10 Key takeaways from the SecTor

This week I was lucky enough to attend the SecTor conference.

 

It was interesting to network with a group of people whose job it was to find weaknesses in computer programs and defend against them. Not to mention, the lunch was pretty good as well.

The whole conference had lots of interesting sessions and tracks.

Here are my 10 Key takeaways from the conference on IT security:

1. Phishing is the no.1 way to get control of a laptop (so be aware of the emails that you click on). Once you get some control over a laptop, then you can use it to gain access on other networks. We saw how you can use a Git repo to execute malicious programs without leaving a trail.

2. Keep backups offsite and disconnected from the web.

3. If it's not in the budget it's not getting done. If you want to increase security for your site/business/developers etc. make sure it's in the budget.

4. Cheap "smart" devices (especially from China) are easiest to hack into as they have numerous vulnerabilities. We learned in one session how to get control of a smart lock, a smart fridge, a smart thermostat etc. One of the smart coffee machines used to broadcast the wifi credentials of the house in plaintext as part of its programming! Once you have that, you can gain access using packet sniffing and detection of other devices in the house. The presenter showed us how he was opening someone's garage door who had installed a cheap remote garage opener, bought online from China. So buy devices from reputable companies who do patches and upgrades all the time.

5. Security often remains an afterthought. For example, most ATMs run on Windows XP, an old operating system that is now no longer supported.

6.To my surprise, there are a lot of women who work in IT security. This is an anomaly compared to rest of IT sector, especially developers, where there's 1 woman for 10 men.

7.You need to prepare a playbook and drill for incident breaches and have policies in place on what to do.

8.You have to have a "baseline" of activities of what is considered "normal". Any deviation from that is when you should be suspicious. Most breaches are detected on average 6-12 days after when they occur.

9. The simplest common sense measures often thwart costly breaches. For example a difficult password policy, or employees sharing credentials because creating accesses for new users takes too much time, is often how security breaks down.

10. You are more vulnerable common failures and innocent mistakes, and rarely due to malicious activity. Such as not patching regularly, or sharing credentials. Once you tackle those, then the serious criminals can be your focus.

It's a two day conference in Toronto, and it's returning next year in October. If you are in IT, this is a worthwhile conference.

Back To The Future For Geocities

Nostalgia seems to be pretty big nowadays. Today I was surprised to see an article on nostalgia for Web 1.0.

Er, Web 1.0, you ask. What is that?

That used to be the day. This was the internet of the late 90s and early 2000s. Those were the days before Google took shape (I remember using Alta Vista search engine) and blogging was just lurking around the corner. If you wanted a website, you had to build your own. You had to know HTML, DHTML and perhaps JavaScript (nowadays you just need a blogger or wordpress account). The best example was of course Geocities.

I had a Geocities account. Curiosity got the better of me and I used an internet archiver to see what my website looked like in 2002.

I also had a little bit of space on the university website (both as a student and as a TA) and this is what it looked like (the archiver is missing some of the images as well as styles).

What I find amazing is just the sheer amount of personal information I used to put online back then! One can argue we put more information online nowadays on Facebook and LinkedIn but those are behind a password protected account and shared with friends only (or so we think). From my site in 2002 you would know the names of my friends, my class schedule, where I worked, what my interests were, where we went for holidays and what I thought about the World Cup (well, some things don't change). ANY one could have seen that and all that was preventing them from visiting my site was not knowing the exact URL.

Ironically, I see that the time when Google broke through was when Geocities began to die, and blogging started to take root. I have already been blogging since 2004 (more than a decade now; my first post was on a cricket match).

I wonder what I will be posting as nostalgia in another ten years! Perhaps we will be looking back on the glory days of Facebook!

Facebook Appeases Muslims

Recently it has come to many people's attention that Facebook has stopped growing in Canada. This story about Facebook's fall in numbers was repeated throughout the Western world.

As a result, Facebook has refined its growth strategy to target Muslims in the developing world. Following detailed customer analysis, Facebook has made the following changes to its interface.

