Welcome To Our Site...

Thinking of starting a business in Australia? Thinking of moving to Australia? Mimentum is where you will find it.The content of this site is copyright. If you want to use anything, contact us at http://www.mimenta.com or mailto mimenta@gmail.com for permission.

eBay – What went wrong?

Posted By Mimenta on March 4, 2010

Like many companies that grow big , they started to believe their own hype. The simple fact is that no matter how big you may think your are, you are only as good as your customer base. It started in October 2006 when eBay, seeing the potential of the Chinese market rapidly coming on line, predicted a huge increase in consumer demand and altered their business strategy. They forgot that delicate balance between buyer and seller and adopted a pro-buyer business model. They could not have been further from the truth!

Late 2006, fees for eBay online shop owners hiked by as much as 500% and fees to list goods for sale went up, along with fees for headings, pictures, multiple listings and almost all sellers services, in every developed country. In Asia there was no fee hike, placing the Asian sellers at a distict advantage.

Ebay forgot that there were two types of customer – the seller and the buyer and that they are co-dependent on each other. Ebay assumed that they were so big that sellers would put up with anything to get at the buyers on eBay, hence the sellers fee hikes (yes it didn’t stop with just one hike in 2006). Unfortunately they overlooked the fact that almost all sellers on eBay are also buyers. We sold products on eBay that we did not buy from eBay but the postbags and wrapping, boxes, stationery and other business items were all sourced from eBay. When we left eBay they lost a seller as well as a customer.

In one day here in Australia, 8,000 sellers withdrew their eBay memberships and moved to local Auction sites. Sellers who stayed with eBay struggled to break even and compete with the cheap Asian “knock offs”. Almost overnight we saw “genuine Tiffany” and “genuine Gucci” jewellery prices drop by 1000%. Georgio Armani suits that sold for over $1,500.00 AUD became available for $50.00 AUD. Thousands of items hit the auctions, sold by people claiming to be in places like Beijeing New South Vales or Sichuan South Australia with $99.00 delivery fees and $1.00 sales prices.

Ebay got it sooooo wrong!

China was never a market of consumers, it was a market of sellers and entrepeneurs who now had access to the wealthy west and no regulatory controls. No-one enforced patents or copyrights. There was no consumer watchdog. Newly expanded industries had access to unlimited cheap labour with no labour regulations, occupational health and safety or any form of quality control.

Has eBay become another Internet dinosaur?

Posted By Mimenta on February 14, 2010

Once touted as the biggest site on the Internet, eBay used to boast that it added 75,000 new members a day and with the exception of Google, was the busiest website in the world.

Today with only 10% of fixed price items selling and approximately 8% of items on auction selling at above cost prices, eBay, once the flagship of the Internet business scene is today a rusting hulk drifting in cyberspace.

By the end of the 2006 financial year Ebay expanded into a complete online shopping city with it’s own online shops. There were sub-sites specific to certain countries, so you could shop on ebay in the UK, Australia, USA or globally. With a few clicks of your mouse you could find a list of thousands of products and with a few keystrokes later could purchase any item and have it delivered to your door.

Ebay rivalled even the best department stores for selection of products because in addition to most department store goods, you could buy and sell cars and real estate and building materials. The only thing you could not buy or sell on eBay was pets, livestock and perishable goods.

With all the hype from the shadey Internet Marketing Gurus, it was the one sure fire way of making money on the Internet. In 2006, here in Australia there were over 1500 people who filed tax returns citing eBay as their primary income source. It opened real income generating opportunities for disabled people and Mums stuck at home with preschool children, to generate some much needed income.

It must have been good – tax departments in almost every developed country were scratching their heads trying to skim tax off the sales on eBay, without killing eBay itself and the massive revenue they raked in off the parent company. Ebay even spawned PayPal, it’s own online payment company that went further than anyone else at the time, to ascertain users I.Ds and regulate trade to reduce fraud.

That’s not the eBay we see today!

