Business Continuity Terms

Mon, 2nd Nov 2009 at 09:45 · Filed under management, networking, security ·Tagged , ,

Quite often BCM discussions use the words ‘threat’ and ‘risk’, and possibly ‘vulnerability’ as one and the same.  These definitions should help to clarify the significance of each.

Asset is an IT service element e.g. software, hardware, IT people, data

Threat is the intent and capacity to cause loss or disruption and create adverse consequences – e.g. to IT services, data, Data Centers, IT Call Centers etc.

Vulnerability is the susceptibility of a service provider, service, data or infrastructure to damage, impairment or exposure by a threat

Risk a measure of the potential consequences of a contingency against the likelihood of its occurring, that is threats + vulnerabilities = risk

Impact is the consequence/effect of a threat expressed in terms of reduction of DC capability, or loss of business, service, data, etc.

Leave a Comment

News Digest

Wed, 28th Oct 2009 at 18:02 · Filed under news digest, security

Emerging Technologies

Clouds are the way to go, but standard setting, transparency and SLA are a long way off

Security

Half  million Insurance customer records lost. How nice!

Microsoft still don’t have my trust. Nd won’t for a while longer

Hardware

No ending to the SUN – Oracle saga it seems. EC still quimsy about MySQL’s future as SUN sheds more jobs.

Smile

Happy birthday Internet!

Leave a Comment

Mark’s rantings

Mon, 26th Oct 2009 at 15:36 · Filed under news digest, politics, security

The Times of Malta, Sun 25th Oct 2009

Sunday, 25th October 2009

The right to talk gibberish

Mark-Anthony, Falzon

Earlier this week, the leader of the far-right British National Party (BNP) Nick Griffin was the guest of Question Time, one of the BBC’s more hallowed shows. Many were not impressed. Even as the show was being filmed, a crowd of ‘anti-fascists’ scuffled outside with police, protesting against the BBC’s decision.

Opinion in Britain is strongly divided over whether or not far-right groups should be given airtime. The fact stands that the BNP represents scores of thousands of voters both on the British domestic and the European level, and as such qualifies for coverage according to BBC praxis.

The scrum outside the BBC studios was doubly ironic, even a tad comical. On one hand the ‘anti-fascists’, who presumably want a free and pluralistic world, bayed for the Beeb’s blood and tried to stop Griffin from taking part in the programme. The ‘fascists’, on their part, certainly no natural lovers of freedom and difference, defended their right to free speech.

Such debates are very often caught up in this logical tangle. Rephrasing the question, the reason why becomes immediately apparent: should we tolerate intolerance? It’s also a matter of some relevance to Malta, given our own ambassadors to the nutty land of xenophobia and racist thought. Not least since they can now (as of last June) claim to represent a significant chunk of the voting public.

What perhaps is the most worrying thing is that ultimately all the rumble and tumble played into Griffin’s hands. The BBC reported that over eight million people, three times the average audience, watched the show. Far-right groups know full well that there is no such thing as bad publicity.

But there are other problems. At first glance, free speech is the cornerstone of modern democratic thought and practice. The benchmark remains John Stuart Mill’s idea that “if all mankind minus one were of one opinion, and only one person were of the contrary opinion, mankind would be no more justified in silencing that one person, than he, if he had the power would be justified in silencing mankind” (On Liberty, 1859).

It was a disarmingly seductive plea for freedom of speech that subsequently shot to the top of the universal human rights chart. It’s also an idea one can scarcely disagree with – unless, it seems, one is a ‘fascist’, or an ‘anti-fascist’.

On one point, however, it gets hairy. What if the opinion of that one person were harmful? In our case, for example, Griffin could be accused of ‘inciting hatred’ towards Muslims, immigrants, and others. Should he still be given a free hand?

The problem is that ‘harm’ is not at all easy to pin down. Who is the more harmful, for instance, a far-right goon ranting against immigration or a family therapist sermonising that childcare centres harm the family? The obvious answer is that both are pretty harmful.

And yet, the former is generally despised while the latter enjoys regular messianic status on national television. Why? Because ‘harm’ – or at least ‘potential harm’ – is an elusive creature. Its definition depends very much on one’s assumptions and values. Which takes us to where we started – that it’s best to play it safe and go for general freedom of expression.

There are other aspects, perhaps more directly relevant to the case in question. One of the protesters’ drifts was that the BBC, in inviting Griffin on such a respectable show, ended up legitimising the BNP.

Yes and no. It’s definitely true that we tend to associate high-profile media productions with legitimate opinions. At the same time, being an optimist and a believer in reason, I should think it’s ultimately strength of argument that makes for legitimacy.

