Some ways to test and use cloud computing for free for yourself-
- Windows Azure
- Amazon Ec2
- Google Storage
The folks at Microsoft Azure announced a 90 day free trial Continue reading “Cloud Computing by Windows , Amazon and Google for free”
Tag: upload
Google APIs
You can go to https://code.google.com/apis/console/b/0/
Unlike Android and other free stuff these APIs are very promising for revenue generation as some of them are very unique to Google itself, and already some are being offered on a Pricing Tier. There are 18 APIs in total with 3 APIs having Pricing while the rest are in beta stages.
I am just listing down all the APIs in one place – Continue reading “Google APIs”
Top 25 Errors in Programming that lead to hacker attacks
I am elaborating an earlier article on https://decisionstats.com/top-25-most-dangerous-software-errors/ based on my continued research into cyber conflict and strategy. My inputs are in italics – the rest is a condensed article for further thought.
This is thus a very useful initiative for the world to follow and upgrade their cyber security.
It is in accordance with the US policy to secure its cyber infrastructure (http://www.whitehouse.gov/the-press-office/remarks-president-securing-our-nations-cyber-infrastructure) and countries like India, and even Europe as well as other nations could do well to atleast benchmark their own security practices in software and digital infrastructure with it. There seems to much better technical coordination between rogue hackers than patriotic hackers imho 😉
The Department of Homeland Security of the United States of America has just launched a list of top 25 errors in programming or creating software that increase vulnerability to hacking attacks. The list which is available at http://cwe.mitre.org/top25/index.html lists down a methodology fo measuring vulnerability called Common Weakness Scoring System (CWSS) and uses that score to rank the various errors as well as suggestions to eliminate these weaknesses or errors.
Measuring Weaknesses
The importance of a weakness (that arises due to software bugs) may vary depending on business usage or project implementation, the technologies , operating systems and computing environments in use, and the risk or threat perception.The Common Weakness Scoring System (CWSS) provides a mechanism for scoring weaknesses. and provides a framework for prioritizing security errors (“weaknesses”) that are discovered in software applications.
Identifying Weaknesses
For example the number 1 weakness is shown with
1CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’).
The rest of the weaknesses are
RANK SCORE ID NAME
[1] 93.8 CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
[2] 83.3 CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
[3] 79.0 CWE-120 Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
[4] 77.7 CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
[5] 76.9 CWE-306 Missing Authentication for Critical Function
[6] 76.8 CWE-862 Missing Authorization
[7] 75.0 CWE-798 Use of Hard-coded Credentials
[8] 75.0 CWE-311 Missing Encryption of Sensitive Data
[9] 74.0 CWE-434 Unrestricted Upload of File with Dangerous Type
[10] 73.8 CWE-807 Reliance on Untrusted Inputs in a Security Decision
[11] 73.1 CWE-250 Execution with Unnecessary Privileges
[12] 70.1 CWE-352 Cross-Site Request Forgery (CSRF)
[13] 69.3 CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
[14] 68.5 CWE-494 Download of Code Without Integrity Check
[15] 67.8 CWE-863 Incorrect Authorization
[16] 66.0 CWE-829 Inclusion of Functionality from Untrusted Control Sphere
[17] 65.5 CWE-732 Incorrect Permission Assignment for Critical Resource
[18] 64.6 CWE-676 Use of Potentially Dangerous Function
[19] 64.1 CWE-327 Use of a Broken or Risky Cryptographic Algorithm
[20] 62.4 CWE-131 Incorrect Calculation of Buffer Size
[21] 61.5 CWE-307 Improper Restriction of Excessive Authentication Attempts
[22] 61.1 CWE-601 URL Redirection to Untrusted Site (‘Open Redirect’)
[23] 61.0 CWE-134 Uncontrolled Format String
[24] 60.3 CWE-190 Integer Overflow or Wraparound
[25] 59.9 CWE-759 Use of a One-Way Hash without a Salt
Details of each weakness is given by http://cwe.mitre.org/top25/index.html#Details
It includes Summary , Weakness Prevalence, Consequences, Remediation Cost, Ease of Detection ,Attacker Awareness and Attack Frequency .In addition the following sections describe each software vulnerability in detail- Technical Details ,Code Examples ,Detection Methods ,References,Prevention and Mitigation, Related CWEs and Related Attack Patterns.
