An open letter to Pramit Jhaveri - Citibank India - No Resolution, Customer care sucks & they lie, a lot.

Dear Mr Pramit Jhaveri ,

Last October an incident happened with me , on a fuzzy evening I went to the nearest ATM near my home - Deutsche Bank ATM where I provided my card to my cousin who went inside ATM to take money as I was on a concall with my office & guided some poor chap who required my help . Since you cant enter an ATM while talking on phone, I remained outside.

Turns out that there was no guard / money at ATM ,the machine gave an error after pin was entered and never dispensed the money. Also, there was one more guy who had the same experience.

Well, I finished call put my phone in my pocket & strolled to nearby Axis Bank ATM where we withdrew 1000/- INR and went home. Turns out some nasty surprises were waiting for me. I got a message from Citibank that 10K have been withdrawn from my account , flabbergasted I reported the incident to Citi on 7th October.

What happened next ? Ah well..to tell a long story short -

1. Citi reversed my money in 2 days (that was fast) & said they are investigating the issue.
2. Then they said the transaction was valid & reversed it again. 
3. I disputed & said show me the CCTV footage -> no response.
4. Called their Citiphone officers (sic) muliple times & they said to check with Deutsche Bank, I commented why they were not taking end to end responsibility, they said its out of their scope.
5. Then I checked with Deutsche Bank and they said they will not entertain my request for CCTV footage.
6. Citiphone officer advices me to lodge FIR & I duly oblige.
7. Dec 2013 - Citi reverses money again & as per Simmy Sebastian (Citi escalation executive) on email, money is debited to my account & investigation continues.
8. 5 months later (28 March 2014) Citi reverses money again :D with NO CONCLUSIVE INVESTIGATION & charged an overdraft of 3899/-.

Well Done Citi..

Now this pissed me off. I just survived humiliation at paying a bill because I thought there was money in my account when there was not. After fighting 38 minutes (at dead of night) with Citi IVR and their agent Chirag, I finally wrote an email to you , the acting Citibank CEO/hotshots describing the whole affair.

Here is the full email (which I expect you should have gone through by now, if not..then my faith is dwindling) -

(I have redacted my email address from all of the following email communication)

​

---------- Forwarded message ----------From: Rishabh Dangwal Date: Sat, Mar 29, 2014 at 2:06 AMSubject: Attention !! // 020-486-450 // New Ref# SDN14026864 // Citi Transaction & Customer Service Failure at Grassroot level // WORST SERVICE & FEEDBACK.To: "india.branchbanking.head@citi.com" , india.consumerbanking.head@citi.com, india.ceo@citi.com, india.operations.head@citi.com, Executive Response , "head.customercare@citi.com" , vikram.saras@citi.comCc: "retail.dox.india@citi.com" , "nishashriram@citi.com" , r.singh@citi.com, rakesh.singh@citi.com, collection.external.ombudsman@citi.com, Rishabh Dangwal

Mr Pramit / Mr Ashish / Mr Anand / Mr Vikram,
Gentlemen,
Let me bring incident 020-486-450 (New ref# SDN14026864 ) to your attention where Citibank has shamelessly ripped off all the rules of customer service. We all hate typing emails at 2 AM at night, ain't it ?
Short Summary : 

1. On 7th October 2013 , a mis-transaction of 10000/- was done on my Debit Card at Deutsche Bank ATM for which Citi was *UNABLE* to provide any conclusive feedback for 5 straight months. 

1. I was provided an immediate credit & it was agreed on email with Simmy Sebastian (Email attached) that Citi will provide me CCTV footage of ATM as an evidence before reversing any credit.  

1. As discussed with *countless* Citiphone Officers (sic) they recommended to get in touch with Deutsche Bank (which I did) , raise FIR with police (which I did, again) but everything went futile & today (28 March 2014), Citi has reversed the transaction *WITHOUT INFORMING ME IN ANY FORMAL MANNER* & *WITHOUT PROVIDING ME CCTV FOOTAGE OF THE TIME OF INCIDENT*, & even penalized an overdraft of 3899/- .

Now points of concern are -

• Citi *NEVER* informed me that they are closing investigation at their end and reversing credit, I barely survived humiliation when I thought I had money in my bank account when there was none, thanks to Citi as transaction was reversed.

• FIR has been raised with police, CCTV Footage acts as an evidence in this regard. Citi didnt provided it & concluded it, then shall I sue Citi for causing hindrance in investigation ?

• Citi failed to provide me the CCTV Footage & failed to meet the commitments & left me in a dire financial situation without explanation & information.

• One sided followups were being done with NO PROACTIVE UPDATES on this matter.

I will be escalating the matter to RBI Ombudsman for failure of Citi to provide a conclusive feedback & failing at all echelons of customer service, its a huge disappointment at all grounds. I should infact also inform my colleagues at Orange Business Services (France Telecom) to migrate their accounts , its bad PR & its well justified if you ask me.
Right now, I had a word with Chirag Jain (Citiphone officer) at dead of night & in a 38 minute call I was unable to get to a senior person who can take responsibility & can be accounted for some justified action .  
Infact I am so frustrated with onesided followups that once its solved, I would close my account with Citi & encourage my finance head at Orange Business Services to do the same, somehow I believe from this incident that how broken is the customer service at a world renowned bank like Citi.
PS : I know you all might be busy, so I have finally decided to blog about it at Prohack (www.theprohack.com) where I can make note of the progress which Citi makes once an issue is reported to head honchos of a company. If this doesn't works out right now, I would then know if I can trust Citi again or not. 
I am attaching all the relevant documents of 

1. Followups done with Citi

1. Agreement done with Citi wrt CCTV footage

1. FIR

1. Followup with Deutsche Bank 

as a proof and testament of my words, lets see if Citi can finally provide me resolution.
I still want to believe & hope Citi stands for its customer values, requesting your urgent attention & complete cooperation in sorting this matter out.
Best Regards, ,

---

Rishabh DangwalNetwork Security Specialist 

,

Orange Business Services (France Telecom)RHCE | CCNA | ITIL | CEHWebsite:   www.ThePROHACK.com ,  www.RISH.co.in "Quis Custodiet Ipsos Custodes ?''

