Oct
19
Lately we came across this
site and
'ed. We weren't too sure if we were going to write a short article about it --- but as you can see here it is ...
Compared to some of the articles we write about on maltainfosec.org, the stuff you will find on getsafeonline.org is rather basic, but nevertheless somewhat important. So in line with our quest to increase the general awareness for the need of information security amongst all types of people we'll briefly mention what this site offers.
1. It offers a quick
test --- Just how safe are you ??
2. It talks about
Safe Social Networking (Safebook, MySpace)
3.
Young people and the internet
4. Healthy
advice for small businesses
5. Watch a
spyware attack
These topics; albeit basic; are all subjects that we all sometime or other have asked ourselves about. If you find the topics above interesting or intriguing, we encourage you to take a deeper look (link on first line) and get to know more what's out there. We believe that if you've got so far as visiting this website, then you're on the right track no matter what expertise level you might perceive yourself to be at. In line with our overall aim, I hope the article serves well.
Have fun!
Posted by Donald Tabone
Oct
19
Tunneling in its simplest form ...
Navajo!
Posted by Donald Tabone
Oct
16
Last Friday I had the pleasure of attending the 2007 ISACA conference which focused on
IT Assurance and Security - Governing IT
Given that one of major areas the government is currently investing heavily in is the IT sector, ISACA Malta President Alan Alden and the Malta ISACA team correctly directed the conference's focus on the major areas of upcoming development with regards to IT infrastructures and project management. In an attempt to increase general awareness for the need of Information Security and IT Governance, the topics emphasized the need for proper structured planning before any major project is embarked on. The speakers were carefully chosen to relate to past experiences and more importantly success stories which were intended to serve as an example for us to follow when taking strategic IT based decisions.
The first half of the conference talked about the use of COBIT and PRINCE2 as frameworks to support the project planning and work flow of projects. It continued to show how COBIT has been accepted as the chosen best practices for IT Governance --- a term which seems to be increasingly seeping into todays business jargon. So as the conference progressed, all speakers seemed to stress that all IT projects need to follow a management methodology to ensure that IT systems support the business objectives/goals. Sour interaction between the two and projects will fail due to the eventual lack of accountability.
The ways to a successful project therefore require ...
1. measurement of project status and position against a maturity model
2. management risks
3. management quality
... throughout the whole project as an ongoing process.
Continue reading "ISACA Malta Conference 2007"
Posted by Donald Tabone
Oct
15
Now here's a topic that should raise a few eyebrows, just like it did to me.
This morning I was reading an article on
Technology News and couldn't help not posting some information about this cutting edge technology. Apparently the Swiss will be implementing this
new vote encryption which they are labeling as 'unbreakable'. The article talks about how through the use of quantum encryption technology data will be sent via photons over a fibre optic line which if intercepted will fail from reaching their destination as it will
'explode like a soap bubble'.
"If anyone tries to even read the message it will explode like a soap bubble," said Gisin, the physics professor who led the team that developed the technology.
Standard fiber-optic communications use a vast number of photons however no attention is paid to their individual quantum properties. Interestingly it is possible to eavesdrop on such lines by making a bend in the fiber and leaching off some of the light. Yay!
So we learn that quantum cryptography equipment has been around since 2003 however for obvious reasons the CEO of course would not reveal who the clients are and for what purposes the equipment was used.
Posted by Donald Tabone
Oct
5
We live in the age where technology is involved in almost every business process and threats such as vulnerability exploitation are an unfortunate reality. In this post I’ll be pointing out some factors one should keep in mind when looking to manage software vulnerabilities.
A. Admitting a system is vulnerableOne of the most common mistakes System Admins make is assuming their somewhat “small” company is not prone to attack. As a result to this, the system they should be protecting is left completely vulnerable and open.
Continue reading "Vulnerability Management: Good Practices"
Posted by
Oct
3
In an age where we're tending to use free webmail services such as GMail, Hotmail and Yahoo one of our concerns ought to be how to send secure emails. There are various desktop products out there that do the work -- however here we prefer to look at some free options which actually do work well. There are some constraints to them, and the software is not perfect but we seem to be getting there slowly and for sensitive stuff its always better than standard clear text emails.
Based on open standards
Freenigma is a strong email encryption technique that can be used to encrypt webmail. No need of bulky installations --- it comes as a Firefox extension and best of all its free. If you'd like to know more we recommend you visit their
FAQ.
Hushmail provide free private secure email accounts. There are three levels of subscription so you can benefit from no advertisement banners and no deactivations due to account inactivity. The Premium subscription also allows attachments up to 25Mb. 2048 bit encryption is employed with full OpenPGP support and there are no limits to how many contacts you can have. For more detailed information on Hushmail works, we recommend you visit their website
here.
Posted by Donald Tabone
Twitter