Ebay relied on the number of bidders to push the prices up to the point that sellers made a profit, or at least broke even. Auctions started at 99cents usually. If a seller specifies a starting price, this tends to kill the bidding. Ebay also has a BIN (Buy It Now) sale category, which was a poor seller too. Today the consensus of sellers is, that you are better to list your wares as a BIN (Buy It Now) or an auction starting at your cost price, rather than a 99c auction because the buyers just aren’t there like they used to be. If you do get a bidder, on a 99 cent auction, the bidding will rarely reach your cost price so you are better to list it at a fixed price even though it will scare of most bidding. At least you won’t be mailing it out at a huge loss, if it does sell.

7.Keyloggers – Defending your passwords

Posted By Mimenta on February 7, 2010

1. The first defence – the password itself

Have a strong password. Imagine someone found your wallet or purse and you don’t notice it is gone for a few hours.. There are your bank cards and drivers licence. They have your name and date of birth. As an eaxmple if my name is Robert and I was born in 1982, typically my password would be Robert82 (or Rob1982 if a six figure password was required like for Internet banking). This would apply to 72% of all members of the public. Don’t make it easy for the criminals. A few tries and they’d have your password.

  • Do not use a dictionary word – they can easily be guessed.

  • Use both upper and lower case letters as well as numbers and special characters (like %.^.& and so on.)

  • Do not begin the password with a capital letter – you’re back in dictionary mode again.

As an eaxmple if my name was Robert and I was born in 1982, typically my password would be Robert82 (or Rob1982 if a six figure password was required (like for Internet banking).

On the other hand 19@Bor is a far more secure password, A password decoder will take far longer to crack this and our criminal would never guess it from looking at your drivers licence..

2. Second line of defence – the equipment – the Vesik method.
Your second line of defence is not to use any untrusted computer to sign in to any site that contains banking or sensitive personal information. Business computers are especially likely to have keyloggers. If you really have to take a risk and you can’t use your trusted home PC then here’s a few steps that will improve your security and minimise the risk of identity fraud. This approach is not 100% foolproof but it is very effective.

Step 1. Click in the password box and type three random characters, mixing upper and lower case, numbers, etc.

Step 2. Use your mouse (or the Shift and arrow keys) amd select the characters you just typed. While they are hilighted, type three more random characters or a portion of your password, (they will replace the characters you typed previously). From a keyloggers point of view the log will show a mix of before and after characters making it far more difficult for keyloggers to identify your password.)

Step 3. Repeat steps 1 and 2 a few times. The more often you repeat the process, the harder it will be for an intruder to discern your password when examining the keylogger file. The password file will become so bloated with keystrokes and almost impossible to determine which strokes replace which other strokes.

Step 4. Click to the left or right of your password segment and follow steps 1 to 3 to add a few more characters. By this stage your 6 character password appears junbled up amongst over 100 characters, any one of which could be a character of the password.

Step 5. Repeat the process, adding a few more bous characters each time then overtyping them with real password characters, unti your entire password is complete. Now press the login and enter the site.

By typing gibberish first, then overtyping with real password characters, this process clutters the keylogger’s log file with a series of click events and characters. There’s no easy way for the intruder to know which characters are your password and which are random. Most password programs do not record the number of corrections you make as you type in your password. They only record actual attempts to log into the site with a password.

They only way a determined cryptologist could get the password is if you typed it in a second time and used a different sequence of type and replace. By comparing the two attempts the common characters in both attempts would denote your password.Criminals use the “ripest fruit” principle. They only take the fruit that is ready to be picked and easiest to reach. If the fruit next to it is riper they will leave yours alone. By making it harder, they will move elsewhere and leave you alone. For any criminal activity, the longer they spend at the illegal act, the higher the risk of detection. A keylogger file laying around for days while it is decrypted is a very high risk for a criminal. They will just delete it and move on to an easier one.

6. Keyloggers – Are you being watched?

Posted By Mimenta on February 2, 2010

For most people, the first place they would look for keylogger telltale signs is the Start Menu and the Task Manager. Many keyloggers give you the option of keeping them off your list of Start menu shortcuts and out of Windows’ Add or Remove Programs list (Vista calls this Control Panel applet Programs and Settings.) Most keyloggers also hide themselves from the list of applications in Windows’ Task Manager. Keylogger Pro and both the free and paid versions of Perfect Keylogger also keep the executable from appearing under Task Manager’s Processes tab. Unfortunately, often this makes it difficult to uninstall the keylogger application.

