Infographic - 78% of Organizations Experienced a Data Breach in the Past 2 Years

Cybercriminals steal $1 billion every year from small and medium-sized businesses in the U.S. and Europe

The folks at Imprima have compiled this infographic, complete with facts about data loss and data breaches in the small business community.

Verizon Infographic: Why PCI Compliance has to be a Business-Wife Priority?

In 2013, only 11.1% of companies were PCI compliant on their initial assessment!

Protecting Your Personal Info Online

Try Spokeo to find out how much your information is available online!

If you want a good litmus test for how much of your personal information is available on the Internet, try Spokeo.com. The site even compiles personal information on children. Spooky.

Thankfully, you can easily opt out of Spokeo. This won't remove all of your information from the Internet, obviously. But it will make it less simple for someone to find your information all in one place. Hayley Kaplan put together a great step-by-step process on her "What is Privacy?" blog to make it even easier.

This is one example of a great way your company or organization can contribute to the greater privacy good. If you have tips or tricks on how to opt-out of your own or another entity's data-collection processes, publish them and make them easy for your customer or client community to find and follow.

The top 5 information security certifications

Recent Security Incidents Push Demand for Information Security Professionals

The top 5 information security certifications include the CISSP, CISM, GIAC, CEH and vendor credentials offered by companies such as Cisco and Microsoft. These certifications are in demand not only for their demonstration of IT security proficiency, but also because certified candidates go through training that reflects a higher standard of ethical conduct - a topic that has renewed focus by hiring managers.

In 2012, the rise in security incidents and mobile devices creates hot demand for certifications such as the GIAC, which are technically focused in specific areas of forensics, incident response and application security.

Top 5 Certifications

Based on a review of job boards and various research conducted by IT security recruiters and employers, here is the list of the top five security certifications:

CISSP

The Certified Information Systems Security Professional continues to be the gold standard in certifications.

The CISSP, which is known for its high-level overview on the profession, has recently opened the certification for further specialization in areas such as architecture and management.

The push for this credential is also coming from the U.S. Department of Defense 8570.1 Directive, which requires all government and contract employees working on DoD IT projects to carry an approved certification for their particular job classification.

CISSP certification is usually for mid and senior management IT security positions. This certification is offered through (ISC)2, the not-for-profit consortium that offers IT security certifications and training.

The CISSP examination is based on what (ISC)2 terms the Common Body of Knowledge (or CBK). Candidates interested in taking the exam must possess a minimum of five years of direct full-time security work experience in two or more of the 10 (ISC)2 information security domains (CBK), and agree to abide by their codes-of-ethics and policy for continuous education.

In addition, they need to pass the exam with a scaled score of 700 points or greater out of 1000 possible points. The exam is multiple-choice, consisting of 250 questions with four options each, to be answered over a period of six hours.

For further information please refer here.

CISM

Certified Information Security Manager is in demand, as organizations increasingly need executives to focus on governance, accountability and the business aspects of security.

As with the CISSP, the 8570 Directive requires CISM certification for senior managers that particularly focus on governance, compliance and risk management issues.

CISM is ideal for IT security professionals looking to grow their career into mid-level and senior management positions. CISM is offered by ISACA, an international professional association that deals with IT Governance.

The CISM designation is awarded to individuals with an interest in security management who meet the following requirements: They need to successfully pass the CISM exam; adhere to ISACA's code of professional ethics; agree to comply with the continuing education policy.

They also must submit verified evidence of a minimum of five years of IT security work experience, including a minimum of three years of management work experience; and submit an application for CISM certification.

For further information please refer here.

GIAC

Global Information Assurance Certification is rising in demand specifically in areas of incident handling, forensics, intrusion detection and reverse malware engineering.

Many organizations are seeking such experts for their IT security teams because of the growing threat landscape and rise in security incidents. Usually, professionals turn to GIAC certifications to get further expertise in a particular discipline.

The GIAC is essentially geared toward mid-level security professionals who are looking to carve out a niche career path for themselves. The certification is offered by Sans Institute, a cooperative research and education organization.

There are no official prerequisites to take the GIAC certifications. Any candidate who feels that he or she has the knowledge may take the exam. Candidates can pursue GIAC exams with or without purchasing SANS training.

The exam fees usually include two practice exams and one proctored exam. Each exam has an expiration date of 120 days accessible from their SANS Portal Account. Exams are taken online, however SANS now requires that a proctor be present when candidates take their test.

