Social Engineering - The Weakest Link in InfoSec

Many of us in the computer industry understand the term 'Social Engineering' fairly well. But does your company, its managers and employees understand and practice good techniques in avoiding being the victim of Social Engineering? After all social engineering is the weakest point in your network's security! Don't believe it? Read on...

Traffic Data Retention vs. Data Privacy

The European Commission has recently released a proposed Directive on the Retention of Data Processed in Connection with the Provision of Public Electronic Communications Services (the "Directive"), as part of a package of measures intended to combat terrorism. The Commission also released a detailed Impact Assessment on the proposed Directive. The Commission proposes a uniform retention period of one year for traditional communications, and six months for "electronic communications taking place using wholly or mainly the Internet Protocol.”

Hopefully our own Law Commission will consider the above when drafting South Africa's own Data Protection legislation.

ID theft probe at Royal Bank of Canada

RBC Dain Rauscher, a unit of Royal Bank of Canada, is investigating the possible theft of the identities of a small number of its customers. A person claiming to be a former employee of RBC Dain Rauscher sent anonymous letters to some of the company's customers, saying their personal information had been stolen, RBC Dain Rauscher said Tuesday.

Software pirate to pay $1.1 million

An admitted counterfeiter has agreed to pay Microsoft and Symantec $1.1 million in restitution, a victory in the software industry's fight against software piracy.

Is Skype a Threat?

While users continue to flock to the Skype site for downloads, some security and IT staff members are beginning to feel less than thrilled about the tool. In their opinion, Skype is risky. Some of them site the fact that the many of the creators of Skype were also behind Kazaa (an often-times hated program by security teams).

Another successful Infosec User Group meeting

It is great to see that there are so many people interested in sharing their thoughts on Infosec or should we say - Risk Management...

The following topics were discussed:

1. How to value your Information Assets – A paradigm shift from Information Security to Information Risk Management;
2. Policies, procedures and tools to successfully implement Password Management;
3. Identity Management; and
4. A Vulnerability demo taken from the Certified Ethical Hacking course
   

An interesting question came up during the session : "can one say that there is such a thing as ethical hacking; the law does not differentiate between hacking (malicious intend) and ethical hacking..." - What do you think...

Ignore IT governance at your peril

A number of CIOs turn a blind eye to decision-making and the corporate governance of their organization, instead preferring the more risky approach of being inwardly focused.

Warning against anti-terrorism plans

The European Union's data protection supervisor Monday criticized EU plans to retain phone and e-mail data for use in anti-terrorism investigations, saying they failed to protect civil liberties and gave a free hand to national intelligence services.

Is this the future for VOIP in South Africa?

US - Broadband providers and Internet phone services have until spring 2007 to follow a new and complex set of rules designed to make it easier for police to seek wiretaps, federal regulators have ruled.

Credit cos to adopt one data protection standard

The top three U.S. credit reporting companies said on Thursday that they would adopt a single, shared encryption standard to better protect the huge amounts of sensitive electronic data they receive every day from banks, retailers and credit-card companies.

Encryption is key to data protection

Organizations need to look more closely at how they encrypt their databases to protect against security threats.

EU Lawyers Slam Data Retention Proposal

European Council and Commission lawyers say a controversial plan for retaining telephone and Internet data, proposed last April by the UK and several other Member States, is partly illegal.

Hackers target net call systems

The biannual Symantec Threat Report identified Voice over IP (Voip) systems as a technology starting to interest hi-tech criminals

Typo-squatters target security industry

A serial typo-squatter appears to be targeting the computer security industry, registering domain names which are similar in all but one or two characters to the domains of companies such as Computer Associates, F-Secure, McAfee, MessageLabs and Symantec.

e-Billing requirements

See below a recent article on e-billing. Before jumping into development and roll out of any e-billing system, ensure that you adhere to the SARS requirements for electronic tax invoices. For more details on the requirements - click here and under search, type "electronic invoice", then click on SARS VAT news2 (date 14 Nov 2002)

The article
E-billing adoption rates are improving steadily as more billers offer electronic document delivery, and more consumers take up these options. But there is always room to encourage the numbers through targeted initiatives aimed at pushing the adoption of e-billing faster and higher.

E-tailer records a way to fight piracy

Normal e-tailer security and records could ultimately hamper the online sale of pirated goods, says online auction site Bidorbuy.

SA TV, radio closer to digital age

Key stakeholders have set the ball rolling on SA's migration to digital radio and TV broadcasting.

Telkom defends local loop

In line with the Telecommunications Act, there will be no local loop unbundling for the first two years of operation of the second national operator (SNO), says Telkom.

UK sets out case for data logs to fight terror

Britain, which is pushing for new EU laws on data retention, said on Wednesday that logging and storing telephone calls, email and Internet use had helped its police trap suspected terrorists.

PAIA deadline extended

The majority of companies that have not yet published their information manual as required by section 51 of the Promotion of Access to Information Act (PAIA) have some breathing room, as the initial deadline of 31 August 2005 has been extended.

According to a recent government gazette, all (excluding a few 'long-term' exceptions) private bodies are exempted from submitting the manual until at least 31 December 2005. The gazette announcement also grants long-term exemptions to private bodies and private companies until 31 December 2011. The long-term exception is only applicable to privte bodies that do not exceed the turnover amounts specified per industry or where the total number of employees do not exceed 50 employees, irrespective of turnover.

Although left to the very last minute, it is definitely a welcomed extension for smaller private bodies that does not need to spend thousands of rands to get their manual drafted and submitted. The only concern we have is - why establish legislation to deal with the Right of Access to Information and then differentiate between entities based on revenue or employees? A Right is a Right is a Right and should be applicable to every single private and public body in South Africa.

ICASA positive on Convergence Bill

The Independent Communications Authority of SA (ICASA) believes that with careful implementation, the Convergence Bill will add certainty and increase confidence in the sector, says Peter Hlapolosa, GM of telecommunications services at ICASA.

Day the music died

SHARMAN Networks chief executive Nikki Hemming wasn't in court to see the music industry deliver its body blow to file sharing, but there's no doubt Justice Wilcox's ruling on the Kazaa peer-to-peer network is a major win for the big record companies.