Thursday Jan 17, 2008

Next Generation Web (definitely not 2.0)

I had posted a reference to the term "Web 2.0" a little while ago on my blog. But while I got absorbed in the term 2.0, there were others who were way ahead: WOW !! the google search results for terms like "web 2.0","web 3.0","web 4.0","web 5.0","web 6.0","web 7.0","web 8.0","web 9.0" all yield several results. I guess it's all about an effort to get recognition by associating the terms with product releases just to say that the products are way ahead of the game... the silliest strategy I have ever seen. I wonder what the end version would be : Web n.OH ! ?

Web 2.0 - The Race Is On !!

while the entire industry harps on google and it's stock price, Yahoo is way ahead of the game with web 2.0. check them out and decide for yourselves. Comments welcome!! Tim O’Reilly writes :
If Netscape was the standard bearer for Web 1.0, Google is most certainly the standard bearer for Web 2.0, if only because their respective IPOs were defining events for each era.
Google doesn’t have the image of being the most out-spoken company. Especially because of the what I associate with term “web 2.0”. Therefore i'd have to say; "sorry Tim your'e wrong" (at least this time). Google sure has made huge strides in the right direction by recently embracing blogging, rss aggregation, video on demand, DRM etc... but we tend to forget all about YAHOO. Yahoo IS taking the appropriate steps in making web 2.0 a reality. Believe me. they really are. Whats really intersting though is that a google search for the term web 2.0 lists yahoo as ranked number 2; and if you know about google ranking technologies, thay do have a pretty good algorithm (just kidding) for it. Much of the 1.0 is (or was) Google. Web 2.0 is gonna be yahoo, and I bet my lucky dollar on it. Another good comparision link is Google Labs vs Yahoo Research. mad money prediction : (after a couple of beers) :: as contrary to Jim Cramer; Boo Yaaahhh YHOO. sell sell sell; sell sell sell GOOG. AND hey !! I'm no expert in the NY stock market. Get ready to loose all your money if you wanna follow my ADVISE... I guess you can judge for yourselves. You know better right ? The older the better.... and this old article speaks volumes ;-) knock knock !! ?
UPDATE : Did you see the google stock price today (ie: January 18th 2006) ?? I'm getting good at predictions.... (just kidding) here's a screenshot of GOOG just 9 hours after this post ;-). Guess I should start my own TV show. Please do me a favor and do not compare it to YHOO today.... I'm gonna loose my chances of hosting my own TV show if you do ;-)
  1. Google Catches Cold
  2. Google sinks, shares hover at $400

Microsoft Hailstorm

Microsoft Passport has been around for a while. This article describes the Risks of the Passport Single Signon Protocol extensively. Contrary to my personal preferences and beliefs; I myself have been using passport for quite a while just because of the large list of participating sites that I frequent. However the frequent presentation of the following screenshot is compelling me to believe that someone needs to get their act together and also give other alternatives a shot...
This is a very good example of how a single point of failure can cause serious impact on business processes.

Photo Identity Cards

tee hee...; Remember my old post on RFID; Here's a new spin to it; tee hee...
In order to conduct a scientific survey of the tiger population this year, Wildlife Institute of India (WII) would soon be issuing photo identity cards to all the tigers of the country. WII scientists have also proposed three new scientific techniques to have a more accurate count of the tigers living in the wild. As per the proposal, the three techniques are namely computerised pugmarks, camera traps and DNA tests. All the three techniques would be used in the tiger survey starting in the country from January 15.

Is your bank as secure as you would want it to be ?

