Egypt had the reputation to be a country with a well educated youth but a GDP that was one of the worst worldwide. Now that things are changing we will very likely see that increasing (I would wish that for the people in Egypt very much!). But what does that mean for you and your outsourcing efforts? Egypt is just another country following in the footsteps of countries like India were cost of living went up, salaries followed and eventually the cost of outsourcing went up too. The changes in Egypt might at the same time increase friction between various layers of the population: The new IT elite which is getting higher salaries and others that feel left behind. Time will tell if this friction will result in more unrest or if the country manages to find a social approach that ensures the stability of the country. Social economic and human factors are often underestimated in IT and particular in IT security resulting in significant risks to the business.
1SSA - Security Consulting, Training and Products
Saturday, February 12, 2011
Sunday, February 06, 2011
Egypt crisis and Outsourcing companies
Some people see Egypt as the new India when it comes to IT outsourcing. What most people do not know is the fact that a lot of the IT support from Indian outsourcing companies already comes from countries like Egypt. A country with a well educated young generation that speaks English. It might be that your IT outsourcing is not directly affected, since being hosted in India, but the IT expert in India might have trouble getting his workstation supported from the help desk sitting in Egypt.
It is just another lesson learnt of how outsourcing creates risks that are not well understood, particular when it comes to the chain of dependencies that a global economy creates. With the introduction of the cloud the picture even gets fuzzier.
Read more: Outsourcing firms logging out of Egypt
1SSA - Security Consulting, Training and Products
It is just another lesson learnt of how outsourcing creates risks that are not well understood, particular when it comes to the chain of dependencies that a global economy creates. With the introduction of the cloud the picture even gets fuzzier.
Read more: Outsourcing firms logging out of Egypt
1SSA - Security Consulting, Training and Products
Thursday, December 30, 2010
Updates: Mobile apps & Cloud based services
Mobile apps spying on you - It seems that there are two class action lawsuits that have been filled against Apple. Apple having tight control over apps that get posted on the iPhone app store has set itself up for this. Control also means responsibility and consumer feel cheated if they discover that Apple allows applications to spy on them.
Cloud based services and the risks - The latest victim of its cloud technology seem to be Skype, which had major outages right around the Christmas time. The service blames older clients to be the source for the outage. Those clients shutdown/crashed when receiving certain offline messages that arrived delayed. This just shows that cloud technology creates super complex systems that are not yet well understood and difficult to test for all scenarios.
Read more:
Two lawsuits target Apple, app makers over privacy concerns
Skype's mega-FAIL: exec cops to cause
1SSA - Security Consulting, Training and Products
Cloud based services and the risks - The latest victim of its cloud technology seem to be Skype, which had major outages right around the Christmas time. The service blames older clients to be the source for the outage. Those clients shutdown/crashed when receiving certain offline messages that arrived delayed. This just shows that cloud technology creates super complex systems that are not yet well understood and difficult to test for all scenarios.
Read more:
Two lawsuits target Apple, app makers over privacy concerns
Skype's mega-FAIL: exec cops to cause
1SSA - Security Consulting, Training and Products
Sunday, December 26, 2010
Cloud based services and the risks
The cloud is here, and it is here to stay...
Having worked in the outsourcing business for some time it is quite entertaining to see how the marketing folks sell you the same old car over and over again, just by changing the sales pitch. What I am trying to say is that the cloud is just a collection of technologies that already existed before, being sold as part of a regular outsourcing deal: Virtualization, data centers in cheap labor countries, and network capacity are nothing new. But what are the risks?
Many of the cloud solutions had outages according to various websites tracking these outages. Leaving sometimes customer with a total loss of data (E.g. T-Mobile's Sidekick outage).
Other times your privacy of your personal or business data is at risk (E.g. Health care records stolen).
Reading through the fine print (see screenshot) of some of those cloud based services, you will notice that you just provided them with the permission to circumvent the local law. Agreeing to have your data stored "somewhere", where the laws of the country your reside in, might or might not protect your data.
Read more:
Cloud Privacy report - World Privacy Forum
Top-10 cloud outages in 2010
1SSA - Security Consulting, Training and Products
Having worked in the outsourcing business for some time it is quite entertaining to see how the marketing folks sell you the same old car over and over again, just by changing the sales pitch. What I am trying to say is that the cloud is just a collection of technologies that already existed before, being sold as part of a regular outsourcing deal: Virtualization, data centers in cheap labor countries, and network capacity are nothing new. But what are the risks?
Many of the cloud solutions had outages according to various websites tracking these outages. Leaving sometimes customer with a total loss of data (E.g. T-Mobile's Sidekick outage).
Other times your privacy of your personal or business data is at risk (E.g. Health care records stolen).
Reading through the fine print (see screenshot) of some of those cloud based services, you will notice that you just provided them with the permission to circumvent the local law. Agreeing to have your data stored "somewhere", where the laws of the country your reside in, might or might not protect your data.
