Hi, I am Zeeshan Ali Shah working in the field of computer science since i was 18 . I was born in Pakistan and worked there since 2005 until when i moved to Sweden . I started my career with diploma from NCR and progress towards Bachelor from University of Karachi , Masters of Computer science from SZABIST (Pakistan) and MS from Kungliga Tekniska Hogskolan (Sweden) .
With academic degrees i have also achieved International certifications from SUN Microsystems, IBM Corporation and International system auditor control association (ISACA).
During my Career i worked as a Software programmer, System developer, IT Manager, Project manager, IT Security Engineer with H&M Hennes & Mauritz AB Sweden and now self employed as IT Security researcher and developer with Vigiltek alongwith as Security officer for PDC site of EGEEIII.
Having Entrepreneur mindset i have started an IT company (VigilTek) based in Sweden and running since 2006 very successfully. I have also won the best Idea for Spring board at Stockholm School of Entrepreneurship.
Having double masters in Software engineering (Pakistan) and Information security (Sweden) , I always think that current strategy of dealing security bugs are wrong. i.e. we are always try to cover the application from outside with IDS/IPS and firewalls. This has created so great hype that whenever you talked to some C-executive about IT Security he spontaneously imagine "Firewall" back in his mind. .. " Oh you need security go and get a firewall... :)) "
As a software engineer i know the problems lies deeply inside the software , which will not solve by hiding the application with firewall. It was one of the motive to start a forum "builtinsecurity" (builtinsecurity.org) to discus application/software security issues with some solutions.
The softwre security market is now passing from an "early adaptor phase" as discussed in the following article . Read here.
Last Updated ( Wednesday, 20 August 2008 10:44 )
Listening voice conversations
Written by Zeeshan Ali Shah
Tuesday, 29 July 2008 09:58
This is an example of removing another brick of privacy along with what i have blogged previously "Good bye privacy". Now they can even listen what you speak ... enjoy being victim of fixed IP networks unless you learn how to defend your rights technically ... read below
"There has long been speculation that Skype may contain a back door. Because the vendor has not revealed details of its proprietary Skype protocol or of how the client works, questions as to what else Skype is capable of and what risks are involved in deploying it in an enterprise environment remain open." sources n read more
Last Updated ( Tuesday, 29 July 2008 10:21 )
SP 800-113, Guide to SSL VPNs and SP 800-124, Guidelines on Cell Phone and PDA Security
Written by Zeeshan Ali Shah
Monday, 07 July 2008 22:15
NIST announced released of two publications: Special Publication (SP) 800-113, Guide to SSL VPNs, and draft SP 800-124, Guidelines on Cell Phone and PDA Security.
"SP 800-113, Guide to SSL VPNs, seeks to assist organizations in understanding Secure Sockets Layer (SSL) virtual private network (VPN) technologies. The publication also makes recommendations for designing, implementing, configuring, securing, monitoring, and maintaining SSL VPN solutions. SP 800-113 provides a phased approach to SSL VPN planning and implementation that can help in achieving successful SSL VPN deployments. It also includes a comparison with other similar technologies such as IPsec VPNs and other VPN solutions"
"Draft SP 800-124, Guidelines on Cell Phone and PDA Security, is available for public comment. It provides an overview of cell phone and personal digital assistant (PDA) devices in use today and offers insights for making informed information technology security decisions regarding their treatment. SP 800-124 gives details about the threats, technology risks, and safeguards for these devices. NIST requests comments on draft SP 800-124 by August 8, 2008. "
In the security field you too often hear the senteneces like "this is an unfamillar attack BUT WE SUFFERED NO DAMAGE AND NO INFORMATIO LEAK" , question is what is the meaning of "NO" in those type of sentences.
The same story you can read:
"Hackers recently targeted Naver, Korea's largest Internet portal, in a ever-before-seen kind of attack. Choi Whee-young, CEO of Naver's parent NHN, said in a meeting with reporters Thursday that Naver users recently had trouble accessing the portal's cafes because it had to temporarily lock access after detecting new kinds of hacker attacks." Read here
Last Updated ( Tuesday, 29 July 2008 09:46 )
Rise in SQL Injection Attacks Exploiting Unverified User Data Input
Written by Zeeshan Ali Shah
Wednesday, 25 June 2008 08:40
"Microsoft is aware of a recent escalation in a class of attacks targeting Web sites that use Microsoft ASP and ASP.NET technologies but do not follow best practices for secure Web application development. These SQL injection attacks do not exploit a specific software vulnerability, but instead target Web sites that do not follow secure coding practices for accessing and manipulating data stored in a relational database."
Microsoft has identified several tools to assist administrators. These tools cover detection, defense, and identifying possible coding which may be exploited by an attacker. Read here
