Thank you America-
for creating in no particular order of importance or chrnology
The Internet , The Atom Bomb and Men on the Moon
Hollywood Movies and Cartoons and Comics and Bbq Burgers,
Chewing gum and Rock and Roll and Stand up Comedy,
Basketball and American Football, and Sports Marketing
but on the whole, just have a good time.
Cyber Attacks-Protecting your assets and people from cyber attacks
Everyday we hear of new cyber attacks on organizations and countries. The latest attacks were on IMF and 200,000 accounts of Citibank and now the website of the US Senate. If some of the most powerful and technologically advanced organizations could not survive targeted attacks, how effective is your organization in handling cyber security. Sony Playstation, Google Gmail, PBS website are other famous targets that have been victimized.
Before we play the blame game by pointing to China for sponsoring hacker attacks, or Russian spammers for creating Bot Nets or ex Silicon Valley /American technology experts rendered jobless by off-shoring, we need to both understand which companies are most vulnerable, which processes need to be fine tuned and what is the plan of action in case your cyber security is breached.
Which companies are most vulnerable?
If you have valuable data, confidential in nature , in electronic form AND connectivity to internet, you have an opening. Think of data as water, if you have a small leakage all the water can be leaked away. To add to complexity, the attackers are mostly unknown, and extremely difficult to catch, and can take a big chunk of your credibility and intellectual property in a very short time.
The best people in technology are not the ones attending meetings in nicely pressed suits– and your IT guy is rarely a match for the talent that is now available on freelance hire for cyber corporate espionage.
Any company or organization that has not undergone through one real time simulated cyber attack or IT audit that focuses on data security is very vulnerable.
Which organizational processes need to be fine tuned ?
Clearly employee access even at senior management needs to be ensured for both technological as well as social vulnerability. Does your reception take the name of senior management if cold called. Do your senior managers surf the internet and use a simple password on the same computer and laptop. Do you have disaster management and redundancy plans.
A wall is only as strong as its weakest brick and the same is true of organizational readiness for cyber attacks.
What is the plan of action in case your cyber security is breached?
Lean back, close your eyes and think your website has just been breached, someone has just stolen confidential emails from your corporate email server, and complete client as well as the most confidential data in your organization has been lost.
Do you have a plan for what to do next? Or are you waiting for an actual cyber event to occur to make that plan.
I am elaborating an earlier article on https://decisionstats.com/top-25-most-dangerous-software-errors/ based on my continued research into cyber conflict and strategy. My inputs are in italics – the rest is a condensed article for further thought.
The Department of Homeland Security of the United States of America has just launched a list of top 25 errors in programming or creating software that increase vulnerability to hacking attacks. The list which is available at http://cwe.mitre.org/top25/index.html lists down a methodology fo measuring vulnerability called Common Weakness Scoring System (CWSS) and uses that score to rank the various errors as well as suggestions to eliminate these weaknesses or errors.
Measuring Weaknesses
The importance of a weakness (that arises due to software bugs) may vary depending on business usage or project implementation, the technologies , operating systems and computing environments in use, and the risk or threat perception.The Common Weakness Scoring System (CWSS) provides a mechanism for scoring weaknesses. and provides a framework for prioritizing security errors (“weaknesses”) that are discovered in software applications.
Identifying Weaknesses
For example the number 1 weakness is shown with
1CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’).
The rest of the weaknesses are
RANK SCORE ID NAME
[1] 93.8 CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
[2] 83.3 CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
[3] 79.0 CWE-120 Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
[4] 77.7 CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
[5] 76.9 CWE-306 Missing Authentication for Critical Function
[6] 76.8 CWE-862 Missing Authorization
[7] 75.0 CWE-798 Use of Hard-coded Credentials
[8] 75.0 CWE-311 Missing Encryption of Sensitive Data
[9] 74.0 CWE-434 Unrestricted Upload of File with Dangerous Type
[10] 73.8 CWE-807 Reliance on Untrusted Inputs in a Security Decision
[11] 73.1 CWE-250 Execution with Unnecessary Privileges
[12] 70.1 CWE-352 Cross-Site Request Forgery (CSRF)
[13] 69.3 CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
[14] 68.5 CWE-494 Download of Code Without Integrity Check
[15] 67.8 CWE-863 Incorrect Authorization
[16] 66.0 CWE-829 Inclusion of Functionality from Untrusted Control Sphere
[17] 65.5 CWE-732 Incorrect Permission Assignment for Critical Resource
[18] 64.6 CWE-676 Use of Potentially Dangerous Function
[19] 64.1 CWE-327 Use of a Broken or Risky Cryptographic Algorithm
[20] 62.4 CWE-131 Incorrect Calculation of Buffer Size
[21] 61.5 CWE-307 Improper Restriction of Excessive Authentication Attempts
[22] 61.1 CWE-601 URL Redirection to Untrusted Site (‘Open Redirect’)
[23] 61.0 CWE-134 Uncontrolled Format String
[24] 60.3 CWE-190 Integer Overflow or Wraparound
[25] 59.9 CWE-759 Use of a One-Way Hash without a Salt
Details of each weakness is given by http://cwe.mitre.org/top25/index.html#Details
It includes Summary , Weakness Prevalence, Consequences, Remediation Cost, Ease of Detection ,Attacker Awareness and Attack Frequency .In addition the following sections describe each software vulnerability in detail- Technical Details ,Code Examples ,Detection Methods ,References,Prevention and Mitigation, Related CWEs and Related Attack Patterns.
