| BSIMM-V does a number on secure software development |
| by Gary McGraw, Contributor |
The fifth iteration of the Building Security In Maturity Model project is a tool enterprises can use as a measuring stick for their software security initiatives. Gary McGraw offers this exclusive first look... [read more]
(SearchSecurity.com)
 What is BSIMM-V?
The Building Security In Maturity Model (BSIMM, pronounced "bee simm") is an observation-based scientific model describing the collective software security activities of 51 software security initiatives. Thirty-six of the 51 firms we studied have graciously allowed us to use their names -- they are listed under "BSIMM member organizations" in the sidebar.
BSIMM4 is used as a measuring stick for software security. As such, it is useful for comparing software security activities observed in a target firm to those activities observed among the 51 firms (or various subsets of the 51 firms). A direct comparison using the BSIMM is an excellent tool for devising a software security strategy... [read more]
more at http://bsimm.com
|
Thursday, October 31, 2013
Building Security in Maturity Model (BSIMM)
Wednesday, October 30, 2013
Challenge - Develop awesome mobile games with a free state-of-the-art game engine
| |||||||||||||||||||||||
| |||||||||||||||||||||||
Saturday, October 5, 2013
Glorious Future of BlackBerry Z10
The
BlackBerry Z10 is supposed to be the start of a new era for BlackBerry. If that
is to happen, consumers will need to be convinced of its innovation and
potential. Therefore, they will need to know two things: how does it differ
from previous BlackBerry models? And, why should they be interested? BlackBerry
will be hoping that the answer to the first question will also answer the
second.
Z10 versus early Blackberry
In terms of differences to
previous BlackBerry models the Z10 has many. The most notable of these is the
absence of the quintessential qwerty keyboard with the 4.2 inch, high
resolution touch screen of the Z10 leaving no room for it. This may please
those who prefer a touch screen keyboard but may also put off the hardcore
faithful who enjoyed the old keyboards. However, for both parties, BlackBerry
has designed a spacious and easy to use touch screen keyboard with a predictive
text feature which means the predicted word appears over the next letter,
meaning the user only needs to swipe it upwards to enter.
Price does matters
Alongside previous model
differences, you also need to consider how it fares against the main rivals.
Often cheaper than competitors, the BlackBerry Z10 price comes in
at RM
1,799.00 for the
handset.
Superb Features of Z10
Another new feature on the Z10 is
the BlackBerry Hub, which houses all
messages, e-mails and notifications. It has been designed with the object of
allowing an experience which is flowing and easy for the user. The user may be
in the middle of something on an app when their phone beeps but there is no
need to close that app and search through texts, social media and e-mail to
discover the source of the notification. All they need do is swipe upwards and
right with their thumb and peek into the hub, this will allow them to see their
texts, e-mails and anything else they have told the Hub to store. From there
they can choose whether to reply immediately or later allowing them to not be
completely disturbed by every single notification.
In pursuit of further flow there
is no need to close apps if the user chooses to reply to the message. The user
just has to simply swipe the app down where it will stay exactly as they left
it ready to be picked up later when the user is ready. It is important to note
that with the Z10s ability to run eight apps simultaneously, there is no need
to worry about lag when doing this.
Not everything is totally new on
the Z10, some of it has just been updated and modernised such as the new BlackBerry Messenger (BBM). This has
always been popular with BlackBerry users as it allows you to exchange messages
and pictures instantly with your contact list for free. BBM has been expanded,
with the Z10s front facing camera in mind, to allow video calls to any contact
anywhere in the world thus making it perfect for catching up with friends and conducting
international business alike.
A
second new feature to BBM is Screen Share.
At the press of a button during a video call Screen Share allows users to
literally share their screen with the contact they are calling. This again has
great potential for social and business use alike by allowing people to show
their friend a funny Youtube clip or to show their colleague an important
document with the valuable ability to talk it over at the same time.Z10 - Simply the best
Older BlackBerry models put many
consumers off with the lack of apps that could be downloaded onto them, but
with the Z10 BlackBerry launched its new BlackBerry 10 World which contains
70,000 apps including big names, such as Skype, that were missing before. This
is a valuable asset in a world where apps are king and BlackBerry World looks
only set to grow. However, whether the BlackBerry Z10s future is glorious
remains in the hands, or the wallets, of the consumers.
