Latest Entries »

Hi Guys,

I wrote my thesis on a number of proposed guidelines for Internet Banking security in the UK, and I would like to share my paper with you.

Below is the executive summary, and the first chapter is available for download here.

Executive Summary

Advancements in web technology such as asynchronous Javascript have made it possible for companies to offer elaborate services over the Internet. However, some of this technology is very complex, and such complexity can introduce security flaws, which cyber criminals may exploit. The anonymous and social nature of the Internet also means users can be exposed to a number of social engineering threats.

Financial institutions depend on a number of information systems to offer banking services over the Internet. The information held within such systems about customer transactions, and customer account balances are very valuable and the manipulation of such information can lead to banking fraud. Hence they should be just as resistant manipulation as traditional physical information systems.

While the web may provide a great avenue for companies to offer services to a multitude of users simultaneously. However, it exposes clients and businesses alike to a number of threats. Offering services over the Internet mean both legitimate users and cybercriminals alike can access Information systems. Cybercriminals seek out flaws and exploit such flaws to carry out attacks to manipulate users information and con users. Ignoring such threats can lead to identity theft, phishing, malware attacks and banking fraud.

This paper seeks to put the risk of Internet banking in the UK, into sharp focus within the financial institution and users. This paper proposes a number of “guidelines for secure web 2.0 Internet banking” that can minimize the risk of successful attacks on Internet banking systems. Providing protection for financial institutions that offer Internet banking services and the users of these systems.

Previewing the new windows 8, at first look it looks amazing.

The start screen makes use of Windows famed tiling features used extensively on Windows mobile.

I installed it on virtual box on my mac for an installation guide on this, Osx daily writes a great one.

Hi Guys,

Developed a brand new WordPress driven website.

http://www.adegboyegahall.com

I used a number of really great WordPress plugins, which helped make my development that much easier.

Thought I should share some of these plugins with you guys.

1) Embed Facebook 

By far the best and easiest (to configure) Facebook plugin I tried out. If you are looking for a Facebook plugin for WordPress, look no further. This is a wonderful plugin, which allows you to add all sorts of Facebook content into your WordPress blog seamlessly.

I used this particular plugin on my page http://www.adegboyegahall.com/picturegallery to display pictures from a Facebook fan page.

2) Widget Context

This plugin allows you to specify widget visibility settings. It is pretty good and easy to use, and makes your visibility settings for your widgets that much easier.

3) ShareThis

ShareThis plugin seamlessly enables users to share your content through Email,Facebook,Twitter, Google +1, Like etc

4) Booking Calendar

This WordPress plugin will enable online booking services for your site. Visitors to your site will be able to check availability of apartments, houses, hotel rooms, or services you offer.

The calendar is offered as a Freemium service, but the basic (free) service is good enough to achieve basic booking functionality.

Those 4 really good plugins helped me create this WordPress site http://www.adegboyegahall.com from scratch, working on a few more sites at the moment, would keep you guys posted.

Great one guys.

Tim

Exam results are out and I did great, guess all the hardwork paid off at the end.

I have been working hard on my thesis,”Minimising the risk associated with web 2.0 Internet Banking”. In the process traversing the (un)glamorous world of Eastern European Cyber-criminals. Studying the cunning of phishing scams and the intelligence and effectiveness of banking malware. It has been a wonderful and eye opening journey and I can’t wait to share my full body of work here.

Normal blogging would resume once I submit my thesis.

Found this interesting article on www.webroot.com, and thought I should share, its pretty basic stuff but nonetheless a lot of people don’t follow them.

Computer Hackers and Predators

How are computer hackers and predators a threat to computer security?

People, not computers, create computer threats. Computer predators victimize others for their own gain. Give a predator access to the Internet  and to your PC  and the threat they pose to your security increases exponentially. Computer hackers are unauthorized users who break into computer systems in order to steal, change or destroy information, often by installing dangerous malware without your knowledge or consent. Their clever tactics and detailed technical knowledge help them access information you really don’t want them to have.