If you’re concerned that your PC might be spied on, you can use the fact that none of these programs successfully hide their running executables from Microsoft’s free Process Explorer utility. Unfortunately, the correct company name or description seldom appears in the Process Explorer listing, so to spot one of these spies in Process Explorer, you may need to know the name of the keylogger’s executable.

The bottom line is – properly installed, a keylogger is totally invisable to all by the most tecno-savvy Geeks. There are programs out there that claim to find keyloggers but a keylogger that is hardware installed remains beyond detection of even the best of these.

Someone told me that by using the On Screen Keyboard in Windows (Windows/System32/osk.exe) utility, the keyloggers can’t monitor the keys you select with your mouse, from the screen display. Sorry but the key you select from the screen display is registered the same as if it was physically pressed. The signal or digital code at the processor is what is recoded by the keylogger, not the physical key stroke. Either way the key you select is recorded.

Many keyloggers will also record mouse button actions too.

The simple fact is if the keylogger is present and installed properly, with the user notifications turned off, you will nevr know it’s there. If you are using a computer at work, chances are you ar keylogged.

In the next session we’ll look at some guidelines to help combat keyloggers.

5. Keyloggers – Do they trap passwords?

Posted By Mimenta on January 31, 2010

Key \loggers – Do they trap passwords?

This could be a short session – in a word – YES!

I always assumed that you could thwart this by using a secured login screen (eg SSL) like you have with online banking but even that is not secure friom a keylogger on your computer. I thought that making a mistake and backspacing to correct it would foil a key logger but as we saw last session, the better key loggers can remove this from their logs too. Today’s keyloggers even have the ability to hilight passwords within the log!

While all of the keyloggers we tested are adept at capturing passwords, they can be difficult to see amidst all the other data collected. Perfect Keylogger has gone one better by identifying and labeling the passwords it records. Without such labels, it’s difficult to know whether a random word or phrase typed in a given window is actually a password. It’s also the only keylogger we tested that can be remotely installed (if you’re willing to spring for the U.S. $83 Silent Logger Plus Remote-Install Edition, which was beyond our budget). Perfect Keylogger was approximately half the price at $44.95.

Perfect Keylogger lives up to its name by offering a range of useful features that we didn’t find in the other keyloggers we tested. For example . . .

  • Perfect Keylogger is the only program we tested that automatically zips and password-protects logs that it sends to you via e-mail.

  • You can also choose to encrypt the log so that it’s viewable only via the program’s built-in log viewer.

  • It was the only one out of all rthe ones we tested, that enabled you to select certain user accounts to monitor.

  • The step by step installation wizard made sense, even to a newbie. It was in simple plain English with images to give you visual confirmation of what you were selecting.

Perfect Keylogger’s basic version lacks most of the paid edition’s features but at $19.95 it does an excellent job. The company sells an in-between version at $34.95 that has all the features without the remote installation, The remote version allows you to install, update and remove the keylogger from another computer. On the company’s site (www.blazingtools.com) lists differences among the three releases.


4. Keyloggers – What do they report back?

Posted By Mimenta on January 24, 2010

The log files or the output from the keylogger are not as easily read as I would have expected. One of the main reasons is the way we type. We tend to make lots of mistakes and corrections as we change our mind, finding a better way to express ourselves. Every change, every spelling correction, every delete, insert and backspace is recorded. A small one sentence comment can become half a page if someone is indecisive. Each keylogger software seems to take a different approach to logging the activity it records. All of the keylogger software we surveyed, except the free version of Perfect Keylogger showed all the system (non-character) keys in their logs.

This is useful if you want to see whether the user typed the Backspace key a few times to delete something in an email window before actually sending it along. For example if an employee knows that the Internet filter will trip off at a certain phrase, so re words it to bypass the filters. Unfortunately, recording all such keys makes the logs tough to read. To resolve this problem, Perfect Keylogger gives you the option to choose whether to include non-character keys in its logs. Keylogger Pro’s approach to system keys is less elegant: you have to toggle the display based on the log selection, so it’s not permanently on or off. Oddly, Keylogger Pro’s log doesn’t include system keys when exporting the entire log to HTML.

Of the programs we tested, only Perfect Keylogger’s free version didn’t include system keys in its activity logs. All the remaining programs tested always included non-character keys in their logs.

