My experience on my daily works... helping others ease each other

Saturday, December 31, 2011

10+ free tool for static code analysis

The article was published at Open-Tube.com.

The author list 10+ free tools to analyze source code. The tool are:
Multi-language
1. RATS
2. Yasica

Java
1. CheckStyle
2. FindBugs
3. PMD
4. Hamurapi

C/C++
1. Sparse
2. Splint
3. UNO
4. Blast
5. CPPCheck

Check it out at http://open-tube.com/10-free-tools-for-static-code-analysis/
Share:

Internet Society Member Newsletter - December 2011

===========================================================
Internet Society Member Newsletter
Volume 10 Number 13 -
===========================================================

Contents
------------
News
------------
Internet Society Awards Grants to 14 Community-Based Programs
Internet Society Launches New Website
Internet Society Joins Opposition to Stop Online Piracy Act (SOPA)
Internet Society Supports United Nations Human Rights Day Focus on Social Media

------------
Feature Stories From Our Chapters
------------
Breaking Barriers: Harlem Internet Access Computer Programme
Building Freedoms: The Internet helps Tunisians redefine their world
Conference Alert: Nepal Chapter to Host Local ICT Event
Cambodian Chapter looks at Cyber Security Trends 2011
Australian Chapter Changes Leadership
Workshop on Migration from IPv4 to IPv6 in Mali

------------
Get Involved
------------
Find out the many ways you can continue to be an active part of the community

===========================================================
News
===========================================================

Internet Society Awards Grants to 14 Community-Based Programs

The Internet Society today announced funding for 14 community-based Internet projects that will transform the lives of people in underserved areas of the world.  This round of grants will support such local projects as: building the first website dedicated to young women survivors of sexual violence in the Democratic Republic of Congo; providing Internet and computer education to empower artisans in Bangalore; and launching an Integrative Internet Café for visually impaired and sighted people in Addis Ababa.

+ Find out more
http://internetsociety.org/news/internet-society-awards-grants-14-community-based-programs

-----------------------------------------------------------

Internet Society Launches New Website

The Internet Society today announced the launch of its redesigned website with exciting changes to the look, content, and functionality of the entire site. The Internet Society is a nonprofit organization dedicated to ensuring the open development, evolution, and use of the Internet for the benefit of people throughout the world.

+ Find out more
http://internetsociety.org/news/internet-society-launches-new-website

-----------------------------------------------------------
Internet Society Joins Opposition to Stop Online Piracy Act (SOPA)

The Internet Society Board of Trustees has expressed concern with a number of U.S. legislative proposals that would mandate DNS blocking and filtering by ISPs to protect the interests of copyright holders. While the Internet Society agrees that combating illicit online activity is an important public policy objective, these critical issues must be addressed in ways that do not undermine the viability of the Internet as a platform for innovation across all industries by compromising its global architecture.  The Internet Society Board of Trustees does not believe that the Protect-IP Act (PIPA) and Stop Online Piracy Act (SOPA) are consistent with these basic principles.

+ Find out more at http://www.internetsociety.org/news/internet-society-joins-opposition-stop-online-piracy-act-sopa

-----------------------------------------------------------

Internet Society Supports United Nations Human Rights Day Focus on Social Media

The Internet Society welcomed the focus of today's United Nations Human Rights Day event highlighting the transformational role of the Internet and social media applications in giving voice to people around the world.  The Internet Society is a strong advocate of an open and accessible Internet, and sees the Internet as an enabler of human rights.

+ Find out more at http://internetsociety.org/news/internet-society-supports-united-nations-human-rights-day-focus-social-media

===========================================================
Feature Stories From Our Chapters
===========================================================

- New York

Breaking Barriers: Harlem Internet Access Computer Programme
Taught out of a low-income housing residence, find out how the Harlem Internet Access Computer Programme helps seniors and people of all abilities reach out to the world.

+ Find out more and watch the film
http://www.internetsociety.org/breaking-barriers-harlem-internet-computer-access-program

-----------------------------------------------------------

- Tunisia

Building Freedoms: The Internet helps Tunisians redefine their world

Leader of the Internet Society Tunisian Chapter and Global Board Member tells his story of how the Internet helped Tunisians change their lives.

+ Find out more
http://www.internetsociety.org/building-freedoms-0#overlay-context=what-we-do/issues/human-rights

-----------------------------------------------------------

- Nepal

Conference Alert: Nepal Chapter to Host Local ICT Event

Internet Society Nepal Chapter is organizing a conference on "Internet for Everyone" in conjunction with CAN Infotech, 12, Nepal's only the information and technology exhibition.

