most hackers have ethics. You might not like their ethical code, but most of them have a code of honour, and would never hack the company they are working for. You might say - "but the others, not all are good" - yes, that's true, but so is the rest of the world - same is true about people who are not hackers. If you fight us you will loose - valuable team-members, with strong skills and experiences. Think about it. And to the hacker scene: having a cool security job and still doing greyhat stuff - this is the best thing which can happen to us. Having fun - and getting paid for it.

Changing the thoughts...

noreply@blogger.com (Rudra) — Wed, 04 May 2005 14:05:00 +0000

Young hackers usually dream about becoming a well-known security expert, whose job is about executing high profile penetration tests on fortune 100 companies. Why? Cool and interesting projects, bleeding edge hard and software to work with, new areas to learn and gain knowledge, earning money, creating (another) high profile - this time with the real name - most hackers dream of that - few actually achieve that. It is mostly about the pitfalls a hacker has to overcome, especially when a company doesn't like "evil" hackers for the job. Therefore a sound and seemingly logical explanation, where he did get this security knowledge is very important. Some people might say "hey, nice article, but it is not really about hacking" - well, I say it is. It is about hacking coporate minds. You want to achieve your goal - working for that fortune 10 bank as an IT security expert, but f*ck, they don't like hackers. Hackers are evil, criminals, they say. So you have to hack their brains to get what you want! First, it should be clear what a "security job" is about - or being a whitehead. The world, work and views are different. The section "Hacker World vs. Security World" is describing this. Then you might need additional knowledge to impress your hope-fully new employer - also the ways for that are pretty clear, you can find some hints at "Getting a Background". After you know what will await you, you actually have to apply for a job. There are some do's and some don'ts you should keep in mind for writing your application documents and when you've got your job interview. The sections "Truthful or not", "How to find a job", "Getting your CV right" and "The Job Interview" will keep you on the right track. And finally: "Things you should not do after getting the job". This might be more important than you think. Last thing you should keep in mind when reading this text: it is especially meant for people who have a hard time to get employed because the company they are interested in have got a "no-hacker" policy, or the country they are living in are seeing hackers not as an enrichment to the security business. If you are trying to get into a company which welcomes hackers with open arms - which is rarely the case - this text can still be important to you. Enjoy.(Will come up with more in the next part.. :))

Writing my first

noreply@blogger.com (Rudra) — Fri, 18 Mar 2005 13:10:00 +0000

I'm writing my first blog today.I believe that everything grows out from a small effort. So perhaps this is my first effort.Ok guys i'll share some professional stuffs along with my own.I'll write all the security related stuffs for a newbie to read learn.If you are viewing this blog then don't forget to post a reply here.