Mayank Kapoor's Blog - Wishful Thinking

Security hole on IRCTC's portal, lets you book free train tickets

There is a security hole on IRCTC's online train ticket booking portal which lets you use a GET request to make the payment for a train ticket, without actually making any payment through your bank. Let me take you through this story.

Today, a fine Sunday morning in Switzerland, I wanted to book my train ticket on www.irctc.co.in to travel from Delhi to Bhopal. I think I had too much time on my hands. I noticed that when I finished making the payment on my bank's payment gateway using the direct debit payment option in IRCTC, the bank gateway confirmed the payment using a GET request, i.e., a URL which goes something like the following:

https://www.irctc.co.in/cgi-bin/bv60.dll/irctc/booking/bankresponse.do?ClientCode=4567&MerchantCode=IRCTC&TxnCurrency=INR&TxnAmount=1581.00&TxnScAmount=11.23&MerchRefNo=1234567890&StSucFlg=N&StFailFlg=N&Date=06/01/2008+12:09:00&BankRefNo=601120915&Message=&method=T&methodtype=

I copied this to my clipboard and wondered if this can be used to confirm tickets which are waiting for payment confirmation in IRCTC's portal. So I did the following:

Started to reserve a ticket on the IRCTC portal, e.g., travel from Delhi to Bhopal.
When the portal took me to my bank's payment gateway, I didn't make the payment.
Then I modified the above GET request to suit the ticket I had just booked (using information I found on the IRCTC portal), entered it in the firefox address bar and hit enter.
The IRCTC portal confirmed that I had booked my ticket, and I saw that my reservation was confirmed.

Wow, I can use this to book free train tickets in India. Plus I can also cancel this ticket and IRCTC will refund the money for the ticket, the money I never paid. Sadly, the good guy in me forced me to send an email to care@irctc.co.in to inform them about the security hole. Dammit!

I love software.

UPDATE Aug08: They seem to have changed the process of confirming the bank payment, maybe after I sent them the email, but they are still using a GET request. A basic rule is that one should never use a GET request to change something at the database. These guys are violating this rule blatantly by confirming the payment from the bank and changing the status of the train ticket on the database using a GET request.

UPDATE Nov08: Now the IRCTC portal uses only POST requests to confirm payments from banks. That's the right way to do it IRCTC. Security hole fixed.

Mind Your Own Business

Do you mind your own business? Do you take care of your finances on your own? Or do you expect others to take care of them for you? When we expect our employers to take care of us, maybe give us a better salary, we are actually asking them to take care of our financial needs for us. This might, and does, lead to disappointment. But why expect others to take care of you - when you have the power within yourself? All you need to do is Invest.
Ladies and gentlemen, I'm here to tell you about this power, the power of investing, and how you can use investing to take care of all your financial needs, to start minding your own business.

What is investing?

Investing means to put your money in a place where it grows and gives you more money. People usually invest in Stocks i.e., they buy a part of a company which they think will do well. People also invest in precious metals like Gold hoping that the value of gold will go up. And you can also invest in fixed income investments like bonds which give you a fixed return on your investment. These are the main avenues of investment, and you can use these to make your money grow. I find a combination of these investments to suit me personally. I invest a majority of my money in Stocks, and a part in gold and fixed income. Hence I diversify across these investment avenues.

But investing requires time to understand and you need to know what you're doing while investing. So, Why should you invest? Why should you spend the time needed to learn how to invest?

To become rich. And what does “being rich” mean? Does it mean that after retirement you have enough money to lead a comfortable life? Does it mean that you have enough money to send your kids to college? No, anyone can do that. Being rich, for me, means that even after I’ve lived a comfortable life, I leave a substantial amount of money for my future generations, so that they may build upon it even more than I have. That is being rich. And to do this, you need to hold on to the money you have instead of spending it away.

And how does investing help you do hold on to your money?

Let me explain with an example. Two people, Mr. Spender and Mr. Investor, want to buy a new plasma HDTV which costs 3000CHF. Mr. Spender saves up for the television and then buys it by paying the full amount. What will Mr. Spender have in about 3 years? After 3 years, he will have a television which then would be worth half as much as the original value or 1500CHF. So he has spent half of his money away.

