Monday, November 10, 2008

Securing Apache web with ModSecurity

If you are hosting your websites with Apache web server, which is mostly the case if your web server is running on Linux platform, you should seriously consider installing ModSecurity to provide intrusion detection and prevention for your web applications.

ModSecurity is an open source, free web application firewall (WAF) Apache module. According to Forrester Research, it is the most widely deployed web application firewall nowadays.

WAFs are deployed to establish an external security layer that increases security, detects and prevents attacks before they reach web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection, cross-site scripting, path traversal, etc.

Features of ModSecurity includes:

  • HTTP Traffic Logging - ModSecurity makes full HTTP transaction logging possible, allowing complete requests and responses to be logged.
  • Real-Time Monitoring and Attack Detection - ModSecurity can monitor the HTTP traffic in real time in order to detect attacks. In this case, ModSecurity operates as a web intrusion detection tool, allowing you to react to suspicious events that take place at your web systems.
  • Attack Prevention and Just-in-time Patching - ModSecurity can also act immediately to prevent attacks from reaching your web applications.

ModSecurity supports the following security models:
  • Negative Security Model - Looks for known bad, malicious requests. This method is effective at blocking a large number of automated attacks, however it is not the best approach for identifying new attack vectors.

  • Positive Security Model - When positive security model is deployed, only requests that are known to be valid are accepted, with everything else rejected. This approach works best with applications that are heavily used but rarely updated.

  • Virtual Patching - With ModSecurity, applications can be patched from the outside, without touching the application source code (and even without any access to it), making your systems secure until a proper patch is produced.

  • Extrusion Detection Model - ModSecurity can also monitor outbound data and identify and block information disclosure issues such as leaking detailed error messages or Credit Card Numbers, etc.

ModSecurity is included in all the major Linux distributions. Look for "libapache2-mod-security" or just "mod_security" in your Linux distribution to install it.

Click here for detailed documentations about ModSecurity.


Friday, November 7, 2008

Lower EPF contribution from 11% to 8% for 2 years from Jan 2009

Following an announcement made by Deputy Prime Minister and Finance Minister YAB Datuk Seri Najib Tun Abdul Razak during the winding up speech for the Ministry of Finance on the 2009 Budget on Tuesday 4 November 2008, the Employees Provident Fund (EPF, a.k.a. Kumpulan Wang Simpanan Pekerja, KWSP) has now made an official statement on the execution of this decision.

The reduction of the employees’ contribution to EPF from 11 % down to 8 % will be made automatically, effective from January 2009 until December 2010 wage. The employers' 12% contribution remains the same.

This means that if you don't explicitly inform EPF to maintain your 11% contribution as before, by January 2009 onwards, your contribution will be automatically reduced to 8% for the next 2 years. If you intend to maintain your 11% contribution, or any portion other than 8%, you have to inform your employer, as well as submit the "Form KWSP 17A (AHL) - Khas" to EPF office.

As at 31 December 2007, the total membership of EPF stood at 11.69 million. A total contributions amounting to RM28.93 billion were made during year 2007. Assuming the figure does not change too much in 2009 and 2010, a 3% reduction will mean (RM28.93 billion/23% x 3% x 2 years) = RM7.55 billion to be freed up for spending in the economy, in the optimistic case that all EPF contributors opt for the rate cut and don't maintain the 11% contribution rate by submitting the "Form KWSP 17A (AHL) - Khas".

This is not a high figure to stimulate the national economy, but it does facilitate a similar effect of lowering the bank interest rate, which is happening in many other nations right now. This also hints that the Malaysian government is trying hard to avoid an interest rate cut, which would probably further weakening the forex exchange rate of Malaysian Ringgit.

As an employee, this change in contribution rate means that if your monthly salary is RM2k, you will have an additional RM60 monthly disposible income; if your monthly salary is RM5k, then your figure will be RM150; and if your monthly salary is RM10k, it will be RM300.

Should you opt for the lower contribution rate, or should you submit the "Form KWSP 17A (AHL) - Khas" and maintain your normal 11% contributions? One thing to consider is that since the economic climate is not so favourable this year, we won't expect a good dividend payout by EPF to be announced.

I would say that it is not a bad idea to reduce your EPF contributions, and spend your money wisely to make more value from it. For example, you can use it for personal development (education, books, workshops, ...), investments, insurance, etc. just to name a few. However, if you think that you are not a wise person in money spending, you might want to opt for maintaining your 11% contributions to EPF as a form of "force saving".

What do you think?

Click here to download the "Form KWSP 17A (AHL) - Khas" for individual employee.

Click here to download the "Form KWSP 17AA (AHL) Khas" for employers who wish to apply on behalf of more than two employees.

Tuesday, November 4, 2008

Watch Honda ASIMO live in road tours

Honda ASIMO (アシモ), named after "Advanced Step in Innovative Mobility", is an intelligent multifunctional robot of 130cm tall with 54kg weight, made of magnesium alloy covered with plastic resin.

It is an innovative result from 22 years of R&D in Honda, showcasing their determination and belief in the Power of Dreams.

Today, ASIMO can run up to 6km/h and in circular pattern, walk at various speed up to 2.7km/h, climb stairs, and is able to recognise distance, position and details of people with Honda's IC Tag.

ASIMO can also perform the task of a receptionist, information guide or carry out delivery service using a tray or cart. It can also act in sync with people, for example, walking with you while holding your hands.

Eager to watch ASIMO in action? You can meet with him in the upcoming road tours as follow:

  • 14-16 Nov 2008 - New Wing, 1 Utama Shopping Centre, Selangor.
  • 20-23 Nov 2008 - City Square Shopping Centre, Johor Bahru.
  • 27-30 Nov 2008 - Queensbay Mall, Penang.
There will be exciting games, ASIMO prizes and limited edition of ASIMO goodies available during the road tours.

Click here to learn more about the wonders of ASIMO.

Hint: Click on the "Older Posts" link to continue reading, or click here for a listing of all my past 3 months articles.