Microsoft’s largest security patch release (ever?) #in

Justin   |   No Comments » Posted on August 06, 2010

Microsoft are set to release their biggest set of patches ever next week Tuesday. According to the Microsoft Security Response Center, Microsoft will issue fourteen Security Bulletins addressing thirty four vulnerabilities, and that excludes the out of band patch release done earlier this week for the LNK vulnerability. The list of affected operating systems includes all supported versions of Windows, as well as various versions of MS Office (for Mac and Windows) and Silverlight. They will also be updating Windows Update, Windows Server Update Services and Microsoft Update.

Microsoft will host a webcast after the patches are released. See the details here.

Find the full content of Microsoft’s bulletin advance notice here.

Written by Justin Security   |   Tags: , , , ,

ISACA South Africa is now on Twitter #in

Justin   |   No Comments » Posted on August 05, 2010

ISACA South Africa is now live on Twitter.

We intend to see how we can use Twitter to promote ISACA South Africa and our activities, including the annual conference and the regional chapter meetings. Follow us to keep up to date on ISACA happenings, especially around the conference coming up next month (13-15th September).

Follow us at : www.twitter.com/isacaza and ISACA International here : www.twitter.com/ISACANews

And find ISACA South Africa’s website here :  www.isaca.org.za

Written by Justin ISACA, Social Media   |   Tags: , , , , ,

Network security podcast covers Cisco 2010 Midyear Security Report #in

Justin   |   No Comments » Posted on August 04, 2010

I was listening to the Network Security podcast this morning (Blackhat mini-cast) and they had an interview with Mary Landesman, a Senior Cisco security researcher, who discussed the Cisco 2010 Mid-year security report that is now available. Download here. Direct link to PDF.

Quoting the intro from the report :

The Cisco 2010 Midyear Security Report examines the major forces of change reshaping the global security landscape. These changes demand that organizations rethink their approaches to enterprise security. Current shifts — from the virtualization of operations to collaboration and social networking — provide new opportunities for criminals to infiltrate networks and steal high-value business data.

The Cisco 2010 Midyear Security Report includes:

  • Results and analysis from two new Cisco studies — one focused on employee collaboration and the other on the concerns of IT decision-makers worldwide
  • International trends in cyber-security and their potential impact on business
  • Insight into how hackers penetrate “soft spots” in enterprise security to steal sensitive data and sell it to the highest bidder
  • An update on global spam trends since late 2009 and spam volume predictions for 2010
  • Guidance from Cisco security experts to help businesses improve their enterprise security by 2011

Read the Cisco 2010 Midyear Security Report, and find the best strategies to help you meet current security demands for your organization.

During the podcast it was also mentioned that Cisco put out weekly and monthly reports. I hadn’t seen these reports before and have just whipped through some quickly and it’s quite interesting, definitely something I will come back to and have a look at on a weekly basis. To quote the site blurb “The weekly Cyber Risk Reports provide strategic intelligence that highlight current security activity. The reports address seven major risk management categories: vulnerability, physical, legal, trust, identity, human, and geopolitical.”

You can find the weekly reports and supporting podcasts here.

Written by Justin Research, Security   |   Tags: , , , ,

ZaCon call for papers closes 20th August 2010 (17 days folks)

Justin   |   No Comments » Posted on August 03, 2010

Just a reminder that the free (low cost) security conference ZaCon is being held on Saturday 9th October 2010 at the University of Joburg.

The call for papers went out some time ago and closes on the 20th August. If you are interested in attending, diarise, if you have something to share then write up that abstract and send it through.

More details here

Written by Justin Events, Johannesburg, Security   |   Tags: , ,

Sophos mid-year 2010 Security Threat Report

Justin   |   No Comments » Posted on August 03, 2010

IT security company Sophos has released its mid-year 2010 Security Threat Report. The report provides some insight into Cybercrime as well as other IT security trends and developments for the first half of 2010.

The report provide a short history and background into the cybercrime economy, then covers some noticeable arrests and sentences over the last 12 months, making for interesting reading. Of particular interest is the particularly “tolerant” attitude of those survyed to government cyber-crime activities.