On this count there’s absolutely no need to gag the far right, simply because its typical litany (‘races are unequal’, ‘Hitler was nice but naughty’, ‘immigration will destroy us’, and so on) can easily be demolished in an hour’s work. It therefore makes more sense to give the far right a space contested by an intellectually well-equipped opposition, than to silence it outright.

Finally there is another, rather more sinister, danger. It can (and often does) happen that, due to legal and other limitations on free speech, far-right groups tone down their act in order to make it more acceptable. This has certainly happened with the BNP, for example, as well as with several European groups. In the case of Malta, the far right has in recent years tended to drop the jackboots and go for a ‘cleaner’ image.

The outcome is usually a disaster. As they move closer to the mainstream, far-right groups gain in ratings. Few will vote for a madman in black who says that Africans are in fact apes, but a nice-looking gentleman in a suit who says that Africans may not be up to scratch is a different prospect altogether. More ‘respectable’, much more electable, infinitely more dangerous.

There is therefore a strong case to be made for letting the far right expose itself for what it really is. The alternative’s grim. Griffin, when he took over as BNP leader in 1999, said the party had to rid itself of the ‘three H’s’ – Hitler, hard talk, and hobbyism. The plan seems to have worked. Votes in the 2005 general election were five times what they were in 2001, and the party now has two MEPs to its name.

Behold the wolf in sheep’s clothing, alias the sanitised BNP.

mafalzon@hotmail.com

Comments (1)

Messing in relationships we have no clue about

Wed, 21st Oct 2009 at 22:44 · Filed under globalisation

Been just listening to a BCC interview with some French and British scientists studying a common (ca 10 million per cm squared on a typical leaf) bacteria with particular properties – it is a catalyst for ice formation.

According to the scientists, this bacteria is so small and light it gets carried away with air currents and is found in clouds. Up there, they catalyse ice formation, which in turn causes rain to fall. The process is sometimes referred to as bio-precipitation. The bacteria are supposed to benefit because frost formation on leaves causes the ice to tear the delicate surface of the leave, presenting the juicier leaf insides to the bacteria to feed on.

The implications can be vast. An over-grazed land means there will be fewer leaves, therefore fewer bacteria on land, and so fewer in the clouds, and so less rain. A tragic cycle for farming. Likewise, genetically modified plantations may well be creating leaves which are resistant to these bacteria, with similar effects and long-term damage to whole eco-systems.

We are developing technology far faster than we can handle responsibly.

Leave a Comment

IPv6 seminar takeaways

Mon, 19th Oct 2009 at 10:26 · Filed under networking

The EU commission recently organised an IPv6 workshop in Malta. I have some takeaways from that seminar, of which the most interesting part was Orange’s presentation of their all-new first ever commercially available IPv6 service.

  • this is a difficult business case since it deals with underlying technology
  • will not improve security
  • will improve address availability
  • will completely eliminate need for NAT
  • therefore, internal addresses will be visible on the Internet. This will change the security perspective. More attention needs to be given to firewall configurations
  • firewalls will need to manage some new concepts (any-cast, auto-configuration, randomly generated address
  • offers IP mobility. A very significant feature if it works well, since users would be able to keep the same IP anywhere on the Internet!
  • as with any infrastructure project, challenges in hardware and applications – training, design, testing, migration, integrate in application development

Orange’s services are online: http://www.ipv6.orange-business.com

Leave a Comment

Authentication Technologies and Vendors

Mon, 19th Oct 2009 at 09:09 · Filed under security

I came by this on an ISACA journal Volume 6, 2007, and thought it useful to keep a record here.

Institutions heavily favour technologies that require the least amount of additional infrastructure and can be deployed in the most expedient fashion. The study showed that  the security of an authentication technology is an evaluation criterion, not *the* evaluation criterion, so technologies such as tokens were not so popular. Other factors such as user acceptance, ease of use, cost, enrolment time, deployment time and maintenance all have strong weights. Here is the list of authentication technologies used *by banks*, in order of preference:

  1. Risk-based
  2. Device ID
  3. Random images
  4. One-time passwords
  5. Mutual authentication
  6. Challenge questions
  7. Geographic IP
  8. Transaction monitoring
  9. Behaviour
  10. Fingerprint authentication
  11. Fingerprint recognition
  12. Adaptive authentication
  13. Keystroke dynamics

Here are the main vendors listed at the time:

  • RSA – security tokens
  • Bharosa
  • Green Armor Solutions
  • Verisign – digital certificates
  • Passfaces – visual recognition
  • BioPassword
  • DigitalPersona
  • Corillian
  • VASCO
  • Quova
  • Actimize

Leave a Comment

Sent an sms to her boyfriend to tell him she’s going to die

Fri, 9th Oct 2009 at 13:30 · Filed under security

http://www.timesofmalta.com/articles/view/20091009/local/cospicua-murder-victims-daughter-recounts-in-court-stabbing-frenzy

I find two very interesting points in this new article by The Times of Malta (reproduced hereunder).