For further information please refer here.

CEH

Certified Ethical Hacker is gaining popularity as companies seek experts to perform web application and penetration testing to ensure their infrastructure is secure.

A blooming field is security testing, and certifications like CEH are challenging technically and very valuable. This certification is useful for entry-to-mid-level practitioners that are looking to conduct vulnerability assessments.

CEH is offered by the International Council of Electronic Commerce Consultants(EC-Council), a professional certification body. EC-Council's goal is to certify security practitioners in the methodology of ethical hacking. It largely demonstrates an understanding of the tools used for penetration testing.

To obtain the CEH, candidates can choose a path of self-study or complete a training course offered by EC-Council. Candidates must have at least two years of security experience and must sign an agreement to not misuse the knowledge acquired.

For further information please refer here.

Vendor Certifications

Securing an organization's infrastructure and keeping up-to-date with emerging technologies are critical. Vendor certifications, including Cisco's Certified Network Associate Certification (CCNA) and Microsoft's Certified Systems Engineer (MCSE), with focus on security and Check Point's Certified Security Expert (CCSE), are particularly in demand.

The top information security certifications Dice has tracked for 2011 include Cisco CCNP Security and Check Point Certified Expert. These certifications are also on the rise because of their in-depth technical focus.

They help in understanding the technical skills associated with what professionals are trying to defend, and the inherent security capabilities of the infrastructure.

For most entry-level positions requiring one-to-two years of experience, employers seek vendor certifications, Security+ and the CEH credential. Mid-to-senior positions demand more mature training in CISSP, CISM and GIAC.

Other certifications in demand include Security+, Offensive Security Certified Professional, Cloud Security Alliance's new Certificate of Cloud Security Knowledge, Systems Security Certified Practitioner and Certified in Risk and Information Systems Control.

Certifications cannot be a substitute for on-the-job experience, but they are turning out to be a good measure for both proficiency and character.

Botnets grow and attacks will evolve

Cybercrime Outlook 2020 From Kaspersky Lab

Websites hiding malware will evolve, as will botnets and the sophistication of attacks.

The depressing news form part of Kaspersky's 2011-2020 cybercrime outlook report, which not only tells us what's happening now but predicts what we can expect in the year 2020.

According to the company’s analysts, the most significant trends of the last ten years (2001-2010) were:

•Mobility and miniaturization. Smaller and smaller devices can now access the Internet from virtually any point on the globe; making wireless networks the most popular method of connecting to the web.

•The transformation of virus writing into cybercrime.

•Windows maintaining its leading position as a vendor of operating systems for personal computers.

•Intense competition in the mobile platform market with no clear-cut leader.

•Social networks and search engines – the primary services of today’s Internet.

•Internet shopping – this sector already generates revenues that dwarf the annual budgets of some countries.

Back to now, it seems cyber criminals are moving away from sites that offer up illegal content such as pirated films and music, and onto sites that offer us services such as shopping and gaming. These attacks will often catch those who are too too au fait with technology, using a hidden piece of Java code, which runs and redirects to malicious websites.

That's not all we have to worry about with the company also claiming that within the next nine years, we'll see some major changes that will affect the way we use PCs and the way hackers target us.

According to Kaspersky they have two ways of doing this. They can either make a weaker operating system their target, or specialise in Windows-based attacks on corporations.

This leads nicely into the next prediction that cybercrime by 2020 will be split into two groups.

The first will specialise in attacks on businesses, sometimes to order. They will include commercial espionage, database theft and corporate reputation-smearing attacks, all of which will be in demand on the black market.

Kaspersky predicts "hackers and corporate IT specialists will confront each other on the virtual battlefield."

The second group will target what influences our everyday lives, such as transport systems and other services as well as stealing personal data.

As we become more evolved with technology and look at new ways to communicate without keyboards, spammers will have to work harder to send out those pesky mails. They'll do it though, with Kaspersky claiming the "volume of mobile spam will grow exponentially, while the cost of internet-based communications will shrink due to the intensive development of cellular communication systems."

Hackers puts the shine on Chrome OS

Free OS that don’t need a license or an antivirus

Less than two weeks ago, the source code for Google’s Chrome OS was released on November 19, 2009 under open source licensing as Chromium OS.

It took less than a day, for the first hacked Chrome OS developer build to go live on the Internet. Very soon it got torrented and hosted, courtesy of a geek celeb who goes why the name of Hexxeh.

