Zit Seng's Superwall

It seems quite surprising to me to learn about this. After all, didn’t Firefox try to market itself as the safer, more secure alternative to browse the web than Microsoft Internet Explorer? Furthermore, considering that hackers tend to focus their exploit efforts on the most popular web browser for maximum impact, and Microsoft Internet Explorer still takes top place in the browser market share, you wouldn’t expect Firefox to take the number one spot for being most vulnerable.

(more…)

There’re plenty of software updates this week. First up was for Snow Leopard which is updated to Mac OS X 10.6.2, which contains quite a number of fixes (58, apparently) including an important one that involves data loss. Then, the Safari web browser itself, whose updates are distributed separately from Mac OS X, was updated to version 4.0.4. It fixes some security vulnerabilities, and improves performance and stability. Finally, there is also the update to Microsoft Office 2008 for Mac with version 12.2.3, which fixes stability and security issues.

(more…)

This was another guest lecture I attended this week. It’s the boss of the company who engaged Jackie Chan to fight virii for its TV commercial we’ve been seeing on our TV screens. Yes, Eugene Kaspersky. The title of his talk? Check it out in the photo on left. Eugene shared his vision for a secure Internet. He’s idealistic. But I suppose visions can be idealistic. Unfortunately, the steps to achieve that vision were also unrealistic. But then again, I suppose it is alright to dream. Like how Jackie Chan can fight virii.

(more…)

A hot topic going around in WordPress circles now is a worm making its rounds hijacking vulnerable WordPress installations, and how just a little effort on the part of administrators could have saved the trouble of cleaning up after the worm. This is the inevitable problem with IT security. No matter how hard developers try to make a software safe and secure, easy to update, and respond quickly to new emerging threats, it is never enough for some users. Someone, many people in fact, will fall prey to the exploits.

(more…)

This would be my first visit to Nanyang Polytechnic. I was there for the SCADA Security and Controls event organized by (ISC)² and AiSP. The venue was pretty nice. I think I would have loved my JC to have been like this. The polytechnic seems to be quite serious about the H1N1 precautionary controls, with smart card readers, infra camera scanners, automatic sticker dispensers, etc. The seminar itself, however, was a little disappointing.

(more…)

In the past week, I attended an IDC conference SecurityVision 2009. Something quite strange was said during the opening address which kind of surprised me. The speaker was admitting to having a virus on her computer which she could not get rid off. Her “IT people” were unsuccessful either. But it was okay, because (so she explains) the computer did not do anything dangerous except causing some annoyances on her display. What kind of IT security are you trying to teach people?

(more…)

In the past, most companies don’t care. They do sell products with security features, but the features are turned off by default because they usually make the product more difficult to setup and use, and customers may get turned off by the complexity of getting the product to work. Fortunately, some companies are now trying to make security easy. They are putting some extra effort to take care of their customers’ interests.

(more…)

This week is IT Security Week at NUS, and so they have an IT Security Carnival held at the Forum. They have been running this for some years now, and I must commend the organizers for their excellent work all around. In my opinion, this is one of the more successful and meaningful event, and I’m not saying that just because IT security is one of my pet areas too.

(more…)

Security updates keeps us busy during festive holidays again. The last one with WordPress 2.3.2 kept us occupied prior to the 2008 New Year. Today, the new WordPress 2.3.3 release happens just prior to the Lunar New Year. The major focus of this security release is to fix a flaw in the XML-RPC implementation. Other XML-RPC problems were also plugged in the previous WordPress release. Holidays or not… you should try to upgrade ASAP! More details on 2.3.3 here.

When ZDNet reports Boeing 787 at risk of in-flight hacking, you start to worry about how your personal safety can sometimes be threatened by hackers. I wonder what was Boeing thinking about when they connected passenger Internet and entertainment networks to their on-board flight systems network. Professionals in the IT security circles already know how systems and applications must be designed with security from the start, how they need to be reviewed and audited, etc. I certainly hope aircraft manufacturers apply these principles in designing and building aircraft too!

(more…)