A Strategic Emergency Response Initiative seeking to establish and coordinate a joint mechanism that offers effective emergency response solutions to the dynamic and complex HRDs security needs associated with the working environment in Uganda, especially during this COVID-19 Pandemic.
A Strategic Emergency Response Initiative seeking to establish and coordinate a joint mechanism that offers effective emergency response solutions to the dynamic and complex HRDs security needs associated with the working environment in Uganda, especially during this COVID-19 Pandemic.
Cognizant that Uganda has registered some progress in managing the situation and infection rate, these achievements have not gone without a challenge. The majority of non-governmental organizations have had to adapt to the new normal of working from home according to the respective guidelines. Therefore, our civic effort to push back against human rights violations has been curtailed since all attempts to support affected HRDs, activists, and non-governmental organizations have been stifled by the hostile civic space’s attendant elements.
HRDs and individual activists who speak truth to power during this Pandemic are highly susceptible to physical and digital security attacks. These attacks include but are not limited to intimidation, arrest, torture, killings, withdrawal of operation license, defamation, freezing of bank accounts, office closure, computer and network surveillance, office break-ins, theft and confiscation of digital equipment, loss of information, denial of service attacks and internet censorship.
Despite such hostilities, there is a lack of an inclusive, well-coordinated, sustainable and effective emergency response system geared at security, safety, and protection of the HRDs/groups and the allies during this period. Albeit the availability of the several organizations and entities that support HRDs in such instances, a reasonable number of democracy activists within and out of the capital city have on various forums referred to the available emergence response system as ineffective, unsustainable, inaccessible, individualistic, to mention but a few.
We strongly believe that the current and post-pandemic period will require response through concerted effort. Thus, it is imperative to take stock of partner organizations’ possible roles as strategies for responding to any emerging issues.
This report is as a result of the Breakfast meeting organized by Defenders Protection Initiative (DPI) under the theme “Ensuring the implementation of AML/CFT measures while safeguarding civic space” at Hotel Sheraton on 11th Feb 2021 with attendees from different CSOs, Media practitioners and the FIA.
Today all we hear is that end-to-end encryption is the way to go and it is very secure. And That’s all we know, and ever since WhatsApp, Signal among other social communication platforms announced their implementation of end-to-end encryption, everyone has embraced use of these platforms.
We want to tell you more about end-to-end encryption and why you need to have it in your communications. We shall keep this article simple for everyone to understand.
What is encryption? This is a process that encodes a message or file so that it can be only be read by certain people.
This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decipher a ciphertext back to plaintext and access the original information
What is end-to-end encryption? This is the act of applying encryption to messages on one device such that only the device to which it is sent can decrypt it. The message travels all the way from the sender to the recipient in encrypted form.
Why end-to-end encryption?
What more can you do? Having all your communication through end-to-end encrypted channels might make you feel secure, although there is much more you can do to further protect your communication.
Make sure to keep your communication device safe because if someone gets hold of your device, they can read all your messages and therefore encryption wont help you.
Keep your device safe by: Using an access lock (password/PIN/pattern) and set your device to automatically lock in a few seconds, Use Genuine software on your devices
Secondly, even if you protect your device – you might not be certain about the device of your recipient, so in this case, spread the word to make sure your devices are all safe
You can also read more on this here https://usa.kaspersky.com/blog/what-is-end-to-end-encryption/23288/
The Policy of the Bill is to provide a framework for the recognition and protection of the work and activities of Human rights defenders in order to guarantee a safe and enabling environment for human rights defenders to freely operate.
Truth is, most of us have ever been a victim of phishing before and with the abundant resources online and trainings that we have so far had, we have become sort of immune to phishing.
Click here to as well look at our blog post about phishing and what you need to know
Our immunity against phishing has so far been boosted by e-mail service providers, mail gateways and even browsers that we use which has all embedded in their systems anti-phishing filters and malicious address scanners.
With all these above, cybercriminals are constantly inventing new, and refining old, circumvention methods. One such method is delayed phishing.
Delayed phishing is an attempt to lure a victim to a malicious or fake site using a technique known as Post-Delivery Weaponized URL.