Events:

It felt that the original Event attendance with its three buttons was completely blasphemous to Muslims.


After all, when you click "I'm attending", how do you know you will attend an event, in the future? Only Allah knows the future, and therefore, the button was changed.


Marital Info:

This was targeted more towards the wealthier Arab market in the Gulf. In the original interface, Facebook allowed for the following setup.


This has now been changed to recognize the reality that upto 0.1% of the Arab men have more than 1 wife.


Poking:


Poking has been controversial ever since the feature was launched. According to Sheikh A'anta Majnun, "poking led to touching which led to dancing which led to haraam yaani boking is haraam". However, the feature could not be disabled for the Muslim world as it was discovered that many Muslim men liked to be 'poked' by non-related women. Therefore Facebook arrived at a compromise and allowed men to poke a women's "waali" (guardian) back if he was so inclined.



The feature was disabled for Muslim women, as their 'poking' responsibilities were delegated to their "waali". On a related note, most women have not yet 'friended' their "waali" (this is yet to be solved: one solution recommended delegating all 'friending' requests themselves to the "waali" but that is being debated).

Pictures

Photographs and tagging friends has long been Facebook's unique features, and this was tweaked slightly for the Muslim users of Facebook. An app titled "Muttawafy" automatically scans and ensures that pictures conform to strict guidelines followed by Muslim women.



As an aside, for some reason this feature, while it was introduced a while back with default setting "on", was found to be disabled by most desi men.

Why I support the Facebook ban by Bangladesh (and Pakistan)

Let us forget for the moment that the governments of Bangladesh and Pakistan are one of the most corrupt governments in history and they have anything but the welfare of their people in mind when they make decisions. Let's assume, for the purposes of this post, that they banned Facebook in their countries for the sole reason of "Everybody Draw Muhammad Day" page that was not taken down by Facebook.

Here is why I support such a ban.

1. It is not that the governments of Bangladesh and Pakistan banned public gatherings, freedom of speech, the internet or mass communication. A single website was banned. There are many ways to communicate to other people. So it's not that freedom of speech was curtailed. There are other social web networks.
   
   
2. Drawing a caricature of Muhammad showing him in a degrading fashion is offensive to the majority of Muslims. Just like calling a black man a negro is offensive in USA, promoting Nazi culture is offensive in Germany (and illegal) and denying the Holocaust is offensive in many European countries. Just because you don't find it offensive does not mean others don't. If you have the right to offend, then don't be surprised when people exercise their right to be offended.
   
   
3. Making fun of Muhammad is illegal in Pakistan and Bangladesh. Facebook is a company. By not taking down those pages it broke the laws in those countries. The countries therefore punished the company for breaking their laws. Facebook had to make a decision as to whether to stick to its values of "free speech" and operating in those countries, and it chose to ignore the laws. It therefore has to suffer the consequences.
   
   
4. If Facebook was really about "freedom of speech", as they say they are, then it seems they are very selective in their "freedom of speech". One gentleman from Pakistan decided to test their limits, and this is his story.
   
   
5. Making fun of the Prophet is hate speech - to Muslims. It may not be hate speech to you. Similarly, to many Bangladeshis who have never faced the wrath of Hitler, it's no big deal to praise some of his economic policies, but it's hate speech to Jews. If you support total freedom of speech then you have to support ALL hate speech.
   
   
6. I don't think we have complete and absolute freedom of speech. We never had. Every society has its taboos. Facebook breached one such taboo in those countries and got punished fair.
   
   
7. The ban is a non violent protest against Facebook's actions. If companies suffer financially through such actions, in the future they would be mindful of Muslim sensititivies if they want to do business with them.

a_bong is born

Yes, I do have a lot to say (waiting for the weekend to pen some posts), but for the moment, I have news.

I have given in.

a_bong

Yes, you can now follow me on twitter at http://twitter.com/a_bong.