Wednesday, September 25, 2013
SWOT analysis (strengths, weaknesses, opportunities and threats analysis)
SWOT analysis (strengths, weaknesses, opportunities, and threats analysis) is a framework for identifying and analyzing the internal and external factors that can have an impact on the viability of a project, product, place or person.
The framework is credited to Albert Humphrey, who tested the approach in 1960s and 1970s at the Stanford Research Institute (SRI). Developed for business and based on data from Fortune 500 companies, the SWOT analysis has been adopted by organizations of all types as an aid to making decisions.
As its name states, a SWOT analysis examines four elements:
- Strengths - internal attributes and resources that support a successful outcome.
- Weaknesses - internal attributes resources that work against a successful outcome.
- Opportunities - external factors the project can capitalize on or use to its advantage.
- Threats - external factors that could jeopardize the project.
Tuesday, September 10, 2013
Internet Society Responds to Reports of the U.S. Government’s Circumvention of Encryption Technology
Internet Society Responds to Reports of the U.S. Government’s Circumvention of Encryption Technology
The Internet Society is alarmed by continuing reports alleging systematic United States government efforts to circumvent Internet security mechanisms. The Internet Society President and CEO, Lynn St. Amour, said, “If true, these reports describe government programmes that undermine the technical foundations of the Internet and are a fundamental threat to the Internet’s economic, innovative, and social potential. Any systematic, state-level attack on Internet security and privacy is a rejection of the global, collaborative fabric that has enabled the Internet's growth to extend beyond the interests of any one country.”
The Internet Society believes that global interoperability and openness of the Internet are pre-requisites for confidence in online interaction, they unlock the Internet as a forum for economic and social progress, and they are founded on basic assumptions of trust. We are deeply concerned that these principles are being eroded and that users' legitimate expectations of online security are being treated with contempt.
As the institutional home of the Internet Engineering Task Force (IETF), we believe that open and transparent processes are essential for security standardization, and result in better outcomes than any alternative approach. For example, protocols developed by the IETF are open for all to see, inspect, and verify, as are the open and inclusive processes by which they are specified.
IETF Chairman Jari Arkko has strongly reiterated the IETF’s commitment to improving security in the Internet, and to seeking ways of improving security protocols in light of these new revelations and security threats. “The IETF has a long-standing commitment to openness and transparency in developing security protocols for the Internet, and sees this as critical to confidence in their use and implementation.” To read more, visit: http://www.ietf.org/blog/2013/09/security-and-pervasive-monitoring/.
However, the open development of robust technical specifications is just one link in the chain. Security standards must be properly implemented and used. This is a wake-up call for technology developers and adopters alike, to reexamine what we can do to ensure that all links in the chain are equally strong. This is key to helping restore public trust and confidence in the Internet.
The Internet has tremendous potential for economic and social good, but unless all stakeholders trust the Internet as a safe place for business, social interaction, academic enquiry, and self-expression, those economic and social benefits are put at risk. To fulfill its potential, the Internet must be underpinned by the right combination of technology, operational processes, legislation, policy, and governance. The recent reports suggest that U.S. Government programmes have systematically undermined some or all of those measures, and that is why we view the revelations with such grave concern.
With this mind, we issue these calls to action for the global community:
• To every citizen of the Internet: let your government representatives know that, even in matters of national security, you expect privacy, rule of law, and due process in any handling of your data.
Security is a collective responsibility that involves multiple stakeholders. In this regard, we call on:
• Those involved in technology research and development: use the openness of standards processes like the IETF to challenge assumptions about security specifications.
• Those who implement the technology and standards for Internet security: uphold that responsibility in your work, and be mindful of the damage caused by loss of trust.
• Those who develop products and services that depend on a trusted Internet: secure your own services, and be intolerant of insecurity in the infrastructure on which you depend.
