WELCOME !

THANK YOU FOR VISITING THIS SITE. I HAVE BEEN USING BOTH SWAHILI AND ENGLISH LANGUAGE TO EXPRESS ISSUES - I HAVE ATTACHED ENGLISH VERSION TO SOME OF THE SWAHILI NEWS/STORY AT THE END.

Tuesday, 29 April 2014

TAHADHARI: WATUMIAJI WA "INTERNET EXPLORER" WAKO HATARINI KIUSALAMA MTANDAO

Mwishoni mwa juma pamegundulika hali mbaya ya kiusalama mtandao itakayo waathiri watumiaji wa kivinjari kijulikanacho kama "internet explorer" ambapo watumiaji wa kivinjari hicho wako hatarini kuweza kuingiliwa kirahisi computer zao na wahalifu mtandao.

Jumamosi tangazo hilo linalosomeka hapa "TANGAZO" limeweza kubainisha internet explorer toleo la sita (6)  hadi la kumi na moja (11) yote yameweza kugundulika yanatoa mwanya kwa wahalifu mtandao kupenya kwa watumiaji na kuchukua taarifa zozote zitakazo patikana kwenye computer zao.

Aidha, Kampuni inayo jihusisha na na maswala ya ulinzi mtandao ya "FireEye" imeonyesha takwimu yakua asilimia 56 ya vi vinjari, hadi ilipofikia mwaka 2013 vilikua hatarini kuingiliwa na wahalifu. na kubainisha kwamba wahalifu wamekua na uwezo wa kutengeneza vivinjari visivyo sahihi vinavyo weza ruhusu wahalifu hao kuingilia computer za watu mara tu watumiaji wa vi vinjari hivyo wanapo vitumia.

Microsofti imeshindwa kupata suluhu ya tatizo hilo ambapo CERT ya marekani imetoa tahadhari inalosomeka hapa "CERT ALERT" yakuwa watumiaji vivinjari vya "internet explorer" wanapaswa kubadili vivinjari kwa sasa na badala yake watumie vingine kama vile (Mozilla fox, Google chrome n.k) hadi hapo tatizo litakapo rekebishwa na kutangazwa vingenevyo.

Friday, 25 April 2014

MUENDELEZO: “HEARTBLEED”- YATIKISA USALAMA WA MITANDAO

UTANGULIZI:Taarifa ya awali inapatikana kwenye taarifa nililoandika kuhusiana na "HEARTBLEED" Mapema mwezi huu wa Nne 2014 . Kwenye taarifa hiyo ya awali, nilihusisha Video na maagizo mbalimbali katika picha yaliyo onekana katika baadhi ya mitandao ikiwa ni katika kutoa TAHADHARI kwa watumiaji mtandao.

Aidha, Swala la usalama mtandao nchini tanzania limekuwa likijadiliwa mara kwa mara kupitia vyombo vya habari na nilipata kuweka mmoja wa mjadala wa maswala ya ulinzi mtandao kupitia post inayoweza kusomeka hapa UHALIFU MTANDAO lakini pia Tanzania imepiga hatua na ni mategemeo Mswada mpya ya maswala ya uhalifu Mtandao unategemea kuwasilishwa bungeni kujadiliwa ili kupata sheria ya maswala ya uhalifu mtandao Nchini. hili pia nili liandikia kama inavyoweza kusomeka hapa MUSWADA - UHALIFU MTANDAO

MUENDELEZO:

kama unavyosomeka kwenye gazeti la MWANANCHI "Ni ukweli usiopingika kuwa pamoja na jitihada za dhati zinazoendelea katika mataifa mbalimbali kukabiliana na uhalifu wa kimtandao, bado wahalifu wameendelea kuleta changamoto kila kukicha na kusababisha watumiaji kuendelea kuwa hatarini.

Haimaanishi suala la usalama mtandaoni limefikia mahali kwa watumiaji kukata tamaa, bado uelewa zaidi na mapambano dhidi ya uhalifu vinapaswa kutiliwa mkazo ili hatimaye nchi mojamoja na dunia kwa jumla kuwa katika usalama.

