Should you have comments or feedback please feel free to contact us.

Abbreviated forms of these articles are also available on our blog at http://e-secure.blogspot.com

Security: A nightmare for online enterprises

In the wake of reports on the apparent hacking into eBay's customer database, Dirk Venter of
Venter Information Services, examines the 'security nightmare' facing online enterprises. He
notes that while eBay has denied the reports, 'the fear in learning that a trusted commercial
vendor might not have been trustable at all was sufficient to create widespread concern and
panic around Internet security'. What ultimately defines solid security is the fact that one has not
been hacked, writes Venter, what makes this possible is foresight and perception of
vulnerability. In terms of section 43(5) of the Electronic Communications and Transactions Act of
2002, South African Web site owners need to 'utilise a payment system that is sufficiently secure
with reference to acceptable standards at the time of the transaction'. They are 'liable for any
damage to the consumer' in terms of s43(6) of the ECT Act for their failure to do so. Read the full
article for details on the legal responsibilities and duties of Web site operators and network
users as well as the types of hack attacks to which an online enterprise could be at risk.

This precis by Mignon Hardie of Legalbrief. Full report on the Legalbrief site:
http://www.legalbrief.co.za/article.php?story=20040728169049999

Should the original not be available, a copy is cached on this site.

VoIP - quality of VoIP versus circuit switching

In an opinion published on ITWEB's site, Venter analyses the reasoning presented on the
ITWEB site in an article and its associated commentary, that VoIP quality is inferior to that on
circuit switched connections. Venter explains that call clarity is essentially a function of the
Quality of Service implementation between the endpoints of the conversation. Venter also
explains the value commercially of using compression to place more calls over a link via codec
manipulation, causing quality degradation on the associated calls, and explains that rather
being a function of VoIP, this is a function of commerce. Venter illustrates encapsulation issues
with packetised voice, as opposed to DS0 based voice, and also discusses why ISDN
(residential 128kbps) is a poor choice for VoIP.

Should the original not be available, a copy is cached on this site.

Online hate vs freedom of expression

In an article entitled Online hate speech vs freedom of expression published on the ITWEB site,
the balance between constitutional protection and defamatory remarks is investigated by Venter
within the context of applicable South African legislation and court cases. Venter also
investigates the defence of Intellectual Property infringement/theft that has been claimed by
allegedly defamed companies such as Sentech, suggesting that there is no basis for the claim.
In the article Venter suggests recourse available under the ECT Act, the use of AUP instruments,
and the anticipated Hate Speech Bill.

Should the original not be available, a copy is cached on this site.

Credibility of BSA study questioned

The BSA sponsored IDC study supplies a lot of detail on how bad piracy is, and spends a great
deal of time quoting comparative rates etc. However it does not show how this info was actually
obtained short of saying that installed software value was compared with sold software value.

In an opinion published on ITWEB's site, Venter inquires into how it is possible, given the
massive distribution of software, and extensive privacy protection afforded by the constitution, for
even remotely accurate figures to have been obtained here.

For example the study suggests that 5,600 interviews were conducted in some 15 countries to
obtain the data. Logically, what, short of indemnity from prosecution and voluntary waiver of
privacy rights, would make a person declare pirated goods? And what makes an interviewed
person typical of a group in a society? Given the variance in social norms from society to society,
this relationship would need to be researched in every society where samples are interviewed.
And as is mentioned above, this is not the sort of thing that many people would feel comfortable
talking about. Obviously massive portions of society were not interviewed. And it is over this
non-interviewed portion that real issues with accuracy arise.

Furthermore, logic applied based on statistics of alleged piracy can be questioned. For example,
the study suggests that once piracy is eliminated, pirates will purchase software they otherwise
would have stolen. An important aspect of piracy that needs to be remembered is that in many
cases it seems that pirates do not regard the software they steal to be worth what is asked for it.
To recover market from pirates therefore does not suggest that pirates will then purchase the
software that they otherwise may have stolen or for that matter follow any retail software market
trend.

