Tuesday, May 29, 2012

Cyber warfare

First came Duqu, then Stuxnet and now Flame, which some investigators believe has been around for at least five years. They are malware that, going by their complexity, target machines and operation, are definitely not the work of script kiddies (most zero-day exploits aren't) and seem most likely like the work of state/s. They are all designed for cyber-espionage, and are being referred to as super-cyber weapons

Super Cyber Weapons

Stuxnet was specifically targeted at Iran's nuclear program, infecting Siemens software and hardware and spreading through Windows. Was the first malware discovered that targets industrial systems. It doesn't harm PCs and was highly targeted, akin to a sniper shot. It attacks Windows using 4 zero-day exploits with both user and kernel mode capabilities. It then attacks Siemens' SCADA software before attacking the Programmable Logic Controller and installing a rootkit.

Duqu has information stealing abilities, kernel drivers and injection tools and targets a flaw in Windows. It uses zero-day exploits and is believe to target Iran's nuclear program too as it attacks industrial control systems and deletes data on PCs. It spreads by stealing digital certificates and private keys to sign viruses once in a network and deletes itself after a given period to avoid detection.

Flame targets Windows and seems to be purely meant for espionage, recording keystrokes, skype conversations and more. 

What it all means

Any government without cyber security/warfare policies and army (for lack of a better word) is a sitting duck, if not a sunk one. You may have the best navy, airforce and army in the world but the moment someone takes over your cyberspace, they are all useless, and can actually be used against the state's own people. Matters are further complicated by the fact that most if not all 'civilian systems' are automated at one point or another: Water and sewage systems, communication and infrastructure, medical systems...

A country does not have to be Iran to be worried of cyber weapons: though targeted at Iran's uranium enrichment plant, they all still spread to other systems, notably during propagation. You could be hurt inadvertently by weapons launched against someone else, and like a bullet, a malware too doesn't have a sorry capability.

Anyone who has a sufficient amount of RAM can see one name keeps popping up: Windows

Way forward

 Invest in cyber security and create a cyber warfare division as part of the conventional defense forces of the state
For the CSO, this is an assured way to hardened your machine if it runs Windows:
click Start > Run
type Cmd
type del *.*
press Y and hit Enter
Install Linux and start earning your money and stop being a lazy F**K. Though it has been argued that if enough people use Linux it will be targeted more aggressively, anyone mildly into computers will tell you that Unix was written by people who knew what they were doing, and is more secure than Windows. Don't even think of iOS...
 

Tuesday, October 26, 2010

INTELLIGENT SOFTWARE

There are many features in most conventional software products that we consider intelligent: A browser that remembers your settings, a player that resumes exactly where you paused or stopped watching a movie and so on. These are however, not cases of intelligent software but rather intelligent coding.
Research in the area of artificial intelligence promise what could be considered a clue to the holy grail of computing: Software that can solve a problem with no human intervention.
Several approaches have been used and each model's strengths and weaknesses noted, though AI is still in its formative stages( That says something considering its a branch of computer science) and an area of active research(To most of you that might read as fun)
This is a log of my foray in AI, and I have to admit I am impressed by the work done in these fields of AI
Neural Networks
Simulates how the brain works and are trained to solve a certain problem domain.
Useful in forecasting, pattern recognition and data mining
Data mining
Involves finding useful relationships in large volumes of data, but unlike in a search engine where the user knows exactly what they want, the process should be software guided, to find relations a human could have overlooked
Case-Based Reasoning
Simulates how a human being solves problems based on similar past episodes(cases).
Involves retrieval of retained cases, reuse to solve current problem,revising the retrieved cases so as to solve the new problem and retaining the problem and its solution for future retrieval
[more to come later]

Tuesday, June 8, 2010

EFFICIENT PROGRAMMING AND SYSTEM DEVELOPMENT: DEVELOPER ALLIANCES AND DEVELOPMENT GUIDELINES FORMULATION

Efficient programming refers to not just program performance, resource usage and speed but as team development and large scale, planned projects become the norm, to refer as well to formation of Developer Alliances and Development Guidelines Formulation.
Developer Alliances
Let me explain this with an example: Sammy, after reading PHP for punks and deciding he is well versed with the language, comes up with a great idea to create an online assignment submission system. However, he does not know anything about databases, and takes 2 more months to learn it. He then develops the system in a month’s time but the users aren’t very pleased with the user interface resulting in four more months to learn JavaScript and CSS and update the site. Now they are demanding more user interactivity.…. Within 2 years any webmaster tasked with the job of maintaining the website would find it a herculean task.
Developer Alliances compromise of a team of developers with complementary skills required for a given project. Sammy could have reduced the website’s development time by 6 months simply by teaming up with a developer or developers who were skilled in databases, JavaScript and CSS. It also would have resulted in better clients’ goodwill, and the cyber world can be a very unforgiving place.
Developer Alliances reduce development time, allowing you to beat deadlines and the competition to the market, develop more quality software by following Development Guidelines, different viewpoints on how to approach a problem and each developer concentrating on their area of expertise. It’s simply the principle of numbers and different approaches resulting to a better solution.
The computer world is rife with examples: Bill Gates and Bob Allen, resulting in the inception of Microsoft. Bill Joy teaming up with Scott McNealy,Vinod Khosla and Andy Bechtolshiem to create one of the best company in the IT business; Sun Microsystems.
Google, Yahoo, ICQ. No matter how brilliant you are, you could always use the input of another mind. One should ideally be in a team with people with whom they get along well and understand each other’s development techniques, coding style and areas of strength and weaknesses, and assigning development tasks as appropriate.
The principle of People Alliances applies to all fields and parts of life: Henry Ford teaming up with Thomas Edison resulted in even greater achievements for him, and his alliance with Harvey Firestone, Luther Burbank and John Burroughs propelled him to even bigger achievements.
The project to be undertaken must be taken into consideration in forming the Developer Alliances. The group’s number should ideally be 5-8 people, as larger groups tend to resulting in more time being used in decision making than in the decisions’ implementation.
Development Guidelines Formulation
One of the most essential skills in Developer Alliances is the ability to understand each other’s code or work and be able to immediately continue where they left off, as in Pair Programming, or to seamless incorporate their components, objects or various end products of the chosen model. Some are lucky to have worked on various past projects together but for others development guidelines are required. They should be as concise as possible, from the mundane to the general e.g.
All classes start with a capital letter with each subsequent word starting with a capital letter.
Meaningful names to be supplied for each module.
Network modules will be secure and implement encryption [using this product]”
From the above guidelines, each developer then will immediate deduce what is a class simply by its spelling. It will also result in well named libraries and an API, making code reuse or exposing the API to other independent developers straightforward.
Development guidelines should be directed by the chosen model of design and development. A great place to start is a programming language recommendations, a product’s convection etc. This should then be tailored to suit the developers’ needs and the given project.
As you move from the general to the specific, the guidelines become more detailed and more technical, offering both executive and technical information and statistics. This can then be used to remunerate team workers. This offers several benefits, for an experienced or expert developer can be on several teams, and using available software allows team members to work on the same project from different geographic locations, and if possible, in the same office.

When used concurrently with other software engineering principles and methodologies like requirements specification, DFDs, UML diagrams and so on, it leads to shorter development time and makes it easier to meet clients requirements due to different skills of the Developer Alliances members.