“As the name suggests, the technique essentially replaces online content with a malicious version after the delivery of an e-mail linking to it. In other words, the potential victim receives an e-mail with a link that points either nowhere or to a legitimate resource that may already be compromised but that at that point has no malicious content. As a result, the message sails through any filters. The protection algorithms find the URL in the text, scan the linked site, see nothing dangerous there, and allow the message through.”
Effecting the malicious link
Attackers operate on the assumption that their victim is a normal worker who sleeps at night. Therefore, delayed phishing messages are sent after midnight (in the victim’s time zone), and become malicious a few hours later, closer to dawn.
If cybercriminals find a specific person to attack, they can study their victim’s daily routine and activate the malicious link depending on when that person checks mail.
Technology behind Delayed Phishing
For delayed phishing to be effective, hackers use at least one of these 2 common methods:
Although there is a third technology that is not so common which includes a randomized and short link where there is a probabilistic redirection. That is, the link has a 50% chance of leading to google.com and a 50% chance of opening a phishing site. The possibility of landing on a legitimate site apparently can confuse crawlers (programs for automatic information collection).
– Spotting & fighting Delayed Phishing
Ideally, there is need to prevent the phishing link from getting to the user, so rescanning the inbox would seem to be the best strategy.
In some cases, that is doable: for example, if your organization uses a Microsoft Exchange mail server. Kaspersky Security for Microsoft Exchange Server is also included in our Kaspersky Security for Mail Servers and Kaspersky Total Security for Business solutions.
We all have been identified, authenticated and authorized almost everyday of our online life.
What we do not know most of the time is where each of this comes in while accessing our online platforms and we end up confusing the 3 words often using the terms identification or authorization when, in fact, they are talking about authentication.
But as long as we are able to understand what we are talking about, it has not mattered to us to get the meanings of these 3 words.
It is always better to know the meaning of the words you use, though, and sooner or later, you will run into a geek who will drive you crazy with clarifications, whether it’s authorization versus authentication, fewer or less, which or that, and so on & to be honest, you could even catch an attitude!
So what do these 3 words actually mean?
🙂
So, now you know in what ways identification is different from authentication and authorization. One more important point: Authentication is perhaps the key process in terms of the security of your account. If you are using a weak password for authentication, your account could easily be hijacked. Therefore:
The 3 words are so easy to confused and people always get mixed up using them. Hope this article has made it clearer now!
We often hear about a padlock, green URL bar and several other ways people use to describe SSL. But the question would be, What really is SSL and how useful is to HRDs websites?
What is Secure Sockets Layer (SSL)?
SSL is a security protocol that assures users of the connection between their device and the website they are visiting. During a connection to a website so much information is shared between two computers (the visitor and there server for the website) including what may be highly confidential data such as credit card numbers, location data, user identification numbers or even passwords. Visitors have to make sure all the information passing is secure and not prompt to interception by third parties. This is why SSL has become a big deal in the cyber-powered world.
In cases where there is no SSL, the information shared between these two computers often show up as plain text. Which means, if there were to be an adversary, they would basically see all the communication and in this case, data could be stolen. SSL prevents this by encrypting this communication.
Why we need SSL?
When a visitor goes to your website and sees that you have an SSL it builds an enormours level of trust, this shows your visitors that whatever their activity on your website is secure. This trust is of more importance if it includes transactional relationship; where money is involved.
Even if not for transactional relationship, in the cyber-space of today “Data is the new Gold!” so That means everything we do online has to be secure.
To have this level of trust and security for your visitors requires the one key means – SSL. Since they assure users that the connection they have to that website is safe. For the end user, all they need to verify this is a simple icon shown on their browser (The padlock).
The padlock, or green padlock icon has become an assurance indicator to users that the website they are visiting takes their security seriously.
In case you haven’t realized the importance of having your website secured with SSL because you do not handle sensitive financial-related data, it is time to shift away from that. As mentioned earlier, hackers in these digital age would go after any data transmitted on the internet especially other personal identifying information.
Good enough, websites without SSL have been labelled “Insecure” some browsers show a red URL bar in order to protect and allow visitors to clearly identify these websites. Also, websites without SSL do not rank high on search engines as of today.
We shall be writing on how SSL works and Types of SSL to choose out from in the near future.
Over the past few years there has been a growing concern,
both locally and internationally on the increased violations of
fundamental human rights and freedom.