In addition to capturing outgoing keystrokes, Perfect Keylogger and Silent Logger record both sides of instant messaging chats in popular IM clients. Keylogger Spy Monitor does not record chats, but the developer sells other products designed for this purpose.

Newsflash! Warning – Do not use Internet Explorer!

Posted By Mimenta on January 19, 2010

I’m not bashing Microsoft, this is not a few techies but entire governments advising their population to use alternative Internet browsers to Microsoft’s Internet Explorer.

If you use Internet Explorer you run the risk of admitting a Trojan virus that can allow someone to completely take over your computer. Even setting IE to its highest security will not prevent an attack.

Warnings are being issued from governments in France, Germany, Australia and other countries are monitoring events.

What’s it all about?

Firstly – a few basics:

  • Microsoft Internet Explorer, or IE as it is dubbed on the Internet, is used by 80% of the world for Internet searches.
  • Most of the governments around the world use Microsoft’s operating system which requires IE to get security updates (in other words they use IE).
  • To publicly decry Microsoft puts you at risk of prosecution by Microsoft, who historically, has a litigious tendency to sue and the cash flow to pay for long winded cases).

Therefore – for any government to come out publicly and announce that its people should not use IE, means they have done their homework (in case of prosecution).

In other words, there’s got to be a good reason not to use IE, so what is it?

Here we will digress a little.

Earlier in December 2009, Google in China became aware that some of its user’s accounts had been hijacked.

When it investigated the complaints, it found that these accounts were all well known human rights activists and people regarded as dissidents.

This prompted Google to check for some common means that could have infected these accounts. Further traces revealed that the Chinese ‘authorities’ (the Chinese Government refuses to admit or deny this, while applauding the action) had manipulated a newly discovered security flaw in Internet Explorer to slip a Trojan virus onto these infected computers. It’s a known fact that in China the government has thousands of people involved in hands on censorship of emails and Internet content, as well as a filter program.

This is the first proof of any government actively attacking rather than blocking content. (There is currently a diplomatic row over this but that’s another story!)

The fact is that today the security hole in IE still exists and Microsoft is claiming it is a low risk for users.

Microsoft also claim the security hole can be closed by setting IE to high security – that’s a lie.

The high security setting does not stop IE running the flawed code and therefore the vulnerability is still there.

Since the Google – Chinese Government debacle, the method used to get a Trojan virus past IE security has been published on the Internet and is readily available to those who know how to search for it (no – the link will not be published here!).

This means that invasion may have originally been a low risk, by Microsoft’s standards but now everyone can find out how to do it, it is no longer a “low risk” – it’s a very high risk.

The risk is now so high, that governments are willing to stick their neck out and advise people to use an alternative browser.

Of course some governments are sitting on the fence – it hurts to admit that the system you use is not secure and of course the US Government cannot ‘dob in’ one of their own!

What are alternative browsers?

The security hole is in the ‘engine’ of the browser. There are 4 main types of browser ‘engines’ and to avoid getting too technical, I’ll refer to them by their most common browser names (and engine – with less popular variants in brackets) –

  • Internet Explorer (Trident engine)
  • Mozilla Firefox (Gecko engine – flock, Sea Monkey, Camino, Netscape 9)
  • Safari and Google Chrome (both use the Webkit engine – also Midori and KHTML browsers)
  • Opera (presto engine – no other variants)

In terms of both security and performance I suggest Opera, Google Chrome and Firefox, in that order, regardless of your operating system because they are all cross platform.

I think you will also be pleasantly surprised at the results. They are all superior in performance to IE.

Other related articles

(French & German governments warning not to use IE)

http://news.bbc.co.uk/2/hi/technology/8465038.stm

(Australian Federal Government warning not to use IE)

http://news.bbc.co.uk/2/high/technology/8463516.stm

(Yahoo Tech saying this flaw is not a minor flaw but a major problem)

http://tech.yahoo.com/blogs/null/111811

3. Keyloggers – What is a keylogger?

Posted By Mimenta on January 11, 2010

Let’s do away with the scaremongering rumours and get down to the facts.

What is a keylogger?
What does it do?
What’s the “snooper” get back and can the “snoopee” detect anything?

In this case we’ll only look at keyloggers available on the market but keep in mind a skilled programmer can add features to a basic version’s code.