What does Mr. Investor do? The investor waits, he waits till his investments generate 3000CHF. Then he buys that television and uses his profits to pay for the television. What will he have at the end of his 3 years? He will have a television worth 1500 CHF, plus he will still have his initial investment. So investing lets you keep the money you have and still lets you buy the things you want. This is the fundamental concept of investing.

Before I conclude, I would like to put in a word of caution. Investing without knowing what you're doing is dangerous. That’s why I would recommend you read a couple of good books on investing. They will help you get started. Investing is pretty easy once your basics are clear. I'm no financial analyst of money manager and if I can do it, anyone can.

And where can investing take you? There is a guy called Warren Buffett. He did not make any software; he did not inherit any money. All he ever did was invest. In his first partnership at the age of 25, he started with investing just a $100. His personal fortune now totals $62 billion. He my friends is the world's richest person and the world's greatest investor.

P.S. Good books to learn about investing:

Collaboration & the Web, v2.0

The internet has always been something special; it has always had the potential to change the world. It took its first small step with email and revolutionized communication for us. And now it's taking its next small step. The web is becoming more dynamic, more interactive. This is the new Internet, the new web, version 2.0. And the essence of the web2.0 is collaboration, collaboration between few people, between thousands, between millions of people.

Dear friends, today I would like to tell you about this new version of the web and how it can help you collaborate with thousands of people instantly.

As always, it all started with an idea. Ward Cunningham created something called a wiki. In the past, websites were static and you could only read what the website had to say. The wiki however is a website that anyone can change and put in content, easily.
Two people Jimmy Wales & Larry Sanger had this idea. They thought of using a wiki to get content for an encyclopaedia they were managing, from their users. They created a wiki meant to be an encyclopaedia, called it Wikipedia and made it freely editable by anyone. What they created is now the single biggest source of information on the internet and has more than 6 million users collaborating and creating content for this encyclopaedia.
What Ward Cunningham created was a collaboration platform and Jimmy Wales used this platform to collaborate with millions of people across the world. We created a small wiki in my company which we use to manage the user manual of a software, and this manual is maintained also by the users of the software.

And then someone had another idea. Kevin Rose and his friends were unhappy with the news they found on the internet. They felt they could find better stories. They created a news site where the news editors are the users of this website. They are also the ones who submit stories to this website. They called it Digg. On Digg users "Digg" or vote for stories they like and the stories with the most votes come to the front of the website. Digg is a website that is dynamic, it changes based on the inputs of millions of people collaborating together to bring you the best news stories from the internet.

And speaking of collaboration, one of the most useful collaboration tools we use are spreadsheets also sometimes known as Excel. What web2.0 is doing is helping you to create spreadsheets online, share them and collaborate on them with hundreds of people at the same time. In my group of 20 people, we used an online spreadsheet to manage the trips we were planning to take in Europe. Here we listed out our trips and then everyone put in their names into the trips they wished to go on. And we all did this at the same time. In the end, everyone could see which people were going on which trips and hence coordinate these trips better. Google documents is a free tool that you can use to create and collaborate on documents, spreadsheets and presentations online.

In the end, web2.0 is all about sharing information. And to summarize the goal of such technologies, I would like to quote Jimmy Wales explaining his motivations about Wikipedia... "Imagine a world in which every single person on the planet is given free access to the sum of all human knowledge. That's what we're doing."

The Defensive Investor

In this post, I will discuss the philosophy of "Defensive" investing as opposed to "Active" investing. Defensive investing should be and is followed by people who don't want to take undue risk and who are not willing to take the time to actively analyse companies and stocks. I will mainly concentrate on investing in stocks, but defensive investing principles also apply to other investments. The biggest advantage of defensive investing...it is so easy!

What is defensive investing?
Defensive investing is explained very well by Benjamin Graham in his classic book 'The Intelligent Investor'. I quote:
"The defensive (or passive) investor will place his chief emphasis on the avoidance of serious mistakes or losses. His second aim will be freedom from effort, annoyance, and the need for making frequent decisions. The determining trait of the active (or enterprising, or aggressive) investor is his willingness to devote time and care to the selection of securities that are both sound and more attractive than the average."

Based on this definition, defensive investing implies investing in relatively safe stocks (securities), and freedom from constantly monitoring your investments. If you get hold of the concept of defensive investing, you lose the urge to constantly monitor your investments and the stock market. You sleep much better too. Active investors on the other hand devote much time and care into hand-picking stocks which are both sound and give better-than-average returns. Generally they do it as a full-time job.