Trust me, if this isnt sorted out now, then I would recommend to NEVER TO OPEN an account with Citi since if a CEO cant sort a mess out, then of course a customer service is no good.
More over , its a huge fail in customer service that a guy is forced to address his concerns to CEO of Citi because the lower rungs of service and escalation fail to provide *any viable resolution*.

The best part Mr Pramit ?
Well..that ATM closed out, & I pointed it to Simmy/lots of other Citiphone folks that at max 2 months of video is stored in the ATM CCTV hard drive, and if you dont act fast, *YOU WILL NEVER BE ABLE TO GET THE CCTV FOOTAGE*. Turns out they are not having any and are now bullying me by keeping me in dark.

Well Mr Pramit, if Citi can charge me to withdraw money from any other ATM, then I expect some services from Citi that safeguards my interests. It makes me shudder how one-sided this whole affair has been, if only you have an idea, a complete fail of all the echelons.  If Citi can provide me CCTV footage since its a criminal case & stop taking independent conclusive actions without informing customer. Its a breach of customer trust and is an epic fail in code of conduct.

I still believe you guys have sensible online services, but customer service is one area in which Citibank India fails spectacularly.

I hope something could be done on it ? Aint it? Noone wants to type an email at 2 AM at night and blog at 2:40 AM about his horrible experience. If Citi wants that , then no thanks, I will close my account as soon as its sorted and will encourage my colleagues to do the same.
What a waste..

Rant aside..

I do hope something can be done in this regard. Wave your magic wand sire, I will be waiting for some concrete action..

Best Regards

Rishabh Dangwal


Update 29 March 2014 12:07 PM IST :

One long time blog reader & friend suggested to get it reported to RBI. Duly acknowledged, complaint have been raised with RBI.

Update 29 March 2014 04:05 PM IST :
Had a word with Citi CCE -Navneet/S Mahesh who confirmed that they will have some response by Friday 4 April 7 PM IST . Also confirmed if Overdraft will be reversed and money will be credited back on my account, he was affirmative. Mahesh Confirmed that he will have some update on CCTV and promised a call back by 31 March NBH. Provided this Blogpost URL as a timeline of incident.

Update 29 March 2014 04:50 PM IST :
Consumer complaint 82619.1.2014 lodged against Citi Bank .

Update 30 March 2014 08:25 PM IST :
47 minute call was finished with Citi Helpdesk with approximately 20 minutes of being on hold, excluding 2 minutes of fighting with IVR.
After 5 tries by Merin (Citi service desk) , her manager Manisha Sitaram (on duty floor manager) came on call.

• Asked her about the status of investigation -> she was clueless.
• Asked her why a callback was not arranged bacl -> She was clueless.
• Asked her what the heck Chirag Jain (on duty floor manager) & S Mahesh (on duty floor manager) doing -> They were on leave / not available

Asked her to make note of 5 questions -

1. Why Citibank did not provided me CCTV footage & why transaction was reversed.
2. Why Citibank reversed transaction & did not intimate me , although it was agreed with Simmy Sebastian (Citi Executive response desk, Mumbai) that he will check & update regarding CCTV footage.
3. Why is this incident being dragged on for 5 months.
4. What is the status of followups being done for CCTV Footage with Deutsche Bank.
5. Will Citibank credit money back (along with overdraft) since they have not provided any CCTV footage & they have no right to do it.

Provided her the URL of this blogpost , details of Simmy Sebastian, current executive incident owner Laxmiprabha Kotian at Citi end & asked her to arrange a call back by 31'st March 5 PM IST during NBH.

Lets see how Citi takes this incident up.


Update 30 March 2014 08:50 PM IST :
Shot an email to Citi again since they failed to acknowledge anything.

---------- Forwarded message ----------From: Rishabh Dangwal Date: Sun, Mar 30, 2014 at 8:53 PMSubject: Re: Attention !! // 020-486-450 // New Ref# SDN14026864 // Citi Transaction & Customer Service Failure at Grassroot level // WORST SERVICE & FEEDBACK.To: "india.branchbanking.head@citi.com" , india.consumerbanking.head@citi.com, india.ceo@citi.com, india.operations.head@citi.com, Executive Response , "head.customercare@citi.com" , vikram.saraf@citi.com, arghya.dasgupta@citi.comCc: "retail.dox.india@citi.com" , "nishashriram@citi.com" , r.singh@citi.com, rakesh.singh@citi.com, collection.external.ombudsman@citi.com, Rishabh Dangwal

Good Evening Gentlemen,
Seems like 40+ minutes calls , 5 months old pending incidents ( & still counting) , no call backs, one sided followups from customer end and unexpected/surprise charge-backs are becoming the new hallmarks of 201 years of Citi in India.
Is there anyone even working on the matter ? I am still waiting for an acknowledgement from your end.
Meanwhile the incident history is now live at goo.gl/LAcB0G  (just in case your executives/underlings are not providing your proactive updates) & you can have a look at the glorious way the incident is being handled by Citi. 
Awaiting some action on the matter since its now long overdue.
Best Regards, ,

---

Rishabh DangwalNetwork Security SpecialistOrange Business Services (France Telecom)RHCE | CCNA | ITIL | CEHWebsite:   www.ThePROHACK.com ,  www.RISH.co.in "Quis Custodiet Ipsos Custodes ?''

Update 30 March 2014 09:13 - 09:30 PM IST :

Finally got a revert from Citibank Vice president Jinit Thakkar, although it was on a separate email chain.

On Sun, Mar 30, 2014 at 9:13 PM, Thakkar, Jinit wrote:
Dear Mr. Dangwal,
This refers to you email of March 30th 2014.
We acknowledge receipt of your email.
Due to an extended holiday, on occasion of Gudi Padwa, we will respond to you by Tuesday, April 1st 2014.
Would appreciate your understanding till then.
Regards,
Jinit Thakkar
Head- Executive Response Unit
022-61755648

Pat went the response.
​

---------- Forwarded message ----------From: Rishabh Dangwal Date: Sun, Mar 30, 2014 at 9:30 PMSubject: Re: your email dated March 30' 2014 / SDN14026864 / old ref#020-486-450To: "Thakkar, Jinit" Cc: Executive Response , "principal.nodal.officer@citi.com" , "india.branchbanking.head@citi.com" , india.consumerbanking.head@citi.com, india.operations.head@citi.com, india.ceo@citi.com, "head.customercare@citi.com" , rakesh.singh@citi.com, "nishashriram@citi.com" , vikram.saraf@citi.com, arghya.dasgupta@citi.com

Hello Jinit,
Lets not start one more email chain on this issue since there are already plenty , I will be looping you in the main email chain & I expect a revert on the same one. 

