Wish you all a great 2008 :-)
looking back to my 2007 - was great year,
lot changes - even started the blog first time in my life :-)
have great time !!
© yankandpaste®
Monday, December 31, 2007
Wednesday, December 19, 2007
A PR Story :-)
Updates from CIC in short
=========================
Permanent Residence
We started processing your application on April 30, 2007.
Medical results have been received.
A decision has been made on your application. The office will contact you concerning this decision.
You entered Canada at the Douglas office on December 18, 2007 and became a Permanent Resident.
Thank God, Canada and CIC and Canadian Visa Office - Buffalo for the accepting us ( me and family ) as PR and the fast processing. I applied as Skilled worker immigrant category on Canadian Visa Office - Buffalo.
=========================
Permanent Residence
We started processing your application on April 30, 2007.
Medical results have been received.
A decision has been made on your application. The office will contact you concerning this decision.
You entered Canada at the Douglas office on December 18, 2007 and became a Permanent Resident.
Thank God, Canada and CIC and Canadian Visa Office - Buffalo for the accepting us ( me and family ) as PR and the fast processing. I applied as Skilled worker immigrant category on Canadian Visa Office - Buffalo.
Guilty as charged Plus, 10 nasty questions to ask your VoIP supplier
This story appeared on Network World at
http://www.networkworld.com/columnists/2007/110607-jericho-forum.html
VoIP security industry: Guilty as charged
Plus, 10 nasty questions to ask your VoIP supplier
The Jericho Forum By Paul Simmonds, Network World, 11/05/07
Simmonds is a member of the management board of the Jericho Forum, an organization pushing for innovation in e-commerce security, and is also chief information security officer for a large, global chemicals corporation. Here, Simmonds speaks out about why the Jericho Forum regards today’s VoIP systems as “guilty” of not meeting a necessary level of security. For anyone discussing this with your vendors, Simmonds has also drawn up a “Ten ‘nasty’ questions to ask your VoIP supplier” that’s included at the end of this column.
We in the IT security industry are collectively guilty for allowing a fundamentally insecure system such as VoIP to be launched into the market.
We’ve known for years that only “secure out of the box” should be the default. Yet VoIP is not only insecure by default, it’s almost impossible to make natively secure. What’s worse, VoIP end-devices (the phones) are a full computer – usually with their own Web browser, and (insecure) File Transfer Protocols to manage the firmware updates. So just as organizations are coming to grips with managing the vulnerabilities on their PCs, we have just doubled the management nightmare.
The return-on-investment claims made for moving to VoIP rarely stand up to proper scrutiny. The phones cost more than a standard “business” phone, and have a reduced replacement cycle. Gartner says in its November 2006 report “IP telephony technology, in many cases, can be more expensive than equivalent TDM-based PBX Systems.”
The ability to benefit from toll-bypass (routing your voice traffic over your private WAN to take advantage of spare WAN capacity) is frustrated by the fact that peak time for voice traffic is also the peak time for data traffic on the WAN. Most network managers that I know are looking for ways to offload peak traffic from congested, expensive corporate WAN links – not add huge volumes.
The ability to integrate your computer and your phone is another “benefit” that is on the salesperson’s list, with features such as Click to Call, Find Me/Follow Me and Unified Messaging, but in reality companies rarely take any advantage of such CTI (computer-telephony integration) options.
Then toss in all the extra Band-Aid solutions you need to add, from VoIP firewalls to specialist VoIP security assessments (just run a Google search for “VoIP security solutions”), to make it even partially secure, and the extra management for firmware upgrades, vulnerability assessment and mitigation, and of course the WAN upgrades and all of a sudden those incredible savings the sales-person promised magically disappear.
VoIP is, in essence, a time bomb, poised for a massive exploit. With VoIP gaining traction in the corporate world, from boardrooms to the world's financial trading floor, VoIP is a public security exploit waiting to happen – with the large potential consequences. But unfortunately, this may be what is needed before the industry agrees to take VoIP security seriously.
The historical problems with being able to listen in to conversations that people assumed were secure (or where people assumed security through complexity) are well known: In the 1980s, the world became aware of problems with analog cell phone security when tabloid journalists printed details of an intimate cell-phone conversation between Prince Charles (than married to Princess Diana) and Camilla Parker Bowles. We’re at the stage now with VoIP that something like that is likely to happen, but with consequences far more serious than embarrassment on the part of the British royal family.
At the 2006 Black Hat conference, David Endler and Mark Collier spent a very entertaining hour abusing a mix of VoIP phones, from being able to set up a call and listen in without the called phone ringing to a full corporate denial-of-service attack by making all phones repeatedly ring every 10 seconds (with no one there when answered).
“If it’s not broken, don’t fix it,” doesn’t apply here
At the 2007 Black Hat Conference, there were no less than five presentations on the insecurity and general problems with VoIP.