My main aim in this post is to tell you that there are other ways to invest in stocks besides sitting constantly in front of a computer screen and yelling Sell, Sell, SELLLL...

Are you a defensive or an active investor?
One of the first things that you should decide is whether you are a defensive investor or an active investor. To be an active investor, you need to devote a substantial amount of time to researching stocks and companies, and you should be doing it as a full time job. If you know that you cannot devote this time to your investments, then I suggest you become a defensive investor like me.

How do I become a defensive investor?
Lets take a look again at the traits of a defensive investor:

Avoids serious mistakes
Doesn't devote too much time to investing

How can defensive investors accomplish this with little or no knowledge about stocks? By Diversification. In my view, the essense of all this is to diversify your investment. Diversification is the key for defensive investors, and if your portfolio is adequately diversified I would say that you are protected from the pitfalls of stock investing.
The next point is the type of stocks to buy. For investors to be safe, they should aim at building a sufficiently diversified portfolio with the 30 largest, blue-chip companies available. These large-caps, as they are referred to, have a substantial history behind them and investors are pretty much assured that the money they invest in them will never be wiped out.
The last point would be to keep investing periodically. The reason why investing periodically is safe is because of Cost Averaging. Investing periodically removes all the hassels of timing your stock investments, and frees you.

So, where can you find sufficient diversification, a primarily large-cap portfolio, plus the opportunity to invest periodically?

Index funds - A boon for defensive investors
I would have thought the answer was obvious. Index funds offer instant diversification, and the main indices like India's Sensex and Nifty track the best of the best large-cap blue-chip companies. You also have the option of taking a systematic investment plan (SIP) with an Index fund.
So, just take an SIP with an Index fund and then forget about it for the next 10 years. Increase your SIP amount as your salary increases. Simple.

You say...But is that all???
Yes, investing is not difficult. Defensive investing, especially, is easy for the know-nothing investor. You just need to get your basics right, read a couple of good books on investing and you're set. Happy investing.

Mutual Funds 101: How to avoid choosing a bad fund

I was planning to write this for quite some time now. I will draw on my (short) experience of 3 years with mutual funds for this article, still with the aim of getting more people to invest in the Indian stock market and the Indian economy. I am writing this article for Investors, not for traders/speculators. It will be a bit of a long article, and I will describe the steps I take before I put money in a mutual fund.

What is a Mutual Fund?
A Mutual Fund is a group of people that takes your money and puts it into stocks/bonds etc. of companies which they think will do well and hence generate returns for you. Since this group manages your money, they charge a commission annually which is a percentage (Expense Ratio) of the total amount being managed. And they will charge this commission even if they incur losses on your money. The only thing that you can surely predict about mutual funds is that in any eventuality, even if they lose all your money, they will still charge you expenses!
So you provide the money, you assume all the risk, you will lose money, and they will still get their expenses. Can you guess that I don't like fund expenses? :). These expenses assume crazy proportions over the long term.

On predicting the future.
The most important thing that I can tell you before you get started is: You cannot predict which mutual fund will do well (better than average) in the future, and you cannot also predict the stock market. That said, what you can do is avoid choosing a bad mutual fund which gives you bad returns and hence loses money for you. 4-5 well chosen mutual funds are enough for any investor.

On the goals of a 'know-nothing' mutual fund investor.

According to me, all mutual fund investors should aim to do the following:

To invest in a well-diversified basket of 4-5 mutual funds, not more
To invest so that he has exposure to Large, Mid and Small Market Capitalizations [1] (which is implied by diversification)
To stay invested in a good mutual fund for at least 10 years

All Indian investors should know that there is no tax on profits if you stay invested for at least a year i.e., there is no long-term capital gains tax. So if you buy a mutual fund and hold it for 1 year or more, you will not pay any tax on the profits and they will be completely yours. Mr. P. Chidambaram (India's finance minister) has done a good job with this policy to get more people to invest for the long term.

Choosing a mutual fund Step 1: Expenses

The first step should always be to know the expenses of the mutual fund which is indicated by the Expense Ratio [2]. In India, the usual expense ratio is around 1.9-2.4% and is very high. Average expense ratio in the US is 1.5%. You can find out the expense ratios of mutual funds on www.personalfn.com. Besides the expense ratio, all mutual funds have to pay the broker who tricked you into investing in their mutual fund. This is called the 'entry load' and is about 2.25%. So whenever you invest in a mutual fund, you lose about 2.25% at the start and 2% annually.