Other important software weaknesses are –
[26] CWE-770: Allocation of Resources Without Limits or Throttling
[27] CWE-129: Improper Validation of Array Index
[28] CWE-754: Improper Check for Unusual or Exceptional Conditions
[29] CWE-805: Buffer Access with Incorrect Length Value
[30] CWE-838: Inappropriate Encoding for Output Context
[31] CWE-330: Use of Insufficiently Random Values
[32] CWE-822: Untrusted Pointer Dereference
[33] CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
[34] CWE-212: Improper Cross-boundary Removal of Sensitive Data
[35] CWE-681: Incorrect Conversion between Numeric Types
[36] CWE-476: NULL Pointer Dereference
[37] CWE-841: Improper Enforcement of Behavioral Workflow
[38] CWE-772: Missing Release of Resource after Effective Lifetime
[39] CWE-209: Information Exposure Through an Error Message
[40] CWE-825: Expired Pointer Dereference
[41] CWE-456: Missing Initialization
Mitigating Weaknesses
Here is an example of the new matrix for migrations that also list the top 25 errors . This thus shows a way to fix the weaknesses and relative impact on each weakness by the following mitigations.
http://cwe.mitre.org/top25/mitigations.html#MitigationMatrix
Effectiveness ratings include:
- High: The mitigation has well-known, well-understood strengths and limitations; there is good coverage with respect to variations of the weakness.
- Moderate: The mitigation will prevent the weakness in multiple forms, but it does not have complete coverage of the weakness.
- Limited: The mitigation may be useful in limited circumstances, only be applicable to a subset of this weakness type, require extensive training/customization, or give limited visibility.
- Defense in Depth (DiD): The mitigation may not necessarily prevent the weakness, but it may help to minimize the potential impact when an attacker exploits the weakness.
Within the matrix, the following mitigations are identified:
- M1: Establish and maintain control over all of your inputs.
- M2: Establish and maintain control over all of your outputs.
- M3: Lock down your environment.
- M4: Assume that external components can be subverted, and your code can be read by anyone.
- M5: Use industry-accepted security features instead of inventing your own.
The following general practices are omitted from the matrix:
- GP1: Use libraries and frameworks that make it easier to avoid introducing weaknesses.
- GP2: Integrate security into the entire software development lifecycle.
- GP3: Use a broad mix of methods to comprehensively find and prevent weaknesses.
- GP4: Allow locked-down clients to interact with your software.
| M1 | M2 | M3 | M4 | M5 | CWE |
|---|---|---|---|---|---|
| High | DiD | Mod | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) | ||
| Mod | High | DiD | Ltd | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) | |
| Mod | High | Ltd | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) | ||
| Mod | High | DiD | Ltd | CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | |
| Mod | DiD | Ltd | CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) | ||
| Mod | DiD | Ltd | CWE-131: Incorrect Calculation of Buffer Size | ||
| High | DiD | Mod | CWE-134: Uncontrolled Format String | ||
| Mod | DiD | Ltd | CWE-190: Integer Overflow or Wraparound | ||
| High | CWE-250: Execution with Unnecessary Privileges | ||||
| Mod | Mod | CWE-306: Missing Authentication for Critical Function | |||
| Mod | CWE-307: Improper Restriction of Excessive Authentication Attempts | ||||
| DiD | CWE-311: Missing Encryption of Sensitive Data | ||||
| High | CWE-327: Use of a Broken or Risky Cryptographic Algorithm | ||||
| Ltd | CWE-352: Cross-Site Request Forgery (CSRF) | ||||
| Mod | DiD | Mod | CWE-434: Unrestricted Upload of File with Dangerous Type | ||
| DiD | CWE-494: Download of Code Without Integrity Check | ||||
| Mod | Mod | Ltd | CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’) | ||
| Mod | High | DiD | CWE-676: Use of Potentially Dangerous Function | ||
| Ltd | DiD | Mod | CWE-732: Incorrect Permission Assignment for Critical Resource | ||
| High | CWE-759: Use of a One-Way Hash without a Salt | ||||
| DiD | High | Mod | CWE-798: Use of Hard-coded Credentials | ||
| Mod | DiD | Mod | Mod | CWE-807: Reliance on Untrusted Inputs in a Security Decision | |
| High | High | High | CWE-829: Inclusion of Functionality from Untrusted Control Sphere | ||
| DiD | Mod | Mod | CWE-862: Missing Authorization | ||
| DiD | Mod | CWE-863: Incorrect Authorization |
Top 25 Most Dangerous Software Errors
If you cannot measure it, you cannot manage it- Peter Drucker
Here is a RSS feed/website for all security incidents
http://www.us-cert.gov/current/ and http://www.us-cert.gov/cas/techalerts/
You can also see http://www.onguardonline.gov/tools/overview.aspx for tools to be secure online.