VoIP does have advantages in certain business situations, such as running an international follow-the-sun help desk or an overseas call center operation, but those business cases are limited and the security risks of VoIP should far outweigh most ROI cases.
Getting the security right, and according to Jericho Forum principles, will finally give a true business case with real ROI: The ability to securely integrate disparate sources of VoIP phones (from VoIP clients on cellular devices, to BlackBerry, Wi-Fi VoIP phones and PC soft phones, as well as the traditional desk phone) connected on LAN connections that probably will not be on a LAN managed by your organization.
Oddly enough, when I used VoIP to discuss this Network World column with a colleague in the United States, the call dropped five times. I gave up and switched back to my cell phone.
Do I like VoIP? It has great potential, but for now the answer is no.
The 10 nasty questions to ask your VoIP supplier:
1. Do all phones and the central infrastructure use 100% secure protocols?
2. Will you warrant this system to operate on the raw Internet with no further add-on devices?
3. Can you manage all VoIP devices automatically, simply, with a scalable, easy-to-manage solution that will support all VoIP end-client including soft phones and end-devices that are connected on the Internet?
4. Explain how phones are, by default, securely provisioned. Including devices that you do not have physical possession of during the provisioning process.
5. Explain how you can conclusively prove that a phone using your system was provisioned by you.
6. Explain how you can conclusively prove that when I make a call, (say from my hotel room) I can be 100% assured that my phone is connecting to the corporate exchange (without using extra security devices such as IPSec).
7. Explain how users are strongly authenticated when connecting their devices. Ideally both device and user should authenticate.
8. Will your system allow federation of identities so we do not need to maintain (yet another) autonomous authentication system?
9. Is there segregation of duties? For example: can the administrator access voice mail and set passwords without the user being aware.
10. Are voice mail systems encrypted, and are all backups encrypted (voice mail, user-names, configuration, passwords)?
All contents copyright 1995-2007 Network World, Inc. http://www.networkworld.com
http://www.networkworld.com/columnists/2007/110607-jericho-forum.html
VoIP security industry: Guilty as charged
Plus, 10 nasty questions to ask your VoIP supplier
The Jericho Forum By Paul Simmonds, Network World, 11/05/07
Simmonds is a member of the management board of the Jericho Forum, an organization pushing for innovation in e-commerce security, and is also chief information security officer for a large, global chemicals corporation. Here, Simmonds speaks out about why the Jericho Forum regards today’s VoIP systems as “guilty” of not meeting a necessary level of security. For anyone discussing this with your vendors, Simmonds has also drawn up a “Ten ‘nasty’ questions to ask your VoIP supplier” that’s included at the end of this column.
We in the IT security industry are collectively guilty for allowing a fundamentally insecure system such as VoIP to be launched into the market.
We’ve known for years that only “secure out of the box” should be the default. Yet VoIP is not only insecure by default, it’s almost impossible to make natively secure. What’s worse, VoIP end-devices (the phones) are a full computer – usually with their own Web browser, and (insecure) File Transfer Protocols to manage the firmware updates. So just as organizations are coming to grips with managing the vulnerabilities on their PCs, we have just doubled the management nightmare.
The return-on-investment claims made for moving to VoIP rarely stand up to proper scrutiny. The phones cost more than a standard “business” phone, and have a reduced replacement cycle. Gartner says in its November 2006 report “IP telephony technology, in many cases, can be more expensive than equivalent TDM-based PBX Systems.”
The ability to benefit from toll-bypass (routing your voice traffic over your private WAN to take advantage of spare WAN capacity) is frustrated by the fact that peak time for voice traffic is also the peak time for data traffic on the WAN. Most network managers that I know are looking for ways to offload peak traffic from congested, expensive corporate WAN links – not add huge volumes.
The ability to integrate your computer and your phone is another “benefit” that is on the salesperson’s list, with features such as Click to Call, Find Me/Follow Me and Unified Messaging, but in reality companies rarely take any advantage of such CTI (computer-telephony integration) options.
Then toss in all the extra Band-Aid solutions you need to add, from VoIP firewalls to specialist VoIP security assessments (just run a Google search for “VoIP security solutions”), to make it even partially secure, and the extra management for firmware upgrades, vulnerability assessment and mitigation, and of course the WAN upgrades and all of a sudden those incredible savings the sales-person promised magically disappear.
VoIP is, in essence, a time bomb, poised for a massive exploit. With VoIP gaining traction in the corporate world, from boardrooms to the world's financial trading floor, VoIP is a public security exploit waiting to happen – with the large potential consequences. But unfortunately, this may be what is needed before the industry agrees to take VoIP security seriously.
