News 
Wave of Card Fraud Back in the Region The UAE has been hit recently by a wave of card fraud, but the card payment industry is defining minimum security standards to prvent these problems.
Identity Theft Red Flags Scheme The U.S. government has issued an amendment to the financial regulation to tackle identity theft and fraud risks.
New CERT Podcasts Available CERT has published the following podcasts: How to Start a Secure Development Program, Getting to a Useful Set of Security Metrics, and Security Risk Assessment Using OCTAVE Allegro.
Q-CERT Presents National Cybersecurity Strategy at ITU Meeting The International Telecommunications Union Development (ITU-D) program recently conducted a series of meetings on cybersecurity and the economics of computer malware in Brisbane, Australia.
Q-CERT Intern Completes Two Projects for the Price of One Fatma Al-ansari was hired as an intern at Q-CERT to investigate the performance characteristics of so-called "thin clients." She also investigated the usability of Single Pack Authorization (SPA).
Scary Photo Can Compromise Users' Accounts With the introduction of the GIFAR, malicious code may not be the only threat.
CERT Publishes Podcast on Managing Risk to Critical Infrastructures at the National Level Protecting critical infrastructures and the information they use are essential for preserving our way of life.
CERT Publishes Podcast on Managing Security Vulnerabilities Based on What Matters Most Determining which security vulnerabilities to address should be based on the importance of the information asset.
Q-CERT Moves to New Offices Last week, Q-CERT moved to offices in the Al-Nasr building.
A Poke in the Eye for Iris Scanning in U.A.E. U.A.E. is using iris scanning at airports to screen incoming passengers.
Surprise: Small Businesses Not Immune to Cybercrime A recent study by McAfee revealed some surprising cybersecurity facts about small and medium businesses.
Cyber Security Network Area Launched A new area has been added on the website to hold information about the Cyber Security Network.
Internationalization Poses New Challenges for Information Security Wes Brown has published an article on the internationalization of malware.
When Was the Last Time You Updated Your Browser? A recent study estimates that more than 600 million users worldwide are at risk of compromise because they are not running the latest, most secure version of their browser.
Traveling? Your Data is at Risk! Summer holidays are beginning, and it's important to remember that traveling can be dangerous to your data's health.
Laptop Loss More Frequent Than Realized A recent study reveals that a staggering 600,000 laptops are lost per year in U.S. airports alone.
CERT Publishes Podcast on Identifying Software Security Requirements Early During requirements engineering, software engineers need to think deeply about (and document) how software should behave when under attack.
Craig Blakeley Presentation Posted The slides from Craig Blakeley's presentation on international standards for cybercrime legislation are now available.
SPCI Conference 2008 Q-CERT staff recently attended the first international conference on Security, Privacy, and Confidentiality Issues in Cyberlaw (SPCI 2008), which took place in Cairo.
Now Espresso Machines are Vulnerable? It appears that the simple pleasure of indulging in a mid-afternoon cappuccino may be threatened by software vulnerabilities.
Podcast on Qatar and Cybercrime Legislation Craig Blakeley, a lawyer with the Alliance Law Group in Tyson's Corner, Virginia, USA, was in town recently to address a QISF meeting on cybercrime legislation.
Q-CERT Signs Security Cooperation Agreement with Microsoft In a ceremony at the Sheraton hotel last week, representatives from ictQATAR, Q-CERT, and Microsoft met to sign an agreement that made Q-CERT a member of the Security Cooperation Program (SCP).
World Trade Center Conference Stresses Holistic Approach to Information Security Al Sharq was the scene last week of a conference on information security put on by the World Trade Center.
CERT Publishes Podcast on Making Information Security Policy Happen Targeted, innovative communications and a robust life cycle are keys for security policy success.
AusCERT 2008: A Feast for the Senses Q-CERT recently sent a representative to AusCERT 2008, this year's instantiation of AusCERT's annual conference, one of the most important information security conferences in Asia and the world.
CERT Publishes Podcast on Becoming a Smart Buyer of Software Managing software that is developed by an outside organization can be more challenging than building it yourself.
In what forms can cyber bullying occur? This article describes the various forms that cyber bullying can take. An
Arabic version is also available.
Microsoft Utility Useful in Cyber Crime Investigations Microsoft developed a USB drive utility called "COFEE" (Computer Online Forensic Evidence Extractor) that facilitates and contributes to the collection of evidence from a personal computer when a cyber crime occurs. An
Arabic version of this article is also available.
Q-CERT Sponsors First Meeting of OWASP-QATAR The inaugural meeting of the Qatar chapter of the Open Web Application Security Project (OWASP) took place on Carnegie Mellon University's Qatar Campus on May 22.
World Trade Center Announces Information Security Conference The first Doha Information Security Conference will be held June 10-11 at the Al Sharq hotel.
