Thursday, 18 April 2013

Doctor of Information Technology Short Course: Research Methodologies

Charles Sturt University is offering a FREE short course in research methodologies designed to help you see if a Professional Doctorate is something for you now.

This is a unique IT Doctorate that is applied, flexible and industry relevant.  We understand that, studying a Doctorate is a big commitment so this is why we are offering a free short course so that you can decide whether you are ready to take the plunge into the Doctor of IT at Charles Sturt University. 

The lectures will be archived for those who cannot make the live session. A certificate will be provided for those who pass the exam following the sessions.

Enrolments are open

7-8.30pm, Thursday 11th April:       Week 1 Webinar:      Qualitative and quantitative research methods and techniques in computing

7-8.30pm, Thursday 18th April:       Week 2 Webinar:      Quantitative and/or qualitative data collection and analysis techniques

7-8.30pm, Thursday 25th April:       Week 3 Webinar:      Limitations of different research approaches

7-8.30pm, Thursday 5th May:          Week 4 Webinar:      Presenting and interpreting research findings

7-8pm, Thursday 12th May:             Exam:                         Online, multiple choice, open book test designed to test knowledge of research Methodologies.

Click here to sign up now.

Tuesday, 16 April 2013

PayGlove - Pay without a credit card on you

We have the video linked below.

Yes, the video sucks.

That is not the point. I am a geek University researcher. In this, we have taken a hi-Call:

Bluetooth talking glove ( ) and modified it for NFC access.

The aim was to have a built in payment system linked to PayWave and Google wallet. There are systems based on the phone now. We chose to extend this and use the Bluetooth functionality of the hiCall glove to create a means to just swipe your palm and have a transaction paid for.

The glove has an ability to process hand gestures. We used this function as the means to authorize the transaction. Swipe your palm over the payment pad and touch your fingers together and you link to your Google wallet and payment occurs.

The reactions can be a little unusual at times when people do not see how the payment occurs, but it is an experiment in creating payments built into the individual. In the future, this could be a wrist band or even an embedded chip.


Monday, 15 April 2013

Choosing security.

Quite often we see people in academic circles and some of what we would call security purists talking about an ideal world. At times we talk about idealized systems as a replacement for existing ones. A common example is online voting systems. For the most part people talk about a system that has been idealized. The problem is that voting is not ideal now.

When we are talking about idealized systems we have to remember that we are comparing these too real world systems that are already being used. When we hear the arguments about the imperfections in proposed designs we rarely seem to hear what we are comparing them against.

In comparing a system to an idealized maxim when no security flaws are allowed to exist near creating a model of the world that cannot exist. We live in a world of economic constraints. We live in a world of imperfections.

What matters is trust. What we need to achieve is superior security and a level of trust at least comparable to that which we have now. In opening solutions such as a voting process that runs online we enfranchise more people. On the existing paper-based systems we find flaws. What matters is not that a system is perfect but that it is as good as the status quo whilst opening more opportunities to enfranchise people.

Overall, security should be opening opportunities and allowing progress not impeding it. We need to remember that it is better to be more secure than we are now than it is to seek a perfected ideal that we will never reach and never achieve unless we accept some level of risk.

Sunday, 14 April 2013

Testing is more than running a tool

There many uses of testing tools.

There are indeed many benefits as well.

In using automated tools the tester can reduce the effort required to do repetitive tasks. More importantly with many of these simple or repetitive tasks the correct implementation of the tool can actually improve the consistency of the results. This helps provide a standardized testing metric as well.

The problem is that we often have unrealistic expectations of what we can achieve using a tool. Testing tools are no substitute for individual experience. What is required is to use experienced professionals who can improve the economic efficiency of what they are doing using tools. Penetration testing is no different to any other form of information technology testing. What a tool provides is a way to remove these simple repetitive task from the requirements of the tester to run manually. Basically, we want the tester to leverage their expertise as much as possible.

Without due consideration of the following points, the introduction of tools and the use of these in a penetration test can often end up being an expensive waste of time.:

  • a solid understanding of the system being tested,
  • the types of vulnerabilities and how to exploit them,
  • the processes and especially the business processes involved and the relationship between the various systems.

What is required is the development of a rigorous process that incorporates automated tools when necessary to minimize the time but which is founded on manual processes and experience. The reliance on tools takes away from the required level of skill in this type of test. In fact, a poorly thought-out process based on the use of a sophisticated tool alone will really provide good results.