Email and Forum Questions Profiles in IT: Paul Galvin SANS TOP 25 Most Dangerous Programming Errors Website of the Week: US-CERT Security Publications Macintosh Computer 25 Years Old Obama Get Permission to Use Blackberry
Email from Hac: If I access my private Yahoo e-mail from my company computer, read and delete it, where does it go? Specifically, is it stored/saved on the company’s own server or on my computer’s hard drive? Does it pass through the company’s server and do they have access to it after it is deleted? Thanks, Hac Hua
Tech Talk Answers: It depends on your companies networking setup, their savvy, and how intrusive they want to be. Your company is providing I both your internet connection and your hardware. They have every right to monitor everything. They can intercept your email even if you use a web based server, but probably don’t. If you use an email client with POP3 (Outlook, Outlook Express, Eudor) the email is saved on your machine and can be viewed by your IT department. If you are worried, make certain that you check your email web based email account using an https: connection. Most systems can be configured that way. By the way, IMs are not encrypted and can be easily intercepted. Spyware can be installed on your machine to track what you are doing. If an email is deleted is may still be stored on a backup or in cache.
Email from Darin: I have HDTV running with a cable connection. I heard that TV is switching from analog to digital on February 17th. What should I do to prepare for the conversion? I am confused. Love the show. Darin
Tech Talk Answers: Darin, you don’t have to do a thing. Your cable company with make the switch and continue to deliver service to you in the same way. The only people that must worry about the conversion are those who receive their signal over the airways with an antenna. On February 17th, all television will stop broadcasting in analog and only transmit digital signals. Older analog TV sets will not work and will require a converter box to be placed between the antenna and the TV. This converter box will detect the digital signal and convert it to an anolog signal. Converter boxes cost $50 to $80. The government will provide two $40 coupons to buy up two converter boxes. However, the program is currently out of money and waiting for Congress to authorize more. You set, since is HD, is probably new enough to include a digital tuner. So, even if you were using an antenna and not cable, you would not need an converter box anyway. You might, however, need a better antenna.
Profiles in IT: Paul Galvin
Paul Galvin was co-founder of Motorola.
Paul Galvin was born in Harvard , Illinois , on June 27, 1895.
He enrolled in the University of Illinois but only completed two years.
He then enrolled in an officer’s training program in anticipation of WWI
He became an artillery officer and saw front line duty in France .
After the war, he first obtained a job with the D&G Storage Battery Company.
In 1921, he founded a storage battery company with Edward Stewart in Marshfield , WI . The company failed in 1924 because of shipping costs.
In 1926, Galvin joined Stewart to establish a battery manufacturing plant in Chicago . The company ended in failure because of a defective design.
Galvin and Stewart developed a dry battery eliminator which enabled a home radio to draw electricity from an electric outlet.
On September 25, 1928, the new Galvin Manufacturing Corporation began operation to produce the battery eliminator.
Paul Galvin began to produce AC radio sets for re-labeling as a backup product.
On "Black Friday", October 25, 1929, the stock market took a sudden, dramatic drop and the demand for radios dropped.
Paul Galvin saw an opportunity to mass-produce car radios at a low price.
Galvin showed his car radio at the Radio Manufacturer’s Convention in 1930.
A number of dealers bought a few sets and encouraged Galvin to coninue
In 1930 he coined a name for his product – MOTOROLA.
The name is a combination of motorcar and Victrola. In implied music in motion to Galvin.
In 1933 Galvin manufacturing came out with a new model that had to be recalled and immediately authorized development of two more models.
In 1934 he entered into an agreement whereby B.F. Goodrich Company agreed to merchandise Motorola radios.
A modest national advertising campaign began with once a month as one-column ads in Collier’s and the Saturday Evening Post.
A highway advertising campaign was launched with thousands of red, black and yellow Motorola signs set up along highways throughout the country.
In 1937, The Philco Company was hit by a strike and had to contract with other companies, including Motorola, to produce its radios.
Galvin assigned a team men to develop a police radio in 1939
By 1941 Motorola was producing the "Handi-Talkie" two-way radio.
After WWII, Galvin decided to add a line of phonograph products then TV products.
In 1947, Galvin introduced a TV for $179.95 compared to RCA’s at $300.
Galvin acquired the Detrola Co. which had been supplying Ford Motor Company.
In 1949, Galvin established a military electronics laboratory in Phoenix , AZ.
Motorola developed into a leading manufacturer of semi-conductors.
The decision to go all out in this area was made largely as a result of the urgings of Galvin’s son, Bob.
By the middle 1950s, Galvin therefore reorganized the firm along product lines.
In 1956, Paul Galvin relinquished the presidency of the company to his son, Bob.
In June of 1958 Paul Galvin was found to have leukemia and died shortly therafter.
Experts from more than 30 US and international cyber security organizations jointly released the consensus list of the 25 most dangerous programming errors that lead to security bugs and that enable cyber espionage and cyber crime.
Until now, most guidance focused on the ‘vulnerabilities’ that result from programming errors.
The Top 25 focuses on the actual programming errors, made by developers that create the vulnerabilities.
The Top 25 web site provides detailed information on mitigation.
CATEGORY: Insecure Interaction Between Components
Improper Input Validation
Improper Encoding or Escaping of Output
Failure to Preserve SQL Query Structure (aka ‘SQL Injection’)
Failure to Preserve Web Page Structure (aka ‘Cross-site Scripting’)
Failure to Preserve OS Command Structure (aka ‘OS Command Injection’)
Cleartext Transmission of Sensitive Information
Cross-Site Request Forgery (CSRF)
Race Condition
Error Message Information Leak
CATEGORY: Risky Resource Management
Failure to Constrain Operations within the Bounds of a Memory Buffer
External Control of Critical State Data
External Control of File Name or Path
Untrusted Search Path
Failure to Control Generation of Code (aka ‘Code Injection’)
Download of Code Without Integrity Check
Improper Resource Shutdown or Release
Improper Initialization
Incorrect Calculation
CATEGORY: Porous Defenses
Improper Access Control (Authorization)
Use of a Broken or Risky Cryptographic Algorithm
Hard-Coded Password
Insecure Permission Assignment for Critical Resource
Use of Insufficiently Random Values
Execution with Unnecessary Privileges
Client-Side Enforcement of Server-Side Security
Website of the Week: US-CERT Security Publications