The first build required 4GB, but a new and vastly improved ‘diet build’ is now available as a 300MB direct download, it extracts to a 950MB image that can run off a USB stick.

The OS is also available as a torrent on PirateBay, and lots of other trackers. What’s more, support is vastly improved in the newer builds. The minimalist OS can do nothing other than browse the Internet, eliciting snide remarks from a Linux fanbase. “Basically you get a Linux OS that can do nothing but look at Web pages.” But that misses the point.

This OS should work out exceedingly well on an aging PC or an underpowered netbook. It’s also great for your grandma or technically challenged siblings, as there will be little scope of it being infected with viruses or spyware. It cuts all the flab, and offers blindingly fast browsing speeds on underpowered PCs.

Hexxeh, who is also available on Twitter says that “In theory, we have even better compatibility that that chart suggests, that chart refers to compatibility on a fresh unaltered build. I’ve added the WiFi drivers from Ubuntu to this to try and fix the WiFi for people having issues.”

I haven't tested the Chromium OS myself and I personally think it is too early to comment or test. I'll keep you guys posted.

Top 10 Windows 7 features

The best things about Microsoft's latest Windows 7

Windows 7 has now been released to manufacturing, and the much-anticipated next version of Windows will be available for TechNet subscribers and enterprise Software Assurance customers to download within weeks. With this in mind, here is the list of the top 10 reasons for upgrading to Windows 7.

1. 'Available networks' tool on taskbar
   If you're a laptop user, it's almost worth installing Windows 7 for this feature alone. Like all great ideas, it's disarmingly simple: put a control on the taskbar, accessed via a single mouse click, that shows available Wi-Fi networks and lets you choose which one to connect to. It's a world away from the hoops Windows Vista makes you jump through to get a Wi-Fi connection
   
   
2. Fewer annoying pop-ups
   Vista users will be familiar with the constant barrage of pop-up messages the system subjects them with: 'Windows Defender needs your attention', 'Check Windows Firewall settings', 'Updates available for your computer', and so on. In Windows 7, most of these messages appear instead in a notification area on the taskbar, so you can deal with them at your leisure.
   
   
3. HomeGroup
   HomeGroup should make it much easier to share files and other content such as music and pictures among all computers connected to a home network. It lets each user control what they want to share from their own computer, and any new Windows 7 PC connecting to the network will automatically find the HomeGroup, but needs a password to join.
   
   
4. Device Stage
   Device Stage is a new user interface for working with peripherals like phones, cameras or printers in Windows 7. It not only shows all the information about your device, but brings together all the applications and services you can use with it in one place.
   
   
5. BitLocker support for removable storage
   The Bitlocker encryption tool was introduced in Vista, but only in some editions and only for the boot drive of a PC. In Windows 7, BitLocker to Go lets you encrypt and password-protect USB devices such as Flash memory sticks to secure files in case you misplace the drive.
   
   
6. Speedier boot-up
   With some PCs that we've seen running Vista, you could hit the on switch then go away and make a cup of tea before being able to actually use the system for anything. By contrast, Windows 7 boots up and is ready in about 30 seconds flat. In fact, Windows 7 seems more responsive than Vista all round, even on the same hardware.
   
   
7. Libraries
   Libraries are like folders, except they conveniently bring together content from multiple locations into one place. For example, the Pictures library lets you see all photos and images to which you have access, whether they are spread across several folders on your hard drive or even on a network share.
   
   
8. User Account Control is less in-your-face
   The User Account Control (UAC) feature was introduced in Vista to improve security but has proved extremely annoying, popping up and asking for confirmation whenever you want to open Device Manager, add drivers, or dozens of other tasks. In Windows 7, UAC has been reworked so that users can carry out a greater range of tasks without a UAC prompt asking them for confirmation or administrator credentials.
   
   
9. Multi-touch
   On systems with a compatible touch screen, Windows 7 supports gesture-based input and control, like you might see on Apple's iPhone, but it works with pretty much all applications, not just those created for Windows 7. This means you can tap on the screen to launch applications, use your finger to scroll up and down in Internet Explorer and Word documents, and doodle using your fingertip in Paint.
   
   
10. It's not Windows Vista
    Enough said.

Reference: Vnunet.com

Undo accidental reformats of external drives

What to do when you reformat the wrong drive

The increasing use of digital cameras is making this type of error more common. You see, when you "initialize" a camera's memory, you're really formatting a solid-state hard drive. (Most cameras use utterly standard FAT16 or FAT32 disk formatting.)

