Zit Seng’s Superwall

In the past week, I attended an IDC conference SecurityVision 2009. Something quite strange was said during the opening address which kind of surprised me. The speaker was admitting to having a virus on her computer which she could not get rid off. Her “IT people” were unsuccessful either. But it was okay, because (so she explains) the computer did not do anything dangerous except causing some annoyances on her display. What kind of IT security are you trying to teach people?

(more…)

In the past, most companies don’t care. They do sell products with security features, but the features are turned off by default because they usually make the product more difficult to setup and use, and customers may get turned off by the complexity of getting the product to work. Fortunately, some companies are now trying to make security easy. They are putting some extra effort to take care of their customers’ interests.

(more…)

This week is IT Security Week at NUS, and so they have an IT Security Carnival held at the Forum. They have been running this for some years now, and I must commend the organizers for their excellent work all around. In my opinion, this is one of the more successful and meaningful event, and I’m not saying that just because IT security is one of my pet areas too.

(more…)

Security updates keeps us busy during festive holidays again. The last one with WordPress 2.3.2 kept us occupied prior to the 2008 New Year. Today, the new WordPress 2.3.3 release happens just prior to the Lunar New Year. The major focus of this security release is to fix a flaw in the XML-RPC implementation. Other XML-RPC problems were also plugged in the previous WordPress release. Holidays or not… you should try to upgrade ASAP! More details on 2.3.3 here.

When ZDNet reports Boeing 787 at risk of in-flight hacking, you start to worry about how your personal safety can sometimes be threatened by hackers. I wonder what was Boeing thinking about when they connected passenger Internet and entertainment networks to their on-board flight systems network. Professionals in the IT security circles already know how systems and applications must be designed with security from the start, how they need to be reviewed and audited, etc. I certainly hope aircraft manufacturers apply these principles in designing and building aircraft too!

(more…)

Yes it keeps us busy even during the festive season. A number of critical security issues were identified with Wordpress 2.3.1 (may apply to older versions too) that necessitated an urgent security release. Wordpress 2.3.2 is now available. One of the problem is a SQL Injection Vulnerability that exposes internal information about your Wordpress installation. These are common problems that plague web applications. I did a brief presentation on Secure Web Programming a few moons ago. It was primarily intended to be a high-level overview to familiarize programmers with web application security issues. You can download it if you’re interested.