About Me

My photo
Mumbai, India
I run an IT Security consulting firm based out of India. We started off from scratch in 2001 when I was 21, and have offices in Mumbai, Bahrain, and UAE. The idea behind the blog is to share the stories of how we run the business, the deals we make, the deals that break, the heartburn, and the sheer joy.

The Ultimate Startup Guide

The Ultimate Startup Guide is an e-book that provides answers to all your questions related to starting and growing a business in India. Everything you wanted to know about entrepreneurship in India from ideation to registration to marketing to hiring. The book contains a large number of practical examples, anecdotes, interviews, and motivational material to help you get started, and to grow rapidly in a booming Indian economy. If you've got the idea, this book will help you through with the execution and realize your dreams. Here are some of the key questions you will find answered in this book:
  • When starting a business, what are the legal issues involved?
  • What form of incorporation is better suited to which type of business?
  • What tax issues are involved?
  • How do I start a business and what are the pitfalls?
  • How do I market my business in the absence of significant funding?
  • How do I get funded?
  • What are the basic accounting concepts I should be aware of?
  • What is a business plan and how should I build one?
The brief table of contents of the book is as follows:
  1. Getting started
  2. Ideation
  3. Forms of Enterprises
  4. Funding
  5. Basic Accounting and Taxation
  6. Import and Export Licensing
  7. Trademark and Patenting
  8. Rules for NRIs and Foreigners
  9. Building a Business Plan
  10. Marketing on a Shoestring
  11. Website and Branding
  12. Women Entrepreneurs
  13. Templates
To order the Ultimate Startup Guide - email me at kkmookhey@gmail.com.

Details of the book are:
Title: The Ultimate Startup Guide
Author: Kanwal Mookhey
Pages: 150
Additional: Companion CD contains numerous templates for building your business plan, calculating cashflow, preparing profit and loss, and balance sheets, preparing invoices, your resume and profile, marketing material, websites, contracts, and many other useful and motivational material.

Tuesday, August 15, 2006

HSBC "security" flaw - FUD anyone?

The security industry has been often notorious for employing FUD - Fear, Uncertainty and Doubt - tactics to try and sell products and services. Here is another example of how misleading this can be.

Security "researchers" claim that there is a flaw in the online banking portal of HSBC, in that attackers who manage to install keyloggers on an HSBC user's system can learn the logon credentials of that user. Well first of all, in order to get a keylogger onto a desktop, the attacker would need to be able to break into that desktop. And second, if a keylogger does get installed, there's a lot more to lose than just your banking credentials. Potentially, every keystroke - your chat conversations, emails, passwords, everything - can and will be emailed to the attacker's email address. Now HSBC could have a virtual keyboard, but even that is exploitable.

Now, let's think from an attacker's point of view. What is easier and more lucrative? Sending millions of phishing emails and then capturing the logon credentials of an average 1% of users who fall for it, or locating HSBC customers, installing keyloggers, and then getting their logon credentials. I think I'd put my money on the former, and that explains the millions of phishing emails spamming our mailboxes everyday.

Here's a saner analysis of the whole story.

Who picked up the story? None other than the venerable BBC. And here's more. The researchers admit that HSBC is probably not the only bank affected by this issue. Well, duh yeah! Any site, any application, and any desktop is pretty much vulnerable once a keylogger is installed!