Some thoughts around social media as an attack vector are also explored, as well as some insights into the threats to the major mobile platforms (iPhone, Blackberry, Android).

The report also provides details on the top malware/spyware hosting countries for January to June 2010.

Download the PDF copy of the full report here.

Written by Justin Privacy, Research, Security   |   Tags: , , , , ,

Reports on DLP, Service Auditor Standard & Social Media Security

Justin   |   No Comments » Posted on August 02, 2010

Social Media:  Business Benefits and Security, Governance and Assurance Perspectives (ISACA)

This week, ISACA released a white paper outlining the five biggest risks posed by social media in the workplace–and how to manage them without banning the technology.  The download page also includes links to a number of other usesful reports on social media by Forbes, Enisa, Web-strategist, and socialmediagovernance.com.

Download the ISACA report here

New Service Auditor Standard (Replacing SAS70) : A User Entity Perspective (ISACA)

The International Auditing and Assurance Standards Board (IAASB) and the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) have recently approved new standards for reporting on controls at a service organization with a truly global constituency in mind. Under the approach adopted by the IAASB and the ASB, Statement on Auditing Standard No. 70 (SAS 70) will be replaced by two new standards:  an attestation standard that will guide service auditors in the conduct of an examination of, and the resulting reporting on, controls at a service organization and an auditing standard that will guide user auditors in consideration of internal control when processing is performed by a service organization. While these new standards are intended to be a communication from the service auditor to the user independent auditor that permit a user entity independent auditor to fulfill auditing requirements, management at user entities also has recognized its responsibility for designing and implementing internal control over financial reporting, whether performed internally or by a service provider, and acknowledged the benefits of SAS 70 reports as part of their risk management, vendor management or regulatory compliance processes. This paper will address the changes in the new standards and will focus on providing management of user entities with valuable practical guidance on their responsibilities to help ensure that they are ready for the changes.

Download report here

The 2010 Data Loss Prevention Report (Aberdeen Group

AberdeenGroup have temporarily made their 2010 data loss preventation report available for free download.

Report Intro:

Companies achieving top results successfully use content-aware technologies to identify sensitive data across multiple channels, and to invoke a range of remediation options to enforce established security policies. In doing so, they reap the substantial benefits of fewer incidents of data loss or data exposure, fewer audit deficiencies, and lower operational cost.

Download from here

Written by Justin ISACA, Privacy, Research, Security, Social Media   |   Tags: , , , , ,

Adding a Facebook ‘like’ button to my blog

Justin   |   No Comments » Posted on August 01, 2010

I just added a Facebook ‘like’ button to the site. It appears below each post (for now) and let’s people like a particular article, with the added benefit that it posts through to their Facebook page, with an optional comment if they like.

I have used the WordPress “Like” plugin by Bottomless (found here).  The quick bit of testing I have done so far seems to show that it works well enough. I will test it out for a while and then see whether to keep it on, come up with another option or what to do.

If anyone has added something similar to their site and would like to share the experiences please do. The more input and ideas the better. I am already thinking I would like a “social media” bar that gives the option to Facebook Like, Tweet etc all from one place instead of having in a number of different places. I have yet to find something that does that for me. Will keep looking.

Written by Justin Social Media, Website design   |   Tags: ,

Blackberry Bold 9000 extended battery replacement (update)

Justin   |   No Comments » Posted on July 30, 2010

I posted a week ago around the extended capacity battery that I had ordered off E-bay for the grand total of $10. Just a quick update after a week’s usage.

First foremost, this thing does what was advertised, and the battery life is a HUGE improvement over what I was getting from the the year old 1500mAh original Blackberry battery. The old battery was struggling to get me through a day. Even with some USB laptop charging during the day, with a full overnight charge and the day beginning at 6am, my battery was flat by 5pm.

This battery is new and yes it’s only the first week, however, with the same usage patterns as above (and described in my original post), the extended battery is lasting to 11pm and still having some life left over. Tonight as we speak I still have half a battery charge left. Wow, I don’t think I could go back to the old battery.

