My experience on my daily works... helping others ease each other

Saturday, May 28, 2011

The problem with static analyzers

Static analyzers offer a lot of capability. They could easily go a lot further.
At the recent Embedded Systems Conference in Silicon Valley I had the chance to talk to several vendors of static analyzers. These are the tools that evaluate your program to find potential runtime problems, like variables going out of bounds or dereferences of null pointers [read more].

There are few key points here. First, the author mention that static analyzer for embedded is still new and there are still works need to be done in this area especially it is yet to achieve its full capability. Secondly, he mention the limitations or issues related to static analyzer. That was indeed have been carried over for the past decades starting early 90s. There are more than a dozen technique used by static analyzer ranging from as simple as lexical analysis to complex implementation of abstract interpretation. More than 40 tools, open source or commercial version, had been develop based on the 12 techniques. It is yet to produce any significant result in finding errors or problem in the source code.
Share:

Friday, May 27, 2011

Researcher finds LinkedIn security flaw

New Delhi-based security expert says LinkedIn access cookie only expires after one year, potentially allowing hacker access to user accounts without need for passwords, according to news report [read more].

The first time I read it through, I thought, is this serious? Is it real? And the next steps was to evaluate what the articles said and the results quite surprising. It is for real I can still use the same cookie and login from different machine although I've remove all histories or cookies in the browser.

Next question is how can we solve this? The article only raise the question/issue/problem but never propose any solutions. There are ways to overcome this. First and foremost, of course LinkedIn should implement restriction whereby it should impose limitation on the cookie activation to maximum of 2 weeks (Yahoo mail allowed that). Next is to implement another security mechanism for example trust and privacy which has becoming a widely standard for internet applications.

There are not many institution focus on this but the impact of having this as part of security mechanism was significant enough to protect and prevent losses. At Malaysia, only MIMOS focusing on having trust and privacy as part of their R&D area and had been producing numbers of technologies based on that. For more information, check it out at the website here.
Share:

Sunday, May 22, 2011

Avoiding yourself as spam-sender

Last week, I notice something weird. I received few junk email and bounce-email indicating that I'm sending a link to all person in my contact list. A few of my friend even open the mail and try to open the link.

I don't know who, how, and when it happen by I realize that something has gone wrong. Either someone had gain access to my laptop or successfully gain access to my email account and retrieve list of contact address. However, I managed to disable it. Here are steps I did.

1. Run Anti-spamware and/or any anti-malware tool. Clean the laptop.

2. Change email setting and account configuration.

3. Remove unknown email address or inactive email address.

This shall do the trick and prevent other people from manipulating you.
Share:

In-memory analytics plugs real-time need

Business analytics based on in-memory computing will continue to gain traction even as companies try to make sense--in real-time--of the ever-increasing volume of data generated, noted an analyst.
 
Daniel Zoe-Jimenez, program manager of enterprise applications and information management at IDC Asia-Pacific, said that in-memory computing, which he defined as "accessing and analyzing data sets without it being written down in storage", has been in the market for almost a decade. This means that a product such as SAP's Hana appliance, which is based on in-memory computing technology, is not a new offering, he pointed out [read more].
Share:

Javascript are now as powerful than vbscript - Is it?

The latest project to emerge from prolific programmer Fabrice Bellard is a JavaScript program that runs Linux on an emulated x86 processor within a browser [read more].
Share:

Could Sony have prevented breach?

Failure to address "insecure" infrastructure may have led to attack on electronics giant, says security expert, who also warns loss of customer data may be "tip of the iceberg" [read more].

When something happen, most people are looking forward to pinpoint someone or something causing the problem/issue. We are likely to search for root cause of it. If we ever find it, we still trying so hard to find someone that we can pointing to.

However, there are very few peoples looking from another angle. An angle of opportunity. There are lots of research area or even solutions based on Sony 'earth-quake'. From security aspect, there are anonymization, privacy, trust, and even data leak prevention or data access protection. The are still gaps in this areas that research although had spent more than decade, yet it still exist for exploration.
Share:

Conference - Coming soon

Share:

Monday, May 16, 2011

Clearing up the mesh about wireless networking topologies: Part 2

Having covered the basics of wireless networking in Part 1, as well as the criteria for evaluating the various topologies, it is now time to look closely at five different network architectures - point-to-multipoint, Zigbee 2007, Wireless Hart, 6LoWPAN, and on-demand distance vector routing - and assess their strengths and limitations [read more].
Share:

Securing SoC Platform Oriented Architectures with a hardware Root of Trust

While it has long been the purview of electronic product vendors to rise to the challenges of managing ever shortening product life cycles, a new trend is afoot that may turn the tables in favor of longer platform hardware life cycles.