To All Facebook Users

Can you please NOT upload the entire contents of your picture memory card to Facebook? An album is supposed be a few select pictures ... i.e. the GOOD ones. There is no reason to upload three pictures which are exactly the same except one has a closer view of the groom's nose than other ones. Similarly, blurry, out of focus, subject being blocked, etc shouldn't be uploaded. There is no reason to have a "Niagara Trip Album 1" and then "Niagara Trip Album 2" and then till "Album X"... just one album on that should be more than enough.

Can people NOT use the wall as a place to broadcast personal messages. I recently got a mini-feed from a friend's wall-to-wall that included details of her recent breakup, her cat's problems and the other replied with how her mother-in-law hates her. Seriously people, there is something called Private Messaging.

There is a button called the "Ignore" button. You don't need to add EVERY application to your profile so that another person, who is checking out your page, has his browser crash. Grrrrrr!

Instant message on Facebook. I hate it. It's small. It's annoying. I am surfing a page, dammit. Just add me on MSN if you wanna talk.

Can you name your albums something else other than "Random"? Seriously, show a bit of creativity. And "Album That Is Too Cool To Have A Name" doesn't cut it either.

And oh, stop sending me ANY application requests.

Google A Fatwa

So you want to know some fact about Islam (for example is A equal to B). You decide based on severity of the question and the urgency, that an online fatwa site is the way to go. So you ask.

This will be how the typical reply seems to be composed.

Dear Brother / Sister in Islam,

We are very pleased/satisfied/impressed that you have chosen to further your knowledge of the deen and may Allah keep you always on the rightly guided path.

That is, of course, salutation. You expect that, and read on, wanting them to now answer your question. But the content will be slightly different.

To look at your question, is A = B, first we must understand where A and B are coming from. Before Islam, the root of the word A was from the A'ramic word 'Aaa'....

What?!

Now we look at historical contexts where A = D. Now D is slightly different from B, but we have the 2nd Caliph of the 4th Sultanate in the 1201 AD when ...

On and on ...

In the great work of Ahlan Wa Sahlan the great jurist Saqlain Al Karim has stated that A and Z are opposite in empirical terms ...

Finally,

So we can conclude that a majority of the jurists are of the opinion D may be equal to E in some situations, while a minority of the ulema are of the opinion that D can never be equal to E.

As for A = B?

Allah and His Messenger Knows Best.

Seriously, while the Internet is great for research and expanding one's knowledge and quick lookups, I have had too many people telling, "Look! This is Islamic! Here's a fatwa site" (and from the link you can see they have followed the first Google link to some keyword searches). Is that Islamic? And second, why don't these Fatwas ever get straight to the point?

Facebook Friend Add Request

Overheard today on the bus:
Dude 1: "Man! I had like over 10 Add-as-Friend requests! I went through them and now there's only 1 request left ... it's been there over a month and I still haven't accepted it. I just don't WANT him to be added to my facebook!"

Dude 2: "Who's the request from?"

Dude 1: "It's from my Dad."

"I am not on Facebook"

A conversation with a good friend of mine.

Him: Give me the link to your album of your Bangladesh trip.

Me: It's on Facebook.

Him: I disabled my Facebook account.

Me: So you are not returning to Facebook?

Him: Yes, I am not going back to Facebook. I am making a point. It takes too much of my time and people are very immature on Facebook. I would rather not see that side of them.

Me: But the only online album I have is on Facebook.

Him: Go to the album and copy the public link URL and give that to me so I can see your albums without going on Facebook.

Me: But you will be seeing my albums which are on Facebook.

Him: But I won't be going into Facebook. Oh yeah, and send me those other albums as well, plus ... blah blah...

Me: So you will be seeing my Facebook albums, as well as those others, all of which are on Facebook, but you will not be going into Facebook, and thus still be making your point about how Facebook is encroaching into our lives and how you reject such encroachment?

Him: Exactly.

The Tech Letter

Please explain the following to me.

