The real face of Pakistan which western biased media does not show, Amazing video courtesy of pointcricket.com, Hat's off to the creator of this video it have some seriously good editing :)
Thursday, April 30, 2009
Wednesday, April 22, 2009
Threat Vs Vulnerbility
Recently i was sitting with few of my friends from the industry and i was surprised to learn that even people with more than 10 years of working experience were confused when it came to differentiating between threat and vulnerability. Much of that confusion has to be credited to the fact that these two terms are mostly used in combination and are often mistook for being the same, Well they are not and today I shall humbly try to explain and differentiate between the two.
THREAT would be something or someone which can take advantage of any weakness of you or your business to gain unfair advantage.
VULNERABILITY is the possible weakness which any threat can exploit to harm you or your business.
In a common office environment getting your computer infected by a virus would be a possible threat while not updating your antivirus or not having any anti virus at all would be a vulnerability which a virus can take advantage off.
It's not necessary that every vulnerability has a threat, What i am talking about? Well very simple real life example should relate my point across to you. Lets me give you example of my young son inside the boundry of our house, he plays around in the secure boundary and we are not that much concerned but he is vulnerable as in he may fall or hurt himself etc etc but certainly no "threats" now slight change of scenario and place my son in a public place with other elder kids and suddenly we have the very same vulnerable child with different threats (other older kids for exmaple) that we have to look out for and be concerned.
Although we continued to discuss many other topics but the above example and discussion did cleared out the misconception to the participants of that coffee meeting, I hope it does the same for the readers of this post.
THREAT would be something or someone which can take advantage of any weakness of you or your business to gain unfair advantage.
VULNERABILITY is the possible weakness which any threat can exploit to harm you or your business.
In a common office environment getting your computer infected by a virus would be a possible threat while not updating your antivirus or not having any anti virus at all would be a vulnerability which a virus can take advantage off.
It's not necessary that every vulnerability has a threat, What i am talking about? Well very simple real life example should relate my point across to you. Lets me give you example of my young son inside the boundry of our house, he plays around in the secure boundary and we are not that much concerned but he is vulnerable as in he may fall or hurt himself etc etc but certainly no "threats" now slight change of scenario and place my son in a public place with other elder kids and suddenly we have the very same vulnerable child with different threats (other older kids for exmaple) that we have to look out for and be concerned.
Although we continued to discuss many other topics but the above example and discussion did cleared out the misconception to the participants of that coffee meeting, I hope it does the same for the readers of this post.
Tuesday, April 21, 2009
User Names & Passwords : False Hope Of Security
Recently my article on "User Names And Passwords" was published as one of the cover stories by CSO Pakistan (Part Of CIO Pakistan) magazine in their Jan 2009 issue (http://ciopakistan.com/2009/01/usernames-and-passwords/) . The very same article was than selected and published by Network World on their website (http://www.networkworld.com/news/2009/011509-giving-false-hope-of.html?page=1) so here is the very same article for your viewing pleasure.
“Hold on let me transfer funds online” may have sounded like a distant concept a few years ago, but today it’s happening everywhere. We have moved from the conventional papertrail life to a digital life and with so many advancements so quickly. And everything happens at lightening speeds - just like the transaction.
“Hold on let me transfer funds online” may have sounded like a distant concept a few years ago, but today it’s happening everywhere. We have moved from the conventional papertrail life to a digital life and with so many advancements so quickly. And everything happens at lightening speeds - just like the transaction.
Information Security is a vast field so what we’ll do in this article, is address the most common mistakes committed in our everyday cyber lives, both intentionally or unintentionally, making an impact on our privacy.
We’ll talk about the basics, where so much can go wrong username and passwords and the problems associated with them.
In a typical office environment, on average, an individual has a couple of different passwords. A times, these passwords are unique, while in other instances, they are not. But everything has a password - from accessing the domain to email,from the ftp servers or however your unique environment and it’s IT infrastructure works. Let’s go through the five most common problems associated with usernames and passwords and practices associated with them.
1. Keeping same password for multiple login
2. Writing the password on sticky note or on desktop with file name password.txt
3. Sharing of password
4. Easy to guess passwords
5. Shoulder Surfing
All of a sudden, our simple problem, doesn’t seem all that basic any longer.
Let’s admit it, we are always behind schedule and run ning out of time. In such a scenario (with alzheimer’s so contagious!) who has time to remember multiple passwords? If your IT or Network Administrator has enforced some policies than you have to remember combination of upper and lower caps, numbers, symbols and before you know it, you are not a very happy camper. So what you end up doing, is the most convenient option which comes to mind: keep the same password for everything or almost everything and make your life easier. Sure. It’s something everyone does on a regular basis. However what you are failing to realize is he big picture. Someone manages to guess one password, they will try that for every other connected faucet in your life. Something, most likely, everything, comes leaking out into the world and no longer remains in your control.