• To every Internet user: ensure you are well informed about good practice in online security, and act on that information. Take responsibility for your own security.
At the Internet Society, we remain committed to advancing work in areas such as browser security, privacy settings, and digital footprint awareness in order to help users understand and manage their privacy and security. The citizens of the Internet deserve a global and open platform for communication built on solid foundations of security and privacy.
As email by ISOC
Tuesday, September 3, 2013
VULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTURE
Software vulnerabilities are regard as the most critical vulnerabilities due to its impact and availability as compared to hardware and network vulnerabilities. Throughout the years from the first appearance of software vulnerabilities in late 80s until today, there are many identified and classified software vulnerabilities such as the well-known buffer overflow, scripting and SQL command. We studied on those known software vulnerabilities, compared the criticality, impact and significant of the vulnerabilities, and further predicted the trend of the vulnerabilities and proposed the focus area based on the comparative studies. The result shows that C overflow vulnerabilities will continue to persist despite losing its dominance in terms of numbers of availability and exploitation. However, the impact of exploiting the C overflow vulnerabilities is still regard as the most critical as compare to others. Therefore, C overflow vulnerabilities will prevail again and continues its domination as it did for the past two decades.
The complete paper can be retrieve here (coming soon).
The presentation slide is available here (click the image below)
or can be view at slideshare as shown below
Sunday, September 1, 2013
Tuesday, August 13, 2013
Photos taken might pose security threat to you
How serious it is?
However, I found out that this can only affects the user IF:
1. You combine your photos with few other data such as Foursquare, Picasa, blogs, etc.
2. You did mention something that can be used to indicates your location or surrounding.
3. You used current photos capture capability (with sound and GPS setting)
4. And few others combination setting.
However, I found out that this can only affects the user IF:
1. You combine your photos with few other data such as Foursquare, Picasa, blogs, etc.
2. You did mention something that can be used to indicates your location or surrounding.
3. You used current photos capture capability (with sound and GPS setting)
4. And few others combination setting.
Monday, August 5, 2013
Thursday, August 1, 2013
Big Problem needs Simple Solutions :)
This shows how big problem can be solved by simple and small solutions.. (TRIZ)
https://www.youtube.com/watch?feature=player_embedded&v=nw9g9OVHdJI
Moral: Sometimes we don't need extravaganza solutions to solve our problem :)
Thanks to my TRIZ LinkedIn Group for the sharing.
https://www.youtube.com/watch?feature=player_embedded&v=nw9g9OVHdJI
Moral: Sometimes we don't need extravaganza solutions to solve our problem :)
Thanks to my TRIZ LinkedIn Group for the sharing.
Saturday, July 27, 2013
Repair Outlook Data Files (.pst and .ost)
Do you ever get this message (sort of):
C:\users\*****l\Microsoft\Outlook\.PST is in use and cannot be accessed....Close any application that is using this file.
The Inbox Repair tool works on both the Microsoft Outlook 97-2002 Personal Folders File (.pst) and the Office Outlook Personal Folders File (.pst) data files in Microsoft Office Outlook 2003 and Microsoft Office Outlook 2007.
Scanpst.exe is installed when you install Outlook. It is located at:
drive:\Program Files\Microsoft Office\OFFICE12.
Repair errors by using Scanpst.exe
NOTES
The OST Integrity Check tool runs only on .ost files and can be used to diagnose and repair synchronization issues. The tool scans both your .ost file and your mailbox on the server running Exchange, compares the items and folders in each, and attempts to reconcile synchronization differences between them. The OST Integrity Check tool does not change your mailbox on the server running Exchange. The tool records any differences in a scan log so that you can see the discrepancies that it found and resolved. The scan log also identifies any situations that the tool could not correct which you will need to fix manually. The scan log can be found in your Deleted Itemsfolder.
To use the OST Integrity Check tool, you must connect to your Exchange account so that the tool can scan your mailbox folders and items. If you previously set up Outlook to start offline automatically, the OST Integrity Check tool will not be able to access your mailbox on the server running Exchange. Therefore, before you run the tool, you need to change your Outlook startup settings temporarily.