That said, the phone still feels HUGE. The new battery cover makes the phone feel twice the size. I read quite a bit on the device using the Kindle App (and that works great) so I had to get used to holding the phone all over again is it doesn’t feel the same. It also doesn’t fit neatly into my pocket with the Nokia E71. So I’m changing the little habits to make this thing work. Some people just won’t be able to get over the size, but for me, I’m sticking with the extended battery and would definitely recommend it to anybody who is struggling to get through a day.

$10 from soonhua_digital on ebay (US) with free shipping to SA, took a week to arrive (from China). Best R75 I have spent in a long time.

Written by Justin Mobile, Praise   |   Tags: , , ,

MSc/PhD Scholarships:The Dept of Science & Technology and National Research Foundation, Cosmology,Radio astronomy

Justin   |   No Comments » Posted on July 30, 2010

Thanks to @cecilia_vdm for tweeting about this :

The South African SKA Project is a project of the Department of Science and Technology and the National Research Foundation and comprises Africa’s bid to host the Square Kilometre Array Radio Telescope (SKA), the design, construction and operation of the Karoo Array Telescope (MeerKAT) and a youth into science and engineering programme focused on supporting science and engineering students and postdoctoral fellows. Africa has been short-listed with Australia to host the SKA. If Africa is selected to site the SKA,the core of the telescope will be located in the Karoo region of the Northern Cape.

Scholarships are being offered aligned to the SKA project. The research focus for the SKA PhD and MSc scholarships must align very closely with specific areas of MeerKAT, SKA, PAPER and C-BASS science and technology where research is required.

For 2011, the research projects must be in the following general fields:
• Observational radio astronomy and cosmology.
• Experimental cosmology
• Radio astronomy engineering and instrumentation technologies

Alternatively, if a student wishes to undertake a project that does not appear on this list, he/she is free to submit a proposal for consideration, together with motivation for why the proposed project is relevant to the design, construction and scientific research goals of the MeerKAT and / or SKA.

Closing date for applications is 31 August 2010.

This project sounds really interesting and there are some wonderful research opportunities here. Go and read up further on their website.  http://infoscholarship.net/nrfsa-ska-phd-and-msc-scholarships-2011-south-africa.html

P.S. If you are interested in scholarships being offered around the world in many diverse research areas, follow @infoscholarship on Twitter.

Written by Justin Research   |   Tags: , , , , , ,

Security and ethics presentation to UKZN MBA class – copy of presentation

Justin   |   No Comments » Posted on July 30, 2010

On Tuesday evening (27th July 2010) I did a presentation to the University of KwaZulu Natal MBA class. The presentation was rather enjoyable (from my perspective) and with all the questions and interactions with the class we spoke for around and hour and a half or so.We did go a bit over time for the normal end time for the lecture, so thanks to the class for their patience and thanks again for you attention and questions.

Attached is a copy of the presentation for anybody who is interested.

Written by Justin Durban, Events, Security   |   Tags: , , ,

UKZN Graduate School of Business Seminar : Spiritual Intelligence at Work

Justin   |   No Comments » Posted on July 27, 2010

Spiritual Intelligence at Work : improving integrity, vitality and productivity

The University of KwaZulu Natal’s Graduate School of Business is pleased to advise that Dr Richard Steele will present at a forthcoming Business Seminar addressing the topic: Spiritual Intelligence at Work – improving integrity, vitality and productivity.

The word “spiritual” derives from the Latin word spiritus, which means “that which gives life or vitality to a system”. Spiritual intelligence is the ability to find meaning and purpose in life, and a way of connecting with the underlying patterns of the universe and all within it. The use of the word spiritual in relation to intelligence has no necessary connection with institutional religion.

This seminar will examine questions such as:

  • How is spiritual intelligence (SQ) different from intellectual intelligence (IQ) and emotional intelligence (EQ)?
  • How can we increase our integrity and vitality by connecting with, exploring, and improving our spiritual intelligence?
  • How can spiritual intelligence contribute to organisational wellbeing and productivity?

Spiritual intelligence at work provides an organisational environment based on respect for life and openness to change. Alignment of core values with business practice leads to a more emotionally healthy working environment which increases staff loyalty, motivation, creativity and productivity and adds depth to the triple bottom line principles of environmental, social and financial sustainability.