Kimsingi, elimu ya uhalifu wa kimtandao inapaswa kutiliwa mkazo si tu kupitia vyombo vya habari, bali pia kupitia kampuni na taasisi kujijengea utamaduni wa kuelimisha wafanyakazi kuhusu hali halisi ya usalama matumizi ya mitandao na namna ya kujilinda na wahalifu wanaohatarisha maisha ya mtu mmoja mmoja, kampuni na taifa kwa jumla.


AWARENESS: CRITICAL SECURITY CONTROLS FOR EFFECTIVE CYBER DEFENSE.

Over the years, many security standards and requirements frameworks have been developed in attempts to address risks to enterprise systems and the critical data in them. However, most of these efforts have essentially become exercises in reporting on compliance and have actually diverted security program resources from the constantly evolving attacks that must be addressed. In 2008, this was recognized as a serious problem by the U.S. National Security Agency (NSA), and they began an effort that took an "offense must inform defense" approach to prioritizing a list of the controls that would have the greatest impact in improving risk posture against real-world threats.
A consortium of U.S. and international agencies quickly grew, and was joined by experts from private industry and around the globe. Ultimately, recommendations for what became the Critical Security Controls (the Controls) were coordinated through the SANS Institute. In 2013, the stewardship and sustainment of the Controls was transferred to the Council on CyberSecurity (the Council), an independent, global non-profit entity committed to a secure and open Internet.
The Critical Security Controls focuses first on prioritizing security functions that are effective against the latest Advanced Targeted Threats, with a strong emphasis on "What Works" - security controls where products, processes, architectures and services are in use that have demonstrated real world effectiveness. Standardization and automation is another top priority, to gain operational efficiencies while also improving effectiveness.

Wednesday, 23 April 2014

TAHADHARI: UHALIFU UNAOFANYWA KUTUMIA SIMU ZA MKONONI!

Mamlaka ya Mawasiliano Tanzania (TCRA), kwa kuzingatia kifungu 5 (b) na (e) cha Sheria ya Mamlaka ya Mawasiliano Tanzania ya 2003 inatoa tahadhari kwa watumiaji wa huduma za mawasiliano, wananchi na umma kwa ujumla kujihadhari na utapeli unaofanywa kwa kutumia simu za mkononi na mtandao wa intaneti kama ifuatavyo:-

1. Usimpe mtu yeyote usiyemfahamu vizuri simu yako au kadi yako ya simu ili atumie.
2. Usitoe maelezo yoyote kuhusu namba yako ya simu au taarifa za binafsi kwa mtu yeyote anayekupigia simu kutaka taarifa hizo.
3. Usijibu ujumbe wa simu unaohusiana na fedha zako hata kama namba iliyotuma unaifahamu.
4. Usitekeleze maagizo yoyote yanayohusu fedha kwa ujumbe wa maandishi hata kama yanatoka kwenye namba ya mtu unayemfahamu. Mpigie aliyekutumia ujumbe uzungumze naye.
5. Usitekeleze maagizo yoyote kutokana na ujumbe wa simu za mkononi unaokutaka kutuma fedha kutoka namba ambayo mtumiaji wake unamfahamu na ambao unakueleza kwamba simu yake ina hitilafu hivyo hawezi kuongea, usitekeleze maagizo hayo.


Tuesday, 22 April 2014

AWARENESS: MOBILE BANKING WILL SUFFER FROM MORE MAN-IN-THE-MIDDLE ATTACKS .

BASIC TWO-STEP VERIFICATION WILL NO LONGER BE SUFFICIENT


The past year saw a notable surge in online banking threats. The third quarter saw the infection count pass the 200,000 mark, the highest it has ever been. But banking threats were not limited to computers; we also saw them go mobile. Fake banking apps became a common problem.

Banking-related apps also became a favored cybercriminal target; led malicious apps posing as token generators. Going mobile unintentionally rendered two-step verification insufficient as more people used mobile devices for banking and authentication, cybercriminals started intercepting authentication numbers with the aid of mobile malware like PERKEL and ZITMO. Nearly one in five U.S. smartphone users banked via mobile devices in 2013, a number that is expected to rise more in the coming years. 2014 will be about mobile banking. Unfortunately, we can also expect mobile threats like man-in-the-middle (MitM) attacks to increase in 2014.


Thursday, 17 April 2014

UPDATES: FINALLY CYBER SECURITY EXAMINATION BLUEPRINT HAS BEEN RELEASED !