Microsoft has been condemning, the practice of using NON SSL browsing methods, especially for online banking. However, Bank of America, Wachovia and Chase, as well as financial services giant American Express have decided to not concurr with this approach according to this report on NetCraft.
Netcraft's SSL Survey provides detailed information about encrypted transactions and e-commerce, including the growth rate for SSL-enabled sites, and which operating systems, server software and certificates are most widely used on these sites.
I had blogged about Secure Passwords last month, and had mentioned the usage of a Password Hasher using JavaScript. If these banks DO NOT want to have HTTPS enabled on their high traffic login pages, they could at least use the Password Hasher to encrypt the data sent back to the server. I feel glad that this time I agree 100% with microsoft on their stance on SSL and NON SSL usage. Well, I also do understand the Bank's need for using NON-SSL for high volume traffic sites. But one should draw a line somewhere and not compromise the security of their customers Identity and credentials ! (and that too in this world of Identity Theft). NOW, that's where they should be looking at Access Manager. If they let Access Manager broker their authentication requests, they could continue using HTTP for high traffic pages and then when the user tries to access his online banking information Access Manager could Authenticate them over HTTPS (ah! did I forget to mention that Access Manager authenticates using TOKENS and not TICKETS), and well, with the complexities of the policies and rulesets that Access Manager can handle, the server serving up "critical" information could all be served securely. Did I also forget to mention that we have a Secure Remote Access Gateway too?
SOMEBODY !! Talk to these Banks Please...

Copyrights, Patents & Trademarks

For those who are always bothered about content on their blogs being questionable, here's a short explantion of the definitions of terms that one needs to know regardless of whether he/she 's blogging or not.
  • A Copyright is a form of protection provided to authors of “original works of authorship”, both published and unpublished. Copyright protects the form of expression rather than the subject of the expression. Federal copyright registrations are issued by the U.S. Copyright Office. They give the copyright owner exclusive rights to reproduce the copyrighted work, to prepare derivative works, to distribute copies of the work, and to perform and display the work publicly.
  • A Trademark is a word, name, symbol or device which indicates the source of a product and distinguishes it from the products of others. A servicemark identifies and distinguishes the source of a service instead of a product. Trademarks are issued by the U.S. Patent & Trademark Office. They prevent others from using a confusingly similar mark, but cannot prevent others from making the same products or from selling the same products under a clearly different mark.
  • A Patent is the grant of a property right to an inventor. What is granted is the right to exclude others from using, offering for sale, selling or importing the invention. Patents are issued by the U.S. Patent & Trademark Office.
I hope this helps those bloggers, who are reluctant to blog with fears of repercussions of their posts. Well, fear is a factor, ignorance is another, and knowledge to know the difference is well the third ;-) just like in ...
God grant me serinity to accept the things I cannot change, courage to change the things I can, and wisdom to know the difference.
Trust me, I'm speaking from experience...

Wednesday Jan 16, 2008

Security Alert

Citigroup, the world's largest bank, on Monday said account and payment history data on 3.9 million of its customers were lost in transit by United Parcel Service. New York-based Citigroup said the data were stored on computer tapes, and lost while UPS, the world's biggest package carrier, was shipping them to an Experian credit bureau in Texas. The tapes, which also contained Social Security Numbers, covered CitiFinancial Branch Network customers and about 50,000 customers with closed accounts from CitiFinancial Retail Services. Source, & Associated Press
Well, is this something we all should fear? I do think so; and here's why?
Al Taqwa bank, part of a network of financial companies named by the Bush administration as a major source and distributor of funds for Osama bin Laden's terrorist operations, has shareholders that include prominent Arab figures from numerous countries in the Middle East. Al Taqwa was a so-called "hawala" operation (an informal word-of-mouth system that keeps no records and relies on trust) that facilitated transfers of cash between agents worldwide. The bank also used correspondent accounts : accounts that banks have in other banks -- to transmit cash to its agents. Source:
Also read The Counterterrorism Blog
So: Now you DO remember Sept 11 dont you ?. Well, Read this
Citigroup owns 23 percent of Saudi American Bank, the second- largest Saudi bank, known as Samba. ``Samba follows the same anti- money laundering rules as Citi, but it also complies with local (Saudi Arabian Monetary Agency) regulations,'' said Andrea Hurst, a spokeswoman for Citigroup.
So: In short, Citigroup is owned by Saudi Arabians, or am I making this up ?? Well, I have been told that a majority of the shareholders in Citigroup ARE Saudi Arabians. I am not so sure on whether this is true or not, However, you could research this for me and post your findings here. So anyway, why am I posting CitiBank's Boo Boo alongwith references to Sept 11th, Well, I Just hope it's not true, BUT, If CitiBank has lost huge volumes of it's customer data, AND if Saudi's DO have a huge stake in CitiBank, and IF this lost Data falls into the hands of folks that it was not meant to be, Well, Houston we sure do have a problem. Remember those Phishing emails we all receive, Well, expect that number to just increase from now on. Citibank is the largest financial group in the world and has long been a target for computer criminals. Computer criminals use "phishing" to gather confidential information from bank customers. But this "lost tapes" episode makes it all the more easy for them. There already has been a "HIT" All said and done; If YOU happen to be a citibank customer and are worried about this; CitiFinancial is inviting customers to enroll via a toll-free number, 1-888-469-8603, in a free credit monitoring service for 90 days.