Venter concludes in the article suggesting that the BSA has a tough job to do, but that they stand
to lose a lot of credibility by glossing over the data acquisition process which forms the crux of
their study.

These opinions were published here.

Should the original not be available, a copy is cached on this site.

Voice over IP and the Law

Dirk Venter, a Cyberlaw consultant at Venter Information Services and specialist in IP telephony
and network security infrastructures, examines a number of issues related to Voice over IP in an
article on the Legalbrief site. Given the illegality of VoIP in terms of the Telecommunications Act,
Venter notes that there appears to be limited knowledge on how the technology operates or
whether Internet Protocol is even necessary for it to operate. Venter demystifies the technology
and methods of enforcing the legislation. He notes that bizarrely, given the ban on the
technology, no real incentives exist for enforcement. In conclusion, Venter writes: 'It appears to
be common cause amongst the commercial and technological sectors that a result of
legalisation of Voice over IP would be to enhance and improve the South African economy. It is
tragic and pretentious that the Telecommunications Act of 1996, which espouses such
philanthropic values and ideology in section 2 should also include the likes of section 40(3).'

This precis by Mignon Hardie of Legalbrief. Full report on the Legalbrief site:
http://www.legalbrief.co.za/article.php?story=20040630164059999

Should the original not be available, a copy is cached on this site.

Business opportunities galore

BY DIRK VENTER, VOIP / CISCO IP TELEPHONY CONSULTANT, E-SECURE.BIZ

[3 Sep 2004 ] The legalisation of VoIP will have profound and far-reaching financial implications
for consumers and businesses alike in SA.

All SA businesses ought to be costing VoIP against their commercial switched circuit telephony
before the wave hits them. The implication of voice over data is that we can expect rapid
reductions in the cost of international calls, and a massive increase in ADSL subscription. The
drop in Telkom share price may well be lacking in foresight and understanding, since many
Voice over IP calls will run through bandwidth ultimately managed by SAIX/TELKOM.

However expected drops in business call costs WILL have a profound impact on the cost of
ownership of international business and contact.

Well done SA. Here comes something exceptional.

This comment  was originally published via the ITWeb site.

Will you be caught short on February 1st?

By Dirk Venter, Consultant, E-secure.biz

[29 Oct 2004] This techno-centric article examines the technical elements involved in a VoIP
implementation, and relates them to the legislation legalising VoIP in Feb 2005. It estimates that
although specific figures vary, good equipment will be paid off twice with savings during the
lifetime of the equipment.  Nearly all of the technical steps related to a migration can be achieved
without waiting, moreover organisations that leave implementation and recruitment till 2005
stand to lose both money and valuable staff resources to competitor companies that start early.

This article is published on the e-secure web site.

Follow the white rabbit...

By Dirk Venter, Consultant, E-secure.biz

[29 Oct 2004] How's your security? Read a string of successive articles published by Dirk Venter
on security issues. Check out your understanding of security technology, hacking techniques,
and hacking law. Change your strategy from reactive to proactive with HoneyNet decoys and
intruder traps. Download material on hacking UNIX, and learn of hacker warning signs BEFORE
you get hacked.

This article is published on the e-secure web site.

Is Voice over IP for you?

By Dirk Venter, Consultant, E-secure.biz

[11 January 2005] How do you use packet switching to make a phone ring? These entry level
articles canvass basic technical and commercial design considerations for VoIP
implementations. Get it while it's hot!

This article is published on the e-secure web site.


All articles and texts copyright Dirk Venter, 2004, 2005.
Features:

Following the white rabbit
On this page:
Security- a nightmare for
online enterprises

VoIP- quality of VoIP versus
circuit switching

Credibility of BSA study
questioned

Voice over IP and the law

Business opportunities galore

Will you be caught short on
February 1st?

LLM / cert course topic paper
(University of the
Witwatersrand, Johannesburg)
(Internet Privacy issues and
law)
If you find that searching does
not return any content, please
search with the same string
again, as we experience an
index server delay from our
hosting company.
Material

Cisco QoS lab material
White rabbit security column