U.S. securities regulators have unveiled a road map that lays out how they plan to make sure Wall Street firms are prepared to detect and prevent cyber security attacks.
The nine-page document, posted April 15, contains examples of the questions Securities and Exchange Commission examiners might ask brokerages and asset managers during inspections.
The document puts firms on alert to be prepared, for instance, to provide a comprehensive list of when they detected malware, suffered a "denial of service" attack or discovered a network breach since January 2013. The SEC also plans examinations of more than 50 firms that will focus on cyber security-specific issues.
The document's release comes several months after Jane Jarcho, an associate director in the SEC's investment adviser examination program, announced in a speech the agency planned to scrutinize whether firms have policies to prevent cyber attacks.
The SEC subsequently followed up with a March 26 roundtable where experts debated how public companies, brokerages, asset managers and exchanges can protect themselves from cyber threats, and what role the U.S. government should play to ensure such attacks are adequately disclosed.
The heightened focus on cyber attacks comes at a time when several major companies, from Target Corp to Neiman Marcus Group, have suffered major data breaches.

ALERT: CRITICAL JAVA UPDATE PLUGS 37 SECURITY HOLES

Oracle has pushed a critical patch update for its Java SE platform that fixes at least 37 security vulnerabilities in the widely-installed program. Several of these flaws are so severe that they are likely to be exploited by malware or attackers in the days or weeks ahead. So — if you have Java installed — it is time to update (or to ditch the program once and for all).

The latest update for Java 7 (the version most users will have installed) brings the program to Java 7 Update 55. Those who've chosen to upgrade to the newer, “feature release” version of Java — Java 8 — will find fixes available in Java 8 Update 5 (Java 8 doesn't work on Windows XP).

According to Oracle, at least four of the 37 security holes plugged in this release earned a Common Vulnerability Scoring System(CVSS) rating of 10.0 — the most severe possible. According to Oracle, vulnerabilities with a 10.0 CVSS score are those which can be easily exploited remotely and without authentication, and which result in the complete compromise of the host operating system.

If you really need and use Java for specific Web sites or applications, take a few minutes to update this software. Updates are available from Java.com or via the Java Control Panel. Keep in mind that updating via the control panel will auto-select the installation of the Ask Toolbar, so de-select that if you don’t want the added crapware.

TAHADHARI: AINA MPYA YA UHALIFU MTANDAO INAYO ENDELEA KUKUA KWA KASI.


Wahalifu mtandao wameendelea kubuni aina mpya za kufanikisha uhalifu wa mitandao hasa katika makampuni. Hili limeonekana kushika kasi katika maeneo mbali mbali na limeingia katika mijadala na kuwa ni moja ya maswala yaliyo hamasishwa kufikiswhwa kwa jamii ili kuendelea kukuza uelewa wa makosa mtandao.

Kwanza kabisa, Faili lolote ambalo linasomeka na kiambatanishi .exe mfano: umoja.exe nifaili ambalo limedhamiriwa kuingizwa kuwa ni moja ya program za komputa hivyo kabla ya kubonyeza aina hii ya mafaili lazima uwe na ujuzi wa unacho kibonyeza ndicho mahitaji yako au la.

Aidha, kwa upande wa aina hii ya uhalifu umekua ukitumia vifaa kama USB, au CD na DVD ambazo muhusika anayetakiwa kudhuriwa anaweza kuvikuta aina hizi za vifaa kwenye ofisi yake na maranyingi vinakua vimekaa katika sura ya kushawishi muhusika avichukue.

Sunday, 13 April 2014

AWARENESS: STOP YOUR FRIENDS INFECTING YOU ON FACEBOOK

Social-media malware is becoming increasingly common on Facebook. It spreads through infected links that people post on their friends’ walls and in their own status updates. This, in turn, infects other people’s News Feeds.

HOW TO AVOID INFECTION?

1.      ESET SOCIAL MEDIA SCANNER.

ESET Social Media Scanner protects you even when you are not logged in. If an infection is found, you are notified by email and can take immediate action. The ESET Social Media Scanner also checks your friends’ walls for potentially dangerous links. If malicious content is found, you will receive a notification. To read FAQ on the ESET social media scanner visit their ESET Social Media Scanner FAQ



2.      BITDEFENDER SAFEGO.
Bitdefender Safego is a free app for your Facebook account. It protects you, and your friends from malware threats that attempt to exploit the trust you’ve built with them. Safego keeps you safe from all sorts of e-trouble, including scams, spam, malware, and private data exposure. Safe social network privacy score protection against phishing attacks.