+ Find out more
http://internetsociety.org/articles/conference-annoucement-nepal-chapter-host-local-ict-event

-----------------------------------------------------------

- Cambodia

Cambodian Chapter looks at Cyber Security Trends 2011

The Cambodia Chapter of the Internet Society had the opportunity to host a special workshop on the main trends in Cyber Security and Counter Strategies in 2011.

Unfortunately the progress in the development of the Internet as an important global tool of communication has also led to ever more sophisticated disruptive activities.

+ Find out more about what discussed at:
http://internetsociety.org/articles/internet-society-cambodian-chapter-looks-cyber-security-trends-2011

-----------------------------------------------------------

- Australia

Australian Chapter Changes Leadership

November marked a changing of the guard for the Internet Society Australian Chapter when Tony Hill, after ten years as President, decided it was time to step aside.

+ Find out more at:
http://internetsociety.org/articles/internet-society-australia-changes-leadership

-----------------------------------------------------------

- Mali

Workshop on Migration from IPv4 to IPv6 in Mali

The Mali Chapter of Internet Society, in collaboration with African Network Information Centre (AfriNIC), worked together in organizing a three-day workshop days in Bamako, Mali to help technology experts be able to facilitate the transition from a declining Protocol (IPv4) and a another that is needed daily (IPv6).

+ Find out more at:
http://internetsociety.org/articles/workshop-migration-ipv4-ipv6-mali

-----------------------------------------------------------

===========================================================
Get Involved
===========================================================

There are so many ways to support the movement. No matter if you want to share your time or your voice - getting involved is what matters.

You can change the world for your friends, neighbours, family or people you've never met. Yes - you!

Explore the many ways you can help people around the world express their voice, culture, and tell their story.

+ Find out how to get involved at http://internetsociety.org/get-involved

===========================================================

If you have any questions regarding membership, please contact the Internet Society membership team at <membership@isoc.org>.

Copyright (c) 2011 Internet Society. Permission to duplicate and redistribute in any form is granted as long as this copyright and this notice remain
intact.

http://internetsociety.org/newsletter
Share:

Friday, December 30, 2011

Google Gmail doesn't meet LAPD security needs

An article by Stuart Johnston from SearchCloudComputing.com on how search engine giant, Google, failed to comply with LAPD security requirements in providing emails to the agency. Check it out at Google Gmail doesn't meet LAPD security needs

An interesting part of the article is the last paragraph which stated the mistake by Google and also incapable of other cloud to provide the needs of LAPD.

I do agree with the statement that no cloud can guarantee of 100% securities.. not even the Amazon and Microsoft. None in this world can claim that their cloud is secure from internal or external attack. I bet if they claim that, just challenge them to put their cloud on test by rewarding any hackers that could hack their cloud the fastest and I absolutely for sure that there will be successful hacker/s and I'm confident that many of the cloud provider will not do this.
Share:

Top five cloud security tips of 2011

Take a look on the article Top five cloud security tips of 2011

It summarize the tips based on author's perspective.
Share:

Methods overloading or overriding

An article by Javin Paul about two methods in Java which many of us including me confuse about it. Yes, we have used it (that includes me) but actually we don't know the differences between those two. So this is really good article for us to understand it ... check it out at Java Developers Group News | LinkedIn

But, which one is better for performance and standard?....
Share:

Thursday, December 29, 2011

US and Israel is behind Stuxnet and Duqu Malware - Kaspersky

Stuxnet virus has at least 4 cousins  
VIRUS LINK: Customers using computers in Tehran in this May 9, 2011 file photo. According to new research from Kaspersky Lab, the Stuxnet virus that last year damaged Iran's nuclear programme was likely one of at least five cyber weapons developed on a single platform whose roots trace back to 2007. - Reuters

THE Stuxnet virus that last year damaged Iran's nuclear programme was likely one of at least five cyber weapons developed on a single platform whose roots trace back to 2007, according to new research from Russian computer security firm Kaspersky Lab.

Security experts widely believe that the United States and Israel were behind Stuxnet, though the two nations have officially declined to comment on the matter.

A Pentagon spokesman declined comment on Kaspersky's research, which did not address who was behind Stuxnet.

Stuxnet has already been linked to another virus, the Duqu data-stealing trojan, but Kaspersky's research suggests the cyber weapons programme that targeted Iran may be far more sophisticated than previously known.

Shared platform
Kaspersky's director of global research & analysis, Costin Raiu, told Reuters that his team has gathered evidence that shows the same platform that was used to build Stuxnet and Duqu was also used to create at least three other pieces of malware.

Raiu said the platform is comprised of a group of compatible software modules designed to fit together, each with different functions. Its developers can build new cyber weapons by simply adding and removing modules.

"It's like a Lego set. You can assemble the components into anything: a robot or a house or a tank," he said.
Kaspersky named the platform "Tilded" because many of the files in Duqu and Stuxnet have names beginning with the tilde symbol "~" and the letter "d."

Researchers with Kaspersky have not found any new types of malware built on the Tilded platform, Raiu said, but they are fairly certain that they exist because shared components of Stuxnet and Duqu appear to be searching for their kin.

When a machine becomes infected with Duqu or Stuxnet, the shared components on the platform search for two unique registry keys on the PC linked to Duqu and Stuxnet that are then used to load the main piece of malware onto the computer, he said.

Kaspersky recently discovered new shared components that search for at least three other unique registry keys, which suggests that the developers of Stuxnet and Duqu also built at least three other pieces of malware using the same platform, he added.

Those modules handle tasks including delivering the malware to a PC, installing it, communicating with its operators, stealing data and replicating itself.

New modules
Makers of antivirus software including Kaspersky, US firm Symantec Corp and Japan's Trend Micro Inc have already incorporated technology into their products to protect computers from getting infected with Stuxnet and Duqu.

Yet it would be relatively easy for the developers of those highly sophisticated viruses to create other weapons that can evade detection by those antivirus programs by the modules in the Tilded platform, he said.

Kaspersky believes that Tilded traces back to at least 2007 because specific code installed by Duqu was compiled from a device running a Windows operating system on Aug. 31, 2007. - Reuters

As published in  The Star Online on December 29, 2011.

The articles is also published in Malay language at Berita Harian on December 30, 2011.


Share:

Decoding malware SSL using Burp proxy

When performing dynamic analysis of malware, you will occasionally encounter SSL being utilized for network communication, thus preventing you from analyzing the content.  Typically Wireshark is utilized to examine network traffic at the packet level. Wireshark has an SSL dissector that allows for the decryption of SSL traffic if you provide the decryption keys. This technique is described in detail on the Wireshark wiki.   However, I prefer to use an intercepting proxy to attempt the SSL analysis. The proxy will use its own SSL server certificate to negotiate and establish an encrypted session with the remote host. Essentially you are using the proxy to "Man-in-the-Middle" the malware's connection to the remote server.....

read the complete article here
Share:

Monday, December 26, 2011

« Public Status Updates Plunged 93% Since Facebook Moved Privacy Controls Inline Facebook Is Testing Event Suggestions » 35 Privacy Changes Facebook Must Make In Europe

Facebook and the Office of the Irish Data Protection Commissioner publicly released the results of a detailed three-month audit of the social network’s privacy policies in the European Union region, but what steps did the social network agree to implement?
Facebook’s European headquarters are in Dublin, Ireland, which explains why the authorities over there get to dictate the social network’s entire plan for the continent.
That said, here are the policy changes Facebook promised to ma,e grouped by the dates set as delivery goals.

Immediately

  1. Facebook is taking steps to limit data collection from social plug-ins, restricting access to such data, and moving to delete such data according to a retention schedule.
  2. Facebook will retain ad-click data for two years, and a review will occur in July 2010 to determine if further reductions in the retention period are necessary.
  3. Within 10 days of receiving data via social plug-ins, Facebook will remove the last octet of the IP address from social plug-in impression logs, and delete browser cookies set when users visit Facebook. The social network will also: delete receives and records through social plug-in impressions within 90 days; make all search data anonymous within six months; do the same for all ad-click data within two years, and significantly shorten the retention period for log-in information.
  4. Impression data received from social plug-ins will become anonymous within 10 days for logged-out users and non-users and deleted within 90 days. For logged-in users, those data will be aggregated or become anonymous within 90 days.

January, 2012

  1. Facebook will provide identifiable personal data about users or nonusers upon access requests within 40 days, and it committed to grant users easy and effective access to their personal information. Data will be added to tools including users’ profiles, activity logs, and download tools beginning in January.
  2. Facebook agreed to strengthen its single point-of-contact arrangements with law-enforcement authorities that request user data by mandating that all such requests be approved by a designated officer of a senior rank and recording that approval in the request. It will also require that the section of the standard form for such requests that asks why the requested user data is sought be fully completed, and it will re-examine its privacy policy to ensure consistency. The process will begin in January and be reviewed in July.

  3. Facebook will provide an additional form of notification for its tag suggest feature, appearing atop the page when users log in, which will disappear once users interact with it, or appear a total of three times for users who do not interact with it. More detail will be offered on how the tag suggest feature works, and this information will also be shown if users adjust their settings. The social network will also discuss any plans to extend tag suggestions beyond confirmed friends with the DPC before implementing any such changes.
  4. The authorization token granted to applications can be transferred between apps to allow second apps to access information not granted by users. Facebook will provide more messaging to developers highlighting its policy regarding sharing of authorization tokens, and it will investigate technical solutions to reduce risk of abuse. Notifications to app developers will be completed by the end of January, with an assessment of the issue and a solution by the end of the first quarter.
  5. Facebook will integrate user password resets by employees into its monitoring tools.