People who would never reformat a PC's drive will almost surely "initialize" or reformat a digital camera's solid-state drive many times over the years they own the device. Sooner or later, almost everyone will have a reformatting.

In PCs and cameras, the trick to recover from an accidental reformat is to avoid using the drive — ideally, do nothing at all — until you can run an unformat tool. The more frequently you access the drive after an accident, the harder it may make it to get the data back.

The popular and clearly named RecoverMyFiles utility from GetData (U.S. $70) can handle both FAT and NTFS unformats. The vendor's site has more information about the program.

DiskInternals' NTFS Recovery also has a solid reputation, but it's pricey at $99. You can learn more about the utility on its page on the DiskInternals site.

The recovery may not be perfect, and you may have some manual cleanup to do afterwards, but if you haven't used the reformatted drive, there's at least a reasonable chance you'll be able to effect a useful recovery.

The Impact of the Downturn on IT Recruitment

Dirty impact of the Downturn on our IT job market

I was having a discussion with one of my friend last night. He is of the manager in a leading IT recruitment firm here in Australia. He actually mentioned to me, a pretty interesting and adverse effect of financial recession, in job market which i would like to share here.

We all aware of unemployment rate ticking up everyday, probably every month, with global economy effecting companies financial situation. Every organization is focusing on reducing their operating cost by all means, which can be achieved by reducing their travel, hiring freeze, overtime and various other expenses.

Most of them are achieving this by reducing employees, we hear almost everyday, X company made Y amount of employees redundant. I suppose, this is really a common and most upsetting news for all IT professionals.

My friend mentioned, which these effects on unemployment, he noticed some of the organizations are making their highly paid professionals redundant, giving reason that they no longer need this position or probably they don't think this position is bringing any benefit to the organization at this point of time. After some weeks or probably months, same organizations are advertising same position with half the salary and attracting unemployed IT professionals, who are willing to work for something rather then nothing.

I find this very interesting and obvious effect of financial recession where some organization are using this reason to bring IT job market price down and also to reduce their operation cost, yet keeping their same number of staff by paying them half the salary.

McAfee Looks at Spam's Damage to Environment

33 billion kilowatt-hours (kWh) is used to transmit, process and filter spam

The global annual energy used to transmit, process, and filter spam is 33 billion kilowatt-hours (kWh), which is equivalent to the electricity used in 2.4 million homes, concludes McAfee's "Carbon Footprint of Spam" study.

The study found that spam produces the same level of green house gas (GHG) emissions as 3.1 million passenger cars using 2 billion gallons of gasoline. The study found that an estimated 62 trillion spam emails were sent in 2008, and that most of the energy consumption related to spam, 80 percent, comes from end users deleting spam and searching for legitimate email. Spam filtering accounts for 16 percent of spam-related energy consumption.

"As the world faces the growing problem of climate change, this study highlights that spam has an immense financial, personal, and environmental impact on businesses and individuals," says McAfee's Jeff Green. "Stopping spam at its source, as well investing in state-of-the-art spam filtering technology, will save time and money, and will pay dividends to the planet by reducing carbon emissions as well."

The report says if state-of-the-art spam filters were used to protect every inbox, organizations and individuals could reduce spam's energy consumption by 75 percent. However, the researchers note that although spam filtering is helpful, fighting spam at its source is even better.

Refer here to read the original article.

Safety of the data means more than protecting information

Unplanned Security - It can be life threatening..

Imagine for just a moment that it's 6:30 a.m. and you are a patient in a hospital waiting for surgery. It's a routine operation to remove your gall bladder (one of those throw-away parts), and no big deal. What you don't know, however, is that the hospital's computer network was recently redesigned. The support staff moved all of the critical applications from the mainframe to a distributed network environment. In the rush to move from one platform to another, management never developed security policies and procedures for the new systems. So the hospital support staff never configured security. On the surface, the right-sized network is running smoothly. Underneath, however, anyone on the hospital network can steal, modify, or destroy patient information on the servers.

Yesterday, when you were admitted to the hospital, you had some pre-op testing done to make sure that you don't have an infection. They did blood work and a chest X-ray -- the standard pre-op stuff. You wake up early the nexy day, 4:00 a.m., and your surgery isn't for several hours. You wake up because you're little nervous about getting that gall bladder removed. After considering the problems it was giving you, you decide you will be better off without it. Feeling calm, you fall back to sleep and have a few pleasant dreams.

