Dec
21
3 days closer to Christmas makes it 3 days closer to my birthday. Having just about recovered from (dreaded) flu, I now finally look forward to the Christmas season and the New year. Security apart, 2009 brings closure to certain challenges I took on a few years back and nonetheless brings about new ones which after all make my life interesting. Moreover, I look forward to spending some quality time with my family.
In this spirit, on behalf of the contributors of the site, I wish all the readers of maltainfosec.org a happy Christmas and a happy New Year... Keep well.
Donald
Posted by Donald Tabone
Dec
21
Following a recent incident at a press conference in the Middle East, it would be ok to think the pics content might actually materialise .... =)
... very much in line with Schneier's arguments in the first part of his
book re. airport security and the general attitude towards make an environment more secure... i.e. you might think you are actually more secure by implementing more controls, but are you, really? Lots more of this on Schneier's blog or in chapter 9 of his new book (Chap 9: Psychology of Security)
Source
Posted by Donald Tabone
Dec
17
I'm sure most of you have heard about how Social networking sites like Facebook are being criticized due to 'privacy' issues. You may have also read
the article that was featured not so long ago, on this website.
Now, thanks to
Spylogic.net we have
a guide that explains why and how you can set up your Facebook account in order to keep it safe from the evil eye.
The document, which by the way is a two-pager, starts off with the 5 commandments for Social Networking:
Continue reading "Facebook Privacy & Security"
Posted by Giannella De Leonardo
Dec
15
Some recent tests conducted by
Chapin reveal how secure the most common browsers actually are - when put to the test.
In fact Chapin runs 21 different tests and posted the results on their
website. The browsers on test are the following and none actually performed particularly well.
Opera 9.62 - passed 7 tests
Firefox 3.0.4 - passed 7 tests
Internet Explorer 7.0 - passed 5 tests
Safari 3.2 - passed 2 tests
Google Chrome 1.0 - passed 2 tests
Notwithstanding the high standards set by Chapin's tests, Chrome disappointed us. That said,
Google Pack has opted to include Google Chrome as the default bundled browser [check-marked] and Firefox which was previously supplied with Google Pack is by default left unchecked.
All well and good... however which failed test should we be more concerned about?? Full test descriptions can be found on the original link below. One thing is for sure - we don't recommend you save passwords for sensitive websites in any browser password manager. Furthermore we also think that both Google's Chrome and Apple's Safari ought to do a better job of protecting passwords.
More information can be found
here.
Posted by Donald Tabone
Dec
12
Its been a while I posted something to the site due to exams... but the good news is that they are finally over and its holiday season and that my dead thin client (eTC 3850) is being replaced under warranty (apparently it had some bad RAM)...
I've stumbled across a number of cool articles and videos I'd like to share with you. One of them is this information security awareness video which bungs in a bunch a star characters (like Colombo) which not all of you might know. It's easy going and the explanations of various terms like 'phishing' are quite straight forward to follow - open the whole article to watch the video.
In addition, I thought I'd share yet another top 10 list. The Top 10 Information Security Skills according to Dan Morrill which most if not all the IS guys i work with can relate to.
1. Communicate - I think that this is the most important information security skill, without being able to communicate it is hard to move ahead anywhere. Even if you have the best ideas in the world, if you cannot communicate them, no one will ever know.
2. Application Penetration Skills - being able to despin and understand how applications work, what protocols they use to communicate, what information is input and output from those applications, and best of all, how to make those applications do things that the programmer did not intend the application to do. This is the next major battle front in information security, and being able to move effectively in this space is important for future job success
3. Network Penetration Skills - being able to understand and use network properties like ARP, ICMP and TCP/IP to map, understand, and find vulnerable nodes on the network is a core skill.
4. Knowing what is a viable attack and what is not - tools that we use often spit out false positives, IDS systems, IPS systems, even our network and application penetration test tools all spit out false positives. Knowing which attacks against what target are viable and then being able to prove that viability to the developers and users of the system is a core skill.
Continue reading "Security Awareness and IS skills"
Posted by Donald Tabone
Twitter