MJADALA: UHALIFU MTANDAO

Nikiwa na Maduhu mara baada ya mahojiano
Kumekua na muendelezo wa mijadala mbali mbali situ nchini bali katika kila pande ya dunia kutokana na hali ya usalama mtandao inavyozidi kuingia dosari kila kukicha. Mijadala hiyo nchini Tanzania pia imeendelea kushika kasi.

 Mwishoni mwa mwaka jana 2013, nilipata mualiko wakuzungumzia kirefu maswala ya usalama mtandao ambapo pia nilipata kuweka mahojiano hayo kupitia moja ya maandiko niliyo andika kupita blog hii kama yanavyoweza kusomeka na kusikika kwenye mada yangu niliyo elezea na kufafanua kwa kina  NAFASI YA VYOMBO VYA HABARI KATIKA KUTOA ELIMU USALAMA MTANDAO ambapo mlango wa muendelezo wa mjadala uliendelea na elimu kuzidi kutolewa. Aidha taarifa inayo husu nafasi ya vyombo vya habari vinavyoweza kutoa mchango mkubwa katika vita dhidi ya maswala mtandao ilinasomeka katika andiko linalopatikana VIJIMAMBO: USALAMA MTANDAO - VYOMBO VYA HABARI 


Napongeza vyombo vya habari nchini kuona umuhimu wa kuelimisha jamii kuhusiana na usalama mitandao kwani kwa kufanya hivyo jamii inaweza kufungua macho na kuona nini umuhimu wa kujiweka salama watumiapo mtandao.



Kwa sasa hali ya usalama mtandao kwa mujibu wa twakwimu imekua ikiongezeka huku aina mpya za kuweza kusababisha uhalifu zikiendelea kugundulika nabado jitihada za dhati zinaendelea ili kuweza kukabiliana na hali ya uhalifu mtandao.

TAHADHARI: “HEARTBLEED" BUG TISHIO JIPYA KWA WATUMIAJI MITANDAO



Wana mitandao kote duniani  hivi sasa bado wako katika hali ya taharuki kufuatia wataalam wa ulinzi mtandao kuweka hadharani tishio jipya la mapungufu yaliyo bainika yanayo ruhusu wahalifu mtandao kuweza kuiba maneno ya siri “passwords” na hata taarifa za kadi za ma benki.


“SSL” ambayo nimeifafanua zaidi kwenye chapisho langu linalosomeka WEB SECURITY ni moja ya program/ kiunganishi cha programu inayo aminika kuweza kuficha taarifa mitandaoni ili  kutoonekana kirahisi, ila baada ya kugundulika hivi karibuni ya kuwa  aina hiyo ya program iliyo aminika kuwa salama imeingiwa na mapungufu lukuki na hadi sasa imeweza kutoa athari kubwa kwa watumiaji wengi wa mitandao ya intanet.

Saturday, 12 April 2014

KNOWLEDGE SHEARING: WEB SECURITY

I have received a question on how can we extend security to the websites? And to answer that question I went back to my previous wittings and decided to upload the below document and one of the video (Below) to give you demonstration on the subject. A series of the videos that explains in details on web security can be available online.

The report above will show ways of web security implementations and the key note to secure electronic transaction. It has been a challenge these days when it comes to Web security and Online transaction since many cases has been reported related to threats in web securities and online transactions.

Friday, 11 April 2014

AWARENESS: ANDROID BOTNET TARGETS MIDDLE EAST BANKS

Online banking has made most people’s life easy due to the fact that banking can be done just about anywhere as long as you are connected with internet. People made use of it for buying things online, paying bills and do some other transactions. Just like every story line with two sides, this most excitement experience keeps on showing its dark side simply because cybercriminals extend its target to it” – Yusuph Kileo
“I recently encountered a botnet targeting Android smartphone users who bank at financial institutions in the Middle East. The crude yet remarkably effective mobile bot that powers this whole operation comes disguised as one of several online banking apps, has infected more than 2,700 phones, and has intercepted at least 28,000 text messages.” – Krebs


The botnet comes bundled with Android apps made to look like mobile two-factor authentication modules for various banks, including Riyad Bank, SAAB (formerly the Saudi British Bank), AlAhliOnline (National Commercial Bank), Al Rajhi Bank, and Arab National Bank.