Siz a.m., rolls around. The doctor calls down from the operating room. He tells the nurse that he wants the results of your pre-op tests sent with you to the operating room. Since the results haven't come back to the floor yet, the nurse logs into the computer to get your results. They are normal. Or, atleast they are now.

What your nurse doesn't is that a hacker broke into the server and changed your test results from abnormal to normal. Before the information was modified, the results of your lung X-ray review noted a questionable shadow -- maybe just congestion, or maybe pneumonia. Results that would tell your doctor to postpone the surgery to avoid possible complications that could lead to resporatory failure.

Since your doctor doesn't get those results, he operates anyway. Your gall bladder takes the route your tonsils fell to many years ago. It appears to have been a successful operation. That is, until the anesthesiologist notifies your surgeon that he can't seem to get you off the respirator. He orders a repeat chest X-ray which shows a dense pneumonia. He then requests your pre-op X-ray that shows a smaller shadow in the same area. He calls your surgeon wanting to know why he did an elective surgery on patient with preexisting pneumonia. Your doctor can't be reached because he is busy filling out your dead certificate. Guess what? Your lungs gave out -- your are dead.

This is one case when the safety of the data means more than protecting information -- it means protecting lives. Pretty scary when you consider just how much real hospital rely on their computers. Just imagine....

New site promises no-nonsense security advice

The site, http://www.theinternetprotectors.com/, promises non-technical tutorials on common IT security threats, easy access to a pool experts and a collaborative learning environment.

A new site dedicated to providing non-technical computer users with plain-English explanations of internet security risks has been launched today.

www.TheInternetProtectors.com brings together a range of resources including podcasts, videos and white papers.

A number of experts from organisations such as AVG, Software Security Solutions and Theft Protect will also be on hand to answer questions and provide tutorials.

The material promises to be comprehensive yet easily accessible. The site was built on Web 2.0 principles, and has been designed to be as user-driven as possible.

Don't forget to logout from Skype

Neglecting to logout from Skype means sharing your Instant Messages

I was researching and found out:

Six months ago, I briefly used Skype on a friend's laptop. Yesterday, that very friend -- who is not very computer-savvy -- told another friend of mine that she had found a way to read other people's Skype messages. The other friend looked into the matter -- turns out that I had remained logged in on her laptop for the past six months and that she had read every single of my instant messages during that time. Obviously, I had not noticed that the"Automatically log this user on" box was ticked when I logged on and had forgotten to log out.

The RISKS are obvious. So are possible fixes: The "Automatically log this user on every time Skype starts" box should never be active by default and a confirmation should be requested. Also, Skype should make users aware if they are simultaneously logged into the same account from different machines. The only way out at the moment is to change the Skype password frequently as this will terminate all sessions you may have forgotten to log out from yourself.

According to several messages on the Skype Community forum, Skype considers the ability to remain logged in to the same account on several machines a"feature" and sees no need to fix anything.

Understanding Third-Party Vendor In PCI Compliance

Recognizing the value of outside assistance in achieving PCI Compliance

While some companies do elect to develop, deploy, assess and penetration test a compliance strategy on their own, others find that there are certain advantages to using a third-party vendor for these activities. For some organizations, an outside vendor can provide external validation that the appropriate processes and policies are in place; this validation can provide reassurance to customers, partners, shareholders and card issuers. A third-part vendor can also provide an objective analysis, of your current compliance status, along with recommendations for closing any gaps.

When compliance validation activities are executed in house, company officials become fully liable for any ommissions or erros. Using a third-party vendor can shift the risk away from corporate management. Companies can conduct their own penetration testing if they prefer. Quarterly external network scans are required for the majority of merchants and service providers, and these scans must be performed by an approved third-party assessor. When companies reach a certain threshold of payment card transactions, a ceritified PCI assessor must be used to validate PCI compliance. The PCI Security Standards Council manages a Qualified Scurity Assessor (QSA) program, ensuring that assessors are fully certified to conduct PCI assessments.

Selecting a Third-Party Vendor:

Allowing a third-party assessor to shift through your data can be a scary proposition, so it's important to choose a trusted, experienced, certified provider that understands the PCI standard in relation to your industry. The ability to handle all phases of your PCI compliance validation, from pre-assessment through report of compliance (ROC) submission, is key. Your vendor should be willing to offer you multiple alternatives for achieving the same level of protection and should provide you with a detailed roadmap in each case. The assessor's cire competency should extend beyond compliance services to addressing your overall security posture and providing recommendations for securing your infrastructure. The services provided should be clearly delineated, particularly if the contract spans multiple years.