If you have problems opening your .ost file, you can use the Inbox Repair tool (Scanpst.exe) to diagnose and repair errors in your .ost file. The Inbox Repair tool (Scanpst.exe) can be used on your .ost file as well as Personal Folders file (.pst). The tool scans the .ost or .pst file, and makes sure that the file structure is intact. It does not interact with your Inbox on the server running Exchange server in any way.
The OST Integrity Check tool (Scanost.exe) is installed when you install Outlook. It is located at:
drive:\Program Files\Microsoft Office\OFFICE12.
NOTE To view the scan log, start Outlook, and then open the Deleted Items folder. The tool does not scan theDeleted Items folder. Any problems will be noted in a message with the Subject "OST Integrity Check."
C:\users\*****l\Microsoft\Outlook\.PST is in use and cannot be accessed....Close any application that is using this file.
You try to close all applications and even restart your computer few times but continue to have the message appear again. Why it happen?
- You did not close the outlook properly when shutdown your computer
- You shutdown computer while outlook is processing (doing archiving or backup or anything)
- Your computer suddenly power off (low battery or power outage) while outlook is being access or does something.
How to resolve?
Here are some tips which I copied from Microsoft site :)
You have 2 options, that is by using Inbox Repair Tool or OST Integrity Check Tool
Inbox Repair Tool
If you can't open your Personal Folders file (.pst) or your Offline Folder file (.ost), or you suspect that your .pst or .ost data file is corrupted, you can use the Inbox Repair tool (Scanpst.exe) to diagnose and repair errors in the file. The Inbox Repair tool scans only the .pst or .ost file, not your mailbox on the server running Microsoft Exchange. The tool determines whether the file structure is intact. If it is not intact, the Inbox Repair tool resets your file structure and rebuilds the headers.The Inbox Repair tool works on both the Microsoft Outlook 97-2002 Personal Folders File (.pst) and the Office Outlook Personal Folders File (.pst) data files in Microsoft Office Outlook 2003 and Microsoft Office Outlook 2007.
Scanpst.exe is installed when you install Outlook. It is located at:
drive:\Program Files\Microsoft Office\OFFICE12.
Repair errors by using Scanpst.exe
- Exit Outlook if it is running.
- Double-click Scanpst.exe, located at drive:\Program Files\Microsoft Office\OFFICE12.
- In the Enter the name of the file you want to scan box, enter the name of the .pst or .ost file that you want to check, or click Browse to search for the file.
- To specify the scan log options, click Options, and then click the option that you want.
- Click Start.
- If errors are found after the scan is complete, you will be prompted to start the repair process to fix the errors. A backup file is created during the repair process. To change the default name or location of this backup file, in the Enter name of backup file box, enter a new name, or click Browse to look for the file that you want to use.
- Click Repair.
- Start Outlook by using the profile that contains the .pst file that you tried to repair.
- On the Go menu, click Folder List.
- In the Folder List, you may see a folder named Recovered Personal Folders that contains your default Outlook folders or a Lost and Found folder. The recovered folders are usually empty, because this is a rebuilt .pst file. The Lost and Found folder contains the folders and items recovered by the Inbox Repair tool. Items that are missing from the Lost and Found folder cannot be repaired.
- If you see a Recovered Personal Folders folder, you can create a new .pst file, and drag the items in theLost and Found folder into the new .pst file. When you have finished moving all the items, you can remove the Recovered Personal Folders (.pst) file, including the Lost and Found folder, from your profile.
NOTES
- If you are able to open the original .pst file, you may be able to recover additional items from your damaged .pst file. By default, the Inbox Repair tool creates a file called file name.bak, which is a copy of the original .pst file with a different extension. The .bak file is located in the same folder as your original .pst file. You may be able to recover items from the .bak file that the Inbox Repair tool could not recover. Make a copy of the .bak file, and give the file a new name with a .pst extension, such as bak.pst. Import the bak.pst file, and then move any additional recovered items to the new .pst file that you created.
- A copy of the log file is written to the same location as the .pst file.