Please let me know if Citi will provide me some conclusive feedback by 1 April or will it be the same 5 month old weasel words/updates of "under investigation"/"being looked by internal team"/"awaiting confirmation from internal team" since Simmy / folks left the investigation in lurch & have wasted a lot of my research time in followups with Citi, mental harassment aside. 

Awaiting a LEAN & concrete feedback from Citi.
Best Regards

---

Rishabh DangwalNetwork Security SpecialistOrange Business Services (France Telecom)RHCE | CCNA | ITIL | CEHWebsite:   www.ThePROHACK.com ,  www.RISH.co.in "Quis Custodiet Ipsos Custodes ?''

Update 30 March 2014 09:43 PM IST :

Looks like even the Citi India Vice president Jinit Thakkar have got a taste of bad customer service, from folks at Samsung, had a #facepalm moment.

An amusing read at -

www.consumercomplaints.in/complaints/samsung-c303958.html

Somehow, it feels like a guilty pleasure. FYI details are - Jinit Thakkar Asst Vice President , Citibank India, mob : 9820401881 

Update 31 March 2014 12:43 PM IST :

Had a word with Manisha Shriram / Jinit Thakkar from Chennai, they required 1 more day to investigate the issue since its holiday at Mumbai. Also, internally escalated the matter to Orange / France Telecom Finance department.

Update 31 March 2014 06:00 PM IST :

Finally got the call from Simmy Sebastian (executive response unit), to cut a long story short-

1. As per him he has retrieved the clippings.
2. He has seen that cash is being dispensed.
3. He asked if I was informed about cash reversal -> negative
4. He asked if I had communication from Keerti -> positive
5. Asked him to drop an email about it, he asked for 1 more day to have a conclusive feedback.
6. Asked him if anything is required from my end , he said nothing else is required.
7. He said he will provide a final stand on this regard by tomorrow.

Read more

by Malik korrich ~ vendredi 28 mars 2014 0 commentaires

Best Hackers of India–Revealed

I have had enough..I am very very pissed off as India has become the land of the skids & the greatest contribution to the same has been provided by imitators of Fadia business model ..And for the time being they are having good business by making fool of naive minds. Nowadays everyone I see (and meet) is a freelance security consultant, without even knowing the basics and intricacies of Security as process,acumen,method & lastly knowledge.

When I ask them, "Oh great, nice to meet you, so what you have been working on lately?"

The answer is cryptic bullshit about using Trojans, hacking Facebook profiles (using *means*..duh) , pentesting websites (using haviz/acunetix or automated tools without doing any static code analysis, or XSS'ing the website without even the hint of persistent ones) ,servers and even SEO (!).

A more advanced skid one will babble about using Backtrack/KALI and impress by using metasploit to show how exploits are run to compromise systems (insecure one, also in place of writing their own they just update it) , bit of showing connections to underground scene (wait what ?!) & having everyone by a cryptic handle in their Facebook profiles. 

"Nice..So..what is *new* that you are working on lately?" I exclaim.

The media ?

Well..it goes apeshit whenever they hear about hacking prodigies. Well to uneducated media journalists, let it be known to you, RESEARCH BEFORE YOU VOMIT ANYTHING. Why don't you go through Charles Assisi's Article on Ankit Fadia and LEARN SOMETHING ?!!

Worst part - These guys are even authoring books on hacking. Go figure :/

Every time some hacking prodigy or best hacker releases a book on "guide to hacking" with age old obsolete (& mostly stolen) content, a cute bunny performs harakiri with his copy of Sn0wcrash somewhere .

Point in question is that NONE OF THE GUYS WHO PROCLAIM to be the BEST HACKERS IN INDIA have never appeared in reputable security conferences to show their mettle. Instead, they have created their own versions of DEFCON & HACKING CONFERENCES so that they can sing songs about their privates in full glory.

    PS: Every time I read Norman Shark's report on an Indian APT, I have a facepalm, just saying. How on earth it was classified as an APT is beyond me.But again, not diverting too far from my point, back to Hackers.

I owe to a lot of people ; yes, every pro was a skid, I admit it, however what separates a skid or a Charlatan from a true 1337/seasoned security researcher is their attitude towards learning, reproducing, validating and then putting their own blood,sweat & tears into research to advance it. 

I have met a quite a lot of talented folks in corporate world and have got the privilege to work with some extremely talented people in network security (I am looking at you fambon/jach/m0d412 =] ). Having watched the scene carefully, I wanted to make note of some of most talented folks in Indian security scene today,  people who are Hackers (whether they acknowledge it or not) and are not *self proclaimed Hackers/best Hackers/leets* (guys you will find dime a dozen).  Seriously guys..where is Halvar Flake of India?

I wanted to do it as they have made significant contribution to the Indian hacking scene , be it awareness,exploits,pwnage or anything, they have been doing what is needed today , rather than to create an army of skids that gave everyone a bad name.

Of course you will argue that the real guys are always hiding in the shadows (read:null) & there are a lot who are working behind the scenes,but still these are the ones you would like to know about (in no particular order).

1.  Sanjay Rawat

Veteran security researcher specializing into Code optimization, Machine learning,VA,fuzzing and Network security. One of my heroes I look & greatly idolize.

2.  Rahul "fb1h2s" Sasi

I have known Sasi since quite some time, & he is the current torch bearer of the face of Indian hackers, his research into HID devices-Biometrics,Datacards,IVR has recieved widespread attention and has given Indian security scene a good name.

  PS: Rahul, if you are reading this , I chose this pic as this makes you resemble more like a cross between Alan Cox & Cory Doctorow, some offbeat folks I greatly admire, no kidding : P

3.  Vinay "Vinnu" Katoch
Long time L0Xian has impeccable skills in exploit development, reverse engineering ,malware analysis and development. Known for his exploits in JVM,ASLR/DEP bypass and his quite nature.

