Security and Ethics presentation UKZN MBA Class 2012

Justin   |   3 Comments » Posted on August 19, 2012

Friday night (17 August 2012) I had the privilege presenting to the University of KwaZulu Natal 2012 MBA Class on information security. Given it was a Friday night the attendance was relatively small but it was good to see that the majority of the class stayed for the 2 hours we had together. Some interesting and insightful questions was raised and discussed. It is good to see people “get it”.

The presentation is attached for those who are interested. Get it here: security and ethics 2012 UKZN MBA Aug 2012 (updated)

Update 2012/09/12 : Apologies, the previous PDF was corrupted somehow. It has been re-uploaded and checked.  

Written by Justin Durban, Security   |   Tags: , , , , ,

Focusing on People vs Technology in INFOSEC : Additional thoughts

Justin   |   No Comments » Posted on July 22, 2012

This evening I came across this rather post on Trustedsec.com titled “Focusing on People vs Technology in INFOSEC” and it struck home. Everything in there I agree with. I would suggest you go and read it (link here).

I don’t want to plagiarise huge sections of the article, but am quoting fair bits of it below to introduce my own thoughts on the matter. To summarise (and paraphrase):

  • Organisations seem happier to invest in technology, such as security products, rather than in people
  • Organisations tend to have higher capital expenditure budgets rather than operational (direct expenditure)
  • There is generally a lack of people and programmes to support security technology implementations
  • There needs to be a much greater focus on people, without the right people product implementations fail

The author then goes on suggest eight steps to consider when building a security programme. These are repeated verbatim below :

  1. Focus on culture and having a fun environment for your people to work.
  2. Sending the team to security conferences and additional training events.
  3. Have a clear and concise roadmap for your team and an understanding of career advancement.
  4. Focus on building security programs first before ever investing in technology — use technology for automation.
  5. Work on automating and streamlining processes versus adding additional work on broken ones.
  6. Staff appropriately and fight for additional headcount where it is needed. Be careful on over hiring.
  7. Take time out of your day to focus on people and seeing how they are doing and if there is anything you can do.
  8. Communication. Communication. Communication… Did we say Communication?

I agree with all of the above. There are organisations who want to hire experienced people who can come straight in and do the job, who have all the experience and qualifications, but then don’t want to send them on training or want them to learn new skills. I find this to be a very short-sighted view. One of the hardest parts of setting up and running an effective information security team is finding and retaining the high calibre staff which will make it successful.

What will attract the right kinds of people? A learning environment. One where they can come in, be part of a team, have fun, learn new skills, share existing skills and knowledge while making use of these skills and taking themselves to the next level. I have always found that by encouraging people in your team, across all levels, to study, to take on new challenges and to better themselves boosts the confidence and productivity of all. I see a lot of debate around whether CISSP or CISM is the better qualification, or sometimes whether they have any value at all. That is largely irrelevant in my view. I would (and have) encourage my staff to do either. Going through the process helps the inexperienced learn new skills, and gives recognition to those who already have the skills. This is good for self-confidence and career prospects, either in the organisation or outside.

I have also found that by focussing on people and teaming, people will develop loyalty, both to you as a manager and mentor, as well as to the organisation. You are more likely to retain these people longer, and reap the rewards from the investment that has been made, despite the fears that once qualified they will leave. When you have a great learning environment then people will also be attracted to come and work with and for you. Half the battle is then won.

All the grand plans in the world will come to nothing unless you have people who will work with you, support you and enable those plans to come to fruition. There are going to be times when a lot of hard work is required, but, hard work towards a known goal, where you are learning, having fun and being productive doesn’t always feel like hard work, and staff will give of their extraordinary efforts willingly. At the same time, don’t take them for granted. Small gestures can go a long way.

