Thursday, November 16, 2017

10 Key takeaways from the SecTor

This week I was lucky enough to attend the SecTor conference.

 

It was interesting to network with a group of people whose job it was to find weaknesses in computer programs and defend against them. Not to mention, the lunch was pretty good as well.


The whole conference had lots of interesting sessions and tracks.

Here are my 10 Key takeaways from the conference on IT security:

1. Phishing is the no.1 way to get control of a laptop (so be aware of the emails that you click on). Once you get some control over a laptop, then you can use it to gain access on other networks. We saw how you can use a Git repo to execute malicious programs without leaving a trail.

2. Keep backups offsite and disconnected from the web.

3. If it's not in the budget it's not getting done. If you want to increase security for your site/business/developers etc. make sure it's in the budget.

4. Cheap "smart" devices (especially from China) are easiest to hack into as they have numerous vulnerabilities. We learned in one session how to get control of a smart lock, a smart fridge, a smart thermostat etc. One of the smart coffee machines used to broadcast the wifi credentials of the house in plaintext as part of its programming! Once you have that, you can gain access using packet sniffing and detection of other devices in the house. The presenter showed us how he was opening someone's garage door who had installed a cheap remote garage opener, bought online from China. So buy devices from reputable companies who do patches and upgrades all the time.

5. Security often remains an afterthought. For example, most ATMs run on Windows XP, an old operating system that is now no longer supported.


6.To my surprise, there are a lot of women who work in IT security. This is an anomaly compared to rest of IT sector, especially developers, where there's 1 woman for 10 men.

7.You need to prepare a playbook and drill for incident breaches and have policies in place on what to do.

8.You have to have a "baseline" of activities of what is considered "normal". Any deviation from that is when you should be suspicious. Most breaches are detected on average 6-12 days after when they occur.


9. The simplest common sense measures often thwart costly breaches. For example a difficult password policy, or employees sharing credentials because creating accesses for new users takes too much time, is often how security breaks down.

10. You are more vulnerable common failures and innocent mistakes, and rarely due to malicious activity. Such as not patching regularly, or sharing credentials. Once you tackle those, then the serious criminals can be your focus.


It's a two day conference in Toronto, and it's returning next year in October. If you are in IT, this is a worthwhile conference.

Wednesday, November 08, 2017

When Feminism Is Superior to The Prophet, Reevaluate

When your feminism causes you to downplay the Prophet, you gotta rethink your values.

Take a look at this article: "Give Muhammad A Chance"

In this article, the writer (cheered on by other women of similar ilk) says Khadijah was the prize, not Muhammad (pbuh) , and she married down and gave him a chance (and then compares herself to Khadijah and her husband to Muhammad (pbuh) and then congratulates herself).

Now I wish this writer all the best in her life. But Khadijah liked Muhammad and proposed to him. In a society where women weren't respected much, this shows the elevated stature and maturity of a woman like Khadija (who was around 3 years older than Muhammad (pbuh)). Why did Khadija like Muhammad (pbuh)?

Because he was different from other men. He was honest. He was trust worthy. He cared for the oppressed. He cared for the orphans. He never wished ill on others. This is what Khadijah (may Allah be pleased with her) herself testified on the night of the first revelation.  
 
The writer says, "At the time of marriage, Khadijah (ra) was the prize, not Muhammad (saw)."
 
I am not going to say either of them was the "prize", or that one of them married down or up. Theirs was a holy marriage made in heaven where each partner supported the other. Trying to twist that marriage to fit one's feminist narrative is falsehood at its worst.

Again there are many things wrong in our society. But we don't need to twist Islamic history to fit our narrative agenda to "solve" these problems.