February, 2012

  1. Facebook will move the links to its data-use policy and other policy documents, as well as the help center, to the left side of the user’s homepage.
  2. Facebook recently changed its granular data permissions dialog box for applications to enable users to fully understand the permissions they are granting to third-party apps, and it’s expected to become fully available on all apps by February, with a further assessment in July.
  3. Facebook will further educate users on the importance of reading app privacy policies and will increase the size of the “report app” link in the dialog box.

First Quarter Of 2012

  1. Facebook will begin phasing in the ability for users to delete friend requests, pokes, tags, posts, and messages on a per-item basis, with the hopes of showing demonstrable progress by its review in July.
  2. Facebook will move the option to exercise control over social ads to users’ privacy settings from account settings, in order to improve accessibility and knowledge of the ability to block or control ads users do not wish to see again.
  3. Facebook will provide users with information on what happens to deleted or removed content, such as friend requests received, pokes, removed groups, and tags.
  4. Facebook will work with the DPC to simplify explanations of its data-use policy, identify a mechanism for users to choose how their personal data are used, and provide easier accessibility and prominence of these policies during and subsequent to registration, including the use of test-groups of users and non-users.
  5. Facebook will clarify its data-use policy to ensure full transparency.

  6. Facebook will provide additional information on how log-in activity from different browsers across different machines and devices is recorded in its revised data-use policy.
  7. Facebook agreed that it will no longer be possible for a user to be recorded as a member of a group without that user’s consent. Users will not be recorded as members until they accept invitations, and they will be able to easily leave groups.
  8. Facebook will work toward reviewing alternatives to mobile transmission of user data, as well as educating users about the fact that their details are transmitted in plain text when they synch their contact information from mobile devices.
  9. Even though it should be obvious to users that their synchronized data still exists after synching is disabled, Facebook will add text to that effect .
  10. Facebook immediately geo-blocked the major European Union domains so that messages from pages could not be sent to the vast majority of the social network’s EU users and nonusers, and will further refine information and warnings for businesses using the ability to upload up to 5,000 contact email addresses for page contact purposes.
  11. Facebook will add information to its policy clarifying that it acts as a data controller and information generated by use of Facebook Credits is linked to users’ accounts. The social network will also launch a privacy policy for its payments systems in approximately six months.

Second Quarter Of 2012

  1. When a friend of a user who installs an application has chosen to restrict what apps can access about them, apps cannot override this selection, but Facebook will examine alternative placements for app privacy controls to more easily enable users to make informed choices about what apps installed by friends can access personal data about them, and it will report back prior to July.
  2. Facebook will review the broader implications of a recommendation by the DPC that members be allowed to prevent tagging of themselves once they fully understand the potential loss of control and prior notification that comes with it.
  3. Facebook will review the broader implications of a recommendation by the DPC that it add functionality to inform users how broad an audience will be able to view their posts, and to notify them if profile settings are changed to make that post available to a greater audience.

July, 2012

  1. Facebook will work with the DPC to establish an acceptable retention period for data held in relation to inactive or deactivated accounts.
  2. Facebook will assess changes it has already implemented to its granular data permissions dialog box to enable users to choose who can see when they activate and use an app.
  3. Facebook is examining the technical feasibility of deploying a tool to check whether privacy policy links are live, and it will provide an update in July.
  4. Facebook will further refine its auditing and automated tools to monitor and take action against applications that breach platform policies, such as accessing user information other than where the user has granted an appropriate permission, and there will be a progress review in July.
  5. Facebook will continue to document policies and procedures in order to maintain consistency in security practices, and newly documented policies and procedures will be reviewed in July.
  6. Facebook is implementing a new access-provisioning tool that will allow more fine-grained control of employee access to user data, and it will thoroughly review the application and usage of the new token based tool in July.
  7. Facebook is working toward meeting the DPC’s objective that it irrevocably delete user accounts and data upon request within 40 days of receipt of the request, and it will review its progress in July.
  8. Facebook will take additional measures during the first half of 2012 to ensure that new products or uses of user data take full account of Irish data protection law, and it will have the procedures, practices, and capacity to comprehensively meet its obligations in this area in place by July.

To Be Determined

Facebook will meet with the DPC in advance of any plans to provide individuals’ profile pictures and names to third parties for advertising purposes, and users would have to provide their consent.
Images courtesy of Shutterstock.