 

4.  Vivek Ramachandran

Well, how he can be even missing from this list. His famed Café Latte Attack & his latest primer on making security accessible to everyone via Securitytube has helped millions to learn security the right way, at least the nascent steps. Kudos to him.

5.  Rajshekhar Murthy / Atul Alex Cherian
The Malc0n duo is quite infamous for bringing raw,uncensored malware research,development into the spotlight. Malc0n exclusively focuses on proactive malware research and analysis & the responsible folks have been instrumental in making it an international platform.

Honourable mention : Folks at n|u,g4h,SX, I always take you for granted since you have always been 1337s, you don't need a lesser mortal to define your contribution to the scene.

I hope my rant was quite clear (!) , concise and to the point, I hope the next time you will hear about some Indian hacking prodigy in your local newspaper, Facebook page or on a poster at your college campus, you will QUESTION YOURSELF TWICE & ask the goodol' folks at n|u/SX/g4h for a piece of their mind.

If you want to go through the last time I ranted about the BEST HACKERS IN INDIA, click here.   You can also read more about Charlatans at Attrition.org, my favourite place to kill off time.

Just in case you might question my authority of ranting about the topic, then well, I hope you will get it someday.

Read more

by Malik korrich ~ vendredi 9 août 2013 0 commentaires

Snapdeal Sucks - My experience with Snapdeal.com - Its Pathetic,slow and unresponsive

It all started with me hunting for a point and shoot camera for my mother. To be frank , any camera with no hassles & fair performance would have qualified and I was personally looking for Nikon L26;  but since it was deemed out-dated by Nikon itself, I hopped in for Nikon L27 violet colour camera. Now, to be frank I never wanted to go out of Flipkart/Infibeam since they have stood the test of time with me, but somehow I ordered it from another popular online portal Snapdeal.com & there the things start to get interesting.
For starters, I never received any email of purchase confirmation, I thought it might have landed in junk/spam folder but hell no. I double checked my email filters, searched every label but nopes..zilch..nada..I  simply didn't get any email receipt of purchase from Snapdeal. It was the first omen of a Bad Deal (aka Snapdeal) . Thankfully I didn't closed my browser windows, I was lucky to take the snapshot of transaction , noted down the transaction id from my bank statement , drank a glass of water & wiped away the sweat that scorching Delhi summer delightfully gave me.
5 minutes later I received an SMS from Snapdeal regarding my order number, I matched it with my snapshot, went online again and found after providing my details, the estimated shipping date was 20th May 2013.
I tried to login into Snapdeal and found that since I created an account long time ago (when Snapdeal was not into store business and was into deals business) , I didn't actually remembered its password. I tried to reset it, but received *NO EMAIL* from Snapdeal. Now that was alarming, I was not able to reset my password, not able to get an email receipt and I was not very sure about the delivering capability of Snapdeal (quick search on mouthshut.com was quite revealing).
Immediately I called customer care (+91-92126-92126) , after hearing to whistles and caller tune for 5 minutes (yes, *5 minutes*) , my call was picked. I explained to CCE -

1. I am not getting email from Snapdeal.
2. I did not received an receipt.
3. I am unable to reset my password.
4. What is the status of my order as of now and by what time will it get delivered.

The CCE responded -

1. He can not reset password nor help me in any regards in account or email issue.
2. My order was under processing and he can not provide an estimated delivery date.

I thanked him and hoped for the best.
Also, I logged into Snapdeal via FB authentication and was still not able to reset the password.
That was on 15th May 2013.
Now ,to be frank I have never ordered anything from Snapdeal before, one of my friends (Gurpreet Singh) had once ordered some stuff from it , but he warned me about Snapdeal's performance issues after I placed the order.
While I was gleefully cursing him "Saaley pehle kyu nahi bataya !!" , he reassured me that they are slow but they atleast deliver the goods.
"Also, shipping date is 20th,you might be getting goods before that in your hands", he finished gulping his last glass of lassi.
Nervously I reassured myself and crossed my fingers. Who knows, It wasn't for me, it was for my Mom and I wanted to get it delivered on a timely manner.
17th May came and status was still "processing" on the website. Furthermore I tried calling to customer care thrice with no one responding on the number. They also hanged up on me on one occasion without CCE interaction.
Now I was getting a bit angry.  18th May, it was Saturday noon and order was still under processing. I tweeted to Snapdeal

No response from Snapdeal as of now. Also, I sent the email to Snapdeal helpdesk (help@snapdeal.com)

Team,
I bought Nikon Coolpix L27 16MP Point & Shoot Digital Camera (Purple) Order Number 994202497 Item code 1333471211, its been 3 days but I have NOT received the email reciept of order. Further more I am not able to verify my snapdeal account as I am not getting any emails from Snapdeal regarding verification and order.
I have looked into SPAM/JUNK folder to no avail. I mentioned the same to customer care on 9212692126 but they were helpless.
Furthermore, Why is it so much delay in processing the order ? 3 days and its still processing. Whats the bottleneck in it ? I never had such slow response from any of online retailers I have used ?
Please get back to me on the double.

You guessed it right, no response from Snapdeal.
On 20th May I shot another one.

Dear Team,
Still awaiting your response. Its quite incredulous that I am following up for an email response which should have been your duty . Its 20th may and the product page still shows shipping date of 20th May with no update. I had a word with CCE Maninder Sandhu (yeah I got lucky, finally your customer care picked the call) for  an update on the order but then he himself was helpless regarding the same.
Its pathetic how you are keeping the money interest free without giving any proactive updates on the status of order and keeping customer completely blind on it.
Nevertheless, I will be waiting till 21 May on an update for a fair chance. After that , I will be cancelling the order and will be filing for a refund.
Regards

Seriously, I could have posted call records but then I think it would have been a bit overkill. But then, if they could record our calls for "quality & training purposes" then why cant we use them for some real "quality" purposes ?
I had no idea what was going on, at least an email response would have sufficed. We live in a country where consumer is hailed as king, I have no complains with late deliveries, I am actually angry with no/diminutive response from Snapdeal team. I have paid for an item first rate , online , in single transaction with no dues pending , no instalments and they are keeping my money interest free , processing it according to their whims and are providing no reasons for delay. Furthermore, response time is pathetic, I got the reply from Snapdeal on Facebook page / Twitter , 2 days later, & that too that they are looking into it and order will be shipped today.