Other important software weaknesses are –
[26] CWE-770: Allocation of Resources Without Limits or Throttling
[27] CWE-129: Improper Validation of Array Index
[28] CWE-754: Improper Check for Unusual or Exceptional Conditions
[29] CWE-805: Buffer Access with Incorrect Length Value
[30] CWE-838: Inappropriate Encoding for Output Context
[31] CWE-330: Use of Insufficiently Random Values
[32] CWE-822: Untrusted Pointer Dereference
[33] CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
[34] CWE-212: Improper Cross-boundary Removal of Sensitive Data
[35] CWE-681: Incorrect Conversion between Numeric Types
[36] CWE-476: NULL Pointer Dereference
[37] CWE-841: Improper Enforcement of Behavioral Workflow
[38] CWE-772: Missing Release of Resource after Effective Lifetime
[39] CWE-209: Information Exposure Through an Error Message
[40] CWE-825: Expired Pointer Dereference
[41] CWE-456: Missing Initialization
Mitigating Weaknesses
Here is an example of the new matrix for migrations that also list the top 25 errors . This thus shows a way to fix the weaknesses and relative impact on each weakness by the following mitigations.
http://cwe.mitre.org/top25/mitigations.html#MitigationMatrix
Effectiveness ratings include:
Within the matrix, the following mitigations are identified:
The following general practices are omitted from the matrix:
| M1 | M2 | M3 | M4 | M5 | CWE |
|---|---|---|---|---|---|
| High | DiD | Mod | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | ||
| Mod | High | DiD | Ltd | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) | |
| Mod | High | Ltd | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | ||
| Mod | High | DiD | Ltd | CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | |
| Mod | DiD | Ltd | CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) | ||
| Mod | DiD | Ltd | CWE-131: Incorrect Calculation of Buffer Size | ||
| High | DiD | Mod | CWE-134: Uncontrolled Format String | ||
| Mod | DiD | Ltd | CWE-190: Integer Overflow or Wraparound | ||
| High | CWE-250: Execution with Unnecessary Privileges | ||||
| Mod | Mod | CWE-306: Missing Authentication for Critical Function | |||
| Mod | CWE-307: Improper Restriction of Excessive Authentication Attempts | ||||
| DiD | CWE-311: Missing Encryption of Sensitive Data | ||||
| High | CWE-327: Use of a Broken or Risky Cryptographic Algorithm | ||||
| Ltd | CWE-352: Cross-Site Request Forgery (CSRF) | ||||
| Mod | DiD | Mod | CWE-434: Unrestricted Upload of File with Dangerous Type | ||
| DiD | CWE-494: Download of Code Without Integrity Check | ||||
| Mod | Mod | Ltd | CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’) | ||
| Mod | High | DiD | CWE-676: Use of Potentially Dangerous Function | ||
| Ltd | DiD | Mod | CWE-732: Incorrect Permission Assignment for Critical Resource | ||
| High | CWE-759: Use of a One-Way Hash without a Salt | ||||
| DiD | High | Mod | CWE-798: Use of Hard-coded Credentials | ||
| Mod | DiD | Mod | Mod | CWE-807: Reliance on Untrusted Inputs in a Security Decision | |
| High | High | High | CWE-829: Inclusion of Functionality from Untrusted Control Sphere | ||
| DiD | Mod | Mod | CWE-862: Missing Authorization | ||
| DiD | Mod | CWE-863: Incorrect Authorization |
why speak when pictures can tell the story better. new GA rocks. so much so, I plan to buy 1 share of Google and initiate a lawsuit to stop them giving it away for free. long tail of the internet ,mate- can u price it at 99 cents at least. for new version. only.
Note u will see a small icon called New on right top corner. Click it to see this.
