Short Measures and Broadband in Pakistan

The oldest known source for the expression "baker's dozen" dates to the 13th century in one of the earliest English statutes, instituted during the reign of Henry III (1216–1272), called the Assize of Bread and Ale. Bakers who were found to have shortchanged customers could be subject to severe punishment. To guard against the punishment of losing a hand to an axe, a baker would give 13 for the price of 12, to be certain of not being known as a cheat. Specifically, the practice of baking 13 items for an intended dozen was insurance against "short measure", on the basis that one of the 13 could be lost, eaten, burnt, or ruined in some way, leaving the baker with the original legal dozen.

A few centuries on from the initiation of the baker's dozen, and we have trading standards funded and operated by the government and off course regulators too. Their TOR extends far wider than preventing the short changing of customers, and also includes misrepresentation in advertising and supply.

But when we look at today's ridiculous practice of sellers including those magic words 'up to' in the fine print, they appear to be able to get away with just about anything.

Take broadband service. If two of us purchase a broadband service of 'up to' 8Mbps at Rs 6999 per month, and I get 3.1Mbps and you get 2.2Mbps, should we be content, and should regulatory officers let it slip through?

I rather think not!

Think of what this would mean when applied to other products:

Would you accept an unopened pack of Cornflakes sold by weight at 350g that only contains 290g? A new jar of apple jam marked up at 450g but has only 220g? A box of a dozen eggs with three missing? A liter of petrol that is only 330ml? Or a pair of trousers with legs which are supposed to be 85cm, yet turned out to be only 46cm? Actually those trousers are a pair of shorts!

It appears that, as long as 'up to' is in the small print, a dozen eggs is really 'up to a dozen eggs'. That seems reasonable, why didn't I get it first time around?

In short: The words 'up to' ought not to be a license for short changing in the supply or trading of anything or should it be Mr. Regulator?

Head in Hands anyone on the same block?

$10 switches and No Firewalls

Bangladesh Bank exposed to hackers by cheap switches, no firewall.

Bangladesh's central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 switches to network computers connected to the SWIFT global payment network, an investigator into one of the world's biggest cyber hesit revealed.

The shortcomings made it easier for hackers to break into the Bangladesh Bank system earlier this year and attempt to siphon off nearly $1 billion using the bank's SWIFT credentials.

The lack of sophisticated switches, which can cost several hundred dollars or more, also means it is difficult for investigators to figure out what the hackers did and where they might have been based.

Experts in bank security described the findings as disturbing."You are talking about an organization that has access to billions of dollars and they are not taking even the most basic security precautions," said Jeff Wichman, a consultant with cyber firm Optiv. Most of the banks in developing countries fail to adequately protect their networks because they focus security budgets on physically defending their facilities.

Cyber criminals broke into Bangladesh Bank's system and in early February tried to make fraudulent transfers totaling $951 million from its account at the Federal Reserve Bank of New York. Most of the payments were blocked, but $81 million was routed to accounts in the Philippines and diverted to casinos there. Most of those funds remains missing. Forensic experts investigating the issue from SWIFT advised the bank to upgrade the switches only when they visited after the heist. There was a deficiency in the IT system said the spokesman, Subhankar Saha, confirming that the switch was old and needed to upgraded. The heist's masterminds have yet to be identified.

Bangladesh Bank has about 5,000 computers used by officials in different departments. The bank facility should have been walled off from the rest of the network. That could have been done if the bank had used the more expensive, "managed" switches, which allow engineers to create separate networks and install firewall at different levels to protect off the network from attackers. Moreover, considering the importance of the network services, the bank should have deployed staff to monitor activity round the clock, including weekends and holidays.

Many public sector organizations hosting critical national data suffers from similar issues, poorly designed infrastructure and lack of investments in upgrading IT security makes them extremely vulnerable to similar attacks on even larger scale.