From http://www.allfacebook.com/facebook-privacy-europe-2011-12
Share:

The International Conference on Digital Information and Wireless Communications (ICDIWC2012)

The International Conference on Digital Information and Wireless Communications (ICDIWC2012)

Hindusthan College of Arts and Science, India

http://www.sdiwc.net/icdiwc2012/

You are invited to participate in The International Conference on Digital Information and Wireless Communications that will be held in India, on March 8-10, 2012. The event will be held over three days, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures.
Best selected papers will be published in the following special issue journals
  1. International Journal of New Computer Architectures and their Applications (IJNCAA)
  2. International Journal of Image Processing and Applications (IJIPA)
  3. International Journal of Data Mining and Emerging Technologies
  4. International Jouranl of Digital Information and Wireless Communication (IJDIWC)

Important Dates

Submission Date Jan 10, 2012
Notification of acceptance Feb. 1, 2012
Camera Ready submission Feb. 20, 2012
Registration Feb. 20, 2012
Conference dates March 8-10, 2012

Location

ICDIWC2012 will be organized by Hindusthan College of Arts and Science, India in cooperation with The Society of Digital Information and Wireless Communications (SDIWC). All the activities of the conference will take place in India.

Would you like to organize a workshop or a special session or a tutorial?

If you are interested in organizing any workshop or special session, please send us email to cd@sdiwc.net with the title of the session

Would you like to be a reviewer?

All the reviewing are online. Please visit http://www.sdiwc.net/icdiwc2012/ then select link be a reviewer. More details are listed there.

Submission

Submission instructions are listed at this link Submission of Papers

Contact

Send E-Mail to : cd@sdiwc.net See for further details: http://www.sdiwc.net/icdiwc2012/

Share:

Friday, December 23, 2011

Five predictions for security in 2012


Posted by Elinor Mills | 12/23/2011 | 04:00 AM  
 
This was an exciting year in the Internet security community, with big tech firms like Sony and RSA getting hacked and putting consumer data and corporate networks at risk, and reports of attacks on utilities, among other targets. Scary things that go bump in the night are actually happening to computer systems that matter and it's only going to get worse. Here's what we think will happen in 2012.

Malicious Android apps will increase As a target for malicious software, Android is the Microsoft of the mobile platform. Android has more than 50 percent of the smartphone market, eclipsing all others, so it's the most attractive platform for scammers to target. While iPhone apps get vetted by Apple, Google's open apps store model, which lacks code signing and a review process, makes it easy to distribute malware in apps.

The numbers bear this out. In the last six months, the number of malicious Android apps has doubled to 1,000, a report from mobile security firm Lookout says. Granted the vast majority of the malware--often disguised as legitimate apps--is found on third-party sites. But some malicious apps have made it to the Android Market. Google yanked about two dozen apps containing malware in May and nearly 60 malicious apps in March. (That's not counting the nearly 30 apps pulled in December that appeared to be designed for fraud.)

Google moves quickly when problems are reported, but removing apps after-the-fact means there may be users who have downloaded them already. To be fair, the likelihood that the average Android user will encounter malware is very, very slim because most people avoid third-party sites where they are required to allow apps from unknown sources to be downloaded, and are thus assuming the risk. The hot apps market, in general, is problematic because mobile developers typically don't have experience creating secure software. So keep your eye on this space.

A(nother) utility will get hacked
Hacking of corporate and government networks happens all the time. Now that SCADA (supervisory control and data acquisition) systems used in utilities and other critical infrastructure environments are being connected to the Internet, without the built-in security that traditional information technology networks have, it should come as no surprise that hackers will make their way in to areas where they conceivably could cause real harm to the environment and people.

The first wake-up call for the industry was the Stuxnet malware that emerged last year that appeared to have been designed to sabotage Iran's nuclear program. Then a leaked report in November appeared to be the first acknowledgement of a cyberattack on a U.S. critical infrastructure system, but the Department of Homeland Security denied that there had been an attack and ultimately it turned out to have been a false alarm.

However, an unnamed hacker claimed to have remotely breached a system at a Texas water plant, as well as systems in Europe. That investigation was pending. It's clear hackers are targeting these sensitive and critical systems, for whatever reason. Given how easy it is to find SCADA equipment with just a Google search, all the holes the SCADA systems seem to have, and that researchers say it is relatively easy to exploit the weaknesses, you can expect more attacks on critical infrastructure systems in the coming year. Whether they will make it to the news or be kept a secret, is another thing.

E-voting machines will have security hiccups
We're heading into an election year so that means get ready for the quadrennial voting snafus. Previous national elections have seen their share of problems with e-voting machines--votes not being recorded accurately and not allowing for adequate auditing, among other problems.