In all of this, technology is also important. Not so much the technology you end up implementing, but the technology you make available to the staff to experiment, play and learn with. While (mostly) any tool can get the job done, key is making sure that you know those tools intimately. When they are in production it is hard (and dangerous) to play with them, however, having a lab environment with the right hardware, software and connectivity gives the freedom for people to learn and become the best they can be. This also keeps the job fresh and rewarding. Don’t forget this when preparing the budget – even though it may appear to be an unnecessary luxury. Be prepared to debate around and defend this portion of the budget just as much as your capex, salaries and training.

@dave_rel1k (I am assuming you wrote the piece), thanks for sharing, and reinforcing for me the important aspects to focus on when building an information security team who can transform the organisation.

Written by Justin Praise, Security   |   Tags: , ,

Cyber Defence and Network Security Africa : Cloud-based Scanning

Justin   |   No Comments » Posted on July 16, 2012

I am speaking tomorrow (17 July 2012) at the Cyber-Defence and Network Security Africa conference (www.cyberdefenceafrica.com) at the Crowne Plaza in Rosebank.

Time : 12:15 Cloud-based scanning: A case study from Transnet

  • The need for a supplemental, cloud-based scanning solutions
  • Cloud based scanning: how it works, the benefits, and limitations
  • Implementation challenges and lessons learnt at Transnet

Download a copy of the presentation here : Cloud scanning

Then later in the day I will be participating in a panel discussion with the esteemed Barry Irwin and Kabuthia Riunge. Details of this listed below, should be an interesting 45m.

16:00 Panel discussion: Cyber threats over the horizon and the future of information security

  • The current threats, and how these are likely to evolve over the medium term
  • State and non-state actors and the threats each poses
  • Preparing for cyberwar—what can (and what should) the private sector do
  • The future of cybercrime

Panellists:

  • Barry Irwin, Senior Lecturer, Rhodes University
  • Justin Williams, Principal Specialist: Information Security, Transnet
  • Kabuthia Riunge, Senior Information Security Officer, Central Bank of Kenya
Written by Justin Events, Johannesburg, Research, Security   |   Tags: , , , , ,

Last gripe against Vodacom (overbilling)

Justin   |   3 Comments » Posted on July 14, 2012

I have moaned enough about Vodacom on here, and my last post was around my happy and seamless migration from Vodacom to Cell C. I am delighted with Cell C.

To have more grief from Vodacom was somewhat unexpected.  I just received my last bill from Vodacom. For a little bit of background. I had a 24 month contract from my son on Vodacom (amongst three others), had many issues with Vodacom so cancelled and removed various contracts. This was the last of them, it was a discounted monthly fee contract and the cancellation fee was too high to warrant early termination.

Read the rest of this entry »

Written by Justin Consumer Protection Act, Mobile, Pick On   |   Tags: , , , ,

Your twitter account has been hacked? How to fix this (and avoid it happening again)

Justin   |   3 Comments » Posted on July 01, 2012

My Twitter account was “hacked” a number of months back, and the accounts of a number of people I follow have been hacked on a fairly regular basis since. This is unfortunately a regular occurrence and spammers are increasing their efforts to get access to people’s accounts to spam their followers.

How do you know if someone you are following has been “hacked”? 

You will in all likelihood get a direct message from someone you follow which will be a generic message (but interesting or tempting one) which will have an embedded link to a site. Links these days are mostly shortened so you won’t immediately be able to see the final destination site. Clicking on it could be compromising your account and / or delivering up malware to your PC which your Antivirus software may or may not detect. So avoid clicking these.

Common messages that are coming up recently as direct messages include :

  • Twitter might start to charge in July, sign this petition to keep the service free! (link removed)
  • Hi, this user is saying really bad rumors about you … (link removed)
  • Hi some person is saying really bad things about you … (link removed)
  • Hi somebody is posting horrible rumors about you … (link removed)
  • Hey someone is saying nasty things about you… (link removed)
  • Various messages about weight loss or other obvious spam

How do you know if you have been “hacked”?

Your followers will send you messages pretty quickly to tell you, or they will be asking you why you are sending them strange messages (like the ones above). Don’t ignore these or react negatively, thank them for the warning and get on with fixing the problem before more of you followers are spammed and / or compromised.

