Zit Seng's Superwall

Sometimes, I think we’re doomed. Our IT, our cyberspace, they all belong to hackers. Hackers of the bad sort. The world is at their mercy. It’s one thing for the layman to be lost and give up in defeat. But it’s quite another thing for an IT professional to think of computer viruses as part and parcel of IT.

Okay, I know, computer viruses are indeed rampant and everywhere. But if it is on your own computer, you don’t just give up and surrender, do you? I’m talking about IT professionals here.

(more…)

Many people are still not getting it. IT security has to be a fundamental component in any IT application. It’s not something you can easily slap on later. But still every so often, when I talk to “IT professionals” about various projects, IT security continues to be an afterthought. Most people are just concerned about rolling out features. Many people understand the importance of code modularity, code re-use, and many other nice principles of software engineering. But few actually think about designing security as a fundamental part of the application.

(more…)

It seems quite surprising to me to learn about this. After all, didn’t Firefox try to market itself as the safer, more secure alternative to browse the web than Microsoft Internet Explorer? Furthermore, considering that hackers tend to focus their exploit efforts on the most popular web browser for maximum impact, and Microsoft Internet Explorer still takes top place in the browser market share, you wouldn’t expect Firefox to take the number one spot for being most vulnerable.

(more…)

There’re plenty of software updates this week. First up was for Snow Leopard which is updated to Mac OS X 10.6.2, which contains quite a number of fixes (58, apparently) including an important one that involves data loss. Then, the Safari web browser itself, whose updates are distributed separately from Mac OS X, was updated to version 4.0.4. It fixes some security vulnerabilities, and improves performance and stability. Finally, there is also the update to Microsoft Office 2008 for Mac with version 12.2.3, which fixes stability and security issues.

(more…)

This was another guest lecture I attended this week. It’s the boss of the company who engaged Jackie Chan to fight virii for its TV commercial we’ve been seeing on our TV screens. Yes, Eugene Kaspersky. The title of his talk? Check it out in the photo on left. Eugene shared his vision for a secure Internet. He’s idealistic. But I suppose visions can be idealistic. Unfortunately, the steps to achieve that vision were also unrealistic. But then again, I suppose it is alright to dream. Like how Jackie Chan can fight virii.

(more…)

A hot topic going around in WordPress circles now is a worm making its rounds hijacking vulnerable WordPress installations, and how just a little effort on the part of administrators could have saved the trouble of cleaning up after the worm. This is the inevitable problem with IT security. No matter how hard developers try to make a software safe and secure, easy to update, and respond quickly to new emerging threats, it is never enough for some users. Someone, many people in fact, will fall prey to the exploits.

(more…)

This would be my first visit to Nanyang Polytechnic. I was there for the SCADA Security and Controls event organized by (ISC)² and AiSP. The venue was pretty nice. I think I would have loved my JC to have been like this. The polytechnic seems to be quite serious about the H1N1 precautionary controls, with smart card readers, infra camera scanners, automatic sticker dispensers, etc. The seminar itself, however, was a little disappointing.

(more…)

In the past week, I attended an IDC conference SecurityVision 2009. Something quite strange was said during the opening address which kind of surprised me. The speaker was admitting to having a virus on her computer which she could not get rid off. Her “IT people” were unsuccessful either. But it was okay, because (so she explains) the computer did not do anything dangerous except causing some annoyances on her display. What kind of IT security are you trying to teach people?

(more…)

In the past, most companies don’t care. They do sell products with security features, but the features are turned off by default because they usually make the product more difficult to setup and use, and customers may get turned off by the complexity of getting the product to work. Fortunately, some companies are now trying to make security easy. They are putting some extra effort to take care of their customers’ interests.

(more…)

This week is IT Security Week at NUS, and so they have an IT Security Carnival held at the Forum. They have been running this for some years now, and I must commend the organizers for their excellent work all around. In my opinion, this is one of the more successful and meaningful event, and I’m not saying that just because IT security is one of my pet areas too.

(more…)