First, the lady is forgiving her ex-boyfriend for killing her mother. I will not go into the logic of that, since it is an issue she alone needs to come to terms with. From a social perspective, however, the implications will affect the rest of society. There is a serious social security risk that is being transferred to the public in general. If the accused is granted a lesser jail term due to her forgiveness, then the message to society in general is that a killing is less grave if relatives of the dead forgive.  Does the dead lady also forgive him? Does the forgiveness make the crime a lesser evil? Logically not, but practically and technically it does under Maltese legislation. Magistrates will levy a lesser penalty.

I firmly believe there is a lot of social pressure happening in the back scenes. I suggest that a fairer sentence would be netted if the difference in penalty is transferred to he who pardons, in this case Ms Vella. I would be very eager to learn whether she’d be ready to forgive him for her mother’s killing knowing that she will serve a couple of years in prison in his place.

Secondly, it is very interesting to note that Ms Vella sent an sms to her boyfriend to tell him she won’t see him again, because she’s dying. How’s that for a farewell?! Has technology made us lose sense of what a relationship means? Where is the emotion, the tone of voice, the feeling that oral conversations convey? Is the guy not even worth the extra few cents worth to place a call instead of an sms?

Bah. Bewildering. And scary.

Friday, 9th October 2009

Cospicua murder victim’s daughter recounts in court stabbing frenzy

Surviving victim forgives accused

Waylon Johnston

A woman told the court yesterday she had forgiven a former boyfriend who allegedly stabbed her repeatedly and fatally stabbed her mother.

“I believe a lot in God and I forgive him”, Mary Grace Vella told a packed court room where tensions were running high after the families of the victims and of the accused clashed in the corridors a few minutes earlier.

Ms Vella was testifying in the compilation of evidence against Clive Farrugia who stands charged with the murder of Maria Theresa Vella and causing grievous injury to Ms Vella. He is also accused of slightly injuring Joseph Vella, the victim’s son, a policeman. He is pleading not guilty.

Ms Vella said that on the day of the incident, on May 8, she was at home in Cospicua when Mr Farrugia turned up to see their son. She had broken up with Mr Farrugia two weeks previously and was seeing another man. She was 99 per cent sure he was the father of their son even if she had been seeing another man prior to dating the accused.

Mr Farrugia told her he loved her dearly and wanted to get back together but she refused, telling him he was miserly and a workaholic. He said he would change his ways and started to cry, sitting on the bed next to her. When she rejected his advances, he threw up on her leg.

“That is when he made the biggest mistake of his life. He produced a knife and started stabbing me on the legs frantically”, she said. She was stabbed 11 times.

The witness recalled that she then started screaming. Her mother rushed to see what was wrong and tried to restrain him, which was when Mrs Vella was also stabbed.

During the knife attack, Ms Vella said she closed a door that led to a bedroom where her brother was asleep as she was confused and did not know what she was doing.

The accused even started stabbing himself below the chest and it was at that point that her brother appeared on the scene of the crime. The accused told him: “Kill me. I love her too much”. The witness said her brother managed to restrain Mr Farrugia and knock the knife off his hands. She said she went to pick up the knife and stabbed the accused in the back even though her brother was shouting at her to put the knife down.

She then walked into the kitchen, sat down, put the knife on the table, sent an SMS to her new boyfriend and told him to forget her as she thought she was a going to die. Paramedics then rushed in.

“As they carried me out of the house on a stretcher I looked at my son and prayed to God I will be able to see him again”, she said.

Ms Vella recalled that two days before the incident, Mr Farrugia went to her new boyfriend’s house and tried to start a fight but she intervened and he left.

PS Vella said that thanks to the training he received as a member of the police Special Assignment Group he was able to restrain the accused and call for help through the main door of the house.

He testified that he had been asleep upstairs when he heard his sister’s and mother’s screams. He rushed downstairs and witnessed a terrible scene. His mother was on the floor, as was his sister, both in pools of blood. PS Vella rushed towards the accused and his sister warned him he had a knife. The off-duty officer said he had to defend himself and managed to pin Mr Farrugia to the ground after throwing the knife away. However, the accused continued to fight, even when help arrived. He even tried to bite a nurse who tried to assist him, PC Vella said.