How do computer hackers and predators find me?

Anyone who uses a computer connected to the Internet is susceptible to the threats that computer hackers and predators pose. These online villains typically use phishing scams, spam email or instant messages and bogus Web sites to deliver dangerous malware to your computer and compromise your computer security. Computer hackers can also try to access your computer and private information directly if you are not protected with a firewall.  They may also monitor your chat room conversations or peruse your personal Web page. Usually disguised with a bogus identity, predators can lure you into revealing sensitive personal and financial information, or much worse.

What can computer hackers and predators do to me?

While your computer is connected to the Internet, the malware a hacker has installed on your PC quietly transmits your personal and financial information without your knowledge or consent. Or, a computer predator may pounce on the private information you unwittingly revealed. In either case, they may:

  • Hijack your usernames and passwords
  • Steal your money and open credit card and bank accounts in your name
  • Ruin your credit
  • Request new account Personal Identification Numbers (PINs) or additional credit cards
  • Make purchases
  • Add themselves or an alias that they control as an authorized user so it’s easier to use your credit
  • Obtain cash advances
  • Use and abuse your Social Security number
  • Sell your information to other parties who will use it for illicit or illegal purposes

Predators can pose a serious physical threat. Use extreme caution when agreeing to meet an online “friend” or acquaintance in person.

How will I know?

Check the accuracy of your personal accounts, credit cards and documents. Are there unexplained transactions? Questionable or unauthorized changes? If so, dangerous malware installed by predators or hackers may already be lurking.

What can I do about computer hackers and predators?

When you arm yourself with information and resources, you’re wiser about computer security threats and less vulnerable to threat tactics. Hackers and predators pose equally serious and but very different threats.

To protect your computer from hackers and predators:

  • Continually check the accuracy of personal accounts and deal with any discrepancies right away
  • Use extreme caution when entering chat rooms or posting personal Web pages
  • Limit the personal information you post on a personal Web pages
  • Carefully monitor requests by online “friends” or acquaintances for predatory behavior
  • Keep personal and financial information out of online conversations
  • Use extreme caution when agreeing to meet an online “friend” or acquaintance in person
Take these steps to protect your computer from hackers right away:
  • Use a 2 way firewall
  • Update your operating system regularly
  • Increase your browser security settings
  • Avoid questionable Web sites
  • Only download software from sites you trust. Carefully evaluate free software and file-sharing applications before downloading them.
  • Practice safe email protocol:
  • Don’t open messages from unknown senders
  • Immediately delete messages you suspect to be spam
  • Make sure that you have the best security software products installed on your PC:
  • Use antivirus protection
  • Get antispyware software protection
Putting these basics in place greatly reduce your computer’s risk exposure, to exploitation by hackers. Happy Protecting.

Exams Exams Exams

Hi guys, really studying hard for my MSc exams, so blogging is on a bit of a break, till after exams.

Wish me good luck. :)

Hi Guys,

Just got wordpress for my BlackBerry Phone, pretty cool, this is my first post with it, hopefully the fact I can post on the go, would make my blog posts a lot more frequent than they currently are.

For more information about wordpress for BB, http://blackberry.wordpress.org/

My next post will be about the upcoming war for market share in the global Smartphone market, which is worth a whole lot of zeros after the 1.

While Smartphone powers like Apple, Samsung and RIM/Blackberry seek to consolidate and expand their territories, great alliances are being forged(Nokia and Microsoft) , to take on these giants, this war has only begun, and its going to stretch way into the future, and it would redefine IT as we know it.

HI Guys,

A firm, I freelance for NoesisEdge, (www.noesisedge.com) just finished the design for a website, NBCL global. I was solely responsible for design and development of this project.

We made use of HTML, CSS, Adobe Creative suite, a sprinkling of Jquery, and PHP.

The Client wanted a simple but yet strong website that displayed its full range of services.