Podcast on Distributed Denial of Service In this podcast, Dana Al-Abdulla and Noora Yousuf Al-Abdulla, members of Q-CERT's Incident Management team, discuss distributed denial-of-service (DDoS) attacks.
Cyber Bullying, Part One As the usage of the internet by adolescents has grown, so has the concern parents have over the phenomenon of cyber bullying.
CERT Publishes Podcast on Building Secure Software Software security is about building better, more defect-free software to reduce vulnerabilities that are targeted by attackers.
SCADA Systems Susceptible to Threats With the increasing proliferation of common networking standards and standard operating systems, the world of Supervisory Control and Data Acquisition (SCADA) systems is joining the rest of the IT world and feeling the menace that faces typical office systems.
Q-CERT Overhauls Incident Reporting Guidelines The Incident Management team at Q-CERT has released a new version of the incident reporting guidelines it publishes to assist users who are reporting incidents.
Cybercrime at the Olympics? In a recent interview, Interpol's Executive Director for Police Services discusses security at the Olympics in China.
CERT Publishes Podcast on IT Operations and Security High performing organizations effectively integrate information security controls into mainstream IT operational processes.
Getting Started in Information Security: A How-To Podcast In the latest entry in the Q-CERT podcast series, Julia Allen offers some practical advice about how to get a handle on information security.
Hacking, Incorporated For some time now it has been a commonplace that hacking and writing malicious code have become big business. Still, the evidence that continues to mount for this can surprise and even amuse us, as some recent examples demonstrate.
Hacking RFID Credit Cards Credit card companies in the Gulf have begun deploying credit cards that use radio frequency identification. But this technology may mean that your credit card is not safe even in your wallet.
CERT Publishes Podcast on Social Engineering Helping your staff learn how to identify social engineering attempts is the first step in thwarting them.
Keeping Data Secure While Traveling Using cybercafes while traveling can be dangerous, but there are steps you can take to reduce your risk.
Introducing S-SAP Q-CERT has been developing a general methodology, known as the System-Security Assessment Process (S-SAP), for assessing weaknesses in a software system.
Al-Wafd Website Hacked A hacker who called himself "Saudi Arabia Hacker" gained control of the Al-Wafd newspaper website this week.
School Information Security Policy Proposal Unveiled Two Q-CERT staff members were involved with presenting a proposal for policies to safeguard the independent schools in Qatar.
Q-CERT Gives Presentations on IPv6, DDoS Two Q-CERT employees were featured speakers at the MENOG meeting in Kuwait. They gave two presentations: one on IPv6 and one on distributed denial-of-service attacks.
CERT Publishes Podcast on Benchmarking Benchmark results can be used to compare with peers, drive performance, and help determine how much security is enough.
Making User Authentication Resilient to Prying Eyes and Con Artists In Doha to explore collaboration opportunities in information security between Qatar and Japan, Nicolas Christin, from CyLab Japan, discussed his students' efforts to strengthen user authentication.
Anatomy of a Crime Scene, Part Six In this final session in our series, Ian Dowdeswell, Q-CERT's Incident Manager, wraps up the investigation.
Podcast on Outreach and Training In this final installment of the series, Shalini Ravi interviews David Mundie, manager of Q-CERT's Outreach and Training team.
Bruce Schneier on the "Security Mindset" In a recent article, Bruce Schneier suggests that by thinking of ways that systems can be compromised, people could actually protect themeselves.
Anatomy of a Crime Scene, Part Five In this week's episode, R. Azrina R. Othman from Cybersecurity Malaysia describes the basics of preparing to give expert testimony in a court of law.
Syrian Websites Hit by Denial-of-Service Attack During Arab Summit Hackers managed to cut off access to many official Syrian websites during the Arab Summit in Damascus.
OWASP-Qatar Starts Operation, Announces First Meeting OWASP-Qatar is now operational and will hold its first meeting on May 22, 2008 at the CMU-Q facilities in Education City.
Anatomy of a Crime Scene, Part Four With this week's installment, our series on cyberforensics gets to the fundamentals of forensics: how to collect digital evidence.
CERT Publishes Podcast on Privacy Aligning with business objectives, integrating with enterprise risks, and collaborating with stakeholders are key to ensuring information privacy.
Podcast on Incident Handling ictQATAR's internal communications specialist interviews Chris Bateman about Q-CERT's incident management services.
Anatomy of a Crime Scene, Part Three This week, our ongoing cyberforensics scenario presents an introduction to memory analysis - all the techniques forensic analysts use to capture what's going on in a machine, even in the face of prevasive encryption.
Shalini Ravi Interviews Q-CERT Staff To gain insight into Q-CERT, ictQATAR's internal communications specialist interviews the head of Q-CERT's Critical Information Security team.
Q-CERT is a Sponsor for Annual FIRST Conference Q-CERT is a sponsor of the 20th Annual FIRST Conference, which will be held in Canada in June.