But the new measuring system is http://cwe.mitre.org/cwss/ to help being secure. It basically creates a score or an anlytical approach for measuring vulnerabilities.
Common Weakness Scoring System (CWSS)The Common Weakness Scoring System (CWSS) provides a mechanism for scoring weaknesses in a consistent, flexible, open manner while accommodating context for the various business domains. It is a collaborative, community-based effort that is addressing the needs of itsstakeholders across government, academia, and industry. CWSS is a part of the Common Weakness Enumeration (CWE) project, co-sponsored by the Software Assurance program in the National Cyber Security Division (NCSD) of the US Department of Homeland Security (DHS). CWSS:
and the top 25 errors in software are http://cwe.mitre.org/top25/index.html
You can use the list at http://cwe.mitre.org/top25/index.html and check your own corporate vulnerabilities. It is better to sweat in cyber peace than bleed in cyber war, huh. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RapidMiner launches extensions marketplace
For some time now, I had been hoping for a place where new package or algorithm developers get at least a fraction of the money that iPad or iPhone application developers get. Rapid Miner has taken the lead in establishing a marketplace for extensions. Is there going to be paid extensions as well- I hope so!!
This probably makes it the first “app” marketplace in open source and the second app marketplace in analytics after salesforce.com
It is hard work to think of new algols, and some of them can really be usefull.
Can we hope for #rstats marketplace where people downloading say ggplot3.0 atleast get a prompt to donate 99 cents per download to Hadley Wickham’s Amazon wishlist. http://www.amazon.com/gp/registry/1Y65N3VFA613B
Do you think it is okay to pay 99 cents per iTunes song, but not pay a cent for open source software.
I dont know- but I am just a capitalist born in a country that was socialist for the first 13 years of my life. Congratulations once again to Rapid Miner for innovating and leading the way.
http://rapid-i.com/component/option,com_myblog/show,Rapid-I-Marketplace-Launched.html/Itemid,172
| RapidMiner, Marketplace, Extensions | 30 May 2011 |
| Rapid-I Marketplace Launched by Simon Fischer |
Over the years, many of you have been developing new RapidMiner Extensions dedicated to a broad set of topics. Whereas these extensions are easy to install in RapidMiner – just download and place them in the plugins folder – the hard part is to find them in the vastness that is the Internet. Extensions made by ourselves at Rapid-I, on the other hand, are distributed by the update server making them searchable and installable directly inside RapidMiner.
We thought that this was a bit unfair, so we decieded to open up the update server to the public, and not only this, we even gave it a new look and name. The Rapid-I Marketplace is available in beta mode at http://rapidupdate.de:8180/ . You can use the Web interface to browse, comment, and rate the extensions, and you can use the update functionality in RapidMiner by going to the preferences and entering http://rapidupdate.de:8180/UpdateServer/ as the update server URL. (Once the beta test is complete, we will change the port back to 80 so we won’t have any firewall problems.)
As an Extension developer, just register with the Marketplace and drop me an email (fischer at rapid-i dot com) so I can give you permissions to upload your own extension. Upload is simple provided you use the standard RapidMiner Extension build process and will boost visibility of your extension.
Looking forward to see many new extensions there soon!
Disclaimer- Decisionstats is a partner of Rapid Miner. I have been liking the software for a long long time, and recently agreed to partner with them just like I did with KXEN some years back, and with Predictive AnalyticsConference, and Aster Data until last year.
I still think Rapid Miner is a very very good software,and a globally created software after SAP.
Here is the actual marketplace
http://rapidupdate.de:8180/UpdateServer/faces/index.xhtml
Welcome to the Rapid-I Marketplace Public Beta Test
The Rapid-I Marketplace will soon replace the RapidMiner update server. Using this marketplace, you can share your RapidMiner extensions and make them available for download by the community of RapidMiner users. Currently, we are beta testing this server. If you want to use this server in RapidMiner, you must go to the preferences and enter http://rapidupdate.de:8180/UpdateServer for the update url. After the beta test, we will change the port back to 80, which is currently occupied by the old update server. You can test the marketplace as a user (downloading extensions) and as an Extension developer. If you want to publish your extension here, please let us know via the contact form.