PICTURE: A fake android bank apps employed by the sandroid botnet

It’s not clear how the apps are initially presented to victims, but if previous such scams are any indication they are likely offered after infecting the victim’s computer with a password-stealing banking Trojan. Many banks send customers text messages containing one-time codes that are used to supplement a username and password when the customer logs on to the bank’s Web site. And that precaution of course requires attackers interested in compromising those accounts to also hack the would-be victim’s phone.

Thursday, 10 April 2014

THE 4 STEPS TO DETECT AND MITIGATE A DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACK

Definition of DDos: Distributed Denial of service attacks are also known as Denial of service attacks (DoS). The DoS or DDoS attack is an attempt to make a machine or network resource unavailable to its intended users.

STEP 1: OVER-PROVISION BANDWIDTH TO ABSORB DDOS BANDWIDTH PEAKS

This is one of the most common and probably most expensive way to alleviate DDoS attacks, especially since DDoS attacks can be ten times or one hundred times greater than standard Internet traffic levels.

Alternatively companies can use a security service to scale on demand to absorb and filter DDoS traffic. DDoS protection services are designed to stop massive DDoS attacks without burdening businesses’ Internet connections.

STEP 2: MONITOR APPLICATION AND NETWORK TRAFFIC


Monitoring application and network traffic is the best way to detect when you are under an attack. That way, you can determine if poor application performance is due to service provider outages or a DDoS attack.

Monitoring traffic also allows organisations to differentiate legitimate traffic from attacks. It is important for security administrators to review traffic levels, application performance, anomalous behaviour, protocol violations, and Web server error codes. Since DDoS attacks are almost always triggered by botnets, application tools used should be able to differentiate between standard user and bot traffic.

Monitoring application and network traffic provide IT security administrators with instant visibility into DDoS attack status.



Wednesday, 9 April 2014

USALAMA MTANDAO NA NAFASI YA VYOMBO VYA HABARI KATIKA KUTOA ELIMU.

Hali ya usalama mtandao ni dhahiri bado jitihada za dhati zinahitajika ili kuweza kuleta mabadiliko na kupata Tanzania salama kimtandao, Afrika na dunia kiujumla. Ili kuleta mabadiliko chanya jukumu la kutoa elimu halipaswi kubaki kwa mtu mmoja au kundii Fulani la watu bali ni lazima kuwe na kuunganisha nguvu ya pamoja kutoka katika kila mtu mmoja mmoja.


Miongoni mwa jitihada zinaonekana kwa vyombo vya habari na makundi mbali mbali nchini Tanzania kuanza kuona umuhimu wa maswala ya ulinzi mtandao ili kupata taifa salama kimtandao, Jitihada Zaidi bado zinaitajika ili jamii iendelee kujua Zaidi nini hasa umuhimu wa kujenga tabia ya kutumia mitandao kiusalama ili kuweza kuliweka taifa kuwa salama kimtandao.





Mfano wa mazungumzo kutoka katika kipindi cha radio "Daladala" kilicho pata mualiko kushiriki semina ya maswala ya ulinzi mtandao na kuweza kuwakilisha yale waliyo yapata kutoka kwangu baada ya vyombo vya habari kunihoji maswala mbali mbali juu ya ulinzi mtandao maara tu baada ya kumalizika semina hiyo.


Aidha bado naendelea kutowa wito kwa vyombo vya habari kuendeleza jitihada katika kuwasilisha ujumbe kwa jamii ili kujua athari na nini kifanyike ili kupata taifa salama kimtandao. kwani ni dhahiri kuwa vyombo vya habari vina nafasi kubwa kuweza kuhamasisha jamii kujua umuhimu wa uasalama mtandao.


Tuesday, 8 April 2014

THE NEED OF IT PERSONNEL IN AN ORGANIZATION

INTRODUCTION:

 Information Technology (IT) is: "the study, design, development, implementation, support or management of computer-based information systems, particularly software applications and computer hardware." In short, IT deals with the use of electronic computers and computer software to convert, store, protect, process, transmit and retrieve information, securely.