What I do is to try and choose a good fund with the lowest expenses i.e. minimize expenses. And this is where Index funds have an advantage, they have the lowest expenses and generally no entry load. The expense ratios of all other actively managed mutual funds in India are more or less the same and therefore the expenses have not played that big a role till now. They will when the expenses start going even more crazy. In the US, mutual funds with high expenses are known to give below average returns.

Choosing a mutual fund Step 2: Portfolio Turnover

All investors should be looking to invest for the long term and not trade. But if the mutual fund they invested in plays trading games, then the whole idea of being an investor is lost. The Turnover Ratio [3] is a measure of how frequently the mutual fund trades stocks. To explain it simply, a turnover ratio of 50% means that this mutual fund changed half the stocks in its portfolio during the previous year implying it holds a stock for 2 years on average. Mutual funds who sell stocks without holding them for at least 1 year pay taxes on the profits, and these are passed on to you.

Since I am a long-term investor, what I try to do is choose a fund with the lowest turnover ratio i.e. try to minimize turnover ratio. Index funds are not supposed to trade and so have TRs of less than 10%, i.e. they hold a stock for 10 years on average. I could also find a regular fund that had a TR of 20%. Now that is a good fund. This also implies that this fund researches its stocks before buying.

Finding the turnover ratio is an arduous task in India, and it takes a lot of phone calls to find out. If you're lucky, the MF will publish its turnover ratio in its fact sheet.

Choosing a mutual fund Step 3: Asset Size

One of the things I observed with my investments was that funds whose asset size is huge, tend to perform below average [4]. This is explained in many books as: when the mutual fund has a lot of cash to invest, it has trouble finding sufficient number of good investments to put money in. Hence I try also to minimize asset size. I try to choose funds which are not huge and don't need to find that many good investments.

Choosing a mutual fund Step 4: Past Performance

I repeat, you cannot predict whether a mutual fund will do well or not, you can only avoid choosing a bad mutual fund. Past performance does not mean that this mutual fund will do well in the coming years also. In fact, it is more likely to do badly [5].
Hence after I decide on my mutual fund based on the above 3 criteria, only then do I look at the past performance and the mutual fund rating just to make sure that this fund indeed can deliver an average performance. You can find that on www.valueresearchonline.com and also www.personalfn.com.

My mantra is: ETA - minimize Expenses, minimize Turnover and minimize Asset size.

P.S.
For the past 2 years, Index funds have outperformed almost every other type of fund by a wide margin as shown in the picture below:

Appendix.
[1] Market Capitalization
[2] Expense Ratio
[3] Turnover Ratio
[4] Asset Size
[5] Past Performance

Mind Your Own Business, Invest

(This is an edited version of a speech I gave at Toastmasters, Zurich. Toastmasters is an organisation that helps you become better public speakers.)

Most of us spend our lives working for some person or company. Most of us hope that this person or company will take care of us and our needs. And when these needs are not met, we change jobs in the hope that some other company will take better care of us. But what we don't understand is the fact that when we work in a company, we work for someone else. Why would this person take care of your needs at the cost of his? He would first take care of himself, and then if something is left over would he look towards you. Fellow toastmasters, today I will tell you how to get out of this vicious circle. Today you will learn how to start minding your own business and stop worrying about salaries, today you will learn about Investing.

What is Investing?
Investing, simply put, means to put your money in a place where it will grow and give you more money. People generally invest in Stocks i.e. they buy a part of a company they think will do well. People invest in Real Estate i.e. they buy land which they think will go up in value. People buy precious metals like Gold hoping that the value of gold will go up. These are the three main avenues of investment. Investing in Stocks is the most convenient by far and probably the best way to invest. All you have to do is open a safekeeping (demat) account with your bank and you can start buying stocks. I would recommend investing money in Mutual Funds, which analyse companies and buy stocks for you.

But investing requires time to understand and you have to know what you're doing. This brings me to my second point of Why should you invest? Why should you spend the time to learn how to invest?
To become rich. But what does it mean to be rich? Does it mean that after retirement you have enough money to live a comfortable life? Does it mean that you have enough money to send your kids to college? No, anyone can do that. Being rich, for me, means that after you die you leave a substantial amount of money for your future generations, so that they may build upon it even more than you have. That is being rich.