The case continues.

Police Inspector Daniel Zammit prosecuted.

Lawyers Gianella Caruana Curran, Joseph Giglio and Gianluca Caruana Curran are defence counsel.

Leave a Comment

News Digest

Wed, 7th Oct 2009 at 12:42 · Filed under Uncategorized

Fans ‘limited’ to 24 beers. Is this is a beer drinking sport or?

The computer security stuff starts in page 1,531 of the UK’s Defence Security Manual. But it’s from 2001. Worth noting – According to Ross Anderson, who’s given it a quick look over, “it seems to be the bureaucratic equivalent of spaghetti code: a hodgepodge of things written by people from different backgrounds, and with different degrees of clue, in different decades.”

Leave a Comment

News digest

Sat, 3rd Oct 2009 at 14:02 · Filed under news digest

Choice please!

If Skype fails, I’d be happy

Security

Google hacked?! Twice

FF the only secure browser. IE, Chrome and Safari still vulnerbale, 9 weeks later Luckily this is only affects all SSL sites worldwide

Phishing hits two-year high. Not surprising given it’s easier than ever. Financial Brands among the most targeted. Wonder why.

Smile

BOFH is back, with a venegance

Leave a Comment

Letter to The Times of Malta

Sat, 12th Sep 2009 at 10:58 · Filed under and so said..., security, self-reflections

Please Collaborate For Our Safety

My 2 year old daughter was playing in the street at the local feast. She was having fun throwing up the ‘feast paper’ left behind the brass band.

What she, or we, did not know was that beneath that paper were small pieces of glass, broken beer bottles. Luckily we noticed this before she hurt herself seriously. From then on, we had to keep her on our shoulders, much to her dismay and our discomfort.

This morning I went to the local police station to lodge a report that glass bottles were being distributed, and this is against the law and posing a danger to the public. The on-duty officer referred me to “The police squads outside, who are dealing with the feast”. I requested that at least a formal report is lodged, and presented my details. I then walked over to the nearest police squad in the main village square. On hearing my report, the police officer simply replied “No, I don’t think they are allowed to distribute glass bottles, but you can’t stop them in the feast.”

Hear hear! So in the first instance the police squad deployed on the streets specifically to deal with the feast matters was not *sure* whether glass bottles are allowed or not. They *think* it is not allowed. In the second instance, irrespective of what the law says, they feel powerless to control abuse. Then who, do I ask, should? What are the police’s duties if not specifically to ensure the laws are observed in the best interest of the citizens?

I do not blame the officers patrolling the streets, for they are executing orders and no more. The fingers need to turn to the higher echelons. When, a few years back, serious incidents had occurred, the Police acted and no glass bottles were to be seen. One felt safe walking the streets in sandals, or with children. More importantly, there was no risk of heated debates ending up in glass bottle fights, because there were no bottles to fight with in the first place.

Can the police, band clubs and local councils collaborate so that we may once again enjoy feasts safely, please?

Please Collaborate For Our Safety

My 2 year old daughter was playing in the street at the local feast. She was having fun throwing up the ‘feast paper’ left behind the brass band.

What she, or we, did not know was that beneath that paper were small pieces of glass, broken beer bottles. Luckily we noticed this before she hurt herself seriously. From then on, we had to keep her on our shoulders, much to her dismay and our discomfort.

This morning I went to the local police station to lodge a report that glass bottles were being distributed, and this is against the law. The on-duty officer referred me to “The police squads outside, who were dealing with the feast”. I requested that at least a formal report is lodged, and presented my details to WC268. I then walked over to the nearest police squad in the main village square. On hearing my report, the police officer simply replied “No, I don’t think they are allowed to distribute glass bottles, but you can’t stop them in the feast.”

Hear hear! So in the first instance the police squad deployed on the streets specifically to deal with the feast matters was not *sure* whether glass bottles are allowed or not. They *think* it is not allowed. In the second instance, irrespective of what the law says, they feel powerless to control abuse. Then who, do I ask, should? What are the police’s duties if not specifically to ensure the laws are observed in the best interest of the citizens?

I do not blame the officer patrolling the streets, for they are executing orders and no more. The fingers need to turn to the higher echelons. When, a few years back, serious incidents had occurred, the Police acted and no glass bottles were to be seen. One felt safe walking the streets in sandals. More importantly, there was no risk of heated debates ending up in glass bottle fights, because there was nothing to fight with in the first place.

Can the authorities, parish priests and band clubs collaborate so that we may once again enjoy feasts safely, please?

Leave a Comment

Older Posts »