Tuesday, June 30, 2015

Ecommerce websites are legally liable for service defects: Indian Law

E-commerce shopping websites liable for deficient service

When a problem arises, the portal shuns responsibility by claiming it is only a trading platform to bring the buyer and the seller together, and is in no way liable.
Online shopping is becoming increasingly popular because it saves time, the bother of travelling, the prices are competitive, and returns are accepted. In some cases, the seller's name is disclosed, but the address and contact numbers are withheld. This is done in business interests, so that the buyer and seller do not make a deal, depriving the portal of its commission.

The consumer deals with the portal, makes payment to the portal and follow-ups too are via emails to the portal. Yet, when a problem arises, the portal shuns responsibility by claiming it is only a trading platform to bring the buyer and the seller together, and is in no way liable. This is against consumer interest and unwarranted, as held by various consumer fora.

Case Study 1:

Atul Malhotra ordered a Lava mobile phone offered at a 94% discount on Flipkart, for an amount of Rs 400. Flipkart cancelled the order two days later, claiming inability to cope with the demand, refunding Rs 400. Since Atul wanted the phone, not the refund, he complained to the Chandigarh District Forum. Flipkart claimed it was not liable, and the complaint be dismissed as the actual seller had not been joined as a party to the dispute.

The forum observed that Flipkart had made the offer. The entire email correspondence was with Flipkart, including the cancellation. Hence, it would be liable for deficient service. Flipkart was ordered to pay Rs 3,000 as compensation and Rs 2,500 towards costs.

Case Study 2:

Shivanand Narain had purchased a Stealth mobile phone online for Rs 20,390, which turned out to be defective. He returned it and sought a replacement, as the website promised. Since his grievance was not redressed, he filed a complaint. The forum ordered the portal to refund Rs 20,390, the price of the mobile and also awarded Rs 15,000 as compensation.

The portal challenged the order in an appeal to the Chandigarh state commission, contending it was only a "facilitator". Rejecting this argument, the commission observed that the portal solicits business. Customers make payments to the portal. Correspondence with the portal is through the given email address. Thus, it actively participates in the transactions. The state commission dismissed the portal's appeal.

Case Study 3:

Urmil Munjal had made an online purchase through rediff.com. As she was not satisfied with the product supplied, she filed a complaint against the portal before the Gurgaon district forum, which allowed the complaint. The portal's appeal was dismissed. It filed a revision before the national commission, contending that it was only a facilitator.

Rejecting this argument, the national commission observed that the portal had admitted it acts as an intermediary, collecting payment. So its services could not be considered gratuitous merely because no separate charge was collected from the consumer. Inviting buyers and sellers to trade online made the portal amenable under the Consumer Protection Act. The commission concluded that the e-commerce portal would be liable to the consumer.

Conclusion:

E-commerce platforms are liable for the products advertised and business solicited through their websites.

Monday, June 22, 2015

Hacking computer without a Internet connection

The most secure computers in the world can't “Google” a thing—they are disconnected from the Internet and all other networks. The U.S. military and the National Security Agency rely on this attack-prevention measure, known as air-gapping, as does The Intercept, the media outlet co-founded by Glenn Greenwald, who was instrumental in disclosing the nsa's extensive domestic surveillance program. But where there's a will, there's a way: a team of doctoral students at Ben-Gurion University of the Negev in Israel announced it can obtain information from an air-gapped computer by reading messages encoded in the heat given off, like smoke signals, by its processors.
All computers have built-in thermal sensors, which detect the heat produced by processors and trigger the rotation of fans to avoid damage to components. To achieve the hack in an office setting, snoopers would infect two adjacent desktop PCs—one air-gapped, the other connected to the Internet—with malware that can take control of the machines and enable them to decode messages hidden in the sensor data. A virus carrying the malware could infect the Internet-connected machine fairly easily, whereas a USB drive or other hardware approach would be required with the air-gapped machine—a feat that could prove difficult at high-security locations.
In a scenario in which a hacker sought a password stored on the air-gapped computer, the malware could instruct the computer's central processor to perform work in a pattern of activity that reveals those characters. Each spate of activity would produce a puff of warm air that would travel to the connected computer, where its thermal sensors would log that single bit of information. Over time, voilĂ , a set of bits representing the password. The connected computer could then send that information to the interested party. The computer scientists call their hack BitWhisper.
If it sounds awfully slow, it is. The compromised computers can transmit only a maximum of eight bits per hour and can be located no more than 16 inches apart. But that rate is enough to get what you need, says Yisroel Mirsky, one of the co-authors of the research, which will be presented at the IEEE Computer Security Foundations Symposium in Verona, Italy, this month. “You need only about five bits,” he says, for a simple message, such as a command from the connected computer to the disconnected one, to initiate a data-destroying algorithm.
BitWhisper might seem too elaborate—after all, if one can get malware onto a computer via USB, why bother with the heat channel? Mirsky notes that this setup allows a hacker to control an air-gapped computer without physically sitting at it. Also, a computer heating up is unremarkable, so the hack could escape notice, says Anil Madhavapeddy, who studies unconventional ways to transmit information at the University of Cambridge and was not involved in the study. “In general, as computers get faster and the data contained in them more valuable,” he explains, “even the very slow covert channels are useful for attackers because they can just sit back and let them run for hours or even days to leak important information while staying under the radar.”
Of course, stopping such an attack is simple: keep air-gapped computers far away from any computers on a network or insert a sheet of insulation between machines. Given all the conditions BitWhisper would need to work in the real world, it might just be easier to find a whistle-blower.
This article was originally published with the title "Hacking Heats Up." 
By jessy emspak

Navy man in Jail for 2 years for Child Pornography, cyber crime in India

Navy man gets 2 years Jail for Child Pornography, cyber crime in India : Cyber crime conviction By Prashant Mali In the case of D...