From: Tech. Support Group.
To: Me.

We have analyzed the error report and regret to inform you that the Microsoft Wireless Notebook Optical Mouse 3000 you purchased is incompatible with Windows XP Service Pack 2. It's a known software issue. The problem can be rectified by upgrading to a more compatible mouse.

Last time I checked, Microsoft made Windows, right? You would think their software would be compatible with their own hardware ...

On Turkey, Desis in Canada

On Turkey:

Whenever I read about Turkey nowadays, and the problems they are having with electing a President, I keep reading about one thing.

The ruling party's candidate for President, Abdullah Gul, has a headscarf wearing wife.

What the f*** has this to do with anything? She wears a hijab, doesn't wear a hijab, how does this affect his Presidency? Why is a woman's cloth given so much importance?

You know, it's all well and good to fight for the right to be not forcible hijabified, which is what they are now claiming Turkey's women are afraid of. But what about those women in Turkey, in France, in Germany, who want to wear the hijab and cannot? Who speaks for their lack of freedom?

On Desis in Canada:

The Toronto Star recently launched a magazine exclusively for South Asians in Toronto, called Desi Life. One of the people interviewed for one story was this blogger, and that article is here.

Beware of these hijabis

Also, I always believed it is sunnah to know how to defend yourself in a fight. Hail the Ninjabis.

A Facebook Valentine Story

"Honey," the wife suddenly poked her husband. "What gift are you getting me on Facebook for Valentine?"

"Huh?" Husband took his eyes of Nelly Furtado on CSI and looked at his wife. "Facebook? Gifts? Valentine?"

"Well," the wife put on her 'hurt-but-can-be-mollified' look. "Facebook has all these 'gifts' that you can give to your valentine, and it will show up on their profile."



"Oh, I see." Husband nodded. "How much are these gifts?"

"Oh, must everything be about money to you?" The wife pouted.

Husband quickly logged on to Facebook and saw he had one free gift to give. Thanking God for Facebook, he selected a Teddy bear and placed it on his wife's profile.

[3 minutes later]

"Husband?" Wife's voice now had the 'I-need-something' tone.

"Yes?"

"Look at my friend Baki. She got three gifts. And I have only ONE."



"Oh, great." Husband was slowly beginning to regret the day he joined Facebook.

[10 minutes later]

"Wife?" Husband had a puzzled tone to his voice. "Where is MY gift?"

"Oh," Wife now had her 'I-am-so-cute' smile. "You know my friend Madiha, who is single? She was soooo lonely, I felt so bad for her. So I gave her my gift. You know I loooooooooove you right?"

Madiha's profile now had seven gifts, all from girls: "Here you are my choooopooooos! My chinkie pinkie! My gulab jamun!"

Meanwhile, the single guys who should be giving Madiha gifts are having great fun, giving gifts to EACH OTHER.

"Here's something you wanted for a long time," Wrote Taufeeq to Adnan. A rainbow colored chocolate box was the gift. "I know you wanted to come out of the closet for a long time haha".

"Dumbass!" Was Adnan's response. "Here's something you need. Haha."

A roll of toilet paper was Adnan's return gift.

Oh Facebook! What have thee done to us?

The New Me

The tiger has new stripes!

I know you like it, so pay compliments to designer Shazia Mistry.

The layout, the color schemes and the banners were all hers - all I did was offer criticism (that too at one in the morning!). So for your next web project, you know the right person to contact.

At the moment my dear blog is modeling her new dress for me, and I am just admiring her from afar. I wonder if Shazia is doing the same.

Writings On The Wall

Yet another difference between Venus and Mars. Should be really part of this post.

Message on Facebook from one girl on my list to another:

WHATS UPPPPPP Girl!!!!! You my shoozie poozie! We missed you last night, chick!!! Wheres our sexy pics of the makeout session lol!!!