Larry Page is funny 😉 
and there is a new tool on that already but you are on your own if your data gets redirected. Does Chrome take legal liability for malware extensions? Dunno-and yes it works on Chrome alone (at the point of speaking)
https://chrome.google.com/webstore/detail/ficlccidpkaiepnnboobcmafnnfoomga
|
Facebook Friend Exporter
Verified author: mohamedmansour.com
Free
|
5,527 users
|
Install |
Get *your* data contact out of Facebook, whether they want you to or not. You gave them your friends and allowed them to store that data, and you have right to take it back out! Facebook doesn't own my friends. Only available in English Facebook. Any other language will not work. SOURCE CODE: http://goo.gl/VtRCl (GitHub) fb-exporter PRE NOTICE: 1 - Must have English version of Facebook for this to work (you can switch) 2 - Do not enable SSL for Facebook use HTTP not HTTPS 3 - If you need any help running this, contact me. Commenting below will be lost. 4 - An "Export" button will appear on Facebooks toolbar after refresh once installed. 5 - Please disable all Facebook Extensions that you have downloaded, many of them affect the page. For example "Better Facebook" breaks this extension. This extension will allow you to get your friends information that they shared to you: Continue reading "Facebook to Google Plus Migration"
I have been watching for Revolution Analytics product almost since the inception of the company. It has managed to sail over storms, naysayers and critics with simple and effective strategy of launching good software, making good partnerships and keeping up media visibility with white papers, joint webinars, blogs, conferences and events.
However this is a listing of all technical contributions made by Revolution Analytics products to the #rstats project.
1) Useful Packages mostly in parallel processing or more efficient computing like
2) RevoScaler package to beat R’s memory problem (this is probably the best in my opinion as it is yet to be replicated by the open source version and is a clear cut reason for going in for the paid version)
http://www.revolutionanalytics.com/products/enterprise-big-data.php
- Efficient XDF File Format designed to efficiently handle huge data sets.
- Data Step Functionality to quickly clean, transform, explore, and visualize huge data sets.
- Data selection functionality to store huge data sets out of memory, and select subsets of rows and columns for in-memory operation with all R functions.
- Visualize Large Data sets with line plots and histograms.
- Built-in Statistical Algorithms for direct analysis of huge data sets:
- Summary Statistics
- Linear Regression
- Logistic Regression
- Crosstabulation
- On-the-fly data transformations to include derived variables in models without writing new data files.
- Extend Existing Analyses by writing user- defined R functions to “chunk” through huge data sets.
- Direct import of fixed-format text data files and SAS data sets into .xdf format
3) RevoDeploy R for API based R solution – I somehow think this feature will get more important as time goes on but it seems a lower visibility offering right now.
http://www.revolutionanalytics.com/products/enterprise-deployment.php
- Collection of Web services implemented as a RESTful API.
- JavaScript and Java client libraries, allowing users to easily build custom Web applications on top of R.
- .NET Client library — includes a COM interoperability to call R from VBA
- Management Console for securely administrating servers, scripts and users through HTTP and HTTPS.
- XML and JSON format for data exchange.
- Built-in security model for authenticated or anonymous invocation of R Scripts.
- Repository for storing R objects and R Script execution artifacts.
4) Revolutions IDE (or Productivity Environment) for a faster coding environment than command line. The GUI by Revolution Analytics is in the works. – Having used this- only the Code Snippets function is a clear differentiator from newer IDE and GUI. The code snippets is awesome though and even someone who doesnt know much R can get analysis set up quite fast and accurately.
http://www.revolutionanalytics.com/products/enterprise-productivity.php
- Full-featured Visual Debugger for debugging R scripts, with call stack window and step-in, step-over, and step-out capability.
- Enhanced Script Editor with hover-over help, word completion, find-across-files capability, automatic syntax checking, bookmarks, and navigation buttons.
- Run Selection, Run to Line and Run to Cursor evaluation
- R Code Snippets to automatically generate fill-in-the-blank sections of R code with tooltip help.
- Object Browser showing available data and function objects (including those in packages), with context menus for plotting and editing data.
- Solution Explorer for organizing, viewing, adding, removing, rearranging, and sourcing R scripts.
- Customizable Workspace with dockable, floating, and tabbed tool windows.
- Version Control Plug-in available for the open source Subversion version control software.
Marketing contributions from Revolution Analytics-
1) Sponsoring R sessions and user meets
2) Evangelizing R at conferences and partnering with corporate partners including JasperSoft, Microsoft , IBM and others at http://www.revolutionanalytics.com/partners/
3) Helping with online initiatives like http://www.inside-r.org/ (which is curiously dormant and now largely superseded by R-Bloggers.com) and the syntax highlighting tool at http://www.inside-r.org/pretty-r. In addition Revolution has been proactive in reaching out to the community
4) Helping pioneer blogging about R and Twitter Hash tag discussions , and contributing to Stack Overflow discussions. Within a short while, #rstats online community has overtaken a lot more established names- partly due to decentralized nature of its working.
Did I miss something out? yes , they share their code by GPL.
Let me know by feedback
DECISION STATS 