What to do when you have been “hacked” ?

  1. Change your password.
    • Choose something decent, not a real language word, chuck in some numbers or special characters, and don’t think you are smart by using l33t sp3@k (leet speak).
    • Ra35!!me would be good, whereas P@ssw0rd would be bad.
  2.   Check to see what applications are “authorised” against your account. This can be used to keep sending SPAM even after you have changed your password.
    • Log in to your Twitter account on the web and open up your account settings.
    • Click on the Apps tab in the left-hand menu.
    • Read down through the list of applications to see that you know about them and trust them
    • If unsure of an application, revoke its access. You can always approve it again later.
  3. Check that if you associated your mobile number with your twitter account you have set up a PIN
    • Log in to your Twitter account on the web and open up your account settings.
    • Click on the Mobile tab in the left-hand menu.
    • Choose a PIN if you don’t have one (mix of 4 numbers and letters)
    • Go to the bottom of the page and click Save changes.
    • If your PIN is OK you will see a confirmation message.
  4. Apologise to your followers. Send them here if they have been “hacked”. Shortlink : http://j-j.co.za/twithack
  5. Be vigilant

 How did you get hacked?

You may have clicked on one of the direct message links as per the examples above, or you may have received an interesting tweet or link to :

  • Sign a petition to stop twitter becoming a pay service
  • Save the Rhino, the Dolphins or the World
  • Anything else that looked interesting

If you do inadvertently click on a link, in some cases the URL shortening service (eg. bit.ly) will pop up a warning where they have determined the link to be dangerous. Consider this your guardian angel, say thanks and close the window.

If unlucky, you will end up on the page the attackers want you to. The most recent two I investigated put me on a page on tvvitiler.com which was a copy of the twitter login page with a timeout message asking me to log in again. If you are unfortunate enough to do so, that’s you toast, proceed to the fix section below 🙂 The sites hosting these fake login pages vary from post to post and are more often than not themselves hacked, with the unlucky owners unaware of what is happening.

Chances are therefore that some website or app somewhere conned you into giving your credentials to Twitter or the app/site so that it could post something on your behalf. It may well be something that you wanted posted, however, it then piggybacks off that to send a whole lot of unwanted stuff. Just be aware, and vigilant, and followup quickly when something happens.

With information security, knowing how to react and clean up is just as important as prevention. It is not a matter of if, but of when your account will be compromised.

Thanks to :

  • Mandy Wilson (@Mandywilson_SA)
  • Samantha (@MetroGalZN)

If you have further comments and insight please leave it in the comments here or tweet me (@jjza). Please share this information (http://j-j.co.za/twithack)

P.S. To those infosec folks reading this, apologies for my very liberal use of the word “hack”

Written by Justin Research, Security, Social Media   |   Tags: , , , , , , , ,

High volume banking spam purporting to be from FNB

Justin   |   5 Comments » Posted on June 28, 2012

I have received High volume banking spam purporting to be from FNB for the last number of days. The only difference between these messages is the embedded link. Most are just URLs, some though have an x-apple-MSG-load in them.

Message and links below.

From : FNB (ibt@onlinedata.co.za)
Subject : Return on Charges

You are hereby notified that FNB is giving back all accumulated fees on taxable income that have been carried out over a period of one year. This is as a result of the new regulation imposed on banks by SARS. Please note that you have to follow the instructions below to the latter in other to ensure the funds is remitted into your account .

If you have an account with us, Kindly click here now.

Regards,
© 2012 FirstRand Bank Limited.
An Authorised Financial Services and Credit Provider (NCRCP20). All rights reserved.

I have received 10+ of these a day for the last week or more. I have removed the link from the above so it isn’t live. In the mails the link varies between a number of sites some of which are listed below:
http://sushilcheema.com/charge_deposit_fnb_paid2/index dot php
http://sushilcheema.com/charge_deposit_fnb_pays/index dot php
x-apple-msg-load://4CEA18FC-4FDA-4797-8DBD-F85A077F3B3D/
http://istudymedia.com/charge_deposit_fnb_paid4/index dot php
http://digitalarborist.com/charge_deposit_fnb_pays/index dot php
http://createemailcampaigns.com/charge_deposit_fnb_payee/index dot php

Has anybody else been flooded with these?

