As it turns out, students in the many fields of IT such as software development are still being taught the lessons of old and not being taught how to pro-actively design software to defend itself from attack. This is the result of a recent survey which shows that many programmers and developers to be are not getting ample courses in integrating security into their systems. They are left to fend for themselves and have to rely on patches to overcome development bugs that could have been fixed before they became problems in the first place.
I started out as a programmer in the glory days of FoxPro and C++ and such events that we have now are non-existent or are not as malicious as they are now. Back then, they simply messed up the display of garbled the contents of a floppy with no bearing on Phishing or Vishing and the myriad of stuff today’s malware do. Security has become such an issue with development that people today have to rely on anti-viruses and other intrusion prevention systems for their systems to remain reliable. Incorporating more security into applications would prevent weaknesses even if bugs are present in the program for no system is totally fool-proof. We would still need these intrusion protection systems yet not as highly dependent on them for basic security needs.
Most companies rely on million dollar contracts with software developers who design software to protect their software, McAfee, Symantec and many other security software developers have shifted focus more on intrusion prevention and less on anti-viruses for today’s malware have gotten to a level of sophistication that they can self-modify themselves to elude anti-virus programs of the past. Integrating encryption and other security provisions into the software itself may take longer but it would provide a level of security that hackers would not find easy to break. Education is the key and knowledge is power, so giving the next generation of developers the knowledge to incorporate security greatly increases the level of power over these malicious programs and the hackers who make them.

Tags: Bottom's-Up Security, Development, security

Categories: General, IT Security Basics, News, Programming, Real-World Issues, Security Policies

Leave a Comment

Some of these updates and patches are well publicized and known to media and IT circles while others are not. The real truth, not all users want to know the details of the several updates and patches that are being installed as long as they get to use the internet and other software without issues. This is a dangerous tightrope to walk for like the Facebook incidents and MySpace problems, and yes even Google (with their customer purchase tracking system which they took out of service as people took notice and were pissed they were being monitored as to shopping habits etc).

Even the most popular web search engines have come under fire when people took notice of their tracking systems and how that information is used to target them for advertising campaigns. The web is a true and proven signal of unparalleled freedom for it allows you to get information all with the press of a few buttons. But the battle begins at your desktop or laptop where the OS resides and is installed on making it the root of all possible problems. Yes, Attacks do come from the net but they are targeted at your home or office desktops using them as propagation tools to spread them all over the globe. Privacy and the right to know is quite battered on these fronts with many problems being discovered at every turn. People love intrigue and they will continue to scrutinize and criticize the work of others may they be friends or foes. On goes the OS wars and we are on the sidelines waiting to suffer all the fallout of their drive to be the first to release the most innovative and feature loaded software (with bugs and system crashes all bundled and included in the box, well till they release the respective fixes and patches to remedy them).

Tags: Apple, linux, Microsoft, OS Wars

Categories: General, IM, IT Security Basics, Instant Messaging, Malware, News, Operating Systems, Privacy & Anonymity, Programming, Real-World Issues, Security Policies, Spyware

1 Comment

The best way to find out the security breaches is to think like a hacker on how to penetrate a secure network through various means. Accessibility to servers may have to go through different stages since various encrypted usernames and passwords would stand in the way of a successful hack.

The approach is quite simple. It is a reverse psychology of sorts since to become a full-proof secure system, ways on how to be able to get over the fences for such walls that have been put off must be severely tested.

Unorthodox as it may seem, the various approaches to be done will certainly be simple at this point because at the rate that hackers are able to go around security fences today, a lot of progress has been made in being able to make the lives of administrators a living hell as far as IT security is concerned.

[tags]hacker, network security, breach, coding, cracks, cryptography[/tags]

Tags: breach, coding, cracks, Cryptography, hacker, Network Security, security

Categories: Cryptography, IT Security Basics, Network Security, Operating Systems, Privacy & Anonymity, Programming, Real-World Issues, Security Policies, Spyware

Comments Off

System users are usually granted specific rights with regards to their accessibility options towards the main server. This is why most systems administrators need to identify the licensed users and their rights as defined by their department heads and superiors. Granting rights to all may be a bad decision since it allows the system and the network vulnerable to any form of intrusion at any time without limiting the options of who may be behind it.

Such has been an issue that systems administrators must learn to address. It is not mainly about knowing a person but by what he is capable of doing. That is why access rights should be properly labeled as administrators, users or guests. The absence of such tags makes it hard to audit and work backwards in cases where system malfunctions and possible conflicts such as server crashes may ensue. It is best to limit the users at a minimum so that pinpointing the probable suspects can be limited.

[tags]security rights, access levels, accessibility[/tags]

Tags: access-levels, accessibility, security-rights

Categories: IT Security Basics, Network Security, Operating Systems, Privacy & Anonymity, Programming, Security Policies, Tips, Wireless Security

Comments Off

Consider a scenario when a workstation would be left for a couple of minutes and a person-in-charge would have to go somewhere like a coffee break or the comfort room. Open working spaces are bound to have some person who may find himself by the cubicle and be tempted to see what is behind the screen of the workstation.

For some reason or another, pranksters may want to play jokes or get access to sensitive information. While these approaches may not necessarily be done on purpose to get the person in trouble, it cannot be denied that security of a workstation which is usually set at a certain time limit of inactivity like 10 to 15 minutes is a good way to safeguard work and data.

