Category Archives: Uncategorized

LEGAL ARGUMENTS FOR AND AGAINST THE USE OF OPEN SOURCE FORENSICS TOOLKITS IN COURT PROCEEDINGS IN KENYA

Abstract

Purpose – The purpose of this paper is to explore legal arguments for and against the use of open source forensics

tool kits in court proceedings in Kenya

Design/methodology/approach– The methodology used is literature review from scientific research papers and laws of

Kenya.

Findings–There is no relevant laws in Kenya about the support of usage or against usage of digital forensics tools

either open source or licensed. The laws currently in place does not clearly state on which methods should be used to

verify the accuracy and reliability of the tools used and how to determine the best tools to conduct open source digital

forensics.

Paper type – Research paper

Keywords—Computer, Forensics, digital, email

BitCyber Security Consultants

Abstract

Purpose – The purpose of this paper is to explore legal arguments for and against the use of open source forensics toolkits in court proceedings in Kenya

Design/methodology/approach– The methodology used is literature review from scientific research papers and laws of Kenya.

Findings–There is no relevant laws in Kenya about the support of usage or against usage of digital forensics tools either open source or licensed. The laws currently in place does not clearly state on which methods should be used to verify the accuracy and reliability of the tools used and how to determine the best tools to conduct open source digital forensics.

Paper type – Research paper

Keywords—Computer, Forensics, digital, email

Get a copy here!

View original post

Uncovering ‘PONY malware’

The malware has been hitting the news lately by stealing 2 Million Accounts passwords from Facebook, Twitter, Google, ADP. “The Pony malware is used to steal information: stolen credentials for websites, email accounts, FTP accounts, [and] anything it can get its hands on. In this case, attackers planted the malware on users’ machines around the world and were able to steal credentials for websites such as Facebook, Twitter, Yahoo, and even the payroll provider ADP,” says John Miller, security research manager at Trustwave. (trustwave.com, 2013).The malware has been around since beginning of this year – Jan 2013 (laboratoriomalware.blogspot.com, 2013).

PONY operates rates as a botnet controller. A Bot-net is a collection of interconnected computers (zombies) communicating with other infected computers in order to perform malicious attacks and controlled remotely. Continue reading Uncovering ‘PONY malware’

Software Critical Patches September 2013

If you are not the programing language interpreter or software inventor, then, you never know the flaws in the software; you are part of anarchy in the computer age. “The Internet is the first thing that humanity has built that humanity doesn’t understand, the largest experiment in anarchy that we have ever had.” Eric Schmidt, Chairman Google.

Being part of the anarchy, IT should develop strategies for patch management.  “Patch and vulnerability management is a security practice designed to proactively prevent the exploitation of IT vulnerabilities that exist within an organization. The expected result is to reduce the time and money spent dealing with vulnerabilities and exploitation of those vulnerabilities. Proactively managing vulnerabilities of systems will reduce or eliminate the potential for exploitation and involve considerably less time and effort than responding after exploitation has occurred. Patches are additional pieces of code developed to address problems (commonly called “bugs”) in software. Patches enable additional functionality or address security flaws within a program. Vulnerabilities are flaws that can be exploited by a malicious entity to gain greater access or privileges than it is authorized to have on a computer system. Not all vulnerabilities have related patches; thus, system administrators must not only be aware of applicable vulnerabilities and available patches, but also other methods of remediation (e.g., device or network configuration changes, employee training) that limit the exposure of systems to vulnerabilities.” (NIST Special Publication 800-40 Version 2.0, 2005, p. ES-1) Continue reading Software Critical Patches September 2013

IMPACT OF ICT IN EDUCATION, ENTERTAINMENT, DEVELOPMENT, GOVERNANCE/POLITICS & INDUSTRY

Abstract

Purpose – The purpose of this paper is to explore impact of ICT, in Education, Entertainment, Development, Governance/politics, and Industry

Design/methodology/approach – This is a term paper for ICT Impact on Society (MDC 6402).The methodology used is literature review from scientific research papers.

Findings – ICT has impacted every sector either positive or negatively but positive impact supersedes negative impacts.

Keywords:

Paper type – Research paper

Keywords— Education, Entertainment, Development, Governance/politics and, Industry

Get a copy here

NO BOOT FOR YOU ! With Windows 8

n January 2012, Microsoft confirmedto PC manufacturers that they must enable Secure Boot by default on PCs to be “Certified for Windows 8”.

The purpose of Secure Boot is to put an end to computer viruses that sneak between the hardware and the operating system. These viruses, also known as bootkits, work by getting themselves loaded before the operating system, then they make changes to the operating system while it lies defenseless on disk, and then they load the now defenseless operating system and have their way with it. Continue reading NO BOOT FOR YOU ! With Windows 8

Hackers publish over 450,000 emails and passwords allegedly stolen from Yahoo

Yahoo breach chartComputerworld – Yahoo today confirmed that 450,000 unencrypted usernames and passwords were stolen Wednesday from one of its services, although it downplayed the threat.

“We confirm that an older file from Yahoo! Contributor Network, previously Associated Content, containing approximately 450,000 Yahoo! and other company usernames and passwords was compromised yesterday, July 11,” Yahoo said in a statement forwarded by a company spokeswoman Thursday. Continue reading Hackers publish over 450,000 emails and passwords allegedly stolen from Yahoo

Oracle to issue 14 patches for Java SE

IDG News Service – Oracle is planning to ship 14 patches related to Java SE on Tuesday, including a number with the highest level of severity under the CVSS (common vulnerability scoring system) framework, according to a pre-release announcement on the company’s website.

“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible,” Oracle said. Continue reading Oracle to issue 14 patches for Java SE