Read more:
Cloud Privacy report - World Privacy Forum
Top-10 cloud outages in 2010
1SSA - Security Consulting, Training and Products
Sunday, December 19, 2010
Mobile apps spying on phone users
Do you like listening to Pandora? According to a a study conducted by Wallstreet Journal you better be prepared to offer some of your private details. The Pandora application on iPhone, according to the article, sends information about you to at least eight (8!) tracking services that gather information. This is not unusual according to the article. Most of the 101 apps tested showed evidence that they provide information ranging from a unique phone ID up to location information, age, Zip code and gender to tracking companies. The article also mentions that iPhone apps seem to be worse than their siblings on Google's Android platform.
Apple claims to review all applications before being allowed in the iPhone app store. This has caused a false sense of privacy with users. All of the apps reviewed by WSJ were available in Apple's app store.
Blackberry applications were not reviewed but the model RIM (maker of Blackberry) introduced in it's Blackberries a different security model. Access to certain information can be blocked. The user needs to deny the application the "trusted application" status and allow just access to individual information.
Read the WSJ article here: iPhone and Android Apps breach privacy
1SSA - Security Consulting, Training and Products
Apple claims to review all applications before being allowed in the iPhone app store. This has caused a false sense of privacy with users. All of the apps reviewed by WSJ were available in Apple's app store.
Blackberry applications were not reviewed but the model RIM (maker of Blackberry) introduced in it's Blackberries a different security model. Access to certain information can be blocked. The user needs to deny the application the "trusted application" status and allow just access to individual information.
Read the WSJ article here: iPhone and Android Apps breach privacy
1SSA - Security Consulting, Training and Products
Sunday, August 15, 2010
The big information security illusion
Now for years various vendors have worked to bring the various worlds together: IT, mobile phone service and physically security. The new thinking of "Everything is secure as long as the end point is secure" might not work out. Countries like Saudi Arabia or UAE pretty much told Blackberry manufacture RIM "Too much security/privacy" and are either thinking about, or already have made Blackberries illegal in their respective country.
Someone might say "Oh well not that big of a deal"...but this was just the start. Now IT outsourcing country #1 joins the club of Blackberry "haters" - India. What could that mean? For example software token solutions installed on your Blackberry used for multi-factor authentication could potentially be eavesdropped on by the Indian government. Some of them utilize SMS text messages to provide codes to users. Those codes are used to authenticate against IT systems requiring stronger authentication due to the sensitivity of the data stored on them. Some governments (e.g. Germany) already have advised to not use RIM devices for sensitive information.
Read more: Wallstreet Journal article
1SSA - Security Consulting, Training and Products
Someone might say "Oh well not that big of a deal"...but this was just the start. Now IT outsourcing country #1 joins the club of Blackberry "haters" - India. What could that mean? For example software token solutions installed on your Blackberry used for multi-factor authentication could potentially be eavesdropped on by the Indian government. Some of them utilize SMS text messages to provide codes to users. Those codes are used to authenticate against IT systems requiring stronger authentication due to the sensitivity of the data stored on them. Some governments (e.g. Germany) already have advised to not use RIM devices for sensitive information.
Read more: Wallstreet Journal article
1SSA - Security Consulting, Training and Products
Wednesday, February 03, 2010
From Enigma to Infinion's security chip...
During Blackhat DC 2010 Christopher Tarnovsky a researcher announced that he had broken through the defense mechanisms of Infineon's security chip. The chip has multiple mechanisms to protect itself from tempering with it. Making it the choice for many vendors to implement it in its devices. As the German Enigma during World War II has shown nothing holds for ever. Now Infineon, a German company, has to see once again that blind trust in its engineering is a recipe for the wrong attention. In this case Mr. Tanovsky worked his way step by step through the defense mechanism of the chip, having in the end ultra-small needles tap into the data bus. He then could readout encryption keys and other internal data of the chip. Tarnovsky informed Infineon of the flaws he had discovered, but so far Infineon has not responded.
According to Dark-Reading he told the Black-Hat audience: "Their initial reaction was to tell me that what I'd done was impossible," he said. "Then when I sent them some video and the code that I just showed [to the Black Hat audience], they went quiet. I have not heard back from anybody."
History repeats and blind trust in your engineering is never a good idea.
Read more: http://mobile.darkreading.com/9287/show/575baa2ef08cb38a3077417686e53489&t=0cd88a4fad7a9f5ce08e7b67d7d418d3
1SSA - Security Consulting, Training and Products
Attend our Oracle Security classes - Learn how to secure your Oracle databases
According to Dark-Reading he told the Black-Hat audience: "Their initial reaction was to tell me that what I'd done was impossible," he said. "Then when I sent them some video and the code that I just showed [to the Black Hat audience], they went quiet. I have not heard back from anybody."
History repeats and blind trust in your engineering is never a good idea.
Read more: http://mobile.darkreading.com/9287/show/575baa2ef08cb38a3077417686e53489&t=0cd88a4fad7a9f5ce08e7b67d7d418d3
1SSA - Security Consulting, Training and Products
Attend our Oracle Security classes - Learn how to secure your Oracle databases
Subscribe to:
Posts (Atom)
Posts
