Thursday, August 22, 2013

We are hiring!

Telspace Systems is looking to hire security analysts in South Africa, preferably Gauteng as the office is based in JHB. The analyst should be competent in a combination of the following skills:

Web application security, attack and penetration testing, network security, source code reviews, mobile security. Along with these tests and assessments, you'll be conducting regular security audits from both a logical/theoretical standpoint and a technical/hands-on standpoint.

If you are interested in the below, apply via , email us your cv or get in touch via !

Tasks include:

· Performing application penetration testing and application source code review against software applications
· Conduct vulnerability assessments and penetration testing on Internet-facing and internal client systems
· Exploit known and unknown vulnerabilities and discover logic flaws.
· Document technical issues identified during security assessments.
· Assist with building recommendations for hardening, and maintaining systems used for penetration testing
· Research cutting edge security topics and new attack vectors

Desired Skills & Experience:

· At least 3 years experience as a security analyst or relevant experience as a penetration tester.
· Good technical, analytical, interpersonal, communication and writing skills.
· Good understanding of attack and defence techniques
· Excellent self management skills
· Ability to work both independently and as team lead on individual assessments.

Tuesday, August 20, 2013

Security vs freedom: the great debate

Earlier this month, American President Barack Obama gave a press conference regarding issues surrounding the PRISM spying controversy.
Back in May, he defended a revelation by Edward Snowden that the National Security Agency (NSA) has been intercepting and collecting phone and electronic communications since the reign of former president George W. Bush.

Since then, news sources have reported that the NSA had obtained a court order to collect phone records from Verizon Wireless customers, and discussed the existence of PRISM, a program launched in 2007,which tracks information from well-known US-based Internet companies including Microsoft, Yahoo, Google, Facebook, AOL, YouTube, Apple, PalTalk and Skype.

In response to this, Obama stated that the programs are essential to combating terrorist threats claiming, "They may identify potential leads with respect to folks who might engage in terrorism.”

He also argued that the impact of the programs has been overstated. "Some of the hype we've been hearing over the past day or so - nobody has listened to the content of people's phone calls," he explained.

At his most recent press conference, Obama once again addressed the issue of privacy in this regard explaining, “As I said at the National Defense University back in May, in meeting those threats we have to strike the right balance between protecting our security and preserving our freedoms. And as part of this rebalancing, I called for a review of our surveillance programs.”

The decision to initiate a review came after various security breach incidents. As Obama stated, “Unfortunately, rather than an orderly and lawful process to debate these issues and come up with appropriate reforms, repeated leaks of classified information have initiated the debate in a very passionate, but not always fully informed way.”

To conclude his speech, Obama listed a series of four steps that will be taken shortly to ensure the security issues are dealt with. In brief, these are:

1. Pursuing appropriate reforms to the program that collects telephone records.

2. Working to improve the public’s confidence in the oversight conducted by the Foreign Intelligence Surveillance Court, known as the FISC.

3. Be more transparent.

4. Forming a high-level group of outside experts to review America’s entire intelligence and communications technologies.

After reading news articles, forum posts, twitter feeds and blogs debating Obama’s above ‘solution’, it becomes clear that nobody in the security industry really thinks the US president dealt with this situation properly.

We at Telspace Systems firmly believe in the importance of being proactive, rather than reactive, when it comes to security in general. The US presidency should’ve been much more transparent with America’s citizens even before the monitoring started. Because they chose to conceal their spying tactics, they now sit with a country full of very angry, suspicious and sceptical people.

It is important to remember that US citizens are not being affected by this alone. Even us, in as far away as South Africa, have had our phone records collected and electronic communications monitored as the above affects all international traffic flowing through any US pipes... and this includes Gmail and Facebook.

Even on a local front, we are not safe from government spying operations. Currently, we are seriously lacking from a legislative standpoint and we are far behind other countries when it comes to our state security.

We are hoping in the next few years, the implementation of the Protection of Personal Information (POPI) Act raises enough awareness within companies and government departments regarding certain issues such as information monitoring and establishes practical ethical rules for them to follow and live by.

However, in the meantime, the best rule of thumb is just to assume everything is being monitored - and work backwards from there.