Even in the last election in 2008, a security flaw deleted votes from a computer database in one county in California, and there were reports of machine malfunctions in Pennsylvania and Virginia and mis-recorded votes in Ohio. Despite the problems , the machines may not be all that much improved by this coming election. Researchers warned in September that it is still possible for fraudsters to sneak hardware into an e-voting system that could be used to remotely change votes after they have been cast. If that fails, there's always the Supreme Court.

People will continue over-sharing despite the privacy ramifications
This next prediction is a no-brainer, but it touches so many of our lives that to ignore it would be silly. We have become a society of sharing to the detriment of our personal privacy.

Social media provides a way for me to share every aspect of my life with people, from where I went to school to what restaurant I'm dining at tonight to who my friends are and what my pet looks like. The ego prompts us to accept all the friend requests and seek more followers, and to bombard them with more details of our lives than anyone needs to know. We also are unknowingly revealing sensitive information, such as when we post photos containing GPS coordinates without realizing that the shot of my home can easily lead strangers' to my doorstep.

Companies like Facebook are offering increased integration so that my activities on the site and elsewhere are automatically shared with others. So now I can see what music my friends are listening to and what articles they are reading right now. But advertisers are privy to more information about us collectively, and me individually as well. Many people don't care if they see ads targeted to their tastes and lifestyle, but I doubt most of them really want to be blasting their commuting route, work hours, and up-to-the-minute whereabouts to the world.

Companies need to better explain the privacy implications of the new features they offer, but consumers need to be asking themselves questions before they push "post," such as "Do I care if people I don't know or enemies are able to see this?"

Hacktivists will form a new 99 Percent Party
There's no doubt that 2011 can be called the Year of the Hackers. The Anonymous movement and its offshoots, notably LulzSec, gained fame and notoriety for their denial-of-service attacks and data breaches on a host of targets. From Sony and the CIA to bankers, police officers, and Fox News, the attacks were a daily occurrence for months. With the emergence of the Occupy Wall Street protests, Anonymous actions became more organized and focused on a cause--political protest of financial inequality and corporate influence--and inclusive, online and offline.

The faceless hacktivists in Anonymous joined scores of everyday people to demonstrate in squares throughout the world and put a face, many faces, on the crisis of poverty and economic injustice. The Anons, as they call themselves, have ownership in the larger political movement and could provide the technical skills and online organization needed to create a new party that appeals not just to the tech-savvy Gen Y-ers, but to their parents and grandparents who are struggling to make ends meet.

Credit to http://m.cnet.com/Article.rbml?nid=57347329&cid=null&bcid=&bid=-245
Share:

Bot Hunter

Share:

Think static analysis cures all ills? Think again.

Mark Pitchford

3/1/2011 11:15 AM EST

Static code analysis has been around as long as software itself, but you'd swear from current tradeshows that it was just invented. Here's how to choose the right code-analysis tools for your project.

Static analysis (or static code analysis) is a field full of contradictions and misconceptions. It's been around as long as software itself, but you'd swear from current trade shows that it was just invented. Static analysis checks the syntactic quality of high-level source code, and yet, as you can tell from listening to the recent buzz, its findings can be used to predict dynamic behavior. It is a precision tool in some contexts and yet in others, it harbors approximations.(read the article here)


I believe none of static analysis tool developer would claim that their tool can solve everything. Don't get the wrong idea, but static analysis is only a tool TO REDUCE (if not remove) software errors and possibility of the software being exploited. And based on my studies (I've published a paper entitled "Preventing Software Vulnerabilities - Why Static Analysis is ineffective"), it is not the tool that failed to deliver or to be blame 100%. The tool is also developed by human which the purpose is to reduce human error in programming. Thus, there will always be limitation on the tool. In addition, the tool are dependent on the technique implemented. Hence, there should be improvement on the technique or combination of multiple technique in a tool first.
Share:

Static Analysis versus Dynamic Analysis

Paul Andersen from GrammaTech (the company that develop CodeSonar) share his thought on using both, static and dynamic analysis, to detect vulnerabilities. (read the articles here)

Lots of comments given which share the same thought as me. However, if I were to choose one, I'll definitely use static analysis. As I'm doing research in that area, I do found that we can remove all vulnerabilities related to C overflows at the beginning without using dynamic analysis. Of course there are pros and cons of using dynamic analysis, but the major issue with dynamic analysis which make me choose static analysis instead of dynamic is that the cost of re-write the code of modified the code is higher after the development phase and it can introduce unknown error too.

