CIS305

Database Breach {10}

Database Breaches: Target

As technology grows at an ever faster rate, people scramble to keep up with the new changes. New systems are released; new patches, new servers, and more and more new technologies are being developed such as the cloud. Computer infrastructures such as the Google’s data bases or Sony’s Playstation Network have the challenge to maintain which is very hard on a large scale and expensive to keep up to date. With the quickly changing environment of technology, it is only becoming more difficult to stay up to date as time progresses into the future of new unknown technology advances.

read more...

Security Testing of Voting Systems {3}

The peer reviewed article i choose for this week was about security testing voting systems. The authors discussed a few vulnerabilities for the DRE or direct-recording electronic voting machine and how they can affect election day. The authors found buffer overflows in the DRE system and by exploiting them it was very easy to completely take it over. Also, the DRE systems do not have the necessary means to detect any malicious software or a change in firmware. If malicious firmware is installed in the DRE system, it can activate on election day and modify a subset of ballots so they seem as if they were for the preffered candidate. There’s the “careful voter” scenario, where the voter will submit his ballot and a review screen will appear with the name of the preferred candidate and not the one the voter voted for. If the voter catches the mistake, the firmware will allow the voter to edit the submition. At this point, the firmware will consider itself found and will not change the ballots for a period of time or voters before it starts again. Another of the many scenarios in the article was the “After the Fact Vote”. For this scenario the voter places his vote normally, then the firmware will print a voided ballot and will re-print the ballot with a vote for the preferred candidate.

read more...

Common Threats of Cloud Computing {2}

The peer reviewed article i chose for this weeks post is about the services that cloud providers are offering that can be potential threats. The article focuses on virtualization and the impact it has on cloud security. As we already know, virtualization means that a single physical machine known as a host can run multiple operating systems at the same time, known as virtual machines. The first threat discussed is VM Hopping. With VM hopping, an attacker has control of one virtual machine and tries to gain control of another. VM hopping is a considerable threat because serveral VM’s can run on the same host making them all targets for the attacker. Another threat that caught my attention was the VM Denial of Service. “VM’s share physical resources, such as CPU, memory disk, and network bandwidth.” DoS in virtualization happens when one machine uses all of the resources. Making the host unable to launch more VMs, preventing the service. One effective way to reduce the occurance of a DoS attack is to limit the resource allocation for each machine.

read more...

Our Information’s Importance to Corporations {Comments Off on Our Information’s Importance to Corporations}

In the Guardian article chosen, the author describes how Wal-Mart has recently purchased Facebook’s popular “Social Calendar” application, and the implications of the purchase – the corporation now has access to the millions of users, and all of the friends of the users that they may refer to using the application. The author goes on to describe the future role of information, and how information on people, as consumers and for other roles, is quickly becoming a massive component of the modern world. The article details how important information really is, “Facebook’s projected $100bn value is based on the data it offers people who want to exploit its social graph,” (Krotoski, 2012) – essentially, the success of the social media site relies heavily upon offering all of the information the user believes is just to be shared with friends. This leads to a discussion on the future of individual privacy and what having information online might lead to – it even refers to my previous blog about Target analysts discovering a woman is pregnant before even her father can! The author chooses the phrase “aggregated data,” or “Big Data” to describe what is happening to all of the information on us online; powerful organizations are collecting various facets of data about individuals, whether it be to market to them better, determine whether to hire individuals (several recent cases involve companies asking for Facebook passwords, or simply collecting the information on their own), and one example even details using social media to gather information on a man that attempted murder!

read more...

Choosing the right tools for a database {1}

The article i read goes over the basics of a database and what people need to know when considering implementing a database for their business.  The author talks about database design and management and also recommends software to make the process easier.  Under the “Databases Defined” section of the article, the author goes over the entities and attributes and how relationships can be established between entities in order to share data.  The products that the author recommends are FileMaker Pro 11.  With this anybody can create a database or ad-hoc report.  If the user is a bit more familiar with databases then the author discusses Microsoft Access 2010 and Alpha Five v10 Developer to create highly customized solutions using the databases as back-ends.

read more...

Efficient SQL {6}

            The article goes into how to better optimally use SQL Server because as technology advances and becomes more complex, it becomes increasingly harder to find the most efficient method. The authors go into improving the performance of SQL Server instances, queries, and optimization features in SQL Server 2008. The ways of running efficiently are further explored by going into more detail in having efficient data schema, indexes, avoiding recompiling of execution plans, among other things.

read more...

Benchmark Factory Tool {Comments Off on Benchmark Factory Tool}

            Quest Software released a testing tool called Benchmark Factory for databases. It was made to be an alternative to Oracle Real Application Testing. In addition to the “scalability and industry-standard capabilities, users can more easily capture production workload and replay it in a testing environment.” Benchmark Factory allows more flexibility to customize options by database administrators. The software is supposed to cut down on changes needed by databases by getting the right configuration by using Benchmark Factory.

read more...

HTML 5 now and HTML 5 forever {1}

AT&T is in overdrive to push HTML 5 out since the release of the new API’s that were released. They are really pushing App developers to use HTML 5. “‘It’s essentially a rich set of APIs and tools aimed at furthering the HTML 5 appeal as an app development choice,’ said David Christopher, chief marketing officer at AT&T.’ Why are we focusing on HTML 5? We think it has the potential to address fragmentation.’” (Gohring, 2012) They hope by using HTML 5 as a defining standard among App Developers that it will make future app development easier. As it stands now apps that run on iPhones, Androids, Windows Phones, and Black Berries is a mess because developers need to rewrite applications to run on each phone and by writing apps in HTML 5 it will let developers make apps that run in the browser, which any Smartphone has. The new HTML5 API library offers API’s for some useful features like SMS, MMS, and it would allow users to be able to make payments in app that can be applied to the user’s bill. So for example, I am playing Angry Birds Lite in my HTML 5 Browser, I enjoy it so I purchase the full version, and it will then appear in say my monthly AT&T Bill. The API Library is hosted on select cloud services like MS Azure and Heroku, and to access these new API’s a person must be willing to shell out $99 for registration.

read more...

The all “new” Database Firewall {Comments Off on The all “new” Database Firewall}

It slices, it dices, it makes healthy meals in thirty minutes flat, unclogs drains with ease, and will fold your laundry! Okay maybe it does none of that, but what it does do is offer a small peace of mind when it comes to Database protection.  This year was known as the Year of the hacker, with hacking stealing the headlines away from shark attacks, missing children, and celebrity rehab news (Thankfully). People have known about hackers for ages, but this last summer hacker groups such as Anonymous and LOLZSEC made everyone feel a little less safe. Sony was a focus of several attacks, and millions of people were affected by one attack alone. The Spree of hacking brought the hacking problem into the public eye. What is even more freighting is how easy it is.

read more...

Databases turn the tide on Graffiti! {Comments Off on Databases turn the tide on Graffiti!}

Graffiti, it dots the landscape in just about every city and neighborhood. In most cases, it is an eyesore, blight upon the urban landscape. Every day the cities spend millions on cleaning it up, only for to happen again, and again. To this end cities are fighting back…with databases!  Several cities have started to fight back with databases. Los Angeles launched its own database this year called TAGRS to combat a ten million dollar a year problem. City of Santa Clarita has a Graffiti task force, which was created back in 2006 and since then has caught 1,000 taggers since the creation of their database.

read more...