Microsoft wants it's users to UNINSTALL Netscape

yep, after a bashing for bundling internet explorer the browser with the WIndows OS, it's Microsoft's turn to avenge it's browsers divorce from the OS. The issue sprouted up this afternoon on a MSDN Blog, where Microsoft's chief IE developer Dave Mass recommended that users completely uninstall Netscape as a possible workaround for a bug that Microsoft has discovered in Netscape 8. AOL spokesman Andrew Weinstein insists the bug only affects "a very small percentage of [IE] users" who visit pages using XML technology. Netscape 8 is based on the Mozilla Foundation's Firefox code base, which means that security bugs in Firefox are likely to affect Netscape 8 users. So I'd assume that Microsoft would want everybody to uninstall Firefox as well. With Netscape 8 and Firefox gone, Why should Mozilla be left behind ? Guess what Microsoft wants is users to have ONLY IE on their desktops.... sinister... I am really not sure what to make of this, because Ben Goodger, the lead firefox developer has also posted on his weblog that Netscape 8 is unsafe... This is gonna be a very interesting one to follow...

From Federated Identities to Federated Federation

First Came LDAP, then Single Sign On, then Provisioning, then sprouted Identity Management, and then Access Management, and from there on Fererated Identity Management. All the major vendors like Sun Microsystems, Novell, Alcatel, Sentillion, Passlogix, Fujitsu, Evidian, Courion, Data Power, IBM, Verisign, Oblix, Netegrity, Nokia, Intel, RSA Security, Elios, Phaos, Oracle, Calendra, PingID, Thor, M-Tech, Computer Associates, Entrust, Axalto, Microsoft, HP scrambled around adopting Project Liberty standards and releasing their own version of Federated Identity Management Poducts. I thought that it would be a good thing to get involved in the circle of trust federated identity providers and keep up with the trends and technological advancements in this arena. Apart from getting a comfort factor from being able to learn and master the usability of all these products and their features, knowing their pros and cons, I believed that involving myself in just Project Liberty would suffice. I was so very wrong. Familiarizing myself with this rande of vendor products was a daunting task by itself. As I started getting involved in discussions around these products, I got sucked into discussions around protocols, framework and specifications. Project Liberty was not the one stop shop. There was InCommon Federation, , SWITCHaai, Athens Access Management, Meta Access Management, and so on... I wonder how much more there is to discover - I Wonder whats NEXT? Kim, Andre, Chuck, Kaliya, Don, Ian, Kudo I really could use some help here...

Tuesday Jan 15, 2008

identity theft to identity death

The U.S. government plans to put RFID chips in passports. Well, after watching Bowling for Columbine and Fahrenheit 911, my impression of the U.S. republican power was not emmm..... as good as what it was when the democrats were in office... From my perspective, this smart move by the U.S. government is a self laid booby trap. Once this whole RFID crap really goes into effect, I guess anybody could pinpoint an american citizen using off the shelf RFID scanners. Now thats a open invitation welcoming not just the terrorists, but those creeps who think that they ARE the bad guys to try gimmics... and sometimes gimmics can be an expensive affair. If people were to keep their passports in aluminium cases(as suggested by a few inteligent folks in the federal government), well... who knows... aluminium/metal detectors may popup !! All in all, after all... the U.S can do whatever they want, whenever they want... didnt I hear someone saying that they ARE the BOMB. BTW: Please read Andre Durants blog On Death by RFID Passport.

for everything on Identity, JCAPS, SOA, WebServices, Security, Single Signon, Federation, Provisioning, Virtualization, Optimization, Debugging, Workflows, Compliance, MySQL and more... WAY MORE....

[this is a group blog]


« June 2016