http://www.qcert.org/qcert/whatsnew.html en-us Announcements http://www.qcert.org/news/card_fraud.html The UAE has been hit recently by a wave of card fraud, but the card payment industry is defining minimum security standards to prvent these problems. Thu, 25 Sep 2008 09:45:56 -0400 http://www.qcert.org/news/identity_theft_flags.html The U.S. government has issued an amendment to the financial regulation to tackle identity theft and fraud risks. Thu, 25 Sep 2008 09:40:38 -0400 http://www.cert.org/podcast/ CERT has published the following podcasts: How to Start a Secure Development Program, Getting to a Useful Set of Security Metrics, and Security Risk Assessment Using OCTAVE Allegro. Thu, 25 Sep 2008 09:39:07 -0400 http://www.qcert.org/news/ITU_natl_strategy.html The International Telecommunications Union Development (ITU-D) program recently conducted a series of meetings on cybersecurity and the economics of computer malware in Brisbane, Australia. Tue, 12 Aug 2008 10:58:25 -0400 http://www.qcert.org/news/intern.html Fatma Al-ansari was hired as an intern at Q-CERT to investigate the performance characteristics of so-called "thin clients." She also investigated the usability of Single Pack Authorization (SPA). Mon, 11 Aug 2008 15:10:23 -0400 http://www.qcert.org/news/GIFAR.html With the introduction of the GIFAR, malicious code may not be the only threat. Mon, 11 Aug 2008 10:51:15 -0400 http://www.qcert.orghttp://www.cert.org/podcast/ Protecting critical infrastructures and the information they use are essential for preserving our way of life. Mon, 11 Aug 2008 10:04:04 -0400 http://www.qcert.orghttp://www.cert.org/podcast/ Determining which security vulnerabilities to address should be based on the importance of the information asset. Thu, 31 Jul 2008 12:19:13 -0400 http://www.qcert.org/news/Q-CERT_move.html Last week, Q-CERT moved to offices in the Al-Nasr building. Tue, 29 Jul 2008 10:31:44 -0400 http://www.qcert.org/news/iris_scanning.html U.A.E. is using iris scanning at airports to screen incoming passengers. Tue, 29 Jul 2008 10:26:31 -0400 http://www.qcert.org/news/SMB_security.html A recent study by McAfee revealed some surprising cybersecurity facts about small and medium businesses. Tue, 29 Jul 2008 09:31:10 -0400 http://www.qcert.org/news/csn.html A new area has been added on the website to hold information about the Cyber Security Network. Tue, 15 Jul 2008 14:04:28 -0400 http://www.qcert.org/news/internationalization.html Wes Brown has published an article on the internationalization of malware. Tue, 15 Jul 2008 13:22:27 -0400 http://www.qcert.org/news/browser_flaws.html A recent study estimates that more than 600 million users worldwide are at risk of compromise because they are not running the latest, most secure version of their browser. Thu, 10 Jul 2008 14:19:38 -0400 http://www.qcert.org/news/protect_data.html Summer holidays are beginning, and it's important to remember that traveling can be dangerous to your data's health. Thu, 10 Jul 2008 14:07:42 -0400 http://www.qcert.org/news/laptop_losses.html A recent study reveals that a staggering 600,000 laptops are lost per year in U.S. airports alone. Thu, 10 Jul 2008 13:55:49 -0400 http://www.qcert.orghttp://www.cert.org/podcast/ During requirements engineering, software engineers need to think deeply about (and document) how software should behave when under attack. Thu, 10 Jul 2008 13:31:05 -0400 http://www.qcert.org/news/craig_slides.html The slides from Craig Blakeley's presentation on international standards for cybercrime legislation are now available. Wed, 02 Jul 2008 09:01:40 -0400 http://www.qcert.org/news/SPCI.html Q-CERT staff recently attended the first international conference on Security, Privacy, and Confidentiality Issues in Cyberlaw (SPCI 2008), which took place in Cairo. Tue, 01 Jul 2008 16:35:55 -0400 http://www.qcert.org/news/coffee.html It appears that the simple pleasure of indulging in a mid-afternoon cappuccino may