OST Integrity Check tool
From time to time, you may get error messages when synchronizing your Offline Folder file (.ost) in Microsoft Office Outlook with your mailbox on a server running Exchange. You may also notice that some items are missing from your .ost file or from your mailbox after you synchronize your .ost file and your mailbox. When this occurs, you should use the OST Integrity Check tool (Scanost.exe) to check your .ost file.The OST Integrity Check tool runs only on .ost files and can be used to diagnose and repair synchronization issues. The tool scans both your .ost file and your mailbox on the server running Exchange, compares the items and folders in each, and attempts to reconcile synchronization differences between them. The OST Integrity Check tool does not change your mailbox on the server running Exchange. The tool records any differences in a scan log so that you can see the discrepancies that it found and resolved. The scan log also identifies any situations that the tool could not correct which you will need to fix manually. The scan log can be found in your Deleted Itemsfolder.
To use the OST Integrity Check tool, you must connect to your Exchange account so that the tool can scan your mailbox folders and items. If you previously set up Outlook to start offline automatically, the OST Integrity Check tool will not be able to access your mailbox on the server running Exchange. Therefore, before you run the tool, you need to change your Outlook startup settings temporarily.
If you have problems opening your .ost file, you can use the Inbox Repair tool (Scanpst.exe) to diagnose and repair errors in your .ost file. The Inbox Repair tool (Scanpst.exe) can be used on your .ost file as well as Personal Folders file (.pst). The tool scans the .ost or .pst file, and makes sure that the file structure is intact. It does not interact with your Inbox on the server running Exchange server in any way.
The OST Integrity Check tool (Scanost.exe) is installed when you install Outlook. It is located at:
drive:\Program Files\Microsoft Office\OFFICE12.
Repair errors by using Scanost.exe
- Exit Outlook if it is running.
- Double-click Scanost.exe, located at drive:\Program Files\Microsoft Office\OFFICE12.
- If you have set up Outlook to prompt for a profile, the tool will also prompt you for one. In the Profile Namelist, click the profile that contains the .ost file that you want to check.
- If you are prompted to Connect or Work Offline, click Connect.
- Select the options that you want.
- To have the tool automatically resolve discrepancies that it finds during the scan, select the Repair Errors check box. If this check box is cleared, the tool will log the problems but not make the necessary corrections.
- Click Begin Scan.
NOTE To view the scan log, start Outlook, and then open the Deleted Items folder. The tool does not scan theDeleted Items folder. Any problems will be noted in a message with the Subject "OST Integrity Check."
Copied directly from Microsoft
Friday, June 21, 2013
SDIWC Conferences
The Society of Digital Information and Wireless Communications (SDIWC) have the following conferences; please consider submitting your paper to one of these conferences.
Name : The Second International Conference on Informatics & Applications (ICIA2013)
Location : Technical University of Lodz, Poland
Dates : Sept. 23-25, 2013
URL : www.sdiwc.net
Name : The Second International Conference on E-Learning and E-Technologies in Education (ICEEE2013)
Location : Technical University of Lodz, Poland
Dates : Sept. 23-25, 2013
URL : www.sdiwc.net
Name : The International Conference on Digital Information Processing, E-Business and Cloud Computing (DIPECC2013)
Location : Islamic Azad University, UAE Branch, Dubai, UAE
Dates : October 23-25, 2013.
URL : www.sdiwc.net
Name : The Second International Conference on Informatics Engineering & Information Science (ICIEIS2013)
Location : Universiti Teknologi Malaysia, Kuala Lumpur, Malaysia
Dates : Nov. 12-14, 2013
URL : www.sdiwc.net
Name : The International Conference on Electrical and Electronics Engineering, Clean Energy and Green Computing (EEECEGC2013)
Location : Islamic Azad University, UAE Branch, Dubai, UAE
Dates : December 11-13, 2013.
URL : www.sdiwc.net
Thursday, June 20, 2013
Invitation to Applicants: 2013 Internet Society Ambassadors to the Internet Governance Forum (IGF)
Invitation to Applicants: 2013 Internet Society Ambassadors to the Internet Governance Forum (IGF):
The Internet Society is pleased to invite applications for the 2013 Internet Society Ambassadors to the Internet Governance Forum (IGF).