PS. Come over tonight!!!! we r all going for the movie!!!!
PSS I LAUUUU U.. *muaaah*

Message on Facebook from one of my guy friends to another:

Yo dumbass!!! When are you going to return my DVDs? The 'boys' are coming over for the Raptors game.. 7 pm.. be there or be square.

PS. Bring food.

And finally, to go down the evolution ladder even further:
(You need to know Urdu)

Abeeey baaaeeeeeeeenchoo** *bleep* kaha margaya tu salaaa...*bleep* kamine *bleep**bleep*
Wanna go for the Legends game on March 3? Woh dono *bleep**bleep* bhi araha hai.

Phew! Had to do some censoring there. Though, to be honest, I have never understood the reason why "oh ye illegitimate child of one who has done action Jackson¹ with his sister" is a term of endearment amongst some people!

1 (term "action Jackson" copyrighted by Samosa)

Little Mosque, Advice and That Video

As if a relatively balmy 12 degrees in what is supposed to be winter wasn't enough to remind one of the middle east, there were camels in downtown Toronto! It was all a promotional event as the CBC was giving out free chicken shawarmas to celebrate the launch of a new TV series, Little Mosque on the Prairie.

With signs like 'You say tomato, I say tabouleh', the clips of the TV show so far are funny and hilarious. This is one pilot I am eagerly awaiting, and my only complaint so far (already!) is that the Muslim characters are mostly Arab or African. I mean, we do have some Bengali Muslim bloggers ...

* * *

I am not usually accustomed to giving advice. Yesterday a friend asked me for some advice as she was about to graduate. I hope what I said made sense, as the last time someone asked me for graduation advice the situation went a bit like this:

I was eating with a friend who was just about to graduate. As I am in the middle of tackling these mouthwatering scrumptious tiger shrimps in a noodle dish, he tells me, "I am so conflicted."

"Uh-uh." I mumble. The shrimps were so delectably juicy.

"I want to work and earn some money you know," my friend remarked, "but my dad wants me to apply for med school. Our whole family is into medicine and he wants me to continue the work and be another doctor."

"Right, right." I said in between bites. "Man try this, this is good."

"Ya," he didn't even reflect on my oh-so-generous offer of one shrimp. "I am so torn. On one hand my dad left his practice to be here to give us the opportunity, and now I don't want to be a doctor."

"Well," I realized he was not going to give me any peace until I said something. "It's all about following your calling you know. The heart knows what it wants."

I didn't know what I was saying. I just sprouted some rubbish and went back to eating. The next thing I know he is staring at me with his wide eyes.

"Man that's so profound. Wow, that's really deep."

"Ya?"

"You have a way with words man. The heart knows what it wants. That's awesome. Thanks man."

So he didn't become a doctor, and is doing quite well otherwise. His father doesn't return my salaams at the parties.

And I still like tiger shrimp.

* * *

Has anyone seen the Saddam execution video? When I first came to know of its existence I did not want to view it, but then morbid curiosity (the kind that draws you towards the scene of a traffic accident) got the better of me, and I viewed the graphic footage. How can I sum up my feelings? Oh yes, shock and awe.

Shock that a state execution, what is supposed to be a sombre and solemn affair, turned out to be a mob lynching, and awe about the apparently fearless way Saddam died, with the kalimah on his lips. And utter amazement at the fact despite the knowledge of his heinous crimes and tales of his brutal oppression, his executioners have actually managed to provoke sympathy for that man.

Email from Mom

I come home at 1 am last night. The holidays are playing havoc with my body clock. So I am not sleepy at all. I switch on my laptop.

1 new email. From mom. Titled "important email from ammu".

OK.... wondering what it could be, I click on it.

"mezba there is noodles in the fridge for u n Sis.
if u wish to eat take half n leave half for her."

Truly we are in the twenty first century. No more post-it notes on the microwave in this house.

Tada!

The Brass Crescent Award winners' list is out. I would like to thank everyone who voted, especially for me :-D - Jazaks!

I would like to share what happened when I first told my parents to go vote for me.