Also, a quick look on their FB page reveals that I am not the only one frustrated from Snapdeal, see the below image or click the mentioned link.

Later,  I got an SMS from Snapdeal that order has been delayed.

But the online portal is still showing that order is under processing and I really dont know what information to trust.

I was also not able to cancel my order as I CANT REACH TO CUSTOMER CARE AND I AM NOT SURE IF MY EMAILS ARE EVEN READ. As per Snapdeal's guidelines, they can choose to accept or deny my request of cancelling the order based on their convenience and understanding of situation.

If you cant read it, to quote Snapdeal (Trust me, its an amusing read)

10.2 Cancellation by the User: In case of requests for order cancellations, Snapdeal reserves the right to accept or reject requests for order cancellations for any reason whatsoever. As part of usual business practice, if Snapdeal receives a cancellation notice and the order has not been processed/ approved by Snapdeal, Snapdeal shall cancel the order and refund the entire amount to You within a reasonable period of time. Snapdeal will not be able to cancel orders that have already been processed. Snapdeal has the full right to decide whether an order has been processed or not. You agree not to dispute the decision made by Snapdeal and accept Snapdeal's decision regarding the cancellation.

Very cute .
Bet I would have called Snapdeal for cancellation and they would have cancelled my request because they “had processed my order” .. and because its written in clause 10.2 .
As of now, summing up my entire experience on Snapdeal echoes the following problems again and again -

1. Lack of proper communication to customer.
2. Unresponsive support &
3. Broken implementation of information systems.

I want to reiterate again, that I don't have any problems with delays provided proper , proactive and responsive communication is done with customer and issues regarding information are handled adeptly. I once had an order from Flipkart halted for around 14 days, but never once I had to be bothered about it because the responsive CCE’s provided me concrete updates, on 7th day they offered a refund which I gladly accepted.
As of now, I haven't got any response on my tweet to Snapdeal

Another call to CCE Maninder Sandhu (I just got lucky) was fruitless although he was a nice chap and was trying to help.
Lessons learnt :

1. I wont be shopping from Snapdeal again, thats for sure, unless they make some really radical changes in their system.
2. Wont be ordering from my hard earned money from portals that are pathetic.

I do hope Snapdeal takes my rant as constructive criticism and infuses something into its DNA for the greater good.

Meanwhile, I am still waiting for my camera to be delivered .. : (    
(6 Days at the time of writing ) and counting..

Update 21 May 2013 6.04 PM IST  : 

To top it off as of now -

1. Still estimated shipping time on webpage is showing 20th May, but it has been updated that tracking number will be available in 12 hours, so I actually dont know what is the correct update.
2. Snapdeal_help on twitter promised a a shipping by today but to no avail . They actually update my Mother and not me regarding that, but alas, its still showing pending.
3. According to CCE Akash, package is ready for courier and will be shipped by tomorrow first half. One more date..Lets see how it goes.
4. Snapdeal FB page removed the negative comments, however you can see them in the picture which is given above.

Update 21 May 2013 7.00 PM IST :

Got a call from Snapdeal Okhla Office from Monika , provided courier tracking number and apologized for delay, I thanked her. Also, as per her, the tracking number will be active within 12 - 48 hours, I promptly checked the 11 digit tracking number which was not active on Courier service (Bluedart) page. She might be right. Will check it tomorrow morning.

Update 22 May 2013 6 PM IST :

AS of now, Snapdeal has *FINALLY* shipped my order (YAY!!) . But again, it has been delayed by Courier Service. As of now, I was in talks with Assistant Mgr at Courier service who was quite helpful and said the product will be delivered by tomorrow. All I hope it is a functional one as this long delay has shaken my already non existent faith in Snapdeal.

Update 23 May 2013 6 PM IST :

Finally, after numerous delays, Order was delivered.  The bottomline ? Well, the issue was already escalated at Snapdeal end , the pity was that when I checked at support.snapdeal.com , my ticket was not updated in 3-4 days, and one was closed with remark that customer (thats me) was not reachable. Excellent, it was only when I started escalating the matter on online and social platforms, they came into action and hasted the matter. Still its 8 days, which is well beyond the norms of a normal e-comm site.
I am glad it all ended well. Mom got the camera and I got to see the inner workings of an e-comm site.

Read more

by Malik korrich ~ lundi 20 mai 2013 0 commentaires

Wardriving at Delhi Updated –The OPEN, WEP & WPA faces of Delhi

I got an overwhelming response to my Wardriving at Delhi project and have got a lot of emails regarding the same. I am so thrilled that so many people want to contribute to the project. Inspired by your feedback, I am here by producing here an update to my mapping project. This time I went Via Saket to Gurgaon and as usual I got a lot of access points which were OPEN with no security, WEP secured vulnerable access points & WPA/WPA PSK2 secured points.
 
As usual, I used -

• Kismet
• Moocherhunter
• Aircrack
• G-MON & WiGLE

The target is to make a map of Delhi with all the access points  to analyse in layman terms -

1. The security awareness of people and organizations
2. The devices they are using
3. The security mechanisms they are using.
4. Wifi range analysis of individual device.

Well, in all you can find the data from below links -

• Hotspot details / BSSID (See if you are on the list) =))
• Google Maps KML Data (See it in Google Maps)

If you are interested in contributing to the data, please contact me at admintheprohack.com . You can also read how to Hack Wifi using Backtrack , How to detect if someone is using your WiFi  or how to detect WiFi hotspots . If you are having an Android, you can also read about how to use your Android for Wardriving.

Happy Wardriving.

Read more

by Malik korrich ~ samedi 30 mars 2013 0 commentaires

LinkedIn Malware - Profiles hit with 청강아카데미학원

Recently I have noticed a lot of LinkedIn profiles (especially belonging to Indian subcontinent) have mentioned “청강아카데미학원” in their educational details (Go Google). On further querying with friends and some readers have got an identical response that NO changes have been made from user end. Its a suspected XSS hit and LinkedIn team have been notified. Will update here if I get a response.