be threatened by software vulnerabilities. Thu, 26 Jun 2008 16:21:31 -0400 http://www.qcert.org/news/craig.html Craig Blakeley, a lawyer with the Alliance Law Group in Tyson's Corner, Virginia, USA, was in town recently to address a QISF meeting on cybercrime legislation. Thu, 26 Jun 2008 16:05:17 -0400 http://www.qcert.org/news/SCP.html In a ceremony at the Sheraton hotel last week, representatives from ictQATAR, Q-CERT, and Microsoft met to sign an agreement that made Q-CERT a member of the Security Cooperation Program (SCP). Thu, 26 Jun 2008 13:30:52 -0400 http://www.qcert.org/news/DISC_postmortem.html Al Sharq was the scene last week of a conference on information security put on by the World Trade Center. Thu, 26 Jun 2008 13:27:02 -0400 http://www.qcert.orghttp://www.cert.org/podcast/ Targeted, innovative communications and a robust life cycle are keys for security policy success. Thu, 26 Jun 2008 13:26:10 -0400 http://www.qcert.org/news/AusCERT_2008.html Q-CERT recently sent a representative to AusCERT 2008, this year's instantiation of AusCERT's annual conference, one of the most important information security conferences in Asia and the world. Thu, 19 Jun 2008 13:32:02 -0400 http://www.qcert.orghttp://www.cert.org/podcast/ Managing software that is developed by an outside organization can be more challenging than building it yourself. Thu, 19 Jun 2008 13:10:25 -0400 http://www.qcert.org/news/cyberbully_forms_english.html This article describes the various forms that cyber bullying can take. An Arabic version is also available. Thu, 19 Jun 2008 13:08:48 -0400 http://www.qcert.org/news/COFEE_english.html Microsoft developed a USB drive utility called "COFEE" (Computer Online Forensic Evidence Extractor) that facilitates and contributes to the collection of evidence from a personal computer when a cyber crime occurs. An Arabic version of this article is also available. Thu, 05 Jun 2008 13:53:54 -0400 http://www.qcert.org/news/OWASP_meeting.html The inaugural meeting of the Qatar chapter of the Open Web Application Security Project (OWASP) took place on Carnegie Mellon University's Qatar Campus on May 22. Thu, 05 Jun 2008 12:31:15 -0400 http://www.qcert.org/news/DISC.html The first Doha Information Security Conference will be held June 10-11 at the Al Sharq hotel. Thu, 05 Jun 2008 11:09:51 -0400 http://www.qcert.org/news/ddos_podcast.html In this podcast, Dana Al-Abdulla and Noora Yousuf Al-Abdulla, members of Q-CERT's Incident Management team, discuss distributed denial-of-service (DDoS) attacks. Wed, 04 Jun 2008 16:30:13 -0400 http://www.qcert.org/news/cyberbully_partone.html As the usage of the internet by adolescents has grown, so has the concern parents have over the phenomenon of cyber bullying. Tue, 27 May 2008 12:29:57 -0400 http://www.qcert.orghttp://www.cert.org/podcast/ Software security is about building better, more defect-free software to reduce vulnerabilities that are targeted by attackers. Tue, 27 May 2008 12:25:32 -0400 http://www.qcert.org/news/scada.html With the increasing proliferation of common networking standards and standard operating systems, the world of Supervisory Control and Data Acquisition (SCADA) systems is joining the rest of the IT world and feeling the menace that faces typical office systems. Thu, 22 May 2008 16:05:20 -0400 http://www.qcert.org/news/incident_reporting.html The Incident Management team at Q-CERT has released a new version of the incident reporting guidelines it publishes to assist users who are reporting incidents. Fri, 16 May 2008 16:01:06 -0400 http://www.qcert.org/news/olympics.html In a recent interview, Interpol's Executive Director for Police Services discusses security at the Olympics in China. Wed, 14 May 2008 15:01:55 -0400 http://www.qcert.orghttp://www.cert.org/podcast/ High performing organizations effectively integrate information security controls into mainstream IT operational processes. Wed, 14 May 2008 14:59:36 -0400 