There are times when your IT administrator knows what he or she is doing and makes you have different passwords for different applications running under his domain. You mumble and jumble many impolite words under your breath and in the event that there is a policy which will force-change your password after a certain period of time your IT admin becomes an even less popular chap.
Most people, without really thinking of the consequences, scribble down the password on a sticky note and place it in their line of sight. And in case you aren’t a fan of sticky notes, then some opt to create a textfile and name it “my passwords.txt” on desktop. How techie is that!?
With sticky notes, you are inviting everyone in your surrounding to have a go at your private files or to abuse your authorization and authentication which puts you in all kinds of trouble. Server logs can indicate that you (yes, you!) were logged in at a time when something bad (bad!!) happened, and you get in blamed for it.
Password sharing in the office environment is also common practice. After all, you are among friends, aren’t you? Some colleague calls you to say the boss urgently needs something and requests your password to make the “transaction” happen. You try and rememebr to change it later on but forget, as is usually the case. Combine this with the risk that you may only have a “one password fits all policy” and this is one mega disaster just waiting to happen.
‘Date of birth’, ‘name of a child’, ‘PAKISTAN’, ‘KARACHI’, ‘spouse name’ or a phone number -you can’t be serious and put THIS kind of protection! Now again if we combin this scenario with our first one again and we have a potential problem on our hands.
Something known as ‘brute force’ refers to the fact that someone is just going to guess passwords based on the details they know about you, and as many tries as it takes, try and force his way into your data. Welcome to Information Security 101!
Is everything lost? No certainly not, there are many ways of properly authenticating users without compromising security. The most convenient way to do so is to use Digital Certificates for authentication purposes than there are OTP’s (One Time Passwords). Whichever product or service you end up using make sure it adheres to the five pillars for Information Security. These are:
1. Authentication (The person accessing the information is really the person he or she claims to be)
2. Privacy (Any information exchanged between two parties shall remain private between them)
3. Authorization (The person should have access to information according to his or her authorization level)
4. Integrity (Content of any transaction/information transferred among two or more parties should remain intact)
5. Non Repudiation (In case of any conflict the parties cannot deny or reject their role in the disputed transaction).
Sunday, April 5, 2009
A Day At Track
Well not TRACK as in proper tracks abroad but more of a make shift desi track which means a long stretch of road, fast car (if you dont have a fast car than don't worry put on zillions of STEAAAAKERS / STICKERS / VINYLS, a cheap dholki / exhaust and a fake blow off valve to give your car a fake sound of turbo and you are good to go), lots of stupid people and good luck.
Today we had Adil from Islamabad with his insanely fast Supra which at the crank produces 800bhp (these figures were quoted to me and might be over or under exagurated) along with other Evo's, RX-7, S2000, EuroR's and others. One car which i would definately like to point out would be Faraz's Civic, a 93 Honda Civic stripped to the bone (no doors even) with a turbo charged B16 engine (as told to me) and it's run literally blew me away the car was insanely fast, i would let the following few vids do the talking.
http://www.youtube.com/watch?v=7cK8Q07C2vs
http://www.youtube.com/watch?v=fK3M-RkGpnM
http://www.youtube.com/watch?v=PSBS9RqvjMk
http://www.youtube.com/watch?v=LhkK5PsX3gw
Today we had Adil from Islamabad with his insanely fast Supra which at the crank produces 800bhp (these figures were quoted to me and might be over or under exagurated) along with other Evo's, RX-7, S2000, EuroR's and others. One car which i would definately like to point out would be Faraz's Civic, a 93 Honda Civic stripped to the bone (no doors even) with a turbo charged B16 engine (as told to me) and it's run literally blew me away the car was insanely fast, i would let the following few vids do the talking.
http://www.youtube.com/watch?v=7cK8Q07C2vs
http://www.youtube.com/watch?v=fK3M-RkGpnM
http://www.youtube.com/watch?v=PSBS9RqvjMk
http://www.youtube.com/watch?v=LhkK5PsX3gw
Friday, April 3, 2009
Something from my Nokia 2630 i miss on my N-79
Maybe it's just that i haven't been able to figure out how to do things on N-79, maybe i growing old or maybe, just maybe there are few things which are better to do on a set which costs you under 6k in comparison to a set which costs you around 32k.
When sending message, on my 2630 when it comes to selecting the people i want to send the message i have following options
Secondly the keypad on N-79 simply SUCKS! when it comes to good ol T9 messaging the 2630 OWES N-79 hands down and i am still using it as my main "texting" device lol
When sending message, on my 2630 when it comes to selecting the people i want to send the message i have following options
- Favorite (A name which stays on top of the list)
- Recently Used, list of recently used 10 contacts.
- Call Register, takes you directly to call log and you can select the contact or number directly from the log to send them a message.
- Contacts
- Contact Groups
Secondly the keypad on N-79 simply SUCKS! when it comes to good ol T9 messaging the 2630 OWES N-79 hands down and i am still using it as my main "texting" device lol
Subscribe to:
Posts (Atom)