Read more

by Malik korrich ~ mercredi 2 janvier 2013 0 commentaires

Mikrotik Routers rock– Cheap, awesome and beats Cisco at same price

Working at Tulip Telecom has his own charm, you get your hands on an array of devices and lots of research . Well, i got my hands on Mikrotik routers, i have been working on them for a considerable amount of time (more than 6 months) and they are awesome. Here’s what i like in them -

• Awesome Router OS
• Extensive IP accounting which can segregate and display bandwidth utilization by IP,vlan,interface,source,destination .. and even more..you name it it has it.
• 3G modem/VPDN support.
• Extensive Queue and filter support, with ability to use burst limits and can be extended on individual interfaces, vlan etc. its a full fledged firewall provided you know how to use it.
• Wi-Fi support.
• Can do Email, SMS/SMS gateway..Hell..you can even run a PHP server inside Router OS
• Supports MPLS , BGP, OSPF, Multicast ,DHCP
• Netflow server
• Packet capture, Wi-Fi snooper, packet capture can be opened using wireshark
• Scripting support to insane levels
• Hardware encryption
• Easy to deploy
• Stable..and Cheap
• and much much more..

I would prefer it over a DD-WRT/Tomato enabled Linksys any day on a tight budget :) If only people knew about it..then i guess,picture would have been different for Cisco

Read more

by Malik korrich ~ vendredi 17 février 2012 0 commentaires

Increasing Reliance Netconnect speed, Online Transaction failure and Customer Care woes

Since my data card limit was over, so i got Reliance Netconnect from a colleague, thought it might come handy while posting “IP Subnetting - The easy way” at Prohack and some simple surfing, I was already skeptic of taking the data card actually as I previously had a very bad experience with Reliance Netconnect  and doubted if their broadband services are any good. I bet my MTS Mblaze makes it eat dirt any day ,but I had no option at that moment and thought , lets give the fucker another chance.

Ah well..you can say it was more than bad. Firstly, the data card has pretty bad speeds (~30 KBps) and then connection dropping issues. Mind you, I live in Delhi NCR and get full signal bars all the time on Reliance Netconnect Broadband + but still it barely managed to load Facebook. I thought, why not to change the DNS, on experimenting, I found Open DNS and Verizon DNS to be the most stable of all and I got a speed boost of 90-100 KBps : ]]

Here is how you can Increase speed of Reliance Netconnect Broadband + datacard -

Plugin your data card, launch application, go to settings, click on edit.

Click on advanced and put DNS server IPs. I found Verizon 4.2.2.2 //4.2.2.1 and Open DNS  208.67.222.222 // 208.67.220.220 work best for me. You can also try Google DNS 8.8.8.8 // 8.8.4.4 . Experiment and pick your choice.

Once done, click OK, save it and connect. you will get improved speeds..The whole process makes me wonder why Reliance’s default DNS is so slow . Do they even use their datacards at their home ? :|

On to my story, Since, even after changing DNS, the speeds were not good enough for me, so I thought, why not to recharge my MTS Data card online and then use it.  Instantly I opened MTS website and after entering required details, transferring money to MTS from my online account, the page hanged and session was timed out. Responding to my sense of deja vu, I checked the data card and found it was not sending/receiving any data. the fucker dropped the connection just I when i was about to get my transaction completed.

I guess it took its revenge :X

I immediately emailed to MTS customer care/RechargeItNow/Bank customer care and I have *yet* to receive a helpful followup message on email. I contacted MTS customer care on phone and entered 1,1,1,1,,1 waited for 2 minutes 46 seconds (yeah..i timed it) , the automated IVR said “after several tries you have not entered any number, so we are transferring your call to our expert” . Well..it wasn't my fault, again, there is some fault in their system as I tried 3 different valid MDN numbers later on and I got the same result. Nevertheless, I was put on call with an *expert* to whom I explained my issue and asked for escalation matrix, the details of email ID and in simple words, “what to do in case of transaction failure, the MTS way ? ”

The result was flabbergasting, the CCE spoke in an english which by all means was incomprehensible to me, I politely disconnected the call and then fumed for 2-3 minutes while looking at the Reliance datacard.

Protip : If you  hate someone, gift him a Reliance datacard and watch him cry tears of blood :P

In the meantime i am still waiting for a positive response from my bank/MTS/rechargeitnow.

That was last night and I guess i have been outsmarted by a pathetic Reliance Netconnect.

Read more

by Malik korrich ~ mardi 31 janvier 2012 0 commentaires

Chinese Hackers Trojan-ize US Access Card - The curious case of Sykipot Trojan

Researchers at AlientVault have uncovered a new strain of Sykipot Trojan which has been used to compromise the Department of Defense-sanctioned smart cards used to authorise network and building access at many US government agencies, the Trojan has been adapted by Chinese hackers in order to lift credentials from compromised systems in order to access classified military networks. The Trojan inadvertently targets PCs attached to smart card readers running ActivClient, the client application of ActivIdentity, in what's been described as a 'smart card proxy' attack.

Read the full Story at the Register

Read more

by Malik korrich ~ samedi 14 janvier 2012 0 commentaires

WiFi Protected Standard vulnerability – Cracked, Bruteforced and Documented

A new critical flaw in Wi-Fi Protected Standard (WPS) has recently been uncovered by Security researcher Stefan Viehböck that leaves wireless routers open to attack. The inherent vulnerability lies in the design protocol that splits the 8 digit PIN in two halves which reduces its complexity and henceforth the time required to crack it. Simple permutations and combinations deduce that an 8 digit pin will create 100 million possible combinations and during his testing Stefan found it takes 2 seconds to test each combination, so bruteforcing was not a feasible option.

Unfortunately, after entering the first 4 digits of a pin, the protocol used by WPS confirms if they are correct or not, which means the pairs can be attacked separately. Also, the remaining 4 digits is just a checksum, so if an attacker has the first 4 digits, he just have to try ~1000 combinations to crack it open , which brings it to a total of 11000 different combinations to the correct pin which reduces the attack time into a matter of hours. You can find the documented PDF here and read the awesomeness.

I guess router manufacturers are up for a software fix, till then , I guess we all have to go back to MAC address .

You can also read how to Hack Wifi using Backtrack , How to detect if someone is using your WiFi  or how to detect WiFi hotspots . If you are having an Android, you can also read about how to use your Android for Wardriving.