Written by Justin Online commerce, Privacy, Security   |   Tags: , , ,

DSTV mobile application upgraded from Beta to final.

Justin   |   No Comments » Posted on June 26, 2012

DSTV mobile application upgraded from Beta to final. No real obvious changes in the release notes except for the statement below :
*** If you device is running Android 2.1 (Eclair) or your device has a processor slower than 800Mhz, please use the “DStv Mobile Decoder Eclair” version.

Same list of devices supported.

Link to the final application here : https://play.google.com/store/apps/details?id=com.valups.tivit.app.finaldstv

Written by Justin Gadgets, Mobile   |   Tags: , , ,

Review of the iDrifta for iPad/iPhone/iPod touch

Justin   |   7 Comments » Posted on June 24, 2012

Full disclosure : I have no affiliation to DSTV, DSTV Mobile or Multichoice. I write this blog in my spare time with no payment from any providers. The review unit was provided to me by the marketing agency working with DSTV Mobile and I thank them for it. I pay the monthly subscription fees on the Drifta devices I am using – including the iDrifta. 

The iDrifta is a cute, small, convenient little device. As a Drifta for the iPad / iPhone / iPod touch (referred to as iDevice), this is brilliant. It is however restricted to just those devices.

I have in the past reviewed the original (wifi) Drifta and the USB Drifta. This review now focusses on the iDrifta. If you are wanting to use the Drifta with your PC, Blackberry, Mac, Android and your iDevice then right up front this is not for you. Take a look at the table over here to see which devices work with which Drifta’s to make that decision. If however your are primarily wanting a Drifta to use with your iDevice, then read on.

The iDrifta is about the size of a matchbox. On the top it has an Apple connector, on the bottom it has a micro USB for charging, with a soft loop of aerial around the port.  Just above the micro USB is a single LED which lights up when the device is being charged.

Read the rest of this entry »

Written by Justin Fun things to do, Gadgets, iPad   |   Tags: , , , ,

What are the differences between the iPad 2 and new iPad (for a South African)?

Justin   |   1 Comment » Posted on June 23, 2012

A previous post of mine comparing the iPad and iPad 2 proved to be one of the most visited on the site with over 3500 people reading it. Since the new iPad  (aka iPad 3) has been out for a little while now it made sense to do a follow-up.

When it was announced a big deal was made about the screen, and what an amazing screen it is. However that is not the only difference between the devices. As a very happy iPad 2 wi-fi+3G user I wasn’t going to upgrade, and kept telling myself I didn’t need to as there weren’t really any real differences. The chance came along to get a new iPad at a great price and I took it. Looking back, I didn’t realise all the difference between the two.

Below I explore many of those differences – component by component. Take a look at the bottom of the post for a line by line factual comparison to support the opinions presented. The information (in the table)  is sourced from a number of websites. Source list with links below the table.

Read the rest of this entry »

Written by Justin Fun things to do, Gadgets, iPad   |   Tags: , , , , , , , ,

Migrating to Cell C from Vodacom, simple and painless

Justin   |   6 Comments » Posted on June 23, 2012

After 16 long years with Vodacom the time had come. After a number of battles  (see here, here and here) trying to get them to respect me as their customer and comply with the Consumer Protection Act, the decision was made. Instead of righting their wrongs, Vodacom chose to let me cancel my contracts early (some 6 months after my CPA compliant against them). I jumped at the chance, done deal. Bye bye Vodacom.

The timing was good. Cell C had announced their 99cents prepaid option with a promise of decent contract rates to come , which have now been announced and are indeed good – for each rand you spend you get an anytime minute, a meg of data and an SMS.. I looked into how to make all this happen and found that it was not as difficult as one may imagine.

