Archive for September, 2010

No Longer A Youth No More!

Sunday, September 21, 1975. Time-check 11:00 AM. A lady named Harriet Nabbosa gives birth to a bubbly son at Mulago Hospital, whose name is chosen to be Collin Ddumba Katumba. Life was good then, with Mr. Jospeh Katumba, the Dad working with Pepsi Cola Company as a Salesman. Staying in Ntinda along Ssemawata Road…that house is still standing, they later move to Kalinabiri, the present day family home.

Towards this son becoming one year old, things fall apart, Mr. Katumba loses his job, life becomes tough, the available option to these two parents is to send their young son to go and live with his paternal granny in Kakunyu, Bukoto in Masaka District. This is where part and most of this young man’s character was shaped by the elderly Jjaja Pauline Namutebi…she is now 79 years old.

Collin Ddumba Katumba, at baptism was renamed Nicholas Ddumba Katumba, for some reason his original name was changed by the priest who was to conduct the baptism at Christ the King Church. When you check the meaning of Nicholas, it is…The victory of the people. This young man has been a victor in all his life struggles and he continues to be.

Nicholas Ddumba Katumba, started his education at a remotely known school, called Butale Primary School in Masaka, there were no kindergarten schools in that area during that time, so he went straight to Primary One and the year was 1983. He had lots of cousins to show him around, take care of him at school.

The family later moved to Kinoni, still in Masaka, and he was enrolled into Primary Three at St. Joseph Kinoni Primary School, with the School Moto: ‘Kyosimba Onaanya’. This Moto has come to have a lot of meaning in my life. I had my challenges at this school and I was later transferred to Kyamaganda Boys Demonstration School, where I proved to be an academic force to reckon. I remember in our PLE year, 1990, there were only 10 First Grades, and mine was one of them. I was now competing with Kampala pupils favorably. Are there any OB’s and OG’s reading this? Raise up your hands for recognition!

For my Ordinary Level Education, I joined St. Bernard’s College Kiswera. Hon. Theodore Ssekikubo is one of my OB’s although he was in Senior Five when I was joining Senior One and any OB or OG reading this remembers that famous early morning Latin wake-up call by the Principal, Mr. Bernard Kakinda. I was in this school for only Senior One, things became tough again, sat one full term without school, then later enrolled into Kabwoko Church of Uganda SS for Senior Two. I must say that I was a very sharp kid. I was in Kabwoko for only one term, things became tough again, sat one term at home. All this time I was still living with my beloved Granny (Jjaja).

Later in July of 1992, I was brought to Kampala and started school at Mackay College Nateete in Senior two and that was 3rd term. Things became smooth now and completed my ‘O’ Level there, before joining Caltec Academy for my ‘A’ Level education, which I finalized in 1997. I joined Makerere University Business School, then National College of Business Studies, Nakawa for a Diploma, which I finalized in 1999. I started working in 2000 with Bemas Commercial Agency, dealing in stationery and computer printing. I joined as a salesman/computer operator. While there, I trained further into computers, the basis of which I am into the field of ICT now. I remember my first salary being UGX50,000 per month, from which I moved out of my parents’ home to start renting in Busega. This was a one roomed apartment.

In November 2001, I was called by one of the managers in Uganda Telecom, Wilfred Musinguzi for an offer as a Commission Agent in the ISP/Data Division, selling Dial-up Internet services. Later in 2003 January, I joined AFSAT Communication (U) Ltd as a Sales Representative selling Internet services. I bought my first car while at AFSAT in2003 and this is were I had my first trip outside Uganda, I went to Rwanda for an Investment Conference. At this time, Nicholas Ddumba Katumba started arriving.

In January 2004, I went back to Uganda Telecom as a Junior Account Manager. During this same year I went back to University and enrolled for a Bachelor of Business Administration Degree, majoring in Marketing, which I completed in 2007. I also attained a number of other certificates. Still in 2004, I met my first wife, beautiful Peace Juliet with whom we have two very beautiful daughters, Naome Kirabo Nawenja Ddumba and Nicoleta Kemigisha Nanyanzi Ddumba. This eventually didn’t work out well and we agreed to separate.

While at Uganda Telecom, I grew in ranks taking up positions of Bid Management Executive, Solutions Consultant before I became a Senior Account Manager. Here I got exposure to a number of people, my network expanded. I pride myself to having worked on some of the most sophisticated ICT implementations in the region like URAnet, on which basis every tax payer in Uganda is able to carry out their online tax transactions, and I worked with some of the most proficient professionals during this project. This is just one of them, but I have also worked with Umeme, UETCL, Min. of Finance, Min. of Health, Min. of Education, Uganda Police, Kyambogo Univeristy, Min. of Public Service, Min. of Gender, Office of the Prime Minister, IGG’s Office, Office of the Auditor General, National Water, NSSF and so many others.

I left Uganda Telecom in December 2008 and joined a Kenyan-registered company called Virtual Works as a Business Continuity Consultant /Business Development Manager, covering Uganda, Rwanda and Burundi. I became a frequent flyer. In this very year, I met my current wife, lovely Nicole Justine Nabwami, with whom we have two handsome boys, Nicholas Ssentume Ddumba and Nathaniel Ssengooba Ddumba.

I left Virtual Works in May 2009 to join RAPS Uganda Limited, heading the Enterprise Solutions Sales. Throughout all this, there are so many achievements that have come my way. There are so many good things that have happened in my life. I have met very good people, loving people, caring people and they have all propelled me to the level that I have attained as a youth.

