Apr
22
Once again on social networking sites, I came across an excellent article by Tim Bass entitled
The Promises and perl of Twitter which reminded of an article I had written for the Times of Malta entitled
The perils of popular facebook
For those who are new to Twitter.. in a nutshell, Twitter is a one-to-many communications service that uses short messages (140 chars or less). Following on the heels of the blogging phenomena, Twitter has been primarily used for microblogging and group communications.
Twitter, and Twitter-like technologies, has great promise in many areas. For example, you could be subscribed to the @tsunamiwarning channel on your dream island vacation and get instant updates on potential disasters. A team of people working in network management could subscribe to the @myserverstatus channel and receive updates on their health of their company IT services. Passengers could subscribe to the @ourgatestatus channel and follow up-to-date information on their fight.
Twitter was created to answer the simple question, "What are you doing now?"
What are you doing now? can be extended to many services like:
- What is the status now?
- What is the danger now?
- What is the breaking news now?
- What is a good buy now?
The list goes on and on. Obviously Twitter-like communications has great promise, all of which assumes Twitter is used without malicious intent and is secure.
The wide-spread adoption of Twitter, and Twitter-like technologies, also brings risk. Very bad things can happen when certain Twitter channels are compromised or hijacked and the channel is used maliciously. For example, think of the peril of someone kidnapping a child who is using Twitter to covey her status to her parents and the kidnapper hijacks the channel, broadcasting "I am having fun at the mall" types of Tweets while he repeatedly rapes her.
Less dramatic, think of the peril to business when a channel followed by millions of people is injected with a malicious message such as "The AJAX company lost their main contract, may declare bankruptcy." Or think of the peril when someone angry with their boss simply Tweets "John is having a affair with his secretary," or perhaps "John is HIV positive."
As with all things great and small, where there is great reward, there is great risk. Great promise can bring great peril if we are not careful and diligent moving forward. Twitter, as a communications phenomena brings great promise. On the other hand, Twitter and Twitter-like technologies to come can also bring great peril in the hands of malicious users and criminals.
The conclusion of the article couldn't say it better.. it’s said that the road to hell is paved with good intentions.
Source:
ISC2
Posted by Donald Tabone
Apr
20
GFI have relaunched one of their software products, LanGuard as FREEWARE!
For those who are not acquainted with the product, GFI LANguard is a security scanner that checks your network for possible security vulnerabilities by scanning your entire network for missing security patches, service packs, open shares, open ports, unused user accounts and more. Its powerful reporting allows you to easily lock down your network against hackers. GFI LANguard can also remotely deploy missing patches and service packs in applications and operating system.
As more and more businesses bear the brunt of the economic downturn and budgets are drastically cut, security is often the first area to suffer. With cybercrime on the increase and threats becoming more dangerous and frequent, businesses can ill-afford to ignore security. If anything, they need to beef up their defenses. This is why GFI is giving away a 5-IP freeware version of its award-winning product GFI LANguard™– to assist organizations shore up their defenses and secure their networks.
Some of the top features of LanGuard include:
- Identify security vulnerabilities and take remedial action
- Detect Virtual Machines
- Automatic remediation of unauthorized applications
- Automatic deployment of network-wide patch and service pack management
- Easily analyze and filter scan results
This software will switch to a fully functional 5-IP freeware version after the 10 day trial period unless you enter a 30-day evaluation key or a purchased full license key. If you use the 30-day evaluation key, upon expiry the software will switch to the freeware 5-IP version.
The full press release can be found
here.
More information on the award winning product can be found
here.
Posted by Donald Tabone
Apr
7
Once again the front page for Google Malta has been defaced. According to the
Times of Malta ...
The Maltese version of the Google homepage has been hacked. Someone added the text: Kull ma trid tkun taf fuq Samuel Borg.
This is not the first time that Google Malta has been hacked, informed sources said. The last time was in April 2005.
Other translations of Google have been hacked in a similar fashion along the years. This was only a superficial hack, involving only the text of the main page, and the search facility worked normally, the sources said.
Samuel Borg must be the new Joe Borg!
Posted by Donald Tabone
Apr
1
In light of recent news regarding the distribution of malware in servers across different countries, we begin to see how easily vulnerable our systems are -- and more importantly how unprepared we are to tackle widespread targeted attacks. Moreover it clearly shows that as we depend more and more on various ICT networks, the more we rely on critical information structures.
As the European Network and Information Security Agency (ENISA) tells us, these networks tend to be decentralised, highly interconnected and interdependent --- and failures of these structures could cascade and spread beyond national borders --- as indeed could have happened.
So.. the European Commision is launching a policy initiative to protect these Critical Information Infrastructures with the ultimate aim to protect Europe from large scale cyber-attacks and disruption.
Where do we start? To achieve an enhanced level of awareness and preparedness throughout the EU, the commission proposes the following set of actions:
Preparedness and prevention
Detection and response
Mitigation and recovery
International and EU wide cooperation
You can get to the full article
here. Concluding, at the moment we have a set of guidelines which amount to a set of disaster recovery procedures for nations instead of individual entities. As
The Register reports, they're typically designed to cover incidences such as natural disasters, terrorist attacks, hackers, rupture of submarine telecom cables and hardware failure.
Curiously, although here in Malta we don't really suffer from natural disasters, we have indeed suffered hacks and ruptured submarine cables -- and that brings me to the my final question -- what part will Malta play as a fellow member EU state? Time will tell.
Posted by Donald Tabone
Twitter