Here is the web address, www.nbcl-global.com , if you have any comments please feel free to drop them.

Cheers
Guys

This is a follow up to my article http://tinyurl.com/6944po8, about how Facebook CEO Mark Zuckerberg got his page Zuckerberg official pagehacked.

An official statement from Facebook states that “A bug allowed an unidentified person to post a message on Facebook CEO Mark Zuckerberg’s fan page on the site yesterday”, the weird post, and the even weirder comments are pictured on the right.

A Facebook spokesman provided this e-mail statement : “A bug enabled status postings by unauthorized people on a handful of public pages. The bug has been fixed.”

Joe Sullivan, chief security officer at Facebook, said in a follow up interview. “It was a very limited bug in that it only applied to the ability to post,” he said, he added that “Whoever is responsible only had the ability to post on the page and did not have access to private data on the Facebook account”

Specifically, the bug was in an API (application programming interface) that allows publishing functionality on the site, said Ryan McGeehan, security manager for incident response at Facebook.

Only a handful of high-profile accounts were affected, they said, declining to offer exactly whose pages were targeted. They also declined to comment on whether the hack earlier this week of French President Nicolas Sarkozy’s Facebook page was related. Someone had posted a message on the official’s page saying the French president would be stepping down next year.

Facebook are actively investigating the breach or “bug”, and are yet to find the perpetrators.

Only Facebook can tell the true story behind the events of this suspected hacking of Mark Zuckerberg’s page, this “bug” story seems a tad convenient if you ask me, but who am I to judge, Mark Zuckerberg has built a billion dollar empire with Facebook, while am here blogging about him, from my petit room in Surrey, UK.

In a related story, Facebook announced that it is now offering users the ability to secure their connection with the site using HTTPS (Hypertext Transfer Protocol Secure). It is rolling the option out to users and hopes to offer it as a default in the future. Enabling full-session HTTPS will eliminate the ability for attackers to compromise Facebook accounts by using tools like the Firefox plug-in called Firesheep.

As always I would keep you posted on any developments.

Cheers

For full story: http://tinyurl.com/5s7t87s

Mr Zuckerberg, the CEO of the multi-billion dollar, social networking heavyweight, Facebook, got his page “hacked” recently, the “hacker” breached the Facebook authentication mechanism and posted an update on Zuckerberg’s profile, telling Facebook to adopt a cause, a few people liked the update before it was eventually taken down.

The update went like so “Let the hacking begin: If Facebook needs money, instead of going to the banks, why doesn’t Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a ‘social business’ the way Nobel Prize winner Muhammad Yunus described it? [LINK] What do you think? #hackercup2011”

So what does this “Hack”, mean for Facebook security, well absolutely nothing, in reality celebrities cannot possibly manage all their social networking interaction and pages all by themselves, the management of this is usually done by a plethora of marketing sidekick, each all equipped with a username and password to access  the CEO’s page, and weave their marketing magic., this makes the updates to the page very dynamic and very up-to-date, but it presents a security challenge because it provides multiple points of failure, where the password could be leaked to the “hacker”.

The marketing gurus managing the page come from various backgrounds, while most of them may be information security aware, and guard the password with their lives, a few others may not be that bothered and indulge in practices which could potentially expose the password, like writing the password on sheets of paper and stowing it away in their office drawer, or be like my former boss and stick the password right on the laptop, which would be easily accessible for any would be “hacker”.

There was no brute force attack on the Facebook authentication mechanism, someone with the knowledge of the password was careless or leaked the password on purpose, and the hacker got a hold of it, this is a failure of the information security policy/framework within Facebook as a company, particularly the section which deals with password management, and not a failure of Facebook.com, to secure its 500million+ users private information, they are two separate issues.

Someone probably just left the keys to the front door, under the carpet and the “hacker”, just looked under the carpet and got the keys. Mr Zuckerberg  just needs to keep his keys better.

Read for full report http://bit.ly/dTkZQv

Follow

Get every new post delivered to your Inbox.