However, if a company can afford to use both, then I do recommend to use both. BUT, it is hard to choose the tool as all companies claimed their tool have better detection rate.
Share:

Using C to Blend Mathematics and Art (When Math goes Beautiful)

A 'how to' article by MarkDaniel on developing a program to produce beautiful geometrical diagram using C.
Check it out at http://www.codeproject.com/KB/mcpp/CBlendMathematicsArt.aspx
Share:

Thursday, December 22, 2011

Top security incidents of 2011

Although vendor-written, this contributed piece does not advocate a position that is particular to the author's employer and has been edited and approved by Network World editors.
Everyone will agree that 2011 was a busy year in the field of data security, so as the year draws to a close it seems appropriate to begin the process of distilling our experiences into "lessons learned" that we can take into 2012.
Of course, there isn't room here to conduct a thorough examination of every significant event. Listing only the largest and most publicized events runs the risk of burying some of the more interesting items. So events are selected according to a combination of magnitude and ability to inform our thinking going forward.
read more.
Share:

Attack in Quantum Network - Is it possible?

A paper written by Chinese researcher demonstrate the possibility of attack in optical network (read here).

The question raised now is that will there be possible attack on quantum network or it remain as theory and only proven in lab with control parameter implemented?
Share:

Wednesday, December 21, 2011

Conference List as of Dec 2011

Share:

Decide - When and What to buy Electronic gadget

I'm not sure how good this website are you can take a look and decide on your own :)

http://www.decide.com/
Share:

Sunday, December 18, 2011

The 10 Most Important Open Source Projects of 2011 - From Joe 'Zonker' Brockmeier's Perspective

Well, here we are, another year almost done for. Time to look back and take stock of the year that was. You know what? It turns out that 2011 was a banner year for open source projects. So much so, that picking the 10 most important was pretty difficult.
So what do I mean by "important," anyway? Clearly, it's not just projects that are widely used. That list would be just too long to even contemplate. You'd have to include Apache, GCC, X.org, Debian, Fedora, openSUSE, Linux Mint, not to mention a bazillion and one libraries and utilities that we depend on every day.
So to judge importance, I looked at projects that are influential, gaining in popularity, and/or technical standouts in new areas. In other words, projects that are even more noteworthy than the other noteworthy projects. This means that many projects that are crucial didn't make the list. And now, in no particular order, the 10 most important projects of 2011.

Hadoop


Hadoop Logo
Hadoop Logo
Without a doubt, Hadoop has had a fantastic year. The distributed computing platform from Apache has seen massive uptake and industry support. Hadoop is being used and/or supported by almost every enterprise player. Naturally it's big with Yahoo, the company that started the project, but it's also being used by Amazon, IBM, Twitter, Facebook, and just about any other company that's working with Big Data.
Hadoop isn't new, of course, but this year it really seemed to take off as an industry standard. Kind of like Linux, when you think about it... This year EMC, Oracle, and even Microsoft announced commercial support or products that work with Hadoop, and Yahoo spun off HortonWorks to focus on Hadoop. It's almost easier to name companies that aren't working with Hadoop than ones that are.

Git

Speaking of ubiquity, how about that Git, huh? Linus Torvalds other little hobby project has not only done good for Linux, but it's hugely popular for FOSS projects. If you're working on a new open source project, the odds are pretty good that you're going to be using Git over any other distributed version control system (DVCS).
Git isn't just a popular tool, it's the foundation of one of the most popular gathering spots around the Web for open source development: GitHub. It's also being used and offered by Gitorious, SourceForge.net, Google Code Hosting, and pretty much every other major platform for hosting FOSS projects.

Cassandra

Was 2011 the peak of noSQL as a buzzword, or was that 2010? It's so hard to keep track, but Apache Cassandra deserves a slot in the top 10 this year buzzword or no.
If you're not familiar with Cassandra, it's a scalable, distributed, and fault-tolerant database that takes cues from Amazon's Dynamo (PDF) and Google's BigTable database system.
Cassandra has been adopted by an impressive list of users including IBM, Netflix, Digg, Facebook, Rackspace, and many others.

LibreOffice

The LibreOffice team has done a great job of keeping the OpenOffice.org torch burning after the Sun acquisition. While Apache is working to continue OpenOffice.org, LibreOffice picked up the ball and ran with it. The project has delivered release after release, not only with a slew of new features but also with reliable updates for major versions that are exactly what organizations that depend on an office suite need.
For anybody that's interested in running Linux on the desktop, LibreOffice has been a crucial project. For users who want to get away from Microsoft Office, but still have compatibility with Office file formats, LibreOffice has been there for them.
Not only has LibreOffice done well technically, it's also moved forward with impressive speed as an organization. 2012 should be an interesting year for the open source office suite.