And how does investing help you do this?
Let me explain with the help of an example, consider the simple case of buying a car. A normal person buying a 30,000 CHF (swiss francs) car takes a loan to buy it. He pays a little more than 500 CHF a month for 5 years. So at the end of 5 years, what does this person have? He has a car that is worth only half as much as the original value i.e. about 15000 CHF.
What does an investor do in this case? An investor waits. He waits till he has enough investment to generate 500 CHF a month. Then he takes a loan and his investment pays for the loan. So at the end of his 5 years, he has a car worth 15000 CHF plus he has his initial investment. This is not like saving money to buy a car, investing lets you keep the money you have and still lets you buy the things you want. This is the fundamental concept of investing.

Before I conclude, I would like to again put in a word of caution. Investing without knowing what you're doing is dangerous. That is why I have included the names of some great books on investing in the handout that you have in front of you. They will help you get started.
And where can investing take you? There is a guy called Warren Buffett. He did not make any software, he did not inherit his money. All he did since he was 25 years old, is to invest. He my friends is the world's second richest person and the world's greatest investor.

(Books on investing mentioned in the handout are the same as the three mentioned in my previous post: Investment Vs Speculation)

Investment Vs Speculation: How to Invest

The situation today in India is that only 2% Indians put money in Stocks, and even fewer are Investors. Most people in the Indian stock market today are Traders or Speculators. This at a time when stocks are one of the best investment avenues available. In this article I would like to explain what the difference is between Investment and Speculation, with the aim of getting more people to start investing in stocks. There is a lack of investment knowledge in India, which I would like to change.

What is an Investment?
"An investment operation is one which, upon thorough analysis promises safety of principle and an adequate return. Operations not meeting these requirements are speculative." - Benjamin Graham
When you make an investment, you must make sure that there is a promise of your principle amount invested being safe. You can get this promise of safety with stocks only when you buy stocks with a long-term perspective and with thorough analysis of the company. Yes, analysing a company is not so easy for 'know-nothing' investors. Even I don't know how to analyse a company, yet. But having a long-term perspective is not difficult. And this is what I would like to stress - please invest for the long-term (>5 years) and keep investing periodically (SIP). Invest in mutual funds as they would do the company analyses for you. Only then will you stop worrying about stock market crashes and stock charts, and start becoming an Investor. This is specially relevant for IITians as they shouldn't spend their time hooked on to the stock market, they should spend their time changing India.

Sadly, most people playing in the stock market today are speculators with a time frame of a trade being a couple of days, even less. These speculators/traders are looking to get rich quick, make a quick buck. Why else would people put money in a stock with the aim of taking it out in a few hours. And in here lies the risk that most people refer to when talking about the stock market. It is for you to decide, whether you want to become an investor or a speculator.

The Temperament of an Investor.
It's important for an investor to have the stomach for stock market swings. An investor is someone who did not take out her money in the recent market crash in June. She is someone who waits for such crashes, and then invests big. To see your money go down by 30% or more and still manage to get a good night's sleep takes special courage.
An investor is one who expects only an adequate rate of return on his investments, and his financial goals are based on this expectation. When he buys a stock or a mutual fund, he intends to hold it for at least 3-5 years. I am slowly learning to not check the stock market everyday, and not constantly monitor my portfolio.

Does "Investing" work?
So, is 'value investing' for the long-term effective? The second richest person in the world today is Warren Buffett. When asked what his ideal time-frame for an investment is, he said "a lifetime". Warren Buffett has not made any software, he has not inherited his money, all he did since he was 25 was to invest. He has held on to some companies since he bought them, never selling, and intends to keep holding them. He, my friends, is the best investor in the world, averaging a return of 21.9% per annum over the past 50 years.

P.S.
To get started in investing, I suggest you read some books first. Some good suggestions are:

Rich Dad, Poor Dad: What the Rich Teach Their Kids About Money--That the Poor and Middle Class Do Not! - Robert T. Kiyosaki
The Warren Buffett Way - Robert G. Hagstrom
The Intelligent Investor - Benjamin Graham

Analogy to Real Estate.
When you make an investment in land, you stick with it for at least 5 years, even more. For me an investment in the stock market is no different. In the real estate market, is there a tracker that tells you the price of your property each day? Do you try to find out the value of your property every day? No. Stop looking at the stock market graph every minute. Look at it only to find the right time to invest - after a crash.