Latest Events
| 5/30/11 12:39 PM | User burgetrm has uploaded version 1.1.0 of Imageprocessing. |
| 5/30/11 12:34 PM | User burgetrm has uploaded version 1.0.0 of Imageprocessing. |
| 5/30/11 11:55 AM | User burgetrm has created the new product Imageprocessing. |
| 5/30/11 11:12 AM | User Rapid-I has uploaded version 5.0.7 of RapidMiner. |
| 5/30/11 11:12 AM | User Rapid-I has uploaded version 5.0.2 of RapidMiner. |
Related articles
- Open Source replacements for Operaitons Research and Analytics Software (r-bloggers.com)
- RapidMiner Community gets exciting! (decisionstats.wordpress.com)
Citrix Webinar – Time Management for better Time Sharing
I always liked Citrix products when I was a member of the Technical Advisory Board at the University of Tennessee. I especially liked enabling SAS software , R software, Matlab software , ONLY from a browser.
Data Mining through cloud computing, yes University of Tennessee’s analytics server http://analytics.utk.edu was way ahead in 2009- all these softwares at one portal no software needed on your own PC, simply upload data and work on any analytics software.
Here is a nice citrix webinar on managing Time (so you can read more webinars! nah. I think Youtube live streaming events with interactive question and answers is the way of the future while webinars are for Baby Boomers- you can do a test and control experiment yourself if you are in the webinar business. its a web2.oinar)
Register here
http://learn.gotomeeting.com/forms/26May11-APAC-ANZ-G2MC-WBR-L1?url=decisionstats
Standard Disclosure- I have not received any monetary or indirect compensation for promoting this webinar.
————————————————————————————————————————————————————-
Interruptions are productivity killers – between email, phone calls and back-to-back meetings, how do you find time to work on your top priorities?
Join top time-management guru Kent Curtis and learn how to stop “living in your inbox” and start prioritising tasks, messages and appointments according to what is most important.
This webinar takes the best principles from FranklinCovey’s world-class productivity training and teaches you how to apply them while using Microsoft Outlook as your scheduling tool.
Attend this interactive, one-hour webinar to:
Stay focused every day with a reliable planning system utilising Microsoft Outlook.
Control competing demands such as email, voice mail, meetings and interruptions.
Apply a planning process that gets better business results.
Reduce stress by eliminating low priority activities and distractions.
Register for the Webinar
Please forward this to colleagues who might be interested in learning more.
Kind regards,
H.R. Shiever | Managing Director – Asia Pacific
Citrix Online
A division of Citrix Systems, Inc.
http://www.citrixonline.com
Online Meetings Made Easy
GoToMeeting Corporate
Live Webinar
Title:
The New Time Management: Stay Focused Every Day with Reliable Planning
Date:
Thursday, 26 May
Time:
12 Noon Australian EST
10 AM Singapore SGT
7.30 AM India ST
Speakers:
Kent Curtis, Senior Consultant, FranklinCovey
Register here
http://learn.gotomeeting.com/forms/26May11-APAC-ANZ-G2MC-WBR-L1?url=decisionstats
Related articles
- Keep the Spice In… Life After the Webinar (customerthink.com)
- Citrix Webinar – Rocommended Architecture (edugeek.net)
- Google Apps Sync for Microsoft Outlook (edugeek.net)
Why does Matt (of WordPress) hate Matt (of Google)
I want to show some bad ads of Google Ad sense. I pay through my nose for video upgrades and extra space to keep people happy.
120,000 views in 2010
Money earned By Matt (of WordPress)= $$$$$ from me
Money earned by Mutt -(thats me)= 000,000,000
Please allow me to run ads on wordpress.com
or create your own fucking ad networks
but do it PHAST.
ESLE blog trsnfer using Blog Export, divide Xml file into 13 files using Notepad copy and paste
go to Appspot
Convert files to Blogger files\
Thats the company BIZ stone OF tWITTER made
before these Two matts got into dog fights.
https://wordpress2blogger.appspot.com/
Ever wanted to move your WordPress blogs over to Blogger? This site can aid in the process!
Instructions
|
NOTE: This hosted application will only allow downloads smaller than 1MB.
For information on how to run this conversion on your own, visit the open source project hosted at code.google.com
Related Articles
- Signal and SXSW: What Should I Ask WordPress Founder Matt Mullenweg? (battellemedia.com)
DECISION STATS 