Category Archives: Privacy

The ePickpocketer

The great EMV migration has been here with us for a while and everybody is excited with the new innovations of cashless payment (especially matatu industry) which brought a lot of excitement even though still trying to trace its tracks to be adopted industry-wide. This is because no other industry Kenyans detest like the matatu industry. Most Kenyans detest matatu drivers (because of careless driving) and conductor due to their crooked and dishonest behavior. No-wonder we use disgraced names like “Makanga”,”Concordi / Konkodi (Local Swahili slang for pickpocket-er)” etc to refer to conductors since there aim is to con us the meager shillings by increasing the fares or refusing to handover change. 

As the saying goes, “The more things cange, the more they remain the same”  ~Jean-Baptiste Alphonse Karr. Contactless / radio-frequency identification chips (RFID) / Near Field Communication (NFC) chips bring in new paradigm of IT risk profile revolutionizing ‘ Concordi (Konkodi)’ to ePickpocketer. Continue reading The ePickpocketer

Can you track a ‘Turned off’ Cellphone?

cyber crime has been hitting the headlines of late. Michaels snowden, the run away NSA agent holed up in Russia has given us a glimpse of the whole new world that we never imagined.  For sure i can now conclude that;

“If you did not invent the technology, you never know the devil inside it”, by Kimson Kimathi.

Why do i say this? Well, it is true ” the National Security Agency has had the ability to track cell phones, even when they’re turned off” (informationweek.com,Mathew J. Schwartz | July 25, 2013 09:06 AM).

“This tracking ability was revealed on July 20 by The Washington Post, in an article chronicling the evolution of the NSA’s signals intelligence work in the wake of the Sept. 11 attacks, when intelligence agencies, the military and the FBI created an “insatiable demand for its work product.” Continue reading Can you track a ‘Turned off’ Cellphone?

The ‘Big Brother’ is here! …….

https://i2.wp.com/www.redorbit.com/media/uploads/2013/02/shutterstock_1629978-617x416.jpgIs Big Brother watching from the Raytheon headquarters? The security firm has reportedly developed software that can track people’s online habits and predict future behavior based on data from social-networking websites.

The “extreme-scale analytics” system, named Riot (Rapid Information Overlay Continue reading The ‘Big Brother’ is here! …….

Microsoft Malware Protection Center October 2012 update

The Internet is a great place to share; we share information, ideas, experiences, software, and media through many different services over the Internet. The Internet is also a great place to do business and to shop for great deals on software, movies, and music as well as other goods and services. Unfortunately, malware distributors take advantage of people’s desire to share and find the best deals by using social engineering in attempt to infect computer systems. Continue reading Microsoft Malware Protection Center October 2012 update

How to Protect Against the Threat of Spearphishing Attacks

SS Labs’ researchers have identified spearphishing as the most common targeted method sophisticated attackers use to compromise high-value targets. Where classic phishing takes a net-casting approach in its use of email — not unlike a low-end spam campaign — spearphishing uses social engineering techniques to create a more targeted invitation to click on a link or an attachment contained in a message. A recipient who follows the link may be invited to provide a user name and password or other personal information, or malware may be silently installed on the target’s computer.
Phishing and spearphishing attacks both begin with an email and rely on end-user cooperation — obtained via social engineering — to advance the attack. The protections used to repel untargeted phishing attacks will repel the overwhelming majority of spearphishing attacks.
The most effective defenses are user education and training that help end users avoid behaviors that enable successful phishing attacks. Technologies like antivirus tools and endpoint protection platforms (EPPs) have shown only mixed results in defending against exploits, and it is clear that a reliance on purely technological solutions is likely to be ineffective.

Download this analysis brief to learn about our findings and recommendations.

Making Data Leak Prevention Work In The Enterprise

One of the most common misconceptions about data loss prevention (DLP) technology is that it is owned and implemented by IT security teams. DLP isn’t strictly a security project — it’s part of a broad data protection program that demands a co-existence of people and process with technology.

In Part 1 of this series, we examined the benefits of establishing organizational policies prior to implementing security controls for internal use of data. Now, with an approved set of administrative data protection controls, let’s look at how organizations can begin to design and implement DLP to help enforce those controls. Continue reading Making Data Leak Prevention Work In The Enterprise

Project Finds, Purges Vulnerable Code Snippets From The Net

There’s insecure software, and then there’s insecure code samples available online in open source, Web forums, developer manuals, and even university materials. A brand-new project quietly launched last week aims to eradicate this source of bad code, which feeds into the cycle of insecure software development. Continue reading Project Finds, Purges Vulnerable Code Snippets From The Net