Archive for January 2012
As computers become even more integral to our daily lives, and as software migrates outward from the personal computer to the cloud, application security becomes increasingly more important. One of the easiest ways to lose a customer is to lose data which was believed to be safe. If that data is lost to an attacker or thief, the problem is compounded if the missing information ends up in the hands of someone with nefarious intentions.
While application security should play a central role in any current software product design, this hasn’t always been necessary. Applications running on personal computers present very few attack vectors in most circumstances. Without a direct connection through a user’s firewall, an attacker’s potential for mischief is vastly reduced.
Furthermore, many common attacks necessitated some form of code injection. Causing an application to misbehave in a beneficial way is a complex process requiring knowledge of the specific application and version being used. While viruses and malware are certainly common, the problems these cause are often limited to a single computer unless they specifically hijack the user’s internet connection to spread.
This is all beginning to change, however. Users have come to expect a much greater degree of communication from their applications than has ever been available previously. Long gone are the days of applications tied to single computers, or which store data in a single place. Today’s applications synchronize files, communicate with central servers, and practically shout their details to anyone smart enough to pay attention.
Many applications even abandon the model of local storage entirely, or view it as unreliable and undesirable. Modern, cloud-based word processors might store documents online by default, only synchronizing them with local storage when specifically commanded to do so. As such, an attacker need not compromise the application code itself to gain access to private data. Simply attacking the storage system can be just as effective.
Application developers are coming to see the benefits of cross-platform development using the same languages and technologies. The upcoming HTML 5 specification offers greater access to hardware and other subsystems than any other web technology. Even the upcoming version of Windows is said to prefer HTML 5 for application development.
While this represents fertile ground for developers, attackers have many more vectors available to them. If most applications are developed in HTML 5, then the attacker already knows the languages needed to inject malicious code. Browser sandboxes will go a long way toward resolving this issue in future platforms, but one of the main appeals of HTML 5 is that it works well with legacy browsers. As such, application developers cannot count on the existence of a sandbox in lieu of secure development practices, as this will leave many legacy users open to a variety of security risks.
Technology is advancing to a point of greater convenience for users and more rapid development for programmers. Yet these same benefits are present for attackers as well. Future applications must take advantage of these technologies to remain relevant, but if doing so abandons security, then these applications simply will not last. Whether they are brought down due to lack of consumer confidence or litigation, the end result is a great idea rendered useless by inattention and lack of knowledge. As such, an attentive approach to security is key to application longevity and relevance.
Want to learn more about application security? Check out more about our friends at Veracode:
- Veracode in Mass High Tech
- Veracode on Mobile Apps
- Veracode on Amazon Web Server
- Gartner’s Magic Quadrant for Application Security Testing 2011
Ever since the Internet took off in mainstream culture, countless films have attempted to capture the essence of computer hacking and hacker culture, but is it all as equally romanticized as most action films? Films tend to build upon reality and movies depicting actual real-world events and sciences seldom ever convey the reality of the situation.
The scenes of pop archaeology in the Indiana Jones franchise are undeniably fun, but these scenes do not actually depict the dull science that is archaeology. The movie fails to show the hours of slowly chiseling away at dirt and erecting scaffolding and supports for certain digs. This “dumbing down” of sorts is to be expected with movies centered on hackers and computer security.
Perhaps the most well-known movie about hackers and their culture is “Hackers”. This film was a stylish interpretation of Hacker culture, and it was first released in 1995. Complete with ridiculous outfits and jumbled computer jargon, the movie tried to piece together a coherent plot. Unfortunately, this campy film has not stood the test of time. The film now seems extremely outdated and even a bit campy.
How accurate is “Hackers”? One of the major plot elements in the movie that makes no logical sense is the fact that any given mechanism, such as sprinkler systems, could be remotely enabled or disabled with primitive computer technology. Even fifteen years after the release of this movie, most components of buildings are still controlled manually and not by computers. The hackers in the film can even use their hacking skills to capsize an entire oil tanker, which isn’t very realistic.
Perhaps the film will be more relevant in a future context when every working part of a facility is controlled by a network of computers, but for now, we remain reliant on manual interfaces.
Why haven’t we computerized every aspect of our lives yet? From a practical standpoint, think of the logistics behind finding a globally-recognized operating system or framework to control fire sprinklers, door locks, and so on. How many individual operating system editions would need to exist to help computers interact with a variety of appliances? The question is mind boggling.
There are also major security concerns behind the computerization of all appliances. Imagine that somehow a hacker was able to hijack the mainframe of a home. They could literally do anything they wanted to create chaos. For power plants and government facilities, computerization can also be a major security risk. The United States hacked into one of Iran’s research facilities, dealing massive damage to the computer network and disabling the plant from normal operation for several months.