Resiliency Engineering Framework Released CERT has just released the long-awaited CERT
® Resiliency Engineering Framework.
Q-CERT Sponsors Local OWASP Chapter Q-CERT is forming a local chapter of the Open Web Application Security Project (OWASP).
Q-CERT in the News: Qatar Innovator Qatar Innovator has published an article about Q-CERT in the January issue.
New Book: Visible Ops Security Visible Ops Security, a companion to the popular
The Visible Ops Handbook: Implementing ITIL in 4 Practical and Auditable Steps, has been published.
CERT Publishes Podcast on Initiating a Security Metrics Program A sound security metrics program is grounded in selecting data that is relevant to consumers and collecting it from repeatable processes.
Be Aware of Compromised ATM Machines Last month in Dubai, fraudsters used electronic readers and small video cameras to compromise ATM cards of thousands of UAE residents. An
Arabic version of this article is also available.
Cybersecurity Bloopers: The Mildenhall Mixup Not all data leaks are a result of malicious activity. Sometimes they happen because of a simple error.
Don't Fall for the Fee Fraud Trap! (Arabic version) An Arabic version of the fee fraud article is available.
Don't Fall for the Fee Fraud Trap! (English version) A current fee fraud attempt is spreading in the country through email messages from professional impostors.
CERT Publishes Podcast on Insider Threat and the Software Development Life Cycle Significant insider threat vulnerabilities can be introduced (and mitigated) during all phases of the software development life cycle.
RSS Comes to Q-CERT Q-CERT now has RSS feeds available for both alerts and announcements.
Q-CERT Podcast - The ITU, Cybersecurity, and Qatar Mr. Sami Al-Basheer Al Morshid, Director of the Telecommunication Development Bureau within the International Telecommunications Union, talks with Q-CERT about the importance of cybersecurity for the region.
CERT Publishes Podcast on the Growing Botnet Threat Business leaders need to understand the risks to their organizations caused by the proliferation of botnets.
Q-CERT Benefits from Prague Conference Two members of the Q-CERT staff attended the latest FIRST Technical Colloquium in Prague.
Next QISF Focuses on Information Security Governance The next QISF will be held on February 24. Julia Allen of the Software Engineering Institute will talk about information security governance, what it takes to build a security business case, and how to determine the return on investment.
CERT Publishes Podcast on Security Metrics Selecting and reporting meaningful security metrics depend on picking topics of great interest, defining the business context, and having access to sound data.
Q-CERT to Host ITU Meeting Q-CERT will host a regional meeting of the International Telecommunications Union (ITU) at the Doha Marriott Hotel February 18-21.
SANS Publishes Top 10 List The SANS Institute has put together a list of the ten attacks most likely to cause substantial damage during 2008. An
Arabic version of the article is also available.
News item published "ictQATAR and Q-CERT Sponsor ASIAN'07" has been posted.
News item published "Q-CERT Announces Incident Handling Strategy at MENOG" has been posted.
Employment opportunity posted Information about an opening for a Sr. Critical Infrastructure Security Consultant has been published.
New PGP key published Information about Q-CERT's new PGP public key is now available.
New incident reporting form published A web-based version of the incident reporting form is now available.
Arabic versions of tips published Arabic versions of the security tips are now available.
Qatar Information Security Survey posted The State of Qatar is conducting a survey to identify strengths and weaknesses in the country's IT security practices. Your input is greatly appreciated.
Cyber security tip published This document about cyber bullying is available in both English and Arabic.
May workshop changed Instead of the OCTAVE
® Training Workshop on May 15-17, Q-CERT will be offering the Defense in Depth workshop on May 9.
Workshop schedule updated A list of upcoming workshops through November is now available.
Cyber security tips for educators published This document describes the role educators play in ensuring that their students are safe online. It is available in both English and Arabic.
Cyber security tips for students published These 17 simple steps can help students protect themselves and their families online.
QISF event scheduled for February 27 The Qatar Information Security Forum (QISF) is an opportunity for IT / IT security professionals and academics to discuss information security trends and issues. The first event is February 27.
January workshop scheduled Information about a January training workshop, along with descriptions of other Q-CERT workshops, is now available.
Cyber security tips for parents published The PowerPoint presentation and materials delivered at a workshop are available in both English and Arabic.
Incident reporting guidance available Q-CERT has published incident reporting guidelines. Within the guidelines is a link to an
incident reporting form .
PGP key published A link to Q-CERT's PGP public key and information about obtaining GnuPG or PGP to encrypt email are now available.
Contact information updated Comments and questions can now be directed to specific groups within Q-CERT.
Understanding ISPs This security tip is the newest addition to the
series .
Understanding Your Computer: Operating Systems This security tip is the newest addition to the
series .
Good Security Habits This security tip is the newest addition to the
series .
Security tips Five security tips, written for home users, have been added to the site. More tips will be published regularly.