Today, the term Information Technology has ballooned to encompass many aspects of computing and technology, and the term is more recognizable than ever before. The Information Technology umbrella can be quite large, covering many fields. IT professionals perform a variety of duties that range from installing applications to designing complex computer networks and information databases. A few of the duties that IT professionals perform may include:
1. Data management
2. Computer networking
3. Database systems
4. Design Management
5. Information Systems
6. Systems management
7. Software design

IT departments in most organizations try to do its best to help organizations achieve their goals. Some of the IT departments are effective and some are not. Those who pursue their work with a purpose go farther than those who meander their way reacting to the situations as they arise. Those with purpose usually have a clear road map which is understood by most in the department as also by the users they serve.

CYBER THREATS ANIMATED - VIDEO

The Video will provide definition of attacks types and how they happened.

Impacts of these attacks and ways to deal with them.





Video: This Video Will show you types of cyber threats.

DEMANDS ON THE CYBER SECURITY FIELD ARE RAPIDLY GROWING

Due to increasing demands in the field of cyber security, there is a need for not only fresh methods to curb cybercrimes but also for fresh intellectual engagement. Among a new generation of people who have been taking advantage of the growth of the IT industry to pursue careers in cyber security is Yusuph Kileo – a Tanzanian cyber-security and digital forensics expert.


PICTURE: Picture showing Yusuph Kileo (Cybersecurity and digital forensics expert), Craig Rosewarne (Wolfpack Risk MD), Martin Euchner (ITU - The UN specialized agent for information and communication technologies) and other organizer of the Cybersecurity conference event.

Kileo was among the key organizer of the cyber security conference held at CLA21 conference hall on March 14th this year where he explained that there is still a lot to be done to improve the challenges facing nations in this area. The conference was supported by the International Telecommunication Union (ITU), the United Nations specialized agency for information and communication technologies, and Wolfpack Information Risk centered on an analysis of current Cybercrimes and National Cyber security challenges along with an Overview of cyber security activities in ITU.
Cybercrime is on the rise not only because there is an increased number of ICT users,but also because people discover what seems like “easy money” through online theft. Some even go further by hacking websites and systems in order to access classified information – or even just for amusement. There have been many cases of this type in the last year, Craig Rosewarne, the SANS director (EMEA), and Wolfpack System Risk’s Managing Director, discussed these issues during the conference.
Martin Euchner (ITU Telecommunication Standardization Bureau Advisor) highlighted the outstanding effort to fight cybercrimes including the implementation of the Child Online Protection (COP) project whose goal is to keep children safe while they surf the internet. ITU has been working hard on uniting Nations around the fight against cybercrime as they believe individual nations cannot fight alone. Euchner underlined the fact that cybercrime has no geographical border, no boundaries and tremendous destructive power.
Kileo called upon people to develop an interest in the field of cyber security as the need for human resources is great. Kileo offered the example of how developed countries had begun building cyber solders to fight Cyber wars.  - SOURCE - GN MAGAZINE.

INTELLIGENT ACCESS CONTROL SYSTEM By YUSUPH KILEO (FINAL YEAR PROJECT 2012)

Accessing Buildings and private property has given birth to many access control systems and this projects covers the security of the theoretical system where by authorized user to the building can utilize. There are many technologies that can be used to implement such a system each with different strengths and weaknesses. The system designed in this project was constructed for the security to the buildings like Conference buildings or restricted area to help the control of the facilities (Buildings).

The design was the concentrated on the intelligent way to allow the property manager to have a full control of the electronic equipment within the building concern by providing capability to switch them on or off as when automatically when user started using the facility. Also the system provided an easy way to track the movement of the facility (Buildings) users.
Please follow the full document of my final year project (FYP)


You are free to copy, distribute, display, and perform the work or to make derivative works under the following conditions:
ü  Attribution: You must give the original author credit.
ü  Non-Commercial: You may not use this work for commercial purposes.
ü  Share Alike: If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one.
For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the author.

Your fair use and other rights are in no way affected by the above.

WHY STRONG PASSWORDS?

Strong passwords are extremely important to prevent unauthorized access to your electronic accounts and devices. The object when choosing a password is to make it as difficult as possible for a would-be intruder to identify your password, whether by educated guesses or automated attacks.


This leaves a criminal no alternative but a brute-force search, trying every possible combination of letters, numbers, and punctuation. Though intruders have access to machines that can try thousands or millions of possible passwords per second, a very complicated or very long password vastly decreases the chances an intruder will be able to guess yours.