To avoid having to deal with call centres I chose to go into the Vodacom walk in customer centre in Gateway shopping centre. I explained what I wanted to the consultant and he suggested the best approach.

First thing needed was to convert my postpaid account into a prepaid account. He wanted a copy of my ID and proof of residence and within a few minutes it was done. All free minutes etc were lost in this process, but since I was leaving Vodacom I didn’t really mind.

Next stop, the Cell C shop. Again no major challenges this side. I purchased a starter pack (for 99c) and an airtime voucher (R70).

The agent then RICA’d my SIM after being supplied with the now standard ID and proof of residence. He then showed me the instructions on how to do the number port (printed on the back of the SIM pack).

Simple.

All I needed to do was to send an SMS from my old number and then the process would be started, and within 24hrs I would receive some confirmation SMSs and at that point insert my new Cell C SIM card, load my airtime and Bob’s your uncle.

First snag. I tried to send the SMS but it failed. No airtime on the Vodacom prepaid SIM. Damn, I should have seen that one coming. No problem, a few hours later bought R5 airtime at the local Spar and send the SMS.

Within a few minutes I had the reply telling me all was underway, and by the next morning there were more confirmation SMSs to tell me to go ahead and insert the new SIM. With the old SIM the phone was showing NO Service, so clearly had been deprovisioned.

I popped in the next SIM and it worked a treat. Cell C SMS’d me all the new settings needed for SMS, MMS etc, applied them and all was great.

After that it was just a matter of getting used to the new voice mail services, balance enquiry and the like. Everything is running just great now. Very happy to have moved.

 

Written by Justin Consumer Protection Act, Gadgets, Mobile   |  

Summary of Drifta compatibility : Which Drifta to get

Justin   |   No Comments » Posted on June 23, 2012

Now that there are 4 Drifta devices on the market it can be a little confusing as to which one to buy. The assumption often can be that each new one is better than the last, and this is definitely no the case. In truth, though each is slightly different in size and shape, they all provide the same functionality (mostly), same picture quality, and where they have a battery, similar battery life. The choice really comes down to which devices you want to use the Drifta with. The table below summarises this. Click on the device name for link to a full review.

Walka Drifta (WiFi) USB Drifta iDrifta
Standalone Yes No No No
iPad/Phone/Touch*3  No Yes No Yes*3
Windows PC No Yes Yes No
Mac No Yes Yes No
Blackberry No Partial*1 No No
Android No Yes*2 No No

*1 There are limited devices which are supported by Blackberry and this support is Beta only. Be careful, newer Blackberry devices are not supported. (Link here to supported devices)

*2 Android support is also not universal, it is device specific. Many devices are supported but check before you buy. (Link here to supported devices)

*3 If your iDevice is jailbroken you will play Cat and Mouse with DSTV as by default the application won’t work. With a little help from a friend it will work on current versions (and some past versions) but going forward there are no guarantees it will work. (Link to jailbreak information here)

 

 


Written by Justin Fun things to do, Gadgets   |   Tags: , , , ,

iDrifta quick start guide (images)

Justin   |   No Comments » Posted on June 17, 2012

Images of the two pages of the iDrifta quick start guide included with the device. The full unboxing of the device can be found here. Review to follow.

Click through for the two pages of the guide.

Read the rest of this entry »

Written by Justin Fun things to do, Gadgets, iPad   |   Tags: , , , , ,

iDrifta unboxing and some initial comments – with lots of pictures

Justin   |   11 Comments » Posted on June 17, 2012

Review of iDrifta here. Unboxing continues below.

