The great EMV migration has been here with us for a while and everybody is excited with the new innovations of cashless payment (especially matatu industry) which brought a lot of excitement even though still trying to trace its tracks to be adopted industry-wide. This is because no other industry Kenyans detest like the matatu industry. Most Kenyans detest matatu drivers (because of careless driving) and conductor due to their crooked and dishonest behavior. No-wonder we use disgraced names like “Makanga”,”Concordi / Konkodi (Local Swahili slang for pickpocket-er)” etc to refer to conductors since there aim is to con us the meager shillings by increasing the fares or refusing to handover change.
As the saying goes, “The more things cange, the more they remain the same” ~Jean-Baptiste Alphonse Karr. Contactless / radio-frequency identification chips (RFID) / Near Field Communication (NFC) chips bring in new paradigm of IT risk profile revolutionizing ‘ Concordi (Konkodi)’ to ePickpocketer. Continue reading The ePickpocketer→
cyber crime has been hitting the headlines of late. Michaels snowden, the run away NSA agent holed up in Russia has given us a glimpse of the whole new world that we never imagined. For sure i can now conclude that;
“If you did not invent the technology, you never know the devil inside it”, by Kimson Kimathi.
Why do i say this? Well, it is true ” the National Security Agency has had the ability to track cell phones, even when they’re turned off” (informationweek.com,Mathew J. Schwartz | July 25, 2013 09:06 AM).
Is Big Brother watching from the Raytheon headquarters? The security firm has reportedly developed software that can track people’s online habits and predict future behavior based on data from social-networking websites.
The Internet is a great place to share; we share information, ideas, experiences, software, and media through many different services over the Internet. The Internet is also a great place to do business and to shop for great deals on software, movies, and music as well as other goods and services. Unfortunately, malware distributors take advantage of people’s desire to share and find the best deals by using social engineering in attempt to infect computer systems. Continue reading Microsoft Malware Protection Center October 2012 update→
SS Labs’ researchers have identified spearphishing as the most common targeted method sophisticated attackers use to compromise high-value targets. Where classic phishing takes a net-casting approach in its use of email — not unlike a low-end spam campaign — spearphishing uses social engineering techniques to create a more targeted invitation to click on a link or an attachment contained in a message. A recipient who follows the link may be invited to provide a user name and password or other personal information, or malware may be silently installed on the target’s computer.
Phishing and spearphishing attacks both begin with an email and rely on end-user cooperation — obtained via social engineering — to advance the attack. The protections used to repel untargeted phishing attacks will repel the overwhelming majority of spearphishing attacks.
The most effective defenses are user education and training that help end users avoid behaviors that enable successful phishing attacks. Technologies like antivirus tools and endpoint protection platforms (EPPs) have shown only mixed results in defending against exploits, and it is clear that a reliance on purely technological solutions is likely to be ineffective.
One of the most common misconceptions about data loss prevention (DLP) technology is that it is owned and implemented by IT security teams. DLP isn’t strictly a security project — it’s part of a broad data protection program that demands a co-existence of people and process with technology.
In Part 1 of this series, we examined the benefits of establishing organizational policies prior to implementing security controls for internal use of data. Now, with an approved set of administrative data protection controls, let’s look at how organizations can begin to design and implement DLP to help enforce those controls. Continue reading Making Data Leak Prevention Work In The Enterprise→
There’s insecure software, and then there’s insecure code samples available online in open source, Web forums, developer manuals, and even university materials. A brand-new project quietly launched last week aims to eradicate this source of bad code, which feeds into the cycle of insecure software development. Continue reading Project Finds, Purges Vulnerable Code Snippets From The Net→