While most of the movie “Hackers” is really heavy fiction interspersed with moments of popular science, the computerization of all mechanisms is inevitable. Perhaps hackers won’t be able to hijack oil tankers out at sea or cause a global war, but computer security specialists will always have a job to do. As new forms of software are invented, new minds will have to search for solutions to insulate corporations, individuals, and governments against crafty hackers and system intruders.
Looking to learn more about mobile application security? Find out more about our friends at NetQin mobile:
Ever since the invention of the personal and/or business computer, security has been an issue when it comes to protecting the information processed. Security measures put in place must take into consideration all methods designed to steal and compromise the integrity of the information systems. These methods vary as time goes by and can be anything from system intrusion to outright theft of the hardware containing the information.
A programmer or a developer needs to be mindful that security can be compromised from a variety of directions. Sometimes the attack can be through the network, silent and hard to detect, and other times there may be an attempt to steal the software itself. One of the most common attacks to a web server is called a “denial of service.” This type of attack sends so many requests to the server at one time. This overloads the server causing it to overload and freeze. This attack is easy to defend against. There are scripts that watch for vast numbers of requests and either denies them or throttles them to a level which the server can handle and then makes a log of the incident.
Any developer using a pre-made script from a common source will sometimes find that attackers have spent the time to look for vulnerabilities ahead of time. If an attacker knows that a script is going to be comely used, then all they have to do is plan their attack for the one script allowing them access to any site using that script. The best way to defend against such an attack is to keep the scripts updated and watch the internet for postings about vulnerabilities for the script they are using. Most of the time, issues will be addressed quickly and solutions will be posted on forums.
When developing software with trial capabilities, it is important to be aware of how easy it can be to circumvent your trial protection. A lot of software trial protection is being done through a separate process these days. This means that the time of tracking the process doubles and becomes more difficult. Bear in mind that no protection is fool proof and that the more security attention your software gets, the lower the chance people are using your software for free. If there are people interested enough in your game of application to try to steal it, then you have done well in your development.
In the end, there is a balance that must be achieved between the resources spent preventing theft versus the actual cost of theft. Some people in the industry will tell you that it’s part of the cost of doing business. A brick and mortar store can conceivably spent three thousand dollars on security to prevent one thousand dollars’ worth of theft. This obviously doesn’t make business. A better solution would be to spend five hundred dollars and to let some of the theft go as part of doing business as long as it’s not more costly than investing in added security measures. On the internet the most important information to protect is your client’s. No one wants to do business with a web merchant and then find that someone has stolen all of their personal information. Protect your clients first and foremost.
This post was written by the folks at NetQin, you can get help in securing your mobile device? Learn more about NetQin’s mobile security products:
- NetQin Yahoo! Profile
- NetQin Google Profile
- NetQin Mobile
- NetQin for Android
- NetQin for Nokia
- NetQin for Blackberry
Machines shops are necessary for the proper functioning of certain businesses, especially those in the business of processing and manufacturing. Others too, do benefit from the important yet crucial services provided by machine shops. There are always machine shops located on certain streets or particular locations at all major centers and big cities. Their services are important as they not only add value to other business but also provide the end consumer with good quality products and services.
Machine shops are established workshops or yards where plenty of important work is executed. These yards or machine shops contain large different types of machines. Examples of machines located at machine shops include lathe machines, milling machines, boring machines, grinding machines and many other types of machines. These machines are able to perform various types of jobs depending on customer or client specifications. Examples of jobs performed at machines shops include turning timber pieces into beautiful furniture pieces that carpenters may use to make furniture. Machine shops can also churn out a pinion rod for use by automotive companies and little items such as tops for portable gas cylinders and so on.
Businesses that cannot do without the services of machine shops need to know exactly where they are located, what hours of business they operate and what different types of services their shops offer. This is because various businesses and companies do require reliable machine shop services and knowing where to get these and how to get there is very important. Some well established machine shops may be known to the wider business community and especially to consumers of their services. Word may have gone round in regards to their services or location and many be aware of their presence. Sometimes others may get registered in business directories and yellow pages. These are useful resources too.
However, the best places for machine shops seeking appropriate recognition and sufficient business need to register their businesses online. There are various resources that business can use in order to have an online presence. This is one of the fastest and surest ways of growing, getting more customers and marketing the business.
The internet attracts a lot of web traffic with millions of people from across the world logging in every single day and seeking out good business and great service providers. These online web visitors also spend lots of money, hundreds of millions of dollars every single month. Being able to locate these massive amounts of business and direct it to a website or webpage makes great business sense.
A website is a good place to locate an online business. Another location is on social websites which have become great marketing and advertising hubs. Other great locations include online business directories and yellow pages.