Qatar signs deal to set up cyberspace security centre

The Peninsula - 15/12/2005

DOHA: Qatar will have its own cyber security response team to tackle threats posed to Internet users and businesses in the country by hackers and other criminals.

A partnership to form the Qatar Computer Emergency Response Team (Q-Cert) was signed recently between the Supreme Council for Information and Communications Technology (ictQatar) and the Carnegie Mellon Software Engineering Institute.

Dr Hessa Al Jaber, Secretary General, ictQatar said, Q-Cert will serve as the national organisation to conduct and coordinate the comprehensive set of cyber security activities that will be needed to protect Qatar's critical infrastructure as cyberspace becomes the nerve center of Qatar's government, business and education operations.

"We are delighted to have SEI's CERT programme in Qatar," said Dr Hessa. "It's intrinsic to ictQatar to bring the country in step with the best computing practices in the world and this helps realise our goal. Qatar aims to fully exploit information and communications technology to become one of the most successful knowledge-based societies in the world. To achieve this, Qatar will need to implement initiatives that successfully manage the increased risk that comes with dependence on these powerful technologies," she added.

Q-Cert will aid the international Internet community by building cyber security expertise in Qatar and the Gulf region. It will be a world-class center of excellence in information security conducting national and regional programs in cyber threat and vulnerability reporting, incident response and security improvement in order to build cyber security capability and capacity in government and private-sector organisations. Q-Cert will also work with public and private institutions as well as the general public in Qatar to provide proactive and guided approaches to managing ICT security.

"Carnegie Mellon, and Computer Emergency Response Team (CERT) specifically, has worked with countries and organisations worldwide to increase their research and development activities, as well as increase their knowledge and experience in the protection of critical infrastructures," said Richard D Pethia, Director of the SEI's CERT Program and interim team leader of Q-CERT.

"We are pleased to partner with Qatar and the Supreme Council to effectively manage ICT development in Qatar."

The Fake McAfee Patch

The hacker hit parade continues as phisherman launched their most recent attack, namely in the form of a fake McAfee patch. This isn't the first time hackers have taken seemingly legitimate names and attached various cyber-criminal activities too them. McAfee is just the latest.













A hat tip goes to the "Fraud, Phishing and Financial Misdeeds Blog for picking up on this one alert from WebSense Security Labs. Here's the statement from their site.

Websense Security Labs has received reports of an email scam disguised as a patch for McAfee products. Users receive a spoofed email message instructing them to click on a link to immediately download and install a patch from McAfee. This patch claims to address a virus that does not exisit. The link in the email takes users to a fraudulent website, that appears to be the legitimate McAfee security site.

The patch hosted on this page is actually a Trojan downloader.

The malicious site is hosted in the United States and was online at the time of this alert.

In the past major companies and organizations have been the target of similar scams. Recently, Sober variants were passed around with IRS, CIA and FBI tags on them. It's also happened large companies like Wal-Mart not to mention eBay, PayPal and who knows how many banks.

Phishing scams are some of the most effective forms of cyber crime because often times, many people feel the emails they receive are legitimate and many actually take the time to fill out the information. A recent study published by AOL said a surprising number of people assume these phishing scams are legitimate and some take the time to fill out the information.

by John Stith

John is a staff writer for SecurityProNews covering cyber security.

Firefox 1.5 Confirmed as Vulnerable

The Firefox 1.5 browser, which was introduced as an update that includes a number of improvements, including "significant" performance and usability upgrades, was announced today as vulnerable, due to a non-critical breach in the security system and a DoS attack could be organized by a hacker.

The vulnerability was made public a few days ago under the "proof-of-concept" label and Mozilla representatives as well as security companies thought little of it and their conclusion was that, in the worst case scenario, it should be considered more of an "annoyance" than a serious security vulnerability. A successful attacker can fill the browser's "history.dat" file with large history information by tricking a user into visiting a malicious Web site with an overly large title.

So far, Mozilla engineers have analyzed data from the browser's built-in crash reporting tool and could not find anything beyond the browser consuming a large amount of CPU and memory resources when it starts up after an attack.

Secunia labeled this problem as non critical, but recommends that Firefox 1.5 users remove the "history.dat" or configure the browser to clear history information when closing the browser. This can be done via the browser’s Tools > Options > Privacy > Settings feature.

By: Adrian Stanciu, Sci-Tech News Editor

China Accused Of Hacking U.S. Systems

The world's most populous nation denied charges of hacking U.S. military computers after a cybersecurity expert suggested Chinese military in southern China were going after U.S. networks.

This current debate is just the latest in an ongoing problem for the U.S. military. Alan Paller, director of the SANS Institute said the attacks have been traced to the Guangdong province and he said the techniques in play suggest precision that only comes from the military.

Paller made allegations on Monday during a conference call discussing other work by the SANS Institute. "These attacks come from someone with intense discipline. No other organization could do this if they were not a military organization."

The problem of these hackings has become tremendous. A number of military computers were hacked a little over a year ago. A group called "Titan Rain" was considered responsible for cracking four military installation systems and managed to make off with several tidbits including the aviation mission-planning software for Army helicopters. These hacks aren't a good sign and they don't stop there either.