I was confused last week when my mom called me to say that a parcel had just been delivered to her house for me. I asked her to open it for me since I wasn’t expecting anything and didn’t have a clue what is was. I was quite delighted when she told me it was an iDrifta. Neither DSTV mobile nor their marketing company had told me there were sending me one for review so it was really an unexpected surprise. This is the second time they have sent me one of their new products to review (the USB Drifta was also provided for review) so thank you once again to DSTV mobile  for being so kinda as to send this through, and for the nice red ribbon and accompanying letter. Just in time for Fathers day 🙂

This post is the “unboxing”, the review will come later. I called their call centre earlier to activate the device, but now 3 hours later it’s still not activated. I don’t much feel like spending more time on the line to the call centre (that last call was 15m+) so decided to write this up instead and try again with the call centre later. Enjoy this for now, will link to the review later.

Read the rest of this entry »

Written by Justin Fun things to do, Gadgets, iPad   |   Tags: , , , , , , ,

ISACA 2012 conference happening from 10-12 September 2012, registrations open soon

Justin   |   No Comments » Posted on June 17, 2012

The ISACA South Africa 2012 conference is happening from the 10-12 September. Diarise the dates, get those purchase requisitions in. If you are wanting to present at the conference then mail Nadine (admin@isaca.org.za) – the speaker lineup is being finalised shortly so hurry up to make sure you don’t miss out.

The conference is being held at the Wanderer’s Club in Illovo. It’s right next door to the Protea hotel if you need accommodation, and is also served by the Gautrain and their buses, with a bus stopping right outside the hotel gates.

Hope to see you all there.

Written by Justin Events, ISACA, IT Governance, Johannesburg, Research, Security   |   Tags: , , ,

Nespresso compatible coffee pods at Hirsch’s (updated with first thoughts)

Justin   |   20 Comments » Posted on June 07, 2012

Nespresso compatible pods

Posted from WordPress for BlackBerry.

Excuse the poor quality of the picture, the Blackberry camera isn’t really suited to taking closeups of small newspaper adverts.

This afternoon I saw in our local community newspaper (Highway Mail – 8 June 2012) that Hirsch’s were advertising “Fits into a Nespresso” coffee pods. Branded as “Cafe Luxe coffee pack” they come in sleeves of 10 capsules. Priced at R39.99 its about a rand per cup cheaper than the original nespresso. Not sure if it’s worth the difference but I haven’t tried them so shouldn’t comment on the quality.

This coffee comes in 5 flavours :

  • Decaffe
  • Lungo
  • Mild roast
  • Medium roast
  • Dark roast

I am intrigued. If anyone has bought or tried this coffee please let us know.

Update :

I see that the online Espresso Shop also stocks these capsules. They have pictures of the capsules, also priced at R40/pack of 10, along with an FAQ stating that these are fully compatible and won’t damage your Nespresso machine. More details at their website here.

Update 2 :

I bought some of these capsules to try out. I used the first one this morning. Will provide more feedback as I go along:

  • The capsules are in rather colourful, but plain and function box.
  • You can slide the box open to remove a capsule without having to damage the box in any way
  • The capsules feel plastic rather than a thin metal
  • After putting the capsule into the machine it was a fair bit more difficult to close the Nespresso machine (and pierce the capsule)
  • Once in and pressing the “make coffee” button some clear water come out before coffee starting pouring out. I haven’t seem this before with the normal Nespresso capsules
  • The foam on the coffee wasn’t as “rich looking” as with the normal coffee
  • I tried the medum roast blend (the orange box), and it was ok-ish. Perhaps slightly bitter, but nothing special. Neither good nor bad.
  • When I took the capsule out after using it and examined it, the cap which normally has the lattice piercings in it was pierced but somehow not as cleanly as is normally the case

After just one cup my initial thought is that I probably won’t buy these again. For saving R1/cup it isn’t worth it, especially with the niggles above. Still, have 49 more cups to go, so more feedback to come.

Update : If you come across this post through a random internet search, you may want to read this later post, it is a whole lot more useful. (Not so compatible Nespresso pods)

Written by Justin Coffee   |   Tags: , , , , , , ,

Paying the rent

Close block

Paying that rent

Close block

Post history

Close block
October 2017
S M T W T F S
« Oct    
1234567
891011121314
15161718192021
22232425262728
293031  
%d bloggers like this: