Archive for the ‘security’ Category

Tech Tip: Reducing pain while moving from Yahoo to Gmail

Its official that Yahoo has been hacked, http://www.nytimes.com/2016/12/14/technology/yahoo-hack.html?_r=0, and it is time to make that change from Yahoo to another email address. For a free service, looks like Gmail is the best there is at this time.

My quick guide to reducing the migration pain is as follows:

Step 1: Start adding your Gmail to all correspondences and signatures, plus start giving it out instead of yahoo

Step 2: Setup your Gmail to start receiving email from your yahoo address see How to Access Yahoo! Mail in Gmail

Step 3: Respond to all your correspondences via Gmail

While the cut over is immediate, to get your correspondents will take some time to finally start using the new address, probably 3 to 6 months, so be patient

Bringing Security to the heart of Uganda Consumer Applications 

A very welcome addition to Uganda technology scene are the multiple consumer facing apps, from banks, to telecommunication companies to support mobile money services, to parastatals getting closer to their customers. The newest apps that I am aware of include (in no particular order):
  1. Airtel Money
  2. My MTN
  3. NWSC Mobile
  4. NSSF Go
  5. Stanbic Bank Mobile Banking
  6. DFCU Mobile Banking
  7. Bank of Africa Mobile Wallet (BMW)
  8. Ask URA
On one hand, this is a very welcome addition to address the increasing sophistication of the Ugandan urban consumer who demands more from the corporations. However a worrying trend which needs to be addressed is the security of these applications, in collecting and managing user information. I have taken to social media to ask for more information on the security setup for these apps, but have never gotten a response.
This is hoping to the regulators, Bank of Uganda, Uganda Communications Commission and NITAU (at the moment) to provide a united front to ensure that the following areas are addressed:
  1. Excess permissions, one app wanted to access my contacts, SMS messages, WIFI, phone identity yet was not a banking app
  2. Encryption of data stored on the phone to ensure that if the phone is separated from the owner the data is safe
  3. Secure connections for communication with external servers – via HTTPS and SSL
  4. Security audits of back end infrastructure following ISO and COBIT standards (http://www.isaca.org/Journal/archives/2002/Volume-6/Pages/A-Survey-of-Application-Security-in-Current-International-Standards.aspx)
  5. Penetration, stress and load testing to ensure that aside from
  6. Software development practices that include OWASP top 10 Proactive Controls for software developers https://www.owasp.org/index.php/OWASP_Proactive_Controls
What else do you see being done to improve the security of our consumer facing applications
%d bloggers like this: