Dot to exploit

Till recent past we use to boast on our online registration process; though it’s not much unique but surely posses some additional features and follow common practice adopted globally for online registration. A verification email was send to the account provided during the registration process for validating the existence of the email address.

The process was fool proof and no bugs has been reported since the day it was deployed, but one day we observed that some 100 odd registration happening from a single domain i.e. @gmail.com the email addresses appeared to be fake but has qualified all the registration verification process. Prima-facie we couldn’t understand what went wrong and which loose ends exists in the system which someone had tried to exploit.

When I was sharing this issue with one my colleague; he told me that his account with GMAIL earlier had received mail which were not meant for him and he later learnt that placement of dot(.) for Gmail account is immaterial as far as location of dot(.) is concerned. I could not simply believe to my ears and to validate this I tried to create new account with the same username of myself by adding dot(.) at various locations, but to a surprise it always prompted for choosing a different user name stating the username already exists.

It took few seconds for us to identify the loophole exploiting which registration process was validated using practically different email accounts based on dot(.) location, but virtually same email account. For Gmail accounts firstnamelastname@gmail.com and firstname.lastname@gmail.com or for the matter of fact dot(.) at any place is immaterial and mail written to firstnamelastname are delivered to the closest match firstnamelastname and while delivering the email, Gmail ignores dot(.) location.

The conclusion was that for Gmail accounts dot(.) at any place is of no meaning but for most of the websites and email accounts they are different based on the character patterns.

Quickly we created a fix for this wherein the dot(.) Character needs to be ignored for checking existence of email especially if the account holder is of Gmail. This was a lesson learned for us and I’m sure that most of the website may not be aware of this logical bug for the email accounts. So if you are having any validation process based on distinct email accounts create a check for the dot(.) especially for accounts on Gmail.

The nature of the computer is such that it can act like a machine or language to be shaped and exploited.”

Image source: techpin.com
















Posted by at 2 comments:

IDIOSYNCRASY

World is full of Idiots… 

You find them everywhere….  

Even I’m surrounded by Idiots…!! 

They are tough challenges of life.… 

We should always appreciate Idiots…. 

Because in the first place God made Idiots…!!

Idiotism is tough to handle, because you can’t guess their intelligence…

If there would have been no idiots, no one would have acknowledged wisdom… 

Do not underestimate idiots; there is no other better recognition then an Idiot’s acknowledgement….!!

IDIOT stands for 
I – Intelligence: Idiot encourages you to use you all intelligence.

D – Determination: Idiot challenges the determination.

I – Ingenious: Nothing can be idiot proof because idiots are ingenious.

O – Optimistic: Idiots survives on highest level of optimism. 

T – Treasure: Idiots are real treasure as even death can’t cure them.
  
My needs are few and simple. Food, clothing, shelter but with No Idiots

Image source: colourbox.com

Posted by at No comments:

Clouds are light.

Clouds are light very elastic, virtually exist but physically don’t, they don’t have boundaries and neither do they require platform to exist nor software to execute. Similarly the computing power created on cloud architecture is light, elastic but requires platform to exist and software’s to execute.

We boast on first of its big B2B enterprise environment to be deployed on cloud architecture. Earlier, we like most of the organization have been working with physical hardware since a decade and had many constraints in terms of scaling horizontally or vertically. The nature of business being B2B there exists a never ending demand of storage and processing capacity. We could understand that physical infrastructure was simply not meant for this type of businesses.

The capital expenditure use to be huge and the operational cost in terms of resources to manage the hardware use to be big, we use to pay more than 1 million a year for managing the infrastructure and during the course of time we created a lot of dependency on individuals in terms of management and configuration and it proved to be person driven management rather than process driven.

The immediate difference which we can see after moving on cloud being drastic saving on the human resource cost, saving in licensees and maintenance cost. Most of the hardware, network services got outsourced as a part of managed services The current scenario is that we don’t have any network architect as we do have partners to manage the online network.

After moving to cloud architecture and opting for managed service the next target areas would be internal networking and hardware team. With time and taking inflationary cost into account, their salaries are not justifying the cost of maintenance as we are having multiple partners to render support to us for hardware and networks. If we are able to achieve this there will be an additional saving of .60 million a year which is not a small amount for any organization.

There is saving on every corner depends on the organization the way it leverages the outsourcing and contracting strengths.

Image source: texdexter.wordpress.com
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)