Dad: So, you have a blog?
Me: Yes.
Dad: What do you blog about?
Me: Um, nothing in particular really. Just-
Dad: Do you get paid for it?
Me: No, it's just a hobby.

[pause]

Dad: So this award, what is it?
Me: It's for bloggers who write about Islam/Muslim issues.
Dad: What will it give you?
Me: Um, I don't know. Recognition, I guess. And respect.

[pause]

Dad: Hmmm....

And then there was my mom.

Mom: You have a blog?
Me: Yes, it's-
Mom: Why didn't you tell me about it?
Me: Well, I didn't think-
Mom: What article was nominated?

[I show her. She reads.]

Mom: This is good.
Me: Than-
Mom: Why is anyone even running against you?
Me: No one's running. And there's thousands of better writers-
Mom: No one can write better than this.
Me: Not-
Mom: I am going to read all of your blog now.
Me: Uh, oh.

[30 min later, angry phone call]

Mom: You wrote here you have an accident?
Me: Um, yes, that was when-
Mom: You said it was nothing, someone just clipped your mirror.
Me: Well, hehe, not really but I-
Mom: You were lying to me. I always knew you drove too fast.
Me: No! I was just-
Mom: Did you say "Subhanalla Sakhara ..." 3 times before you started the car?
Me: Yes, I-
Mom: And you always put your music too loud.
Me: No, I-
Mom: I am very angry with you.

[click]

Brass Crescent Awards

Wow.

I am humbled. My post Better Than A Thousand Months" on the last night of Khatam-e-Quran during Ramadan has been nominated under the 'Best Post or Series' for the annual Brass Crescent Awards. You can take a look at all the categories and nominees and vote for your favourite blogs here.

Vote Here

You can vote till Sunday.

Tags: Brass Crescent Awards

Hypocrisy and Facebook

So I was thinking about hypocrisy and the dual nature of many people. Let me start with myself. I will get in the car and say the prayer you need to say, right before I pop in the CD and turn up the music full blast.

So my friend and I get in the car, and I start the car. And then I start saying the little prayer.

"What are we waiting for?" My friend asks.

"Um," I reply. "I am warming the engine. That's it, warming up." Of course, it's not cool to admit you are praying.

"Dude," My friend has a puzzled look on his place. "We just stopped at this place for five minutes."

"Oh shut up. I am saying Aytul Kursi."

"Oh." Respectful silence. And then - alright, let's pop in the CD. And the music blares full blast on the speakers, where the singer describes in detail what he would like to do with his girl, and the girl replies back. Hindi or English, it doesn't matter nowadays.

I was thinking about it yesterday as I surfed Facebook.

Yes, I gave in to temptation at last. For someone who makes his living writing web applications, I am always the last one to get on any internet bandwagon. I started using Napster, just before they shut it down. I steadfastly refused to use web-banking, relenting right before phishing campaigns became well organized. I started to use torrents right before our ISP started to clamp down on them. So Facebook users beware.

So yesterday while I added a few friends and was just surfing through their pages and their friends, I came across the Facebook profile of this guy I know since after university. OK, now this guy is not your average 20 year old guy. He was always spouting religious talk. He would make you fill guilty for checking out a poster of Aishwarya Rai (telling you some line about how you were committing zina in your heart or something like that). He once sent people a ten page essay on why one must not wear ankle-length pants.

And here he was, on Facebook, in a bar, with a drink in one hand, with his girlfriend, making out. On Facebook. What do you think of that? It's not that I am passing judgement of what he did. I have plenty of friends who drink, who have girlfriends and whatever. I don't pass judgement or force my religion down on them. But I think it's the height of hypocrisy when you bug people for not wearing a cap when praying and then have your tongue down a girl's throat. A girl who is not your wife. In a bar. And then have it on Facebook for the whole world to see.

OK rant over. Meanwhile, Facebook is one cool thing. WTH is a 'POKE' though?

Tags: Facebook Tags: Hypocrisy