The historical problems with being able to listen in to conversations that people assumed were secure (or where people assumed security through complexity) are well known: In the 1980s, the world became aware of problems with analog cell phone security when tabloid journalists printed details of an intimate cell-phone conversation between Prince Charles (than married to Princess Diana) and Camilla Parker Bowles. We’re at the stage now with VoIP that something like that is likely to happen, but with consequences far more serious than embarrassment on the part of the British royal family.
At the 2006 Black Hat conference, David Endler and Mark Collier spent a very entertaining hour abusing a mix of VoIP phones, from being able to set up a call and listen in without the called phone ringing to a full corporate denial-of-service attack by making all phones repeatedly ring every 10 seconds (with no one there when answered).
“If it’s not broken, don’t fix it,” doesn’t apply here
At the 2007 Black Hat Conference, there were no less than five presentations on the insecurity and general problems with VoIP.
VoIP does have advantages in certain business situations, such as running an international follow-the-sun help desk or an overseas call center operation, but those business cases are limited and the security risks of VoIP should far outweigh most ROI cases.
Getting the security right, and according to Jericho Forum principles, will finally give a true business case with real ROI: The ability to securely integrate disparate sources of VoIP phones (from VoIP clients on cellular devices, to BlackBerry, Wi-Fi VoIP phones and PC soft phones, as well as the traditional desk phone) connected on LAN connections that probably will not be on a LAN managed by your organization.
Oddly enough, when I used VoIP to discuss this Network World column with a colleague in the United States, the call dropped five times. I gave up and switched back to my cell phone.
Do I like VoIP? It has great potential, but for now the answer is no.
The 10 nasty questions to ask your VoIP supplier:
1. Do all phones and the central infrastructure use 100% secure protocols?
2. Will you warrant this system to operate on the raw Internet with no further add-on devices?
3. Can you manage all VoIP devices automatically, simply, with a scalable, easy-to-manage solution that will support all VoIP end-client including soft phones and end-devices that are connected on the Internet?
4. Explain how phones are, by default, securely provisioned. Including devices that you do not have physical possession of during the provisioning process.
5. Explain how you can conclusively prove that a phone using your system was provisioned by you.
6. Explain how you can conclusively prove that when I make a call, (say from my hotel room) I can be 100% assured that my phone is connecting to the corporate exchange (without using extra security devices such as IPSec).
7. Explain how users are strongly authenticated when connecting their devices. Ideally both device and user should authenticate.
8. Will your system allow federation of identities so we do not need to maintain (yet another) autonomous authentication system?
9. Is there segregation of duties? For example: can the administrator access voice mail and set passwords without the user being aware.
10. Are voice mail systems encrypted, and are all backups encrypted (voice mail, user-names, configuration, passwords)?
All contents copyright 1995-2007 Network World, Inc. http://www.networkworld.com
Friday, December 14, 2007
The skills you need to succeed
One of the most important changes of the last 30 years is that digital technology has transformed almost everyone into an information worker.
A lot of people assume that creating software is purely a solitary activity. This isn't true at all.
In almost every job now, people use software and work with information to enable their organisation to operate more effectively.
That's true for everyone from the retail store worker who uses a handheld scanner to track inventory to the chief executive who uses business intelligence software to analyse critical market trends.
So if you look at how progress is made and where competitive advantage is created, there's no doubt that the ability to use software tools effectively is critical to succeeding in today's global knowledge economy.
A solid working knowledge of productivity software and other IT tools has become a basic foundation for success in virtually any career.
Beyond that, however, I don't think you can overemphasise the importance of having a good background in maths and science.
If you look at the most interesting things that have emerged in the last decade - whether it is cool things like portable music devices and video games or more practical things like smart phones and medical technology - they all come from the realm of science and engineering.
The power of software
Today and in the future, many of the jobs with the greatest impact will be related to software, whether it is developing software working for a company like Microsoft or helping other organisations use information technology tools to be successful.
Communication skills and the ability to work well with different types of people are very important too.
A lot of people assume that creating software is purely a solitary activity where you sit in an office with the door closed all day and write lots of code.
This isn't true at all.
Software innovation, like almost every other kind of innovation, requires the ability to collaborate and share ideas with other people, and to sit down and talk with customers and get their feedback and understand their needs.
I also place a high value on having a passion for ongoing learning. When I was pretty young, I picked up the habit of reading lots of books.
It's great to read widely about a broad range of subjects. Of course today, it's far easier to go online and find information about any topic that interests you.
Having that kind of curiosity about the world helps anyone succeed, no matter what kind of work they decide to pursue.
VIEWPOINT
By Bill Gates
Chairman, Microsoft
yankandpaste from : http://news.bbc.co.uk/2/hi/business/7142073.stm
© yankandpaste®
A lot of people assume that creating software is purely a solitary activity. This isn't true at all.
In almost every job now, people use software and work with information to enable their organisation to operate more effectively.
That's true for everyone from the retail store worker who uses a handheld scanner to track inventory to the chief executive who uses business intelligence software to analyse critical market trends.
