So the Security Summit 2010 has come to an end. Featuring speakers such as Moxie Marlinspike, Joe Grand and Jeremiah Grossman (again), it’s a pity to say that there wasn’t much new that was presented. With repeated concerns about input- and output-validation, as the OWASP Top 10 for 2010 highlight and were used as a repeated example, and a call for a holistic approach to a company’s security posture, the idea of making the thought (and practice) of security part of the organisation’s culture came through over and over again. (more…)
Archive for the ‘conferences’ Category
Security Summit 2010
2010
05.09
05.09
So, it’s that time of the year again – Security Summit 2010 in Sandton, Johannesburg. Items on the agenda include:
- The business of security – Threat horizon 2010 and beyond, legislation (PPI), risk, compliance, standards (PCI), security metrics, social networking, web application security, web services, web 2.0 and more.
- Technical/operational security – Top 10 hacks, botnets, trojans, smartphone security, cloud computing, virtualisation, SaaS, practical return-oriented programming techniques, web application server attacks, defeating SSL, exploiting Microsoft DEP and more. (more…)
Security Summit 2010
2010
03.19
03.19
Moxie Marlinspike will be at the Security Summit 2010 this year at the Sandton Convention Centre – well, at least he’s on the lineup – and should give some insights; Jeremiah Grosman is back (from White Hat Security) and Joe Grand (from l0pht Heavy Industries – remember l0phtCrack?) will also have some words to say.
Lets hope that the vendor presentations will be kept a mimimum with a focus on content rather than “Oh, we are great”…
Johannesburg, May 11-13, 2010
Cloud Computing 2009, The Forum, Bryanston
2009
11.24
11.24
With the usual eats (ok, the brownies are good – chewey, but not gooey) welcoming those who chose to attend, the presentations at the Cloud Computing Conference 2009 promise three potentially interesting presentations: a case study by iBurst, one by the University of the Witwatersrand, and a presentation about the potential security risks that cloud computing inherently presents. (more…)
Mobile Payments 2009 at The Forum, The Campus, Bryanston
2009
11.03
11.03
And the light dims as the presentations are to start – two days of presentations on mobile payments and payment mechanisms. Featuring Paul Stemmet from MXit, Aletha Ling from Fundamo, Adrian Vermooten from ABSA who compares the pros and cons of the operator vs the banking-centric business model for mobile payments, let’s hope that the presentations and the stay up here in the city of thunderstorms and bad bad driving is worth it…
Update: So far, the presentations from Paul, and the POCiT presentation on the basic factors and segmentation considerations of mobile payers have been worth it. Key quote:
Is your solution a headache or a vitamin tablet?
People will borrow money to buy a headache tablet, but only when they have spare cash will they splash out on vitamins…
Update: So ABSA sends about 1bn messages a year, now with more than 500 000 users on USSD gained via the last 8 months. Seems as though they NotifyMe system has been a good mechanism of getting users used to the mobile phone as a ‘trusted banking device’. May be worth looking a megau.mobi and absabank.mobi and absahome.mobi where they process around 1000 logins per minute as capture interfaces with large amounts of information required.
It takes less than 2minutes to register for a Funeral Plan via the ABSA mobile platform
… seeing that the ambulance will take 10min or more to get there…?
Update: After the Atos Origin (IT partners for the Summer and Winter Olymptics) presentation on their TESSA platform (including Bluetooth stickers), the SA Reserve Bank gave insight.
Through their South African Multiple Option Select System, they clear on average R300bn/day, with Oct 2008 seeing R8.4tn for that month. On the definition of e-money (seeing that they were presenting on the South African National Payment System, specifically on their E-Money Position Paper ("out in two weeks"), airtime is not considered a "currency" of any type as it’s barter in a free-market economy. E-money should be considered as currency issued by an issuer on the receipt of funds, accepted by receipients other than the issuer and redeemable for cash or bank deposit.
Currently, in South Africa, accepting a deposit for later repayment is the business of the bank and hence a criminal offence by a non-bank. Say you buy a store card for R 500 and have the cashier pay out R 200 out of the card — that’s currently illegal as it is using the card as a redeemable, cashable store of value.
That is the business of the bank as their main use is related to receipt of funds not for on-payment (on-payment is fine if the recipient is due funds – that’s why you can pay for a fine or rates at a Pick ‘n’ Pay or Shoprite) to third parties. The paper to be issued is a position paper (opion and interpretation by the SARB), not a directive (which becomes a ‘restrictive’ law).
Currently, deposit receipt is only possible in conjunction with a bank. In future, a model similar to the one the Financial Serices Authority (FSA) in the UK is using in having a multi-tier approach, where an "e-currency" may be issued:
- 1st tier: Bank
- 2nd tier: less than £25mil
- 3rd tier: less than £1mil, for a geographically restricted area, with business plan and 6-monthly report-back
Remissions Currently, PayPal could pay remissions (money paid back across borders, typicially by migrant workers…) if they applied for a banking licence; currently, though, they do not comply with the Foreign Exchange Control or the Banks Acts in South Africa. That’s why using Paypal cannot be ‘cashed in’ in South Africa. "Because they don’t want to" according to the SARB.
Malawi, Botswana, Angloa and Malawi are currently the most expensive remission destinations in the world, and the SARB is investgating methods of working on the remission costs. But that is in the future.
Isn’t it an issue if people buy less oranges and more airtime? — No, that’s the free market.
Update: ukash presented their offering, where PIN-encoded value stores are purchased in real currency and can then be transferred as far afield as Uruguay, Russia (as from today), Australia and South Africa (Pick n Pay -> wantitall, bidorbuy) – via mail, SMS, forum or other. Very popular in Pakistan and the Middle East, redeemable for things like Skype vouchers etc. Reminds me of the Security Summit 2009 presentation on the Underworld Economy… They were hit by £ 500 000 fraud in Sept 2008 due to monetarisation of their vouchers…