As you proceed through the selection process, you should ask yourself these questions:

• What am I getting for my investment? Do I receive simply the output of a scan, or do I benefit from the vendor's security expertise?
  
  
• How customized is the assessment that this vendor offers me?
  
  
• Is my vendor fully certified to perform all phases of the PCI compliance validation?
  
  
• Has this vendor fully explained the timeline involved in the process? From pre-assessment through ROC submission, the process can take from 9 - 18 months; am I prepared for that?
  

In short, you want a trusted security adviser that can be your advocate to your acquirer bank and payment card companies.

Understanding the Challenges Of Becoming PCI Compliant

Beware of obstacles on the road to PCI Compliance....

While PCI standards are simply worded and provided a good foundation for your governance and risk management strategy, you should be aware of a number of factors that can complicate the road to compliance.

For example, eacy payment card company, while adhering to a core set of standards, has its own particularities in terms of its exact requirements and enforcement mechanisms. These factors must be taken into account as you design your strategy.

To be prepared for the compliance assessment, you must have a certain number of checkpoints in place. You must also be able to demonstrate that you are not keeping data that the PCI standard specifies you are not entitled to keep. For example, full-track data from the magenetic card strip of the card validation number ( CVC, CVV2, CID ) must never be retained.

The requirement to remove data that should not be retained also means wiping inappropriate data from all areas of the data stream. In the United States, using a U.S Department of Defense - approved wiping process satifies this requirement; while in other portions of the world, either the U.S or European Privacy Act wiping process is required. These data stream areas include databases, backup files, transaction logs, application logs, device logs, error logs and reports, network sniffers, and core and memory dumps used for diagnostic purposes.

Avoiding common errors

It can be helpful to know that certain errors are routinely identified in compliance assessments, including the following:

• Storage of prohibited cardholder data
  
  
• Use of production careholder data in test environments
  
  
• Failure to encrypt the full payment card number
  
  
• Lack of network segmentation system that isolates the transaction environment
  
  
• Lack of segregation of internal staff duties
  
  
• Failure to label cardholder media as confidential

Top 50 Apps That Fit On A USB Drive

Portable Softwares which you should carry on your USB Drive...

Sometimes you just need to take your apps on the go. Whether you’re providing support or just trying to make a strange computer feel more familiar, having a collection of portable applications is very useful. From development to security, these apps are some of the best tools you’ll ever keep in your pocket.

Development

Edit code wherever you are with these handy tools.

1. Vim: The Vim text editor has lots of features that are great for source code editing, like file comparison, regular expressions, and GUI mode. It’s also highly portable, working with even obscure platforms.
2. Dev-C++: This integrated development environment is much like Microsoft Visual Studio, except that it has DevPaks that offer additional utilities, libraries, and templates.
3. Server2Go: With Server2Go, you’ll have access to PHP, MySQL, Apache, and Perl.
4. Notepad++: Notepad++ is a free source code editor that offers an efficient binary as well as a customizable GUI.

Graphics

Edit graphics, create animations, and view images on the go with these pocket graphics apps.

1. Anim8or: Anim8tor, though small in size, is packed with loads of features and tools. It also has plenty of easy tutorials for modeling and animation.
2. IrfanView: Using this image viewer for Windows, you can view, edit, and convert image files, as well as play some video and audio formats. It even supports formats like Flash, MP3, and MPEG.
3. ArtRage: ArtRage, a bitmap graphics editor, is great for use on tablet PCs. Available mediums on ArtRage include oil painting, pencils, and tools that offer textures and other special effects.
4. Inkscape: Inkscape is a vector graphics editor application that runs on nearly any operating system, making it a great tool for using on unfamiliar computers.
5. FastStone Image Viewer: Use FastStone to view images, manage thumbnails, and perform various image editing tasks.
6. Blender: This 3D animation program can be used for a number of different uses, including modeling, rendering, and animating.
7. GIMP: The GNU Image Manipulation Program is used to process digital graphics and photographs, and even create basic GIF images.
8. UnFREEz: Coming in at a tiny 19.5 kb, UnFREEz just might be one of the smallest apps ever. Using this tiny GIF app, you can combine a series of images to create an animation.

