From the Geek Mail: Facebook Pushes the Privacy Envelope with Data Sharing

February 8, 2011 · Posted in Geek Mail, Information Security · Comment 

by Lora Bentley

Score one more for Facebook’s “act first, apologize later” strategy.

Last month the company announced it would make user information – including phone numbers – available to application developers. But they wouldn’t get access to the data until after they got express permission “through the usual permission dialogues,” according to the INQUIRER.

After only three days, however, Facebook suspended the program, indicating it had received feedback that users weren’t exactly clear on when they would and would not be giving up access to their information, even with the standard permissions dialogue boxes. At the time, Facebook said: Read more

Tags: <, , , >

The Password Dilemma

April 15, 2010 · Posted in Information Security, Information Systems, Information Technology · Comment 

I heard parts of this topic on the radio the other day and didn’t really understand the guy’s point since I only caught the tail end of the discussion until I read this article from the Boston Globe. In a nutshell, it challenges the notion of using and changing passwords as required by most organizations and as preached by security professionals. The research described in this article also challenges many of the security best-practices advocated by security experts and how they are actually a hindrance to shall we say, progress.

One thing that I’d like to point out though, it does not take a genius to create a strong password, which for all accounts and purposes there is no such thing. It gives as much protection as a locked door knob to your house. It gives you a layer of protection, but not the protection. Just like a door knob, it can help prevent casual intruders, but not those who are really intent in breaking in. But, I digress. Read more

Tags: <, , , >

Do People Still Fall For This?

December 30, 2009 · Posted in Information Security, Information Systems, The Internet · Comment 

I still regularly get communication like the one below from wives of presidents, sons of billionaires, daughters of a wealthy sheik, etc. and saying that with my help I can be an instant millionaire. The words in the message slightly vary, but the message is pretty much the same. This scam, commonly known as the “Nigerian Sam”, has been going on even before e-mail became widely widespread, but after all these years and after all the media exposure it has received, one would think folks would no longer fall for it and perhaps the scammers will change their tactics.

Well as illustrated in the e-mail below, and from the tons of similar e-mails I have received, it doesn’t look like the tactic have changed at all. I wonder if people still fall for them, since nothing changed on the bad guys side.

Read more

Tags: <, , , , , , , , , , , >

Yeah Boy! Yah Suck! – David Pogue | Microsoft

December 11, 2009 · Posted in Information Security, Information Systems, Information Technology, The Internet, Yeah Boy! Yah Suck! · Comment 

This week’s, Yeah Boy!!!

I don’t know if you’ve heard of David Pogue, New Technology Columnist for NyTimes.Com. His website is aptly named: DavidPogue.com. I first got turned on to him (no he did not turn me on :-P ) when he did the keynote for a marketing conference I attended in Las Vegas about 2 years ago. The man has proven that he had the gift for writing, the gift of gab, he delivers his stuff in a very down-to-earth and funny fashion (both in text and in speech) and as he demonstrated in that keynote speech, he got musical skills, too. He explained that Music was actually his major in college and becoming one of the most recognized and respected tech reviewer in the web today is quite a feat indeed. Read more

Tags: <, , , , , , , , , , , , >

Does Microsoft Even Care? Technet willing host of Spammers…

December 10, 2009 · Posted in Information Security, Information Systems, Information Technology, The Internet, Web Design / Development · Comment 

I was out of commission for the past two days, not because I was sick, but is simply loaded with other commitments and barely had any chance to pee… ;-)

Anyway, an unavoidable facet of blogging or the Web 2.0 framework in general, wherein the web publisher allows their visitors to submit entries such as comments, is the fact that you will be dealing with a lot of spammers who will use every trick in the book to exploit your system. This blog is no exception. I do, however, care and try to monitor and try my best not to let spammers inundate this blog with useless crap.

It is a standard practice for all Web 2.0 systems developers to provide some form of spam protection in their system and it is wise for the users of these systems to utilize these protections in order for them to avoid getting their site inundated with junk and their mailbox with even more junk. Read more

Tags: <, , , , , , , , , >

CISSP Note (Domain 1: Access Control): C.I.A. – Quick Definitions

November 16, 2009 · Posted in Information Security · Comment 

Information Security has three key focus ensuring the Confidentiality, Integrity and Availability of information, commonly known as C.I.A. Below are their definitions.

Confidentiality – ensure that information is not disclosed to unauthorized person

Integrity

  • Prevention of modification by unauthorized users
  • Prevention of unauthorized changes by otherwise authorized users
  • Internal and external consistency
    • Internal consistency within the system (i.e. within a database the sum of subtotals is equal to the sum of all units)
    • External consistency – database with the real world (i.e. database total is equal to the actual inventory in the warehouse)

Availability – ability of authorized personnel to access information on time and as necessary Read more

Tags: <, , , , , , >

First Entry

November 15, 2009 · Posted in Blog-keeping · Comment 

Been debating on what my first entry would be. I have had a love hate relationship with this blog. It has been redone-refurbished-renovated-remade-revised-rewhathaveyou many times over since I first registered the domain in 2004. I go pretty strong on the first few weeks or months and then life happens and then….

So why start it again now? How is it going to be different from the other nth versions?

One key aspect of this blog is that it actually now has a true focus. A mission. When I first started out the blog, it was more of nothing but a sounding board, stuff that comes into my head and feel like mentioning. Stuff that I run into throughout the course of the day… Stuff that I just want to mention, but really don’t want to dwell too much into… Twitter and Facebook status updates kinda handled that situation, hence the demise of the last version…

This time around, this blog came out of an idea. Something my wife and I are working on. It actually has a true purpose.  A mission.

So what is the mission of this blog?

To provide small to medium size business insights and resources on three key areas: Information Systems Management and Security, Electronic Business (eBusiness) and Internet Marketing Strategies

These are three subject matters that I have honed (and still learning) in the past 11 years or so. Hopefully it will provide readers some useful information that they can implement in their day-to-day business operations.

This blog will not be all business, however. From time to time, I may have to segue on non-related/random topics, because after all life is not just about business, life simply happens.

Happy reading folks.

Tags: <, , , , , >

  • Your Shopping Cart

    Your cart is empty

  • Calendar

    February 2012
    M T W T F S S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    272829  

  • RSS From the National Vulnerability Database

    • CVE-2011-3958 (chrome) February 7, 2012
      Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. […]
      nvd@nist.gov
    • CVE-2012-1033 (bind) February 7, 2012
      The resolver in ISC BIND 9 through 9.8.1-P1 does not properly implement a cache update policy, which allows remote attackers to trigger continued resolvability of domain names that are no longer registered via an unspecified "Ghost Names exploit." […]
      nvd@nist.gov
    • CVE-2011-3971 (chrome) February 7, 2012
      Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events. […]
      nvd@nist.gov
    • CVE-2011-3954 (chrome) February 7, 2012
      Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage. […]
      nvd@nist.gov
    • CVE-2011-3970 (chrome, libxslt) February 7, 2012
      libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. […]
      nvd@nist.gov
    • CVE-2012-0926 (realplayer, realplayer_sp) February 7, 2012
      The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream. […]
      nvd@nist.gov
    • CVE-2011-3969 (chrome) February 7, 2012
      Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents. […]
      nvd@nist.gov
    • CVE-2011-3956 (chrome) February 7, 2012
      The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension. […]
      nvd@nist.gov
    • CVE-2011-3968 (chrome) February 7, 2012
      Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences. […]
      nvd@nist.gov
    • CVE-2012-1035 (ada_web_services) February 7, 2012
      AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. […]
      nvd@nist.gov
Get Adobe Flash playerPlugin by wpburn.com wordpress themes