RSS
 

Archive for November, 2006

Google (Code Search).. New service, yet new problem!

30 Nov

Last month Google launched a new searching feature named (Code Search) which gives Google users the ability to search public source code of the indexed web pages!

It is a great tool for programmers and code developers indeed; however, it is also a great tool for the hackers!!
From now on, if you keep your configuration script files, for instance, publicly available… expect that your passwords will be compromised really quick!

For more about exploiting Google Code Search click here, here and here

———————————————————————————————–

 

What is the point behind some of the U.S. Visa application questions?!

27 Nov

Bruce Schneier is asking what is the point of these questions appear in the U.S. Visa application:
- Have you ever been arrested or convicted for any offense or crime, even through subject of a pardon, amnesty or other similar legal action?
- Have you ever unlawfully distributed or sold a controlled substance (drug), or been a prostitute or procurer for prostitutes?
- Did you seek to enter the United States to engage in export control violations, subversive or terrorist activities, or any other unlawful purpose?
- Are you a member or representative of a terrorist organization as currently designated by the U.S. Secretary of State?
- Have you ever participated in persecutions directed by the Nazi government or Germany; or have you ever participated in genocide?

BTW, the U.K. Visa application involves similar questions….
It’s obvious that a terrorist or a drug dealer wouldn’t reveal their criminal identities!
Is it that “if someone is convicted of one of these activities he can also be convicted of visa-application fraud” as Bruce deduced?
If so, then there is no security benefits behind asking such questions… Do you agree?!
To read more press
here

———————————————————————————————–

 

Slides of RUXCON2006′s presentations are now available!

26 Nov

Now you can get the slides of the presentations given in the (RUXCON 2006, Australia). RUXCON is a conference organised by and for the Australian computer security community. RUXCON 2006 was held at the University of Technology.

Press here to get the presentation slides from RUXCON 2006.

———————————————————————————————–

 
 

new security certification from Cisco!

26 Nov

Cisco has recently announced its new security certification for the “entry-level” engineers : Information Security Specialist Certification (ISSC). After completing the ISSC course, the engineers should demonstrate the foundational knowledge and skills required to install and support a Cisco Self-Defending Network.

 

I really think that this is a very good idea: security certification for the “entry-level” engineers!! 
Press
here for more information.

———————————————————————————————–

 
 

ISSA Announces New Alliance with Microsoft!

26 Nov

Information Systems Security Association (ISSA), the largest international association specifically for information security professionals and practitioners, announced an alliance with Microsoft to provide security training, education and networking opportunities to information security professionals around the world. ISSA will also identify Microsoft’s specific security education needs and priorities.

 

For more press here

———————————————————————————————–

 
 

UK Government Authentication Gateway has been awarded the 2006 IDDY!

26 Nov

IDDY (Identity Deployment of the Year) is an award conducted by the Liberty Alliance, the famous alliance that aims to build open standard-based specifications for federated identity, provide interoperability testing, and to help provide solutions to identity theft. 

The UK government has been awarded for it’s excellence in digital identity management. I think that such award at this specific time should give boosts to the UK government and should help with mitigating the pressures imposed on it, especially after raising many questions by the media around the repeated delays of the project of the national ID scheme and it’s feasibility…

to read more about the award press here

 

———————————————————————————————–

 
 

التلاعب إلكترونيا بمخصصات مستحقي الضمان الإجتماعي في بعض المحافظات السعودية

25 Nov

تضاعفت مخصصات مستحقي الضمان المالي في بعض محافظات المملكة العربية السعودية .. و يؤكد المسئولين الحكوميين عن الضمان الإجتماعي بأن ما حدث كان بسبب فايرس أصاب أنظمة الحاسب لديهم ..علما بأن المخصصات تودع شهريا في أحد البنوك السعودية (الراجحي) الذي لم يقدم تفسيرا واضحا لما حدث و أكتفى بالتأكيد على أن الخلل هو من الجهة الحكومية التي تعطي الأوامر بصرف مستحقات الضمان الإجتماعي 

 

!!!شخصيا أستبعد أولا أن يكون المسئولين في الضمان الإجتماعي يعرفون فعلا حقيقة ما حدث
و ثانيا أستبعد أن تكون المشكلة هي فايرس!!! .. يبدو لي أنها إما اختراق من الداخل أو إهمال أثناء إعطاء أوامر الصرف
لكن أخيرا.. رب ضارة نافعة .. أتمنى أن تكون حوادث كهذه كافية ليعي المسئولين في القطاعات المختلفة في المملكة العربية السعودية أهمية و ضرورة إنشاء أقسام متخصصة بأمن المعلومات
رابط الخبر

———————————————————————————————–

 
 

Security Engineering .. is now freely available online!!

25 Nov

“Security Engineering” is one of the best books -according to many Information Security experts- written on the topic of security engineering, the book is written by Ross Anderson a Professor of Security Engineering at Cambridge University. the book is published by Wiley and has been translated to many languages like Chinese and Japanese.

Now, you can get the book absolutely free from Prof. Ross’s personal website, press here.

———————————————————————————————– 

 

!”تعلن عن فتح باب الترشح لجوائز “الأمن الغبي PI جمعية

25 Nov

عن فتح باب الترشح للمنافسة Privacy International أعلنت جمعية
المعروفة بإسم “الأمن الغبي” و التي من المفترض أن تقدم للشركات و المؤسسات التي تثبت أنها تستحق فعلا إحدى جوائز الشركة التالية

  • Most Egregiously Stupid Award
  • Most Inexplicably Stupid Award
  • Most Annoyingly Stupid Award
  • Most Flagrantly Intrusive Award
  • Most Stupidly Counter Productive Award

 

و تتكون اللجنة المختصة بإختيار الفائزين من خبراء في أمن المعلومات و إعلاميين من ذوي الإهتمام بقضايا الخصوصية
لرؤية الخبر إضغط هنا
لرؤية قائمة بالفائزين السابقين إضغط هنا

———————————————————————————————

 
 

!قائمة بأسوأ كوارث انتهاك الخصوصية

25 Nov

في هذه المقالة ستجدون قائمة جيدة بأشهر الحوادث المتعلقة بإنتهاك الخصوصية … على الرغم من أن كل ما ورد في القائمة هي حوادث مهمة فعلا إلا أن الإشارة إلى الحدث رقم واحد في القائمة أعجبني كثيرا

للإطلاع على المقالة إضغط هنا

———————————————————————————————–