Documents

Have your office with you wherever you go with these portable document applications.

1. Open Office: This office suite works on a number of different operating systems, and offers document functionality in word processing, spreadsheet, presentation, database, and more.
2. Foxit Reader: Take this small, fast PDF viewer with you wherever you go to avoid having to use Adobe Acrobat.
3. NoteTab: This text editor offers the option of a tabbed document interface, making it easy to manage multiple documents at once.
4. Scribus: The Scribus desktop publishing program offers layout and typesetting as well as the ability to create PDF forms with animations and interactive functions.
5. RagTime: Using RagTime, you can create documents in spreadsheets, word processing, HTML, and even AutoCad files.
6. TextPad: The TextPad app offers easy text creation and editing, as well as helpful features like a clip library.

Internet

Get the Internet the way you want it with these portable browsers, chat programs, and email applications.

1. Firefox Portable: Take your Firefox, with all of its bookmarks, plugins, and extensions anywhere using Firefox Portable.
2. ChatZilla: Get this IRC client, and you can chat on any platform that has a Mozilla web browser, like the aforementioned Firefox Portable.
3. Google Talk: You can use this application for VoIP and instant messaging on nearly any Windows machine.
4. Portable Thunderbird: Using this portable email app, you can keep your email, address book and settings right in your pocket.
5. PuTTY: This little gem is a terminal emulator that can act as a client for a variety of protocols, like SSH and Telnet.
6. Pidgin: Use Pidgin, a multi-platform IM client, to enjoy encrypted IM discussions.
7. XeroBank Browser: This internet browser has Tor access built in, so you can stay anonymous.
8. Adium: This Mac OS X instant messaging client can be used with AIM, Google Talk, ICQ, Jabber, and many more messaging services.
9. FileZilla: Use FileZilla, a very popular cross-platform FTP client, to share and remotely access files.
10. Trillian Anywhere: Take Trillian, a multiprotocol IM application, anywhere using this app.
11. Portable Bookmarks: Keep all of your bookmarks on your flash drive with Portable Bookmarks.
12. uTorrent: With uTottent, you can buse BitTorrent while using minimal computer resources.
13. Gaviri PocketSearch: This file management software makes it easy to locate files across all of your devices.
14. Miniaim: Get around instant messaging restrictions with this minimalist AIM client.

Multimedia

Get mobile media functionality with these awesome tools.

1. Audiograbber: Extract audio from CDs and convert into a number of different formats like WAV, MP3, and WMA.
2. DeepBurner: Take this CD/DVD authoring program on the go to burn discs and ISO images.
3. VideoLAN: This software plays video and other media formats on the go.
4. REAPER: This digital audio workstation uses very light resources and can currently be used on Windows, with Mac OS X soon to come.
5. MediaCoder: Use MediaCoder to batch transcode, compress, or convert audio and video.
6. StationRipper: With StationRipper, you can record audio from podcasts, Shoutcast, Last.fm stations and more, all with iTunes integration.
7. Audacity: Edit digital audio on the go and on a number of different platforms with Audacity.
8. Winamp: Use this popular, skinnable media player for music and more on the go.

Security

Ensure a secure workspace, or just help Grandma get spyware off of her computer using these portable security apps.

1. KeePass: Carry your password safe around with you, and rest assured that your information is encrypted.
2. Ad-Aware: Take this popular adware zapper on the go to find trouble on any computer you might be using.
3. ClamWin: Use ClamWin to scan for viruses on a Windows machine with the Clam AntiVirus engine.
4. Eraser: Make sure you’re safely deleting files when you leave a strange computer by using Eraser.
5. RoboForm: This program won’t just manage your passwords, it will also fill in web forms for you.
6. HijackThis: Find and destroy malware with this freeware spyware-removal tool.
   

More

Get even more use on the go with the USB apps.

1. Universal Extractor: Extract files from any archive, anywhere.
2. Converber: Make easy conversions on any computer with Converber.
3. Launchy: This program locates programs to launch based on a user search, making it easy to launch anything from games to an internet browser.
4. DOSBox Portable: Play around with your USB stick, and enjoy classic DOS games on the go.

Information Security - Basic Understanding

Immutable Laws of Security

I just came across a beautiful article while reading a blog of Steve Lamb. As mention by Steve, this article is fairly old but it is still worth reading it. Article tells the basic of Information Security and tells us what are the important facts we need to take in consider when talking about Information Security. See: 10 Immutable Laws of Security