Dr Richard Steele is a homeopath in private practice and a part-time lecturer in the Department of Homeopathy at the Durban University of Technology. He graduated from UCT in 1979 with majors in English and Psychology and a teacher’s diploma. Up until 1993, when he registered at DUT for his Master’s degree in homeopathy, he was a fieldworker for the International Fellowship of Reconciliation, based in Durban. In that capacity he conducted many workshops and training events related to peace, justice, human rights and non-violent direct action.

Date: 19 August 2010
Time: 16h30 (1 hour)
Cost: R100.00 pp
Venue: GSB, UKZN Westville Campus

To Book Contact:
Ms Debbie Main: 031 260 1627, maind1@ukzn.ac.za

Written by Justin Durban, Events   |   Tags: , , , ,

ISACA KZN – A tale of two cities – and frameworks

Justin   |   1 Comment » Posted on July 27, 2010

The topic and speaker for the next ISACA KZN Chapter meeting (Thu 5th August 2010 at EY’s offices on La Lucia Ridge) is now confirmed. After much deliberation and debate, the speaker is non other than yours truly.

Topic : ” A tale of two cities – and control frameworks”

Speaker : Justin Williams

This is the same presentation that I gave at the IT Web conference earlier in the year. If you caught the presentation there you are still welcome to come along and contribute to the discussion/debate on the topic.

The meeting will take place at Ernst & Young in the main Boardroom, 2pm start with the presentation kicking off at 2:30pm, we need to be out by 4:30pm.

Attendees please confirm with Nadine (for catering purposes) by no later than 12:00hrs Friday 30th July 2010. Contact:  – 011 803 0803 – admin@isaca.org.za

ISACA KZN Chapter meeting, Thu 5th August 2010

Written by Justin Durban, ISACA, Security   |   Tags: , , ,

Visualising twitter at Conferences / Interacting with the web

Justin   |   3 Comments » Posted on July 25, 2010

The ISACA South Africa Annual conference is coming up in a few months and I though it would be pretty cool if we could have some kind of real-time visualisations of what the twitterverse (or net) was saying about the conference.

So this morning I was reading up on how best to do this and the first article I came across was 5 Ways to Visualize Twitter at Events which was on the Event Manager Blog : http://www.eventmanagerblog.com/event-management/visualize-twitter-at-events

This starts by answering the questions “A lot of fuzz is being made about if tweets should be displayed at events or not. The answer is simple, Yes! And in a fancy way.” and then proceeds to list 5 options for methods/tools that can be used to achieve this, and gives some pro’s and con’s for each.

Based on this article and the followup comments I whipped through the tools to see what might be suitable and jotted down some of my own thoughts. These are still fairly preliminary and I need to do some more investigation into features being offered and the overall robustness of the solutions.

The 4 tools I took a look at were : visibletweets, wiffiti, twazzup and twitterfountain

The tool we use (if the concept is approved)  would probably run from a laptop with a projector attached and run in an unattended fashion. I wanted to be able to select a few keywords / #hashtags, have some kind of title (or instruction) on the page, be able to add a custom background, and have cool visualisations of the results. I suspect the display is also going to have to run over a 3G connection at the conference, so it will also need to be reasonably bandwidth friendly, but that will have to be tested at a later stage.

My thoughts based on this rough criteria for each of the  options is briefly noted below :

Visible Tweets (www.visibletweets.com) Sample link

  • Supports multiple keywords, tags, and exclusions
  • 3 visualisation options suited for conference projections (looks great) and full screen operation (unattended)
  • builds tag cloud which displays between tweets
  • displays profile picture of tweeter
  • simple to setup and custom URL
  • No header option or custom background
  • Doesn’t seem to support twitpic or other picture services
  • Can make use of TidyTweet service to have filtered/moderated tweets (and prevent profanity/embarassment), $10 /month for non-personal use

Conclusion : Fairly good option, quick and easy to set up, would be better with a bit more customisation and twitpic support

Wiffiti (www.wiffiti.com)   sample link

  • Allows custom background to be uploaded
  • Custom title can be set
  • Does censorship (can set rating level)
  • Allows multiple tags
  • Can use pictures from flickr with tags
  • Displays tweets with profile picture, tags and location
  • Accepts mesages directly from website
  • Accepts SMS however is USA based short message code, not clear if could get a South African number
  • Easy to set up, however required signup to “publish” the screen and save it
  • Visualisation looks pretty good with multiple messages onscreen at once, full screen option

Conclusion : Very professional looking service, definitely one that could do the job.