Read more

by Malik korrich ~ mardi 3 janvier 2012 0 commentaires

5 software I cant live without on my laptop (Windows) – A look inside the self confessed geeks laptop and mindset

Hello fellas,

I purchased a new HP DM-3210AU machine in October, an amazing piece of hardware and one of the highest rated netbook/sub notebook of all time, and yes, I am quite impressed with its performance and capabilities. I finished my share of Call of Duty 4 on it, prepared GNS3 Topologies over it with ease and the machine chomped away everything like a no brainer. In case, ou have been wondering where I had been, you might like to read about it or want to join the Facebook page where I post more frequently .

Well..continuing to my desktop,here is how it looks : ) .

Well..then out of blue (and I think it was Redbull) I decided to write an article on 5 software I cant live without on my new machine , which allows me to simultaneously multitask on it with ease and efficiency.  Consider it as a follow up of Top 10 software I cant live without on my PC.

Windows Live Mail

Now here is one of the good things Microsoft has invented, the next generation of Outlook express, simple, easy to use, intuitive and FAST. Though you will argue why I don't use Mozilla Thunderbird over it , well..Mozilla thunderbird is almost takes the same amount of memory as its Windows counterpart, but is twice as slow in terms of interface, and speed matters to me much while checking emails, I do hope you will agree with me. Although I do hate the calendar feature of live (which is a pain due to various issues) but still, it does the primary job it was conceived for.

Download it from here.

Virtual Wifi Router

Again, an amazing piece of software that frees you from the headaches of Android Adhoc wifi patching and the likes of purchasing buggy paid software like Connectify for creating wifi network with ease. I was fed up of creating adhoc networks on Windows 7 and check that my HTC Wildfire (Cyanogen mod 7, version 2.3.7) was not able to properly detect it, there came Virtual Wifi Router to the rescue and trust me, its the best Wifi Network sharing software you will ever get. Highly recommended !!

Download Virtual Wifi Router

K-Lite Mega Codec Pack

Power user friendly yet easy to install , this codec pack will just blow you away, no need to install any other x-y-z player to do the job if your windows media player can play everything (i actually like to keep my laptop clean and use it with minimum software) from the most popular formats to arcane ones..and even allows for great amount of tweaking using its ffdshow interface. link it up with Virtualdub and you have a true gem. Included tools like Gspot, mediainfo and more add the cherry to the already delicious cake . Again, no need of VLC (unless you are into multicast streaming, to confess, i am not much of a VLC fan) and no need of anything else, one codec pack to rule them all : ) .

Download from here

GNS3

I dont think I need to elaborate upon it, since the time I have joined Tulip Telecom, it has been a part and parcel o my life, simulation of complex network topologies and whacky late night experiments (you know about them if you have been following the facebook page) are all possible because of this open source tool. Be it Cisco or juniper, it handles it with ease and the best part is that its hackable, configurable and programmable till the last drop. I have my custom version running over windows (self compiled :) ), pair it with putty connection manager and you are good to go. Also, you might want to look at sample GNS3 tutorials I posted at Prohack or more at the Facebook page.

Download it from here

Google Chrome

Now again..love it or hate it, yet I find chrome as indispensible as a browser, I had issues with Mozilla Firefox (old memory bastard) and Internet Explorer 9 (old bastard), Opera is a favourite but again, I had some issues with it again (opera link issues, broken plugins) , so I finally settled on chrome for general browsing and acceptable response times, but when it comes to testing some web based apps, i jump to Opera for the same for its intuitiveness. Trust me, when it comes to choose a browser, i call it as a choice between evils. So go with the lesser one . You might also want to look at Google Chrome Easter eggs

Download it from here

Well..that sums it up I will be back with some more ramblings of mine.

Till then,

Stay Gold..

Rishabh Dangwal

Read more

by Malik korrich ~ lundi 14 novembre 2011 0 commentaires

I too Intended to join a Security NGO (period) and I was proved wrong.

I came to know about HANS when one of my friends joined it,and eventually I was interested. Hence I thought some research shall suffice before joining one.

PS : bear with me, I am on my android and my thumbs hurt :| Also, in some places, the formatting might not be correct, android blogging issues .

I actually visited their site http://www.indianhans.org had a look at it and found that it had -

1. A non working Facebook login api system which actually logs you out when you do try to log in, tested it on chrome 14.0.835.163 m / Windows 7 (office PC after hours). Also, a flawed login system that allows you to login inside the side without email confirmation, also PHP code is vulnerable.
2. Some outdated references to outdated CVE's and nothing of particular interest.
3. Some 0days which have been patched up long time ago
4. Whitepapers that on google hacking and mobiles which have been published like wildfire in late 2000's, again nothing of particular interest here
5. The "Team" that comprises less of experts and more of management folks. No one with any background of security here.
6. Link to Indian HANS youtube channel.
7. Pretty crap and old flash games about hacking. LAME !
8. Backtrack introduction (mainly) and no technical tutorials in short
9. Zero original research.

Disillusioned,  I wrote a mail to Indian HANS team and  queried Indian HANS team regarding the services they provide and what they do -

Subject : Queries for Indian Hans team from a Security Enthusiastic
Dear Indian HANS Team,

I have some queries which I would like to be answered -

• What is the ultimate motive of HANS ? Are you consultants ? If YES then on what grounds ? If NO, then ,

Can you provide links to your -

• Original research
• ORIGINAL technical advisories/papers
• Tools that you wrote
• Code that you released
• Configurations of exotic software
• Exploits and modules
• 0day/0hour vulnerabilities
• Vulnerabilities what you found
• Cases of complexity that were solved
• CVE
• Documentation of exploits 
• Original findings
• Which fellow infosec researchers are working at HANS? All i found was more of management guys (seriously?) volunteers,executives,technical experts,naive girls,inexperienced folks but no security folks or self confessed hackers with known security experience and expertise.
• What is the symbiotic influence of joining Indian Hans ? Or Why SHALL we join HANS ?

--
Warm Regards,

Rishabh Dangwal
Network Security Analyst
TheProhack.com | Rish.co.in
India

"0x72697368 was here, 2620796f75206172652077617374696e6720796f75722074696d65202e2e2064756d62617373"

 and waited.
 A day passed and the reply came.