Keylogger programs sit quietly and invisibly in the background of the system you install them on. The software records all the keystrokes and in several cases, mouse clicks, that users make. They also monitor the programs those keys are typed into, along with other information about the machine’s activity. The products vary in their ability to hide themselves.

The logs the “spyer” receives back can be emailed or uploaded to a web server. The reason for this uis that the data recorded by the keylogger would use up storage space on the computer where it was resident. Over time the user would start to notice that they were losing memory and be alerted that something was amiss. By sending the data out either to a web server or in email form, the keylogger remains almost invisible.

Comparison of several keyloggers available in the software market

Perfect Keylogger Lite

Perfect Key Logger

Keylogger Pro

Keylogger Spy Monitor

Silent logger

Encrypts logs Yes Yes No No No
Monitors specific Windows user accounts No No Yes No No
Sends alerts when specified words are used No Yes No No No
Captures screenshots automatically No Yes Yes No Yes
Deletes logs after mailing No No Yes Yes No
Disables Windows features No No Yes No No
Sets processor priority No No Yes No No
Excludes system keys from logs No Yes Yes No No
Records Instant Messaging chats No Yes No No Yes
Compresses and password-protects e-mailed logs No Yes No No No
Offers built-in scheduling No No Yes Yes No
Uploads logs to ftp servers No Yes No Yes No
Displays a warning to the PC’s users No Yes Yes No Yes

2. Keyloggers – The downside?

Posted By Mimenta on January 8, 2010

Just be careful though. The old addage applies – “He who listens at keyholes may hear something they don’t want to hear”. You can give it all the euphemisms you like – it’s still spying and is saying to everyone “I don’t trust you”. Even though most keyloggers can be made invisable, if they ever find out you have deceived them, you’ll never regain that trust.

A teacher friend of mine was going out with an IT professional, two years younger than her. They had a lot in common and things were looking serious for a while. He decided to slip a key logger onto her laptop and was able to do it remotely without her knowledge. Later, when she wanted some new software added to her laptop, she handed it into the school’s IT guys and they spotted the keylogger and told her. She was angry at first and felt personally violated but said nothing.

She resolved that this was the end of their relationship growing and decided to turn the tables, feeding her spying partner misinformation. She invented a past boyfriend who had a hold over her – some terrible secret and was blackmailing her. They had broken up because his “activities” were too risky and if caught it could end her teaching career. She then began over a period of weeks, to divulge to her imaginary blackmailing ex boyfriend that if he would let her go, she would set up her current partner, never divulging what for. Over several weeks she set up times and dates when his victim would be out and he could “make his move”. Of course she would then ask the victim out on those days and delight in his attempts to come up with excuses. If he said yes, the next day her fictitious blackmailer would message her an excuse why he didn’t “do the job” yesterday. Her current partner moved to another house and finally to another country, accepting a transfer from his company overseas. I don’t think it was exactly what he wanted either – Iraq was a dangerous place then!

Because the keylogger was placed without her knowledge, even if she confessed to a crime, the evidence could not be used because it was gained illegally.

In our Next session we’ll look at the different keyloggers available and see how they stack up.

1. Keyloggers – On my computer?

Posted By Mimenta on January 6, 2010

We hear stories about viruses with key loggers that capture your key strokes and how insidious these programs are but how much id true and how much is really scare mongering ?

Keyloggers don’t just come with viruses. They are legitimately used by many IT people to monitor computer usage. These days they are even finding a place on the home computer.

A business with industrial secrets may want to protect it’s competative edge. It can install a keylogger and sensitise certain words relating to it’s secrets. When these words are used in any form on the computer (eg. Email, letters. Instant messaging or even a web search) the yeklogger will register an alarm, alerting IT to a possible breach.

Lately keyloggers are also finding their way into homes as well. They are useful for monitoring children’s computer use. Some keyloggers will even trap and highlight passwords. When your child is receiving kinky instant messages, you will receive the alarm and can open a conversation with the weirdo and hopefully trap the pediphile into giving away enough of their details to have them arrested. It will also show up all those flash games they played while they claimed they were diligently doing their homework too.

You can sensitise them so they monitor certain user accounts. The kids accounts can be logged while yours is not and so on but be careful there’s a down side too.

We’ll look at that next session.