Shikha.hyd's blog

The mega online retail store, FlipKart is in news for raising a whopping $200 million, i.e. 1,200 Crore from its existing investors. According to the sources, this is the single largest Indian e-commerce space round of investment.

Revealed by the sources familiar with the latest development, FlipKart is valued at $1.5 billion by the investors.

The investors for the company has generated after almost 5 rounds of funding, a massive turn over of more than $380 million. Previously the investors, the South African Internet major, Naspers has bought out bus ticketing startup redBus, private equity firms Accel Partners and Tiger Global, and San Francisco-based family office Iconiq Capital.

Sachin Bansal-co-founder and the CEO of FlipKart:
According to the co-founder and the CEO of the Online retailer, Flipkart- Sachin Bansal, this investment model was an e-commerce growth story and a major validation of the FlipKart model.

He said, "There have been skeptics on Flipkart and Indian e-commerce. Today's development should put to rest these arguments,".

Recent investments:
The massive investment and its validation received by FlipKart is an indication towards global acclamation of the interest of Indian technology startups. The other major investments are as follows:

-In 2011, SoftBank, Japan's telecom and Internet company invested $200 million in Bangalore-based ad network Inmobi.

-Naspers invested in redBus an estimated amount of $120 million last month.

-In 2011, $108 million were invested on analytical services firm Mu Sigma by a consortium led by General Atlantic.

Future plans of company turnover:
Currently the total amount generated by FlipKart considering it annualised run rate is over $500 million, however according to the company co-founder and the CEO, Sachin Bansal they will soon hit the $1 billion mark by 2015.

He also confirmed that the company is not able to make profits only with the massive investments it has been making, the company would still be profitable if the huge investments were stopped.

He said, "We can be profitable if we stop investing. But we want to be market leaders in a number of categories, and the market is almost doubling every year, so it's a strategic decision to invest. Binny (Binny Bansal, the other co-founder) and I are thinking very, very long term,"

When asked how could the money generated through profits be used, Sachin Bansal suggested that they would be used for developing emerging talent, improving the current supply chain and also investing on technology.

He added, "One day last month we shipped 1.3 lakh items. That's 1.5 items a second, or, if you look only at daytime, about 4-5 items a second. In a few years, this will become several million shipments a day. The only way to handle that kind of volume is through automation, and that will require a lot of investment,".

With the growing popularity of the Online retail store which originally started with selling of best seller books has now laid its hands on numerous other products too which include electronics, apparel, watches, cameras, footwear, beauty & personal care, baby care and many many others.

The company has seen a drastic increase in the number of registered subscribers from just about 2.5 Lakhs users to a massive 96 Lakhs within a span of two and a half years.

Google researcher recently discovered a bug affecting Windows which was disclosed a few days ago, now publicises the working exploit of the new flaw without contacting the software company first.

Just few days ago, Google posted details of a flaw in Microsoft Windows which causes the PC's to crash or gain additional access rights.

Dustin Childs acknowledged unpatched vulnerability in Windows:
Acknowledging the unpatched vulnerability in Windows, Dustin Childs, a spokesman for the company's security response group of Microsoft on late Wednesday reported in an email, "We are aware of claims regarding a potential issue affecting Microsoft Windows and are investigating, We have not detected any attacks against this issue, but will take appropriate action to protect our customers."

Further questions related to the release of the patch or whether Microsoft had been aware of the vulnerability before it surfaced on the Full Disclosure security mailing list May 17, were totally avoided by Childs.

Google Researcher-Travis Ormandy:
Google researcher, Travis Ormandy revealed the vulnerability disclosure on Full Disclosure, discussing the flaw in the Windows kernel driver, "Win32k.sys," in Windows 2000, XP, Vista and 7 and 8 as well as Server 2003 and 2008 and also the publishing the working exploit, releasing a patch for the flaw.

He said, "I don't have much free time to work on silly Microsoft code, so I'm looking for ideas on how to fix the final obstacle for exploitation,".

The release of the exploit was made by Ormandy on Sunday, three weeks after the details of the flaw were published and new ways to exploit its working with a help of a patch was released on Full Disclosure.

The claims confirming the existence of a flaw was being investigated by Microsoft Windows. However it was later confirmed that neither any attacks were detected nor an advisory confirming the vulnerability of the attacks had been issued resulting in no fix at all.

From the recent release by the Google researcher, Travis Ormandy, Microsoft acknowledged a bug affecting Windows, however the attacks which caused the bug was not detected as yet.

Ormandy yet again posted to Full Disclosure on Monday stating, "I have a working exploit that grants SYSTEM on all currently supported versions of Windows,Code is available on request to students from reputable schools."

"As far as I can tell, this code is pre-NT (20+ years) old, so remember to thank the SDL for solving security and reminding us that old code doesn't need to be reviewed ;-)," Ormandy said on Full Disclosure.

HD Moore's say to Ormandy's release:
Metasploit founder and CTO of security firm Rapid7, HD Moore says, Ormandy's release of the exploit in this case was fair enough despite Micrsoft's approach.

"Personally I think [releasing the exploit] helped. After all, Tavis published a note to the full-disclosure list a few weeks ago, and Microsoft (as well as the media) had an opportunity to respond then. It wasn't until a third-party took his proof-of-concept and released a working exploit that Tavis posted his own."

Previously the patch or the working exploit for the flaw was released on a Chinese website before Ormandy's. Moore added that it was Travis Ormandy, who first released details of the flaw in the month of March.

In a couple of disclosures released in the year 2010, Ormandy has released information and demonstration code before for Windows vulnerabilities.

Andrew Storms, director of security operations at TripWire's nCircle Security
Andrew Storms, director of security operations at TripWire's nCircle Security said, "While the bug cannot be exploited remotely -- by sneaking attack code onto a compromised website, for example -- it still should be considered serious."

Storm added in an email, "If you consider that it takes a number of different vulnerabilities to successfully exploit Windows or a Microsoft application, a local EoP is an important step in that chain of breaking into a Windows system,".

"Note that one person responded to his [Full Disclosure message] requesting some code in hopes of adding it to Metasploit, So it might not be a big remote code bug, but it could be useful for attackers nonetheless.", Storms continued, referring to the popular open-source penetration testing framework used by security professionals as well as by cyber criminals.

The disclosure timeline was set from 60 days to 7 days by Google for actively exploiting the bugs. If within this time the vendor does not have a fix, Google researchers suggested publishing mitigations which could help in disabling a service of restrict complete access to it.