http://www.qcert.org/news/julia_howto_podcast.html In the latest entry in the Q-CERT podcast series, Julia Allen offers some practical advice about how to get a handle on information security. Tue, 06 May 2008 18:41:51 -0400 http://www.qcert.org/news/hacking_inc.html For some time now it has been a commonplace that hacking and writing malicious code have become big business. Still, the evidence that continues to mount for this can surprise and even amuse us, as some recent examples demonstrate. Tue, 06 May 2008 16:29:57 -0400 http://www.qcert.org/news/credit_cards.html Credit card companies in the Gulf have begun deploying credit cards that use radio frequency identification. But this technology may mean that your credit card is not safe even in your wallet. Wed, 30 Apr 2008 13:14:12 -0400 http://www.qcert.orghttp://www.cert.org/podcast/ Helping your staff learn how to identify social engineering attempts is the first step in thwarting them. Wed, 30 Apr 2008 13:10:10 -0400 http://www.qcert.org/news/safe_travel.html Using cybercafes while traveling can be dangerous, but there are steps you can take to reduce your risk. Wed, 30 Apr 2008 13:08:41 -0400 http://www.qcert.org/news/S-SAP_intro.html Q-CERT has been developing a general methodology, known as the System-Security Assessment Process (S-SAP), for assessing weaknesses in a software system. Wed, 23 Apr 2008 11:23:47 -0400 http://www.qcert.org/news/alwafd.html A hacker who called himself "Saudi Arabia Hacker" gained control of the Al-Wafd newspaper website this week. Wed, 23 Apr 2008 11:22:08 -0400 http://www.qcert.org/news/acceptable_use.html Two Q-CERT staff members were involved with presenting a proposal for policies to safeguard the independent schools in Qatar. Wed, 23 Apr 2008 11:21:35 -0400 http://www.qcert.org/news/MENOG.html Two Q-CERT employees were featured speakers at the MENOG meeting in Kuwait. They gave two presentations: one on IPv6 and one on distributed denial-of-service attacks. Wed, 23 Apr 2008 11:20:02 -0400 http://www.qcert.orghttp://www.cert.org/podcast/ Benchmark results can be used to compare with peers, drive performance, and help determine how much security is enough. Wed, 16 Apr 2008 14:07:48 -0400 http://www.qcert.org/news/christin.html In Doha to explore collaboration opportunities in information security between Qatar and Japan, Nicolas Christin, from CyLab Japan, discussed his students' efforts to strengthen user authentication. Tue, 15 Apr 2008 10:26:32 -0400 http://www.qcert.org/news/analysis_results.html In this final session in our series, Ian Dowdeswell, Q-CERT's Incident Manager, wraps up the investigation. Tue, 15 Apr 2008 10:21:04 -0400 http://www.qcert.org/news/ictQATAR_podcast_David.html In this final installment of the series, Shalini Ravi interviews David Mundie, manager of Q-CERT's Outreach and Training team. Tue, 15 Apr 2008 10:19:31 -0400 http://www.qcert.org/news/security_mindset.html In a recent article, Bruce Schneier suggests that by thinking of ways that systems can be compromised, people could actually protect themeselves. Wed, 09 Apr 2008 09:36:16 -0400 http://www.qcert.org/news/expert_testimony.html In this week's episode, R. Azrina R. Othman from Cybersecurity Malaysia describes the basics of preparing to give expert testimony in a court of law. Tue, 08 Apr 2008 14:44:09 -0400 http://www.qcert.org/news/syrian_dos.html Hackers managed to cut off access to many official Syrian websites during the Arab Summit in Damascus. Tue, 08 Apr 2008 14:41:05 -0400 http://www.qcert.org/news/OWASP_operational.html OWASP-Qatar is now operational and will hold its first meeting on May 22, 2008 at the CMU-Q facilities in Education City. Tue, 08 Apr 2008 14:38:41 -0400 http://www.qcert.org/news/imaging_analysis.html With this week's installment, our series on cyberforensics gets to the fundamentals of forensics: how to collect digital evidence. Wed, 02 Apr 2008 11:29:31 -0400 http://www.qcert.orghttp://www.cert.org/podcast/ Aligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy. Wed, 02 Apr 2008 11:28:17 -0400 http://www.qcert.org/news/ictQATAR_podcast_Chris.html ictQATAR's internal communications specialist interviews Chris Bateman about Q-CERT's incident management services. Tue, 01 Apr 2008 14:58:03 -0400 http://www.qcert.org/news/memory_analysis.html This week, our ongoing cyberforensics scenario presents an introduction to memory analysis - all the techniques forensic analysts use to capture what's going on in a machine, even in the face of prevasive encryption. Tue, 25 Mar 2008 12:38:42 -0400 http://www.qcert.org/news/ictQATAR_podcast_Farrukh.html To gain insight into Q-CERT, ictQATAR's internal communications specialist interviews the head of Q-CERT's Critical Information Security team. Tue, 25 Mar 2008 12:10:53 -0400 http://www.qcert.org/news/FIRST_sponsor.html Q-CERT is a sponsor of the 20th Annual FIRST Conference, which will be held in Canada in June. Mon, 24 Mar 2008 13:31:13 -0400 http://www.qcert.org/news/REF.html CERT has just released the long-awaited CERT Resiliency Engineering Framework. Mon, 24 Mar 2008 13:29:45 -0400 http://www.qcert.org/news/OWASP.html Q-CERT is forming a local chapter of the Open Web Application Security Project (OWASP). Mon, 24 Mar 2008 13:28:20 -0400 http://www.qcert.org/news/QSTP.html Qatar Innovator has published an article about Q-CERT in the January issue. Tue, 18 Mar 2008 11:58:38 -0400 http://www.qcert.org/news/visible_ops.html Visible Ops Security, a companion to the popular The Visible Ops Handbook: Implementing ITIL in 4 Practical and Auditable Steps, has been published. Tue, 18 Mar 2008 11:56:24 -0400 http://www.qcert.orghttp://www.cert.org/podcast/ A sound security metrics program is grounded in selecting data that is relevant to consumers and collecting it from repeatable processes. Tue, 18 Mar 2008 11:53:34 -0400 http://www.qcert.org/news/atm_english.html Last month in Dubai, fraudsters used electronic readers and small video cameras to compromise ATM cards of thousands of UAE residents. Thu, 13 Mar 2008 15:54:45 -0400 http://www.qcert.org/news/mildenhall.html Not all data leaks are a result of malicious activity. Sometimes they happen because of a simple error. Thu, 13 Mar 2008 15:52:30 -0400 http://www.qcert.org/news/fee_fraud_english.html An Arabic version of the fee fraud article is available. Tue, 04 Mar 2008 13:36:57 -0500 http://www.qcert.org/news/fee_fraud_english.html A current fee fraud attempt is spreading in the country through email messages from professional impostors. Tue, 04 Mar 2008 13:33:11 -0500 http://www.qcert.orghttp://www.cert.org/podcast/ Significant insider threat vulnerabilities can be introduced (and mitigated) during all phases of the software development life cycle. Tue, 04 Mar 2008 13:19:38 -0500 http://www.qcert.org/news/RSS.html Q-CERT now has RSS feeds available for both alerts and announcements. Wed, 27 Feb 2008 14:48:40 -0500 http://www.qcert.org/podcasts/sami.mp3 In town for the ITU meeting, Mr. Sami Al-Basheer Al Morshid, Director of the Telecommunication Development Bureau within the International Telecommunications Union, talks with Q-CERT about the importance of cybersecurity for the region. Wed, 27 Feb 2008 14:33:07 -0500 http://www.cert.org/podcast/ Business leaders need to understand the risks to their organizations caused by the proliferation of botnets. Tue, 19 Feb 2008 12:30:47 -0500 http://www.qcert.org/news/FIRST_Prague.html Two members of the Q-CERT staff attended the latest FIRST Technical Colloquium in Prague. Tue, 12 Feb 2008 12:30:47 -0500 http://www.qcert.org/qisf/ The next QISF will be held on February 24. Julia Allen of the Software Engineering Institute will talk about information security governance, what it takes to build a security business case, and how to determine the return on investment. Tue, 5 Feb 2008 12:30:47 -0500 http://www.cert.org/podcast/ Selecting and reporting meaningful security metrics depend on picking