So if you look at how progress is made and where competitive advantage is created, there's no doubt that the ability to use software tools effectively is critical to succeeding in today's global knowledge economy.
A solid working knowledge of productivity software and other IT tools has become a basic foundation for success in virtually any career.
Beyond that, however, I don't think you can overemphasise the importance of having a good background in maths and science.
If you look at the most interesting things that have emerged in the last decade - whether it is cool things like portable music devices and video games or more practical things like smart phones and medical technology - they all come from the realm of science and engineering.
The power of software
Today and in the future, many of the jobs with the greatest impact will be related to software, whether it is developing software working for a company like Microsoft or helping other organisations use information technology tools to be successful.
Communication skills and the ability to work well with different types of people are very important too.
A lot of people assume that creating software is purely a solitary activity where you sit in an office with the door closed all day and write lots of code.
This isn't true at all.
Software innovation, like almost every other kind of innovation, requires the ability to collaborate and share ideas with other people, and to sit down and talk with customers and get their feedback and understand their needs.
I also place a high value on having a passion for ongoing learning. When I was pretty young, I picked up the habit of reading lots of books.
It's great to read widely about a broad range of subjects. Of course today, it's far easier to go online and find information about any topic that interests you.
Having that kind of curiosity about the world helps anyone succeed, no matter what kind of work they decide to pursue.
VIEWPOINT
By Bill Gates
Chairman, Microsoft
yankandpaste from : http://news.bbc.co.uk/2/hi/business/7142073.stm
© yankandpaste®
Thursday, December 6, 2007
Upgrading N800 with Os2008
Was a nice experience. The first thing was to read the cnet news article on this
Second step: downloading the os2008 image as per instructions 1,2 and 3 from the article. My little Einstein asked: why not try directly from windows. kool idea - no linux, no flasher nothing :-).
Tried :- failed
Again back to linux, followed the steps and works like a gem.
yankandpasteing the steps for my/others reference
Go to the N810 software download page.
Enter the serial number for a valid N810 device. To get one of these, pick any number between 001d6e9c0000 to 001d6e9cffff. Pick any random 4 digits (between 0-9 and a-f hex) as the last 4 digits.
Download the file named "RX-44_2008SE_1.2007.42-18_PR_COMBINED_MR0_ARM.bin."
Download the latest firmware-upgrading software, "flasher-3.0".
Now that you have the firmware flasher and the 2008 N800 software update in the same directory, open up a terminal (on a Linux desktop/laptop), and type:
chmod a+x ./flasher-3.0
./flasher-3.0 -u -F RX-44_2008SE_1.2007.42-18_PR_COMBINED_MR0_ARM.bin.
That will unpack the software, and it may take a few seconds. Once that is done, plug the N800 into your computer, using the included USB cable, then reboot the Nokia device while holding the home button. Now execute the following commands:
sudo ./flasher-3.0 --enable-rd-mode
sudo ./flasher-3.0 -k zImage -f
sudo ./flasher-3.0 -n initfs.jffs2 -f
sudo ./flasher-3.0 -r rootfs.jffs2 -f -R
That should be it. Your device should now boot up with the new 2008 version of the Nokia Maemo operating system.
© yankandpaste®
Second step: downloading the os2008 image as per instructions 1,2 and 3 from the article. My little Einstein asked: why not try directly from windows. kool idea - no linux, no flasher nothing :-).
Tried :- failed
Again back to linux, followed the steps and works like a gem.
yankandpasteing the steps for my/others reference
Go to the N810 software download page.
Enter the serial number for a valid N810 device. To get one of these, pick any number between 001d6e9c0000 to 001d6e9cffff. Pick any random 4 digits (between 0-9 and a-f hex) as the last 4 digits.
Download the file named "RX-44_2008SE_1.2007.42-18_PR_COMBINED_MR0_ARM.bin."
Download the latest firmware-upgrading software, "flasher-3.0".
Now that you have the firmware flasher and the 2008 N800 software update in the same directory, open up a terminal (on a Linux desktop/laptop), and type:
chmod a+x ./flasher-3.0
./flasher-3.0 -u -F RX-44_2008SE_1.2007.42-18_PR_COMBINED_MR0_ARM.bin.
That will unpack the software, and it may take a few seconds. Once that is done, plug the N800 into your computer, using the included USB cable, then reboot the Nokia device while holding the home button. Now execute the following commands:
sudo ./flasher-3.0 --enable-rd-mode
sudo ./flasher-3.0 -k zImage -f
sudo ./flasher-3.0 -n initfs.jffs2 -f
sudo ./flasher-3.0 -r rootfs.jffs2 -f -R
That should be it. Your device should now boot up with the new 2008 version of the Nokia Maemo operating system.
© yankandpaste®
Subscribe to:
Posts (Atom)