Today, as I am writing this story, I made 35 years, meaning I have come out of the youth age-group. I am getting oriented into the middle-aged group. An age group that everyone looks up to for trusted guidance and mentorship. I should say that my life story has made me learn so many things, that I am already a mentor to some people, and I know that there are so many people who look up to me and I thank God for that. Today is only one day, but there are so many more days ahead in which I will want to dwell on God’s guidance to live my life exemplary, befitting, and purposefully and it will only be by His grace.


Phishing on Social Networks

Phishing attacks target users of Facebook, other social networks

By Robert Westervelt, News Director
08 Sep 2010 |

Phishers are turning to less traditional ways to steal personal data, latching on to the inherent trust people have in social networks to game the system and ultimately score more lucrative data. While spam phishing messages continue to plague inboxes, toolkits have enabled less savvy attackers to easily produce more sophisticated ways to dupe people into freely giving up their data. The amount of information people post to social networks like Facebook and Twitter has also made it much easier to social engineer people into thinking a link or message is legitimate, said Paul Wood, a senior analyst at Symantec’s MessageLabs Intelligence. As Wood explains, traditional email phishing campaigns will continue, but the widespread use social networks and an increase in smartphone usage has enabled a newer class of Facebook phishing that uses nefarious Web applications and other means to steal confidential data.

The bad guys are very often looking at social networks, creating fake profiles and trying to link with people. Paul Wood senior analyst, Symantec MessageLabs Intelligence

Does phishing make up a large percentage of emails?

Paul Wood: When we look at the statistics we published in the August MessageLabs Intelligence Report, one in 363 emails were identified as some form of phishing scam. Though, that’s a relatively small proportion, that’s slightly up compared to the previous month. It does seem to go in cycles. I think that’s where the phishing groups are targeting particular organizations using certain toolkits. We saw at the beginning of 2009 the increased availability of phishing toolkits and attack tools like the Zeus Trojan. They enabled people to create very sophisticated phishing attacks at very low cost. In fact zero-cost in many cases because the code for Zeus leaked into the public domain. It enabled people to create these small custom botnets that would then hook into people’s Web browsing activity and intercept calls directly to websites whereas with most phishing scams that we are familiar with is usually in the form of an email.

Are many phishing campaigns geographically localized?

Wood: What we find is that they use the same or similar templates for an attack and they will switch out the brand name that they are targeting. If it’s a bank, they’ll switch the name of the bank and the actual logos they might be using in the email. But essentially it’s the same templates. They also look at the time zone. In Europe you may see phishing emails go out at a particular time of the day then five or six hours later you might get a similar wave of phishing emails targeting North America. The templates and toolkits make it very much easier and lowers the barrier to entry. You don’t have to be a technical wizard in order to conduct one of these attacks if you can get a hold of one of these types of toolkits.

When people think of phishing they think of cybercriminals harvesting user names and passwords. Are phishers stealing other data as well?

Wood: Yes and it depends on the type of phishing attack and how it is conducted. For example, you may find in a social networking environment that there may be an application that someone has asked you to plug in. It may be a questionnaire or one of these personal quiz type things. The danger is that they’ll ask you for a mobile phone number and then you suddenly find that you’ve subscribed to some premium-rate service that costs several dollars every time they send you a text message. And then it’s very difficult to unravel from that. So, it doesn’t matter how you answer those questions, that’s just the bait. Phishing similarly is trying to get you to do something that you wouldn’t naturally do. These are the kind of things that you need to be aware of when you’ve received unsolicited email. Phishing is really just spam messages that have been dressed up for a particular purpose. You have to be very careful about responding to any type of spam that you receive. If you go to a website in order to continue with the process, that website could also be laden with malware.

Are most of these attacks relatively unsophisticated? Are there examples of more sophisticated phishing attacks that are more targeted?

Wood: The more targeted attacks are much more difficult to recognize because very often there would have been a lot of effort before they send you the email to make sure that it is tailored and personalized for you. This is one of the dangers for things like social networking environments and even many of the most popular social websites. We tend to put a lot of information on those sites, but perhaps not taking enough consideration of the privacy settings that are often available to lock down what information is visible. The bad guys are very often looking at social networks, creating fake profiles and trying to link with people and many phishing attacks will also target people’s social networking accounts because they are very valuable. For example, if we were joined by a social network and my account became compromised if I fell for a phishing attack. That means that the bad guys can approach all of my contacts to send their messages. You are more likely to respond if you receive a message from someone you know and trust. It’s not really in the spam category anymore. If they can get a user to a website and install malware on their machine, it’s not really about phishing anymore. It enables them to bypass the social engineering and then install components into your Web browser, which is how the Zeus Trojan works. If you visit a particular website the bad guys can intercept that traffic, inject their own html instructions in there and siphon off whatever you type in.

The Rustock botnet is responsible for 41% of spam globally, according to your report. Do phishing campaigns often come from botnets like Rustock?

Wood: Some of the botnets are used for phishing attacks. If you look at Cutwail for example, that has been heavily used for phishing attacks over the last few months or so. But Cutwail used to be far more dominant than it is now. It has fallen back significantly. It’s very aggressively sending out malware and phishing to try and make the best of the remaining botnets that it has under its control and also regenerate the botnet itself.