Some would regard it as annoying but the overall security and avoiding being tampered with is something that is really minor but may be at times crucial. A person can never know the people who may be roaming around and what they may be up to. Also, it would be best not to forget the administrator password, because if so, then the workstation may not be unlocked even by the user!

[tags]workstation, windows, server, passwords[/tags]

Tags: passwords, server, windows, workstation

Categories: IT Security Basics, Network Security, Operating Systems, Programming, Security Policies, Tips

Comments Off

While most of the world relies heavily today on computers and the Internet, safeguarding data and intrusion from malicious hackers and technology advanced individuals should be the main cause for concern.

It is no secret that most systems that do not have the proper security programs face the risk of potential loss of information or being a cause for downtime for servers that need to be operational 24/7. Without the security perimeter fences installed, a server or workstation is prey to a lot of attacks stemming from hackers, worms and Trojans that are spread all over the Internet today.

The risk is indeed high considering that a lot of personal and business related programs and files are the bloodstream of most operational works today. Without the proper cyber guards to act as assigned protectors to key data, internal operations and key components in systems will surely be facing threats that may not immediately be recovered by back-up systems alone.

[tags] internet security, cyber security, cyberspace, cyberworld, firewall, intrusion[/tags]

Tags: cyber-security, cyberspace, cyberworld, firewall, internet-security, intrusion

Categories: Backups, IT Security Basics, Malware, Network Security, Operating Systems, Physical Security, Privacy & Anonymity, Programming, Real-World Issues, Security Policies, Spyware, Storage, Tips, Wireless Security

Comments Off

By default, Internet Explorer is usually installed simultaneously with new installation of Microsoft Windows operating systems. This allows users to immediately access the web and browse websites or check their e-mail online.

However, it is recommended that the required patch updates for windows components, Internet Explorer included, to ensure that versions are updated and secured to avoid any exposure of vulnerable exploits and issues that unpatched versions would be prone to. Unpatched versions are sure to be lacking in security issues known today, hence the need to acquire such updates and patches a definite must for people using the Microsoft Windows software today.

The patches and updates help ensure the overall safety of the workstation and the network it is connected to. With the rampant amount of exploits and issues that technology has been open to, it would be best to keep software and applications up to date, starting with the operating system in use.

[tags]operating systems, microsoft windows, microsoft vista, patches, updates[/tags]

Tags: microsoft-vista, microsoft-windows, Operating Systems, patches, updates

Categories: IT Security Basics, Network Security, Operating Systems, Programming, Real-World Issues, Security Policies, Spyware, Tips

Comments Off

The best way for people to know what the latest threats and mischievous activities that people are up to over the web is to read the websites that specialize as well in network and computer security. There will always be new viruses, spyware and Trojans over the web and while the scope that these sites cover may not be saturated, it also depends on the part of the people on how they are inclined to be aware of such.

Unless there is a real outbreak that possesses quite a threat towards every computer, people will not be aware or concerned about technology security today. While the religious practice of keeping track of these threats cannot be readily instilled, it would be best to exhaust all means in being able to do so. Besides, people know for a fact that neglecting such efforts will be at their own risk and network and computer security is something that many would realize when the harm has already been done.

[tags]newspapers, magazines, e-zine, websites[/tags]

Tags: e-zine, magazines, newspapers, websites

Categories: IT Security Basics, Malware, Network Security, Programming, Review, Security Policies, Spyware, Tips, Wireless Security

Comments Off

People who own computers who have given up hope for remedying the problems that their workstation has solicited, either from viruses, Trojans or spyware will normally resort to formatting and re-installation of all programs to make things easier for them. This is usually the case for people who would not bother finding ways on solving such issues, the less technical savvy people who want the best and fastest solution to such issues.

People, often referred to as geeks would go at anything to be able to find alternative solutions without having to resort to the dreaded formatting decision since it will entail a lot of issues such as data loss and re-programming as well. While it is true that it is like doing a general cleaning for the entire workstation, historical files and programs will surely be missing one by one. But it is also like starting from scratch and locating the files and programs that a person has been used to having around.

[tags]computer, formatting, programming, viruses, spyware[/tags]

Tags: computer, formatting, Programming, Spyware, viruses

Categories: Backups, IT Security Basics, Malware, Operating Systems, Programming, Real-World Issues, Spyware, Storage, Tips

Comments Off

For the people who have not yet shifted to the new installment of the Windows operating systems known as Vista, a lot of people are probably aware of the System Restore feature that Windows XP has. While such a feature is indeed helpful, especially once systems start going haywire, it also has its side effects especially when viruses and Trojans start infecting a PC or workstation.

For one, cleaning up is done only on the machine at its current state. But with system restore, it backs up files unknowingly and in the process, the viruses and infections as well. The best thing to do during infected states is to temporarily turn it off, clean and disinfect the computer first and then turn it on again.

This is to ensure that the files, including the files backed up are properly cleaned in the process. The new backup will also overwrite the old ones so that a clean and well-oiled system is being used.

[tags]system restore, windows xp, windows vista[/tags]

Tags: system-restore, windows-vista, windows-xp

Categories: Backups, IT Security Basics, Network Security, Operating Systems, Privacy & Anonymity, Programming, Spyware, Storage, Tips

Comments Off