Mutual Funds are Costly, Invest in the Index

Many of you, I hope, must be investing in mutual funds. That’s the safest choice for people who want to get in on the action in the stock markets without having any knowledge about stocks and companies. But I believe that mutual funds are costly even for the ‘know-nothing’ investor, who doesn’t know anything about playing with stocks and the stock market. They are better off investing in Index mutual funds or even better, investing directly in the stocks that make up the Index.

First, lets consider the Fees mutual funds charge in India. There’s the 2.25% Entry load, which is the fees that the mutual fund house pays the broker who made you buy the mutual fund. Then there’s the expense ratio of 2-2.5% per year, which is the yearly fees the mutual fund charges you for using their services. This expense ratio is adjusted in the daily NAV that the mutual fund quotes at. So if you stick with the mutual fund for a year, you would be paying ~5% to the fund. If your fund earns 20% returns in a year, you would only get 15%.
Imagine what the expense ratio (of 2.5%) does to your profits over the long term. Lets say you invest Rs. 1000 for 40 years and get about 10% averaged return on your money annually, this should give you about Rs. 45,259. But with a mutual fund, your annual return would be 7.5%. Your Rs. 1000 would only become Rs. 18,044 which is a difference of 60%. This 60% is taken by the fund.

But you say that it's worth it. The fund managers give you Professional Management of your money for this fees. You get better returns on your investment, right?…Wrong!
Almost all studies undertaken on this subject say that there is no correlation between high fees and high returns. The US Securities and Exchange Commission's website says:
“Higher expense funds do not, on average, perform better than lower expense funds."
What that essentially means is that the fees you’re paying doesn’t guarantee better returns. You’re better off investing in lower expense funds.

Index Funds, mutual funds that invest only in the stocks of an Index, like the SENSEX, are known for their low expense ratios and no entry loads. But that’s not all they’re known for. Index Funds (in the US) have been known to beat most mutual funds over the long term (3-5 years or more), which goes to show that the “professional management” of mutual funds isn’t all what you hoped for. The low expense ratio in Index funds is because all what Index fund managers do is put their money in the Index constituents, stocks that make up the Index, in the appropriate ratio as in the Index, and then go to play golf. If the Securities and Exchange commission changes some stocks in the Index, they come and do the same changes. Because of the low expenses, you are better off investing in Index funds. They earn better returns and charge you lower fees. E.g. Franklin Templeton Index Fund - Expense Ratio 1%.

But can’t you do what the Index Fund managers do? Can’t you put your money directly in the stocks that make up the index and then go to play golf?
Nope, you can’t. Golf is difficult to learn.
But you can very easily invest directly in the Index stocks. This way, you would avoid paying any management fees and would pay only the brokerage. To invest in the Index: Open a DEMAT account with a reputed bank like ICICI or HDFC. Look up the Index constituents break up on Google or look at the constituents of an Index fund like the FT Index Fund. Invest in each stock based on the ratio of each stock in the Index. You would avoid Mutual Fund fees altogether. But stay invested for the long term, atleast for 3-5 years (a lifetime would be ideal). Don’t let stock market crashes scare you.

So until you know how to pick stocks and calculate the value of companies, "Index Investing" and Index funds is the safest way to invest. This is what I’m going to do.

P.S.
Index funds haven't done well in India till now, but it might change in the future as the Indian market starts becoming efficient.
For another point of view specific to India, see this article:
http://www.valueresearchonline.com/story/storyview.asp?str=9040

Cracking the GMAT, for IITians

Ok, I did reasonably well on the GMAT.
People have asked me about some advice on the same, so here it is.

The main questions I will answer are:

What makes a good CV for B-school
How tough is the GMAT
How to Prepare
What to do on D-day

What makes a good CV.
Only a good GMAT score will not get you into a top-10 B-School (BS from now). There are three main qualities B-Schools want: A good under-grad GPA, good solid work-ex/leadership qualities, and a good GMAT score.
How much importance they place on each point is irrelevant, you have to present a good overall picture.