VIDEO: Animated video on Password.

For a password to be strong and hard to break, it should:
  • Contain 6 or more characters
  • Contain characters from each of the following three groups:
1.     Letters (uppercase and lowercase) A, B, C,...; a, b, c,...
2.     Numerals 0, 1, 2, 3, 4, 5, 6, 7, 8, 9

Sunday, 6 April 2014

KUNAHITAJIKA UWEPO WA UMAKINI KATIKA KUTOA TAARIFA BINAFSI MITANDAONI

Katika Muendelezo wa Kuelimisha Jamii jinsi ya kubaki salama mitandaoni leo najikita katika maswala ya USIRI “PRIVACY” ambapo taarifa nyingi za mtu binafsi si vyema kuwekwa mitandaoni napia maelezo mafupi ya namna wahalifu mtandao wanatumia taarifa hizo za siri mitandaoni kuleta madhara.


Njia za awali ambazo wahalifu mtandao wanatumia kabla ya kusababisha madhara ni kukusanya taarifa za mhusika ambaye wanategemea kumdhuru kwa njia inayojulikana kitaalam kama “RECONNAISSANCE” ambapo mara nyingi taarifa za awali zinapatikana kwenye mitandao ya kijamii kwani inaaminika wengi hawana umakini katika kutoa taarifa zao kupitia mitandao ya kijamii.


Jamii inashauriwa kujenga umakini wa taarifa binafsi wanazo ziweka mitandaoni ili kuweza kubaki salama. “Takwimu inaonyesha asilimia kubwa ya watumiaji wamekuwa wakiweka taarifa ambazo zinaweza kutoa urahisi wakugundua mambo mengi kutoka kwa muhusika” – Yusuph Kileo.

Mfano, Kuna wale ambao hadi leo wanatumia maneno ya siri “PASSWORDS” kwa kutumia mwaka wao wa kuzaliwwa wakati kuo huo mwaka huo wa kuzaliwa umewekwa kwenye mitandao ya kijamii hapo inaonyesha ni jinsi gani muhusika huyu anatengeneza urahisi kwa mhalifu kuweza kumuingilia kumdhuru.


Thursday, 3 April 2014

TECHNOLOGY AND CYBER CHALLENGES

"There  is two sides in every story, Technology has no difference, the benefits of the internet  and technology at large may be obvious to Facebook users -- the exchange of ideas, access to healthcare and education, the buying and selling of products and services, and keeping in touch with friends and family! However, there is a dark side to this global resource which stems from the misuse of information and communication technologies, ICTs, including cyberthreats and cybercrime.The Video will show the rapid growing of technology and the cyberthreats in a today's world." - YUSUPH KILEO.



Tuesday, 1 April 2014

BUNGE LINATEGEMEA KUWASILISHA BUNGENI MUSWADA SHERIA ZA MAKOSA MTANDAO.

Wizara ya Mawasilano, Sayansi na Teknolojia ipo katika mkakati wa kuandaa muswada wa sheria za matumizi salama ya mtandao ili kukabiliana na changamoto za uhalifu kupitia mtandao.

Kupitishwa kwa miswada hiyo kuwa sheria kutapunguza hali ya kukithiri kwa matukio ya uhalifu wa kutumia mtandao, uvujaji wa taarifa za siri pamoja na upotevu wa haki miliki kutokana na kukosekana kwa sheria ya kudhibiti vitendo hivyo.

Miongoni mwa Miswada ya sheria itakayoandaliwa na Wizara hiyo ni pamoja na muswada wa sheria ya kulinda taarifa binafsi, Muswada wa sheria ya Biashara ya Miamala ya kielectronic na Muswada wa sheria ya kuzuia uhalifu kwa njia ya komputa.

Sheria hizo zimelenga kudhibiti uhalifu kwa kutumi mtandao, udukuzi, utunzaji wa taarifa za siri na kuwalinda watoto dhidi ya matumizi yasiyofaa ya kwenye mitandao.

Kwasasa sheria zinazotumika kudhibiti masuala ya uhalifu katika mitandao ni sheria ya Ki electronic na Posta, Sheria ya makosa ya jinai na sheria za ushahidi Tanzania - STAR TV HABARI