As part of the Internet Society's Next Generation Leaders (NGL) programme, the Ambassadorships to the Internet Governance Forum (IGF) are available to Internet Society members between the ages of 20 and 40.
The Internet Governance Forum (IGF) is a multi-stakeholder forum for policy dialogue on issues of Internet governance. It brings together government, private sector, and civil society stakeholders, including the technical and academic community, on an equal basis and through an open and inclusive process. The IGF facilitates a common understanding of how to maximize Internet opportunities and address risks and challenges that arise.
About the 2013 Ambassadors to the Internet Governance Forum (IGF):
In 2013, the theme of Internet Governance Forum (IGF) will be “Building Bridges-Enhancing Multistakeholder Cooperation for Growth and Sustainable Development." The Forum will be held in Bali, Indonesia from the 22-25 October 2013.
Ambassadors to the IGF may be involved in various activities at the Forum, including contributions to the IGF Ambassadors' blog, participating broadly in the IGF meeting agenda and assisting with staffing of the Internet Society booth at the venue. Details of these opportunities will be confirmed in advance of the Forum.
For more information, please visit:
http://www.internetsociety.org/what-we-do/education-and-leadership-programmes/next-generation-leaders/igf-ambassadors-programme
How to Apply:
To apply to be chosen as one of the 2013 Internet Society Ambassadors to the Internet Governance Forum (IGF), please go to:
In addition to completing the online application form, you will be required to upload a 2-3 page briefing paper as well as upload your most recently updated CV (with a photograph).
The deadline for applications is midnight UTC on 21 June 2013.
Successful candidates will be notified on 19 July 2013.
The Next Generation Leaders Programme:
The Internet Society’s Next Generation Leaders programme is supported by funding from SIDN.
For more information about the Next Generation Leaders programme, please visit:
http://InternetSociety.org/ Leaders
You can also contact us at leaders@isoc.org.
http://InternetSociety.org/ Leaders
You can also contact us at leaders@isoc.org.
If you are interested in becoming a Corporate or Organizational partner of the Next Generation Leaders (NGL) programme, please email leader-sponsor@isoc.org
-------------------------
Niel Harper
Senior Manager, Next Generation Leaders Programmes
Internet SocietySenior Manager, Next Generation Leaders Programmes
1775 Wiehle Ave. Suite 201
Reston, VA 20190
direct: 571.299.2509
mobile: 246.243.3818
skype: olokunbb
Wednesday, May 29, 2013
Administrative Training to TNB - May 23rd, 2013
Last week, I and my staff conducted an administrative training @ comprehensive training to TNB (specifically to Protection team of Asset and Maintenance Department, TNB Distribution). It is one whole day of hands-on training covering from designing/planning, installation, configuration, maintaining and troubleshooting.
The training is related to automation system in a substations which allow TNB personnel to perform online monitoring and interrogation on various secondary equipment. It is a simple system that monitor the health and status of the equipment plus basic functionality to interrogate the equipment.
This is the first version of the system released somewhere around 2006. The current system is almost obsolete and the latest released which took into consideration of using IEC 61850 standards as guidelines plus support to legacy system that will replace the system is expected to be released by end of this year. Do check it out at www.matrixpower.com.my for more detail.
The training is related to automation system in a substations which allow TNB personnel to perform online monitoring and interrogation on various secondary equipment. It is a simple system that monitor the health and status of the equipment plus basic functionality to interrogate the equipment.
This is the first version of the system released somewhere around 2006. The current system is almost obsolete and the latest released which took into consideration of using IEC 61850 standards as guidelines plus support to legacy system that will replace the system is expected to be released by end of this year. Do check it out at www.matrixpower.com.my for more detail.
 |
| My staff showing the server communication |
 |
| Basic theoretical introduction |
 |
| Small class for high concentration :) |
 |
| The class of May 23rd, 2013 Comprehensive SIMS Training |
Tuesday, May 21, 2013
List of Conferences as of May 2013