As embedded programmable processor based features increase in power, increasingly sophisticated platform System on Chip (SoC) architectures, including configurable hardware, boot code, firmware, and system software now bring to systems the ability to modify basic hardware functions and features without redesigning the SoC from scratch [read more].
Share:

Securing USB Transmission

As more and more embedded designs move toward communicating with computers, there is a growing demand for USB connectivity. USB doesn't have a built in security mechanism for securing the data communicated on the bus. For some applications, this might be a concern.
USB defines several sets of device classes that specify how these devices operate. Many of these devices have predetermined communication data formats that must be followed so that they operate correctly [read more].
Share:

Bullet-proofing your software design

In August 2003, a rolling blackout affected 10 million people in Ontario and 45 million people in the eastern part of the United States, raising concern that a cyber-attack by a hostile force was underway. Ultimately the causes of the blackout were traced to a slew of system, procedural, and human errors and not an act of aggression. Nevertheless, the event brought home the vulnerability of critical infrastructures connected to the Internet, raising awareness of the need for secure system components that are immune to cyber attack [read more].
Share:

Things to consider when securing an embedded 802.11 Wi-Fi device

What are things you need to consider when you are securing your wireless devices? As we all know, most of security implementation focusing on wired devices. Only less implemented in wireless environment and the wireless devices still need a wired devices to enable its functions.

Lets take a look on article written by Timothy Stapko on things you need to consider for securing your Wi-Fi devices at EETimes Online.
Share:

Is the SCADA Infrastructures Secure?

Governors and others frequently bemoan the lack of investment being made in crumbling infrastructure. Bridges, tunnels and the rest of the brick and mortar that enables our lives are in disrepair, and we're told things are getting worse. Shrinking budgets insure that repairs will continue to fall behind. Pundits also say the electric grid is old and not capable of meeting 21st century needs [read more].

This is an interesting article written way back on December 2010. But, from my perspective, this issue should be raise earlier than that especially when latest cases of attack by Stuxnet. There are few ways to protect such infrastructures but the most effective ways is yet to be established. Some has proposed use of Trusted Computing concept but this has yet to make a significant implications in security world. On Jan 14, 2011, guru of Trusted Computing is his presentation, has shares something about overflows; a classical ways of attacks and yet still relevant; which clearly could indicates that TPM, although was stated as a Temper-Proof device when it came into the picture, is still vulnerable to attack which is more than 20 years old.
Another solutions that seem interesting to implement but still too many doubt is Quantum Computing. It is yet to be successful implemented in a research environment. This is due to behavior of Quantum Computing which must be implemented in a stable environment to avoid the light being transmitted either distracted or destroyed. But current environment especially in SCADA infrastructures, this seem impossible until those researcher could find a way to do this in unstable locations.
Hence, a good and accepted solutions for securing SCADA infra. has yet to come.
Share:

Saturday, May 7, 2011

IGF 2011 Ambassadors Programme – Call for Applications

THE INTERNET IS FOR EVERYONE

A message to all members of ISOC MALAYSIA Chapter

IGF 2011 Ambassadors Programme – Call for Applications
 
The Internet Society is pleased to announce a call for applications to participate in the Internet Society (ISOC) Ambassador programme to the Internet Governance Forum (IGF) meeting in Nairobi, Kenya in September 2011.
 
As part of the Internet Society’s Next Generation Leaders programme, the IGF Ambassador programme is designed to involve members in ISOC’s global engagement activities while providing valuable expertise and know-how to the IGF meeting in Nairobi.  The Internet Society supports participation of first time Ambassadors as well as returning Ambassadors from Internet Governance Forums in Rio (2007), Hyderabad (2008), Sharm El Sheik (2009), and Vilnius (2010).
 
"Since the Internet Society started the IGF Ambassadors programme in Rio in 2007,” notes Toral Cowieson, Internet Society Senior Director of Internet Leadership Programmes, “the issues have become more complex and the stakes higher.  ISOC is committed to fostering rising and future decision-makers at the intersection of policy, technology, and business and our renewal of this programme recognizes that these multi-disciplinary leaders are at the core of the discussion of an open and robust Internet."
 
The IGF 2011 meeting will take place Tuesday 27 through Friday 30 September 2011. Interested individuals should be available to arrive no later than Saturday 24 September.
 
The deadline for applications is Friday, 27 May 2011.
 
The Next Generation Leaders programme, under the patronage of the European Commission for Information Society and Media, blends course work and practical experience to help prepare young professionals (aged from 20 to 40) from around the world to become the next generation of Internet technology, policy, and business leaders.

Further details on the Internet Society’s IGF 2011 Ambassador program are available here.  
 
For more information, see:
 
The Internet Society’s Next Generation Leaders programme is sponsored by Nominet Trust and AFNIC.
 
For more information on how to become a Next Generation Leader programme partner, visit http://www.isoc.org/leaders or e-mail leader-sponsor[at]isoc.org.
Visit ISOC MALAYSIA Chapter at: http://www.isoc.my/?xg_source=msg_mes_network
 

Share:

About Me

Somewhere, Selangor, Malaysia
An IT by profession, a beginner in photography

Blog Archive

Blogger templates