Twazzup (www.twazzup.com) Sample Link

  • looks good in a browser for individual use but doesn’t seem suitable for conference projection
  • breaks the page up into different sections giving Highlights, Community Influencers, Live pictures, News, Twitter stream.
  • No custom headers or backgrounds
  • Seems to displays pictures (twitpic etc)
  • Lists common links

Conclusion : This is great way to get a view on a topic, but not for conference projection

Twitterfountain (www.twitterfountain.com) Sample link

  • does pictures in background, tweets scaled flying into background
  • gives twitter profile picture, name, tweet
  • link to blog top right (cant seem to remove)
  • banner across top (defaults to twitterfountain) and can be customised / removed
  • options for how messages animated
  • background image allowed
  • can change size of tweets and how they are displayed
  • fullscreen option
  • The URL generated for the fountain doesn’t contain all of the settings so these would have to be set up again each time

Conclusion : Also a viable option, not quite up to wiffiti, and I prefer the visualisation of visibletweets (although twitterfountain has far better customisation and does support the custom backdrops and banner whereas visibletweets doesn’t)

Summary (for now)

Each of these products is great in its own right, having a time and place where it may be the most suitable. For the conference I would tend to think either visibletweets (using tidytweet) or wiffiti would be the best options, though twitterfountain still needs a bit more investigation. More to come later.

Written by Justin Events, Mobile, Social Media   |   Tags: , , , , , , , , , , ,

Help out an MBA student by completing questionnaire on Phishing

Justin   |   1 Comment » Posted on July 23, 2010

I, RAJAN MUNIEN, an MBA student, at the Graduate School of Business, University of Kwazulu-Natal, hereby invite you to participate in a research project entitled “Internet Phishing – Hook, Line and Hopefully not Sunk…” The aim of this study is to gain a better understanding about online user’s awareness to the problem of Internet Phishing (IP). Through your participation I hope to determine the level of awareness amongst users and to present a strategy in creating further awareness on the problem. The results are intended to contribute towards implementing an awareness programme that will prevent further users from becoming victims to the threat of Internet Phishing. Your participation in this project is voluntary. You may refuse to participate or withdraw from the project at any time with no negative consequence. There will be no monetary gain from participating in this survey group. Confidentiality and anonymity of records identifying you as a participant will be maintained by the Graduate School of Business, UKZN.

If you agree to the above and want to proceed to the questionnaire, please click on the link below. This survey will take you approximately 10 minutes to complete.

http://internetphishing.questionpro.com

If you have questions at any time about the survey or the procedures, you may contact the author hereunder:
Rajan Munien, Cell : 084 – 5800 176, email : rajan.munien@gmail.com

Written by Justin Privacy, Research, Security   |   Tags: , , , ,

ISACA KZN Chapter meeting, Thu 5th August 2010

Justin   |   1 Comment » Posted on July 23, 2010

The next KZN ISACA Chapter meeting is scheduled to take place on Thursday 5 August 2010. This meeting was going to take place at Deloitte, however, there has now been a change in plans.

The meeting will take place at Ernst & Young in the main Boardroom, 2pm start with the presentation kicking off at 2:30pm, we need to be out by 4:30pm.

With the planned speaker having canceled on me I am still busy organising a replacement speaker.  This will be confirmed early next week. Anybody wishing to speak at the event (or having any good ideas for a speaker/topic) is welcome to drop me a mail or tweet me.

Attendees please confirm with Nadine (for catering purposes) by no later than 12:00hrs Friday 30th July 2010. Contact:  – 011 803 0803 – admin@isaca.org.za

Written by Justin Durban, ISACA   |   Tags: , ,

Post history

Close block
September 2025
S M T W T F S
 123456
78910111213
14151617181920
21222324252627
282930