OpenStack

Few projects have taken off quite like OpenStack. The "cloud operating system" kicked off by RackSpace has signed up (at this count) 144 companies to work on OpenStack, including SUSE and Canonical.
OpenStack is designed to provide the components that any organization would need to use to deploy their own private or public cloud: Compute, object storage, image service, and (newer) identity management and a GUI dashboard.
Now, you're not going to see much OpenStack in deployment yet — but it's definitely a project to watch for open source cloud.
An honorary mention goes to Eucalyptus, though. While OpenStack has oodles of momentum and industry support, Eucalyptus has production deployments and Amazon Web Services compatibility. This is not an area where it's a "zero sum" game — there's room for several players, and I suspect that Eucalyptus will be around for a very long time as well.

Nginx

Apache (more accurately, the Apache HTTP Server Project) still rules the Web with an iron fist. OK, it's more like a velvet glove, but Apache is definitely far and away the most popular Web server. But 2011 was a huge year for Nginx, an alternative Web server that excels at HTTP and reverse proxy serving.
Nginx reached a lifetime peak of 8.85% market share this year on the Netcraft Server Survey. According to this profile on Royal Pingdom, the usage for Nginx has jumped nearly 300%.
The little server that could reached another major milestone this year as well. Specifically, Nginx went corporate and started offering commercial support.
It's being used by some of the biggest sites in the world, including Dropbox, WordPress.com, Facebook, and about 25% of the world's busiest sites.

jQuery

You can't swing a cat these days without hitting a Web developer using jQuery. Not that you should go around swinging cats, of course. jQuery is a JavaScript library that's massively popular. In fact, it's considered the most widely used JavaScript library in the world.
If you're working with JavaScript, you've probably touched on jQuery this year. As of late, it's come into criticism and some folks have tried to slim it down, but jQuery is still the go-to for many developers.

Node.js

Another JavaScript entry for the top 10, you'd almost think that Web development was important this year or something. Node.js is built on Google's V8 JavaScript engine and is designed to be "an easy way to build scalable network programs."
Node.js is another big win for open source industry acceptance – sponsored by Joyent, it has a healthy community of contributors and is used by everybody from LinkedIn to 37Signals, Rdio, Yahoo, and GitHub.

Puppet

Another set of watch-words for 2011? DevOps, and IT automation. While there are a number of excellent open source IT automation offerings out there, this year belonged to Puppet.
Puppet is an "automated administrative engine" primarily aimed at Linux and UNIX-like systems. It can be used to perform administrative tasks across two, twenty, or two thousand computers. (Probably even more.) Puppet has been steadily growing and improving for years, but this year Puppet went after the enterprise big time with its Puppet Enterprise offering. It's also gotten a big vote of confidence in the form of an investment from Google Ventures, Cisco, and VMware. Puppet hasn't just been important in 2011, expect it to be big in 2012, too. (And if you're a system administrator hunting for work, you probably want Puppet on your resume along with our next entry.)

Linux

Linux, the kernel, has had a pretty good year. What am I talking about? Linux had a great year. It turned 20, hit 3.0 (not coincidentally) and continued merrily on the path to world domination.
Sure, we kid about world domination – but have you looked around lately? Linux is everywhere. It's powering phones and all kinds of embedded devices. It's the bedrock of cloud services, and dominates the TOP500 supercomputer list.
Google, Netflix, Facebook, Twitter, countless government agencies, businesses, and educational institutions depend on Linux for mission-critical services. The long and short of it is, without Linux, many of the other projects we depend on simply wouldn't have been possible. It's the rock-solid foundation that people use to build so many important services. (And not-so-important, too.)

No Android?

While I was compiling this list, I thought hard about putting Android on. It's hard to argue that Android is unimportant in 2011, isn't it? Absolutely. It's also, unfortunately, hard to make a strong case for Android as an open source project.
Sure, Google lobs some source over the wall when it gets around to it – but Android development happens mostly behind closed doors. There's little opportunity for the millions of Android fans and potential hackers around the world to influence Android development unless they happen to work for Google or one of its partner companies.
It's great that Google releases the code, but it's more of a "source open" project than an open source project.

All the Rest

As I said, there's just not room for every open source project that's important to somebody. But maybe I missed a project that had a stand-out 2011? If you have a project that qualifies, let us know in the comments. And while you're at it, what do you think for 2012? What projects will be most important then?

Directly copied from https://www.linux.com/news/featured-blogs/196-zonker/524082-the-10-most-important-open-source-projects-of-2011
Share:

About Me

Somewhere, Selangor, Malaysia
An IT by profession, a beginner in photography

Blog Archive

Blogger templates