topics of great interest, defining the business context, and having access to sound data. Tue, 5 Feb 2008 11:30:47 -0500 http://www.qcert.org/news/ITU.html Q-CERT will host a regional meeting of the International Telecommunications Union (ITU) at the Doha Marriott Hotel February 18-21. Tue, 29 Jan 2008 12:30:47 -0500 http://www.qcert.org/news/SANS10_english.html The SANS Institute has put together a list of the ten attacks most likely to cause substantial damage during 2008. An arabic version of the article is also available. Tue, 29 Jan 2008 11:30:47 -0500 http://www.qcert.org/news/ASIAN07.html Fri, 14 Dec 2007 12:30:47 -0500 ictQATAR and Q-CERT Sponsor ASIAN'07 has been posted. http://www.qcert.org/news/MENOG.html Thu, 29 Nov 2007 12:30:47 -0500"Q-CERT Announces Incident Handling Strategy at MENOG" has been posted. http://www.qcert.org/employment/ Fri, 12 Oct 2007 12:30:01 -0500Information about an opening for a Sr. Critical Infrastructure Security Consultant has been published. http://www.qcert.org/pgp/encrypt.html Tue, 4 Sep 2007 12:30:47 -0500Information about Q-CERT's new PGP public key is now available. http://www.qcert.org/forms/irf.php Fri, 13 Jul 2007 12:30:47 -0500A web-based version of the incident reporting form is now available. http://www.qcert.org/tips/ Fri, 8 Jun 2007 11:30:47 -0500Arabic versions of the security tips are now available. http://www.qcert.org/survey/ Tue, 5 Jun 2007 12:30:47 -0500The State of Qatar is conducting a survey to identify strengths and weaknesses in the country's IT security practices. Your input is greatly appreciated. http://www.qcert.org/tips/ Thu, 3 May 2007 12:30:47 -0500This document about cyber bullying is available in both English and Arabic. http://www.qcert.org/training/ Thu, 19 Apr 2007 12:30:47 -0500Instead of the OCTAVE Training Workshop on May 15-17, Q-CERT will be offering the Defense in Depth workshop on May 9. http://www.qcert.org/training/ Tue, 10 Apr 2007 12:30:47 -0500A list of upcoming workshops through November is now available. http://www.qcert.org/tips/ Fri, 23 Mar 2007 11:30:47 -0500This document describes the role educators play in ensuring that their students are safe online. It is available in both English and Arabic. http://www.qcert.org/tips/ Tue, 13 Mar 2007 12:30:47 -0500These 17 simple steps can help students protect themselves and their families online. http://www.qcert.org/qisf/ Wed, 21 Feb 2007 12:30:47 -0500The Qatar Information Security Forum (QISF) is an opportunity for IT / IT security professionals and academics to discuss information security trends and issues. The first event is February 27. http://www.qcert.org/training/index.html Tue, 19 Dec 2006 12:30:47 -0500Information about a January training workshop, along with descriptions of other Q-CERT workshops, is now available. http://www.qcert.org/tips/ Thu, 9 Nov 2006 12:30:47 -0500The PowerPoint presentation and materials delivered at a workshop are available in both English and Arabic. http://www.qcert.org/incidents/ Fri, 3 Nov 2006 12:30:47 -0500Q-CERT has published incident reporting guidelines. http://www.qcert.org/pgp/encrypt.html Fri, 3 Nov 2006 11:30:47 -0500A link to Q-CERT's PGP public key and information about obtaining GnuPG or PGP to encrypt email are now available. http://www.qcert.org/qcert/contact.html Fri, 3 Nov 2006 10:30:47 -0500Comments and questions can now be directed to specific groups within Q-CERT. http://www.qcert.org/tips/ST04-024.html Tue, 29 Aug 2006 12:30:47 -0500This security tip is the newest addition to the series. http://www.qcert.org/tips/ST04-021.html Tue, 22 Aug 2006 12:30:47 -0500This security tip is the newest addition to the series. http://www.qcert.org/tips/ST04-003.html Tue, 15 Aug 2006 12:30:47 -0500 This security tip is the newest addition to the tips series. http://www.qcert.org/tips/ Mon, 7 Aug 2006 12:30:47 -0500 Five security tips, written for home users, have been added to the site. More tips will be published regularly.