A number of defense contractors have also been hacked. Paller said "We know about major penetrations of defense contractors." He went on to say "they are less willing to make it hard for mobile people to get their work done."

The Chinese government has denied these allegations. Foreign ministry spokesman Qin Gang said in his regular briefing that, "The Chinese police will deal with hacking and other activities disturbing social order in accordance with law."

Even if it's not the Chinese military hacking these computers, it points out a major flaw in U.S. cybersecurity efforts. Keep in mind this isn't someone's credit card, this is top-secret military knowledge. This isn't a case of internal spies or anything else. This is a major security problem and right now the U.S. is losing this particular fight. While howitzers and stealth bombers are quite effective at what they do, if a potential enemy knows how they work and the tactics for them, then they can nullify them.

Others have had similar luck getting into military computers too. Earlier in the year, a gentleman from the UK who had gotten into the Dept. of Defense computer networks rooting around for information on UFOs was being charged by the DOD for cyber crime. He found all kinds of things in their on anti-gravity devices and other odd technologies. The more significant thing he noticed happened to be all the people in the computer network who weren't supposed to be. These people were from all over the world. He said DoD lacked real password protection.

This point was reiterated in a new story this week on NPR as they do a series on cybersecurity. One security specialist interviewed said passwords were simple to figure out. This problem is widespread too. When one combines the defense contractors being hacked as well as the defense department being hacked, it doesn't leave our defenses all that intact.

There are ways to improve it. Certainly hackers may make it in but we shouldn't open the door for them. Tie in multiple passwords and biometrics to these systems. At least give these hackers something to work for. If we don't then all the jets and guns won't matter.

by John Stith

John is a staff writer for SecurityProNews covering cyber security.

Antispyware vs Antivirus

An unfortunate problem may be on the way. As adware, spyware and browser hijackers have become more sophisticated, antispyware programs have had to use more sophisticated means to catch them. Unfortunately, this may cause conflicts with antivirus programs using the same methods.

Antivirus programs historically have done a poor job of cleaning or even detecting spyware, although that has improved recently. Antispyware programs generally do not bother to detect viruses and trojans, since that is not in their mandate. For this reason, most people (sensible people anyway) have both antispyware and antivirus programs on their computer.

A very sophisticated, if low-level, technique used by antivirus software to catch viruses is to scan at the kernel level. The kernel is the lowest level of an operating system. By scanning at this low level, it leaves very little room for a virus to hide.

A number of antispyware companies are planning to introduce kernel-level scanning in their products. There really is no way to avoid it. The line between adware, spyware, viruses and trojans has virtually disappeared.

All of these types of parasites have poached each other's methods to replicate and to hide. Only the purpose of this unwanted software determines what it is called these days. The antispyware programs have to keep up, if they are to be of any use.

This is causing some concern in the antivirus industry. Two programs, both scanning at the kernel level at the same time, can crash a computer. Every antivirus company warns customers against using two different antivirus programs at the same time. People may end up having to make a hard decision: antispyware or antivirus?

The best way to avoid this potential problem may be cooperation between the antispyware and antivirus industries. An industry standard may have to be hammered out for kernel-level scanner drivers.

The kernel-level drivers can be written in such a way that, if more than one program is trying to access them, the drivers will juggle the requests to avoid a conflict. Two scanners would not be using the same resources at the same time and a system crash would be avoided.

The only other option would be for the antispyware and antivirus industries to encroach directly onto each other's territory. They would become direct competitors, with each side detecting both viruses and spyware.

As it stands now, antispyware programs do a poor job of detecting viruses and worms, while antivirus programs do only a fair job of detecting spyware. I don't see it as being in the best interests of the end users for each side to try and do the other's job. I hope the companies in both industries also see it that way and decide to work together.

Looks like the two may be heading for a showdown...........

FBI: Internet terror attack unlikely

WASHINGTON (Reuters) -- Terrorist groups lack the capability to launch a damaging Internet-based attack on the United States but foreign governments are probably behind many online spying attempts, FBI officials said on Wednesday.

Blahh....say what..say bollocks....Balvin

Survey: Some banks not quite 'safe as a bank'
-- and so many thought they were - Balvin

BY CHARLES F. MOREIRA

KUALA LUMPUR: Less than half the banks surveyed in the Asia Pacific region (excluding Japan) have met an acceptable portion of their disaster-recovery processes, said a market analyst last week.

Cyrus Daruwala, Financial Insights managing director for research and consulting (Asia Pacific), said the survey shows that some have business processes and infrastructures that are less protected than they perceive.

He was presenting key findings of the EMC-sponsored “Financial Insights Compliance Survey 2005” in Kuala Lumpur. Financial Insights is a subsidiary of market.....http://star-techcentral.com/tech/story.asp?file=/2005/12/13/corpit/12808029&sec=corpit

Become a Certified Architect
Microsoft Certified Architect Program

The Microsoft Certified Architect Program validates top industry experts in IT Architecture. These professionals have 10 or more years of experience in IT with at least 3 years of experience as a practicing architect, and possess strong technical and leadership skills and form a distinguished community. Unlike other IT certifications, this credential was built and is granted by industry architects, as candidates must pass a rigorous review board with previously certified architects.