I read something about Harvard BS once. The article went 'Harvard chooses people based on their potential to earn a lot of money later on in their lives, and donate money back to their alma mater. Hence it would take people who are already top performers in their fields of work, as they are its safest bet to minimize its risks. So in a way, Harvard doesn't really do anything. It takes winners and turns them into winners.'
So if you showcase yourself as a winner, you would get in.

How tough is the GMAT.
To get 600 on GMAT for IITians is easy. But to get above 700 takes some effort. A good score for IITians if they want to go to a top-10 BS is about 730-750, and some IITians get even more.
When you apply to a B-school in the US, an IITian is grouped with other IITians. You are not competing with Americans, you are competing with IITians. Maybe you should keep that in mind when you take the GMAT or start applying. The people taking your interview would be comparing you to other IITians, who typically have 700+ GMAT, good GPA (7.5+) and 3 years work ex.

The GMAT is an adaptive test, so it keeps on giving you tougher questions until you start getting them wrong. IITians typically breeze through the initial questions and come up to the highest levels. And there, when you're repeatedly hit with one tough question after another, you say to yourself 'Hey, its not as easy as I thought'.
I found the English section in the GMAT tougher than the Math section. I think almost all IITians would feel the same, so please work on the English section. That's whats going to get you past 700.

How to Prepare.
I think it would take an IITian about 6 months to prepare well for the GMAT.
There are study books available which you have to do. You don't need special coaching for the GMAT, just study from those books. This is also cause all the coaching institutes in Delhi for GMAT/GRE are just crap.
KAPLAN's GMAT is a really good book, which takes you through the basics of both the English and the Maths section. I believe that Barron's GMAT is also ok, which you can take up after you finish your first book. It has a lot of extra questions for you to practice. Pay special attention to the really tough questions, you would be getting a lot of those in your GMAT.
Take a mock GMAT when you start preparing. It would help you gauge where you stand. When the GMAT is approaching, take the free GMATs you get when you register with www.mba.com, preferably the second one a couple of days before D-day. They are quite good in predicting the score you would get. I also think my GMAT was tougher than the mock GMATs, but my score was the same as I used to get in the mock GMATs.
The essay section is also important, read what KAPLAN has to say about it. You have to practice writing and typing essays on your PC. I got a 5 in my essay, which is good I think.

What to do on D-day.
Read what mba.com and KAPLAN have to say about the day of your exam, they have good tips.
Some observations I made during the test are:

Write the names of 5 B-schools you want to send your score to on a sheet of paper and take it with you. You can either choose to enter the names before the start of the GMAT on the PC, or after the GMAT on a form you get. You will not be allowed to take the piece of paper with you into the test room.
So maybe its better to fill the names later on the form.
The ear plugs they gave didn't really work for me. So I adjusted to the typing noise other people were making. You should also not let it bother you.
4 hours is a long time. Use the breaks you get in between sections effectivily to de-stress a little.

And chill, its just a test.

Comment: The Truth about Phoren

Part 1: The truth about Phoren

Verma posted a nice comment about living in Phoren (See my post 'The truth about Phoren'). I would like to qoute him:

"IMO, those of us who come to work in "phoren" see it as an investment... at least the first couple of years.
Think of this: you earn more and so even if you save the same %, your networth (savings -> investments etc) grows faster out here than in India. If you're of that bent, you can create a sizeable asset-portfolio much faster than an upper income individual in India would be able to.

I think the best of both worlds is the Middle East. There, you can earn like you do in a western economy (in terms of absolute buying power) and afford all that you're used to in india: dhobi, mali, and kaam-wali."

I agree, there are things that can be said for living abroad, and one of them is the amount of money that you can save. Even if it is the same percentage as in India, it is more. But in the end, you would have to go back to India and spend your savings there, for them to count as more.
Its all relative I think.
But one thing's for sure, I couldn't really think of buying on impulse my DELL Inspiron 9400 without earning in Francs.

I stopped for some time in Dubai, and I was amazed. Its India...without all the garbage. But you have to give almost half of your salary to the Sheikhs, and I agree that there is always the "constant dagger" of insecurity.
One interesting incident I came to know about: Once an Indian along with his wife went for dinner at a Sheikh's residence. I took this with a pinch of salt, but what transpired is that the Sheikh liked the guys's wife and he kept her! Imagine that, one minute you happy that you have a wife, the next minute you are simply without her.