Subject : reply to an abuse mail

Warm Greets,

First of all I would like to say thanks, for being so concerned about our organization.

Following are the thoughts I would like to share about our organization.

1)      Our motive is to fill the gap between the cyber victims and the security experts, as many times we felt that in spite of  availability to many security experts in market still victims are not able to get there answers.
2)      Yes, we are consultants/Knowledge Sharers as we guide the common measures to cyber victims and government bodies [maharasthra/Punjab police]such that they can overcome a cyber crime rate.
3)      I have written 2 International Papers :
·        In response to Google Hacking
·        Future Email Security

And 2 national papers:
·        Mobile Security and upcoming challenges
·        Acknowledgement based System for Mobile Security.
4)      I have not written any security tool/configurations yet But, I write other Business applications for Accenture as an Associate Software Engineer.
5)      We have solved numerous cases  which deals with daily cyber problems including ATM cloning case [chandigarh], Source code theft case [Pune], Abuse email, fake profiles, email threatening and other hundreds.  www.youtube.com/theindianhans
6)      Ya, you are right 90% of our Organization members have managerial skills, because we strongly believe that having only technical knowledge is not enough to cease the cyber crime rate, because solving a cyber crime is thinking out of the box process.
7)      Joining a HANS, shows your commitment towards our society, that you have a zeal to help others with your knowledge and skills.


I also wish to bring to your notice without hurting your ego and sentiments that,

We are not competitors of any private owned body who work only for money. Many times we get such mails which prove that really HANS is doing a greats job. These kinds of mails show our Power of being united and our influence on other private organization. It is my humble requests kindly don’t compare our NGO with other private organizations as our motto is different. we don’t believe in writing the viruses, exploits, tools and other stuff because these things wont help a common man who is not IT literate, to overcome a cyber problem. I wont ask you same the questions as I have nothing to do with same.  I hope I have given your answers without hurting you and your team members feelings. I highly apologize if I did so.

Thanks

Happy Hacking

HANS TEAM.

Now that was interesting, my mail has been treated as an abuse email, well..nevermind. A rather to-the-point approach may be confused with that. Well, what they said -

1)      Our motive is to fill the gap between the cyber victims and the security experts, as many times we felt that in spite of  availability to many security experts in market still victims are not able to get there answers.2)      Yes, we are consultants/Knowledge Sharers as we guide the common measures to cyber victims and government bodies [maharasthra/Punjab police]such that they can overcome a cyber crime rate. I actually expected that HANS shall justify itself as a for-profit/not-for-profit organisation and why it requires money to join it when the elite organisations for example Null is a self sustained, free and aimed at the very thing HANS intends to achieve. helping naive people ? Ofcourse..thats why a lot of organisations has been growing like mushrooms (kaizen ?) and making money from it by joining it.  The core thing is that i am 100% sure that volunteers / infosec reserachers wont learn anything new and will waste their time here.

moving on ,

3)      I have written 2 International Papers :·In response to Google Hacking·Future Email Security And 2 national papers:·Mobile Security and upcoming challenges·Acknowledgement based System for Mobile Security.Great..i disregard them as recycled content, already checked it. 4)      I have not written any security tool/configurations yet But, I write other Business applications for Accenture as an Associate Software Engineer. that was fine with me.  5)      We have solved numerous cases  which deals with daily cyber problems including ATM cloning case [chandigarh], Source code theft case [Pune], Abuse email, fake profiles, email threatening and other hundreds.  www.youtube.com/theindianhansAgain, they have solved a lot of cases and hundreds , i would regard it as weasel terms. no journal on how they were solved, the method, instrumental techniques, research employed, tools/techniquies deployed, the collaboration, nothing covered, nothing said, just distorted videos at youtube. Again..no references to it. 6)      Ya, you are right 90% of our Organization members have managerial skills, because we strongly believe that having only technical knowledge is not enough to cease the cyber crime rate, because solving a cyber crime is thinking out of the box process.7)      Joining a HANS, shows your commitment towards our society, that you have a zeal to help others with your knowledge and skills.

How management can help decrease cybercrime rates is beyond me unless they really have the skills to get it in their heads. All aboard the failboat here.

I also wish to bring to your notice without hurting your ego and sentiments that,

We are not competitors of any private owned body who work only for money. Many times we get such mails which prove that really HANS is doing a greats job. These kinds of mails show our Power of being united and our influence on other private organization. It is my humble requests kindly don’t compare our NGO with other private organizations as our motto is different. we don’t believe in writing the viruses, exploits, tools and other stuff because these things wont help a common man who is not IT literate, to overcome a cyber problem. I wont ask you same the questions as I have nothing to do with same.  I hope I have given your answers without hurting you and your team members feelings. I highly apologize if I did so.

thats nice of you,and encouraging, but since you dont write viruses,exploits,0days or anything remotely related with it, then -

• Why they are linked in your website at http://www.indianhans.org/index-4.html  ?
• How do you decipher complex hack jobs them when most of your team is management one with no background of security

Anyways..i fired up my android and wrote a reply.

Subject  - Re: reply to an abuse mail
Dear Indian Hans,

The email was not an intended as an abuse email as indicated by your subject,  I would rather pass your defenses as plain excuses for hiding underlying incompetence since it requires Money to join and still no viable, updated information/code/application (as you said you develop it as associate software engineer for organisations , yet saying that you bridge the gap) , accurate information (I studied the Google hacking and mobile whitepaper, the stuff has been published before a million times, hence I would just regard it something to enhance resume) and would consider your organization nothing but a money making enterprise run by homebrew entrepreneurs without any credible research, what you solved in cases what nothing I shall say of technical callibre or "hacking ", its in more generic sense called as tech support for those who know nothing about cyber security,  while earning fame and money in the process.
I earlier thought to join it, hence inquired about it in a rather direct & to the point manner,but your response, links, references and treatment of it as an abuse email (?) makes me guess its in my best interest to stay away and convey the same to intended audience.
Stay superb

-sent from my android-

call me harsh, but that is the reality. And I am waiting for the reply. Now, I can say that I too Intended to join a Security NGO (period) and I now I am thinking otherwise.

Read more

by Malik korrich ~ mercredi 21 septembre 2011 0 commentaires