This certification is targeted to practicing solutions architects and infrastructure architects who have successfully applied frameworks and methodologies to create an architecture that serves the entire IT lifecycle. These architects can employ multiple technologies to solve business problems and provide business metrics and measurements to describe the success or failure of the projects they drive.

The certification has already received the thumbs-up from some of the IT industry's most influential veterans. "Setting standards is important, especially if those standards are high enough to create an assurance that someone who meets the standard is capable of doing a high-quality job," said Tony Redmond, vice president and chief technology officer for HP Services, whose team worked with Microsoft Learning to develop the Microsoft Certified Architect credential. "Apart from individual achievement, a program like this is great for customers because you know that when you work with one of the elite, you truly are working with one of the best."

The Microsoft Certified Architect Program is currently in its pilot phase and........
http://msdn.microsoft.com/architecture/shareideas/share_certified/default.aspx

Don`t know why, I am loving to grab pictures....
Damn, feel like buyin a supercool piece of cam and going of on trip.... LOL

Now I gotta say, this is super cool. Any1 think so???


















This kqel 2...














These pictures were grabbed from the EC-Council website....It either belongs to EC-Council or their respective creators....So its not mine...I put it here coz its kool....I think :) Anyway....for more information about EC-Council, please go to EC-Council Webpage

Mac Keyboard

Mac Keyboard
Originally uploaded by Aero Works Photography.

Awwww, thiz iz soooo kewliez, 'y' is right and z is not even there :)

New MD for loss-making Proton

Printed on - 30/11/05
By Jagdev Singh Sidhu

PROTON Holdings Bhd yesterday posted a big loss for its second quarter and announced the appointment of Perodua Auto Corp executive director Syed Zainal Abidin Syed Mohd Tahir, 43, as its new managing director.

Apart from Zainal Abidin, who will take over as MD from Jan 1, Proton also named a new management team that would see Datuk Kisai Rahmat, currently joint chief operating officer, appointed executive director of its engineering and manufacturing division........

http://www.star-motoring.com/research/review.asp?file=/editorial/2005/proton1130.html

Rubbish....

Sum of 2005 Part "1"...
Well... this year is just about to freaking end... Time is just the most amazing machine of all... Anyway... what i am happy is about the success of the HITB Sec Conf 2005 in Westin, Kuala Lumpur yet again... Bravo to all the HITB goons and do rock again in 06... If you don`t know what this is....HITB Sec Conf stands for HackInTheBox Security Conference...Keeping Knowledge Free...always...More info here --> HITB site

By the way...Defcon went well 2... and i particularly love this piX...



and also this...



Disclaimer...

I am no hacker nor I claim to be a security expert... all I think is the effort put by the people of HITB and DEFCON is good and I do hell agree that knowledge should be kept free...Anyways those pictures were grabbed from DEFCON website and it belongs to either DEFCON or their respective creators...I just think they are kewl...so I put them here :P thx.

This are some books which are listed in the DEFCON book resources list...have a look if you are interested...I think so...

Corporate Espionage: What It Is, Why It Is Happening in Your Company, What You Must Do About It
by Ira Winkler, ISBN 0761508406, available in paperback

Information Warfare: Chaos on the Electronic Superhighway
by Winn Schwartau, ISBN 1560251328, available in hardcover

Spy Catcher: The Candid Autobiography of a Senior Intelligence Officer
by Peter Wright, ISBN 0670820555, available in hardcover This book is out-of-print, but possibly available through the used bookstore network.

Inside the Cia: Revealing the Secrets of the World's Most Powerful Spy Agency
by Ronald Kessler, ISBN 067173458X, available in paperback

A Century of Spies: Intelligence in the Twentieth Century
by Jeffrey T. Richelson, ISBN 019511390X, available in paperback

Friendly Spies: How America's Allies Are Using Economic Espionage to Steal Our Secrets
by Peter Schweizer, ISBN 0871134977, available in hardcover. This book is out-of-print, but possibly available through the used bookstore network.

War by Other Means: Economic Espionage in America
by John J. Fialka, ISBN 0393040143, available in hardcover

Privacy on the Line: The Politics of Wiretapping and Encryption
by Whitfield Diffie, Susan Landau, ISBN 0262041677, available in hardcover

Once again...I am not making a single cent out of advertising this books...I am just suggesting this as a reading material...That is it.

Gates Unveils Talents Search

BANGALORE: Microsoft chairman Bill Gates launched a talent hunt yesterday for India`s top technology students and urged software developers to cash in on the digital age.

Addressing more that 5,000 developers here, Gates said the search dubbed "Code 4 Bill", recognised India's role in nurturing technical talent.

"This is something we've never done before anywhere", Gates said.

Registration for the contest will start in January and students will be tested for technical and analytical skills. (The Star)