Search Results

Search found 2175 results on 87 pages for 'jason kelly'.

Page 84/87 | < Previous Page | 80 81 82 83 84 85 86 87  | Next Page >

  • RegEx for a date format

    - by Ivan
    Say I have a string like this: 07-MAY-07 Hello World 07-MAY-07 Hello Again So the pattern is, DD-MMM-YY, where MMM is the three letter format for a month. What Regular Expression will break up this string into: 07-MAY-07 Hello World 07-MAY-07 Hello Again Using Jason's code below modified for C#, string input = @"07-MAY-07 Hello World 07-MAY-07 Hello Again"; string pattern = @"(\d{2}-[A-Z]{3}-\d{2}\s)(\D*|\s)"; string[] results = Regex.Split(input, pattern); results.Dump(); Console.WriteLine("Length = {0}", results.Count()); foreach (string split in results) { Console.WriteLine("'{0}'", split); Console.WriteLine(); } I get embedded blank lines? Length = 7 '' '07-MAY-07 ' 'Hello World ' '' '07-MAY-07 ' 'Hello Again' '' I don't even understand why I am getting the blank lines...?

    Read the article

  • using PHP to create multidimensional array from simple JSON array

    - by Michael Robinson
    I have a php query the returns the following JSON format from a table. [{"memberid":"18", "useridFK":"30", "loginName":"Johnson", "name":"Frank", "age":"23", "place":"School", }, It needs the following format: [{"memberid":"18" { "useridFK":"30", "loginName":"Johnson", "name":"Frank", "age":"23", "place":"School",} }, I was told in another question that PHP would work and it looks like "Transversing" might be appropriate, I'm looking to find out what to put in the Php before it returns the JASON. My Array.plist will look like the following: Root: Dictionary V Rows: Array V Item 0: Dictionary Title: String 18 V Children Array V Item 0 Dictionary Title String 30 etc. Thanks in advance.

    Read the article

  • Checking for any lowercase letters in a string

    - by pcampbell
    Consider a JavaScript method that needs to check whether a given string is in all uppercase letters. The input strings are people's names. The current algorithm is to check for any lowercase letters. var check1 = "Jack Spratt"; var check2 = "BARBARA FOO-BAR"; var check3 = "JASON D'WIDGET"; var isUpper1 = HasLowercaseCharacters(check1); var isUpper2 = HasLowercaseCharacters(check2); var isUpper3 = HasLowercaseCharacters(check3); function HasLowercaseCharacters(string input) { //pattern for finding whether any lowercase alpha characters exist var allLowercase; return allLowercase.test(input); } Is a regex the best way to go here? What pattern would you use to determine whether a string has any lower case alpha characters?

    Read the article

  • How to upload a CSV file and and read it's data in the client side itself and send the data as a stream through a ajax post?

    - by sunshine
    I need to upload a CSV file and get its contents form the client side itself. Then post it to the server where I can retriev the stream and do the string manipulations in the serer action methods. Is there any jquery plugin for this task to upload a csv file and send data as a stream using ajax or jason? I am really new to this area.I am working in VS2010 AND mvc3. Can some one give me a clear solution for this mater?? Any examples?? I did search a lot but did not find any suitable solution yet. Can anyone please help me with this matter. Thanks so much.

    Read the article

  • Proper way to set object instance variables

    - by ensnare
    I'm writing a class to insert users into a database, and before I get too far in, I just want to make sure that my OO approach is clean: class User(object): def setName(self,name): #Do sanity checks on name self._name = name def setPassword(self,password): #Check password length > 6 characters #Encrypt to md5 self._password = password def commit(self): #Commit to database >>u = User() >>u.setName('Jason Martinez') >>u.setPassword('linebreak') >>u.commit() Is this the right approach? Should I declare class variables up top? Should I use a _ in front of all the class variables to make them private? Thanks for helping out.

    Read the article

  • How to decode a JSON String with several objects in PHP?

    - by ilnur777
    Hi, guys! I know how to decode a JSON string with one object with your help from this example http://stackoverflow.com/questions/2543389/how-to-decode-a-json-string But now I would like to improve decoding JSON string with several objects and I can't understand how to do it. Here is an example: { "programmers": [ { "firstName": "Brett", "lastName":"McLaughlin" }, { "firstName": "Jason", "lastName":"Hunter" }, { "firstName": "Elliotte", "lastName":"Harold" } ], "authors": [ { "firstName": "Isaac", "lastName": "Asimov" }, { "firstName": "Tad", "lastName": "Williams" }, { "firstName": "Frank", "lastName": "Peretti" } ], "musicians": [ { "firstName": "Eric", "lastName": "Clapton" }, { "firstName": "Sergei", "lastName": "Rachmaninoff" } ] } How to decode this JSON, call data and display on the page from what object the informartion list is being read? Thank you!

    Read the article

  • How do I prevent a ManyToManyField('self') from linked an object to itself?

    - by dyve
    Consider this model (simplified for this question): class SecretAgentName(models.Model): name = models.CharField(max_length=100) aliases = ManyToManyField('self') I have three names, "James Bond", "007" and "Jason Bourne". "James Bond" and "007" are aliases of each other. This works exactly like I want it to, except for the fact that every instance can also be an alias of itself. This I want to prevent. So, there can be many SecretAgentNames, all can be aliases of each other as long as "James Bond" does not show up as an alias for "James Bond". Can I prevent this in the model definition? If not, can I prevent it anywhere else, preferably so that the Django Admin understands it?

    Read the article

  • How to Identify a ListViewItem to Update a Single Row

    - by tunneling
    I have a ListView displays information about an object. When I click a ListView Item, I open an Activity that let's me manipulate parameters of the object held in the adapter. These parameters are updated and stored remotely. When I return to the ListView (via the back button), I want to update the ListView Item that I clicked originally by requesting the parameter values from the remote server. I am currently doing this up updating the entire ListView by clearing it and rebuilding it. How do I reference the ListView Item so that I can update the data for that item only? Thanks, Jason

    Read the article

  • Portable way to determining of printer is physical or virtual

    - by Mud
    I need direct-to-printer functionality for my website, with the ability to distinguish a physical printer from a virtual printer (file). Coupons.com has this functionality via a native binary which must be installed by the user. I'd prefer to avoid that. SmartSource.com does it via Java applet: Does anybody know how this is done? I dug through that Java APIs a bit, and don't see anything that would let you determine physical vs virtual, except looking at the name (that seems prone to misidentification). It would be nice to be able to do it in Java, because I already know how to write Java applets. Failing that, is there a way to do this in Flash or Silverlight? Thanks in advance. EDIT: Well deserved bounty awarded to Jason Sperske who worked out an elegant solution. Thanks to those of you who shared ideas, as well as those who actually investigated SmartSource.com's solution (like Adrian).

    Read the article

  • stored procedure to find value in 2 columns out of 3

    - by user1510533
    I am putting in the samle date and i am supposed to do something similar what i am asking. I want to run a query that would pull values in any two columns out 3 if it has a 1 or if any one column has a 1 it will return just those results. However it should search all three columns and in any of the three columns where it found value as 1 it should return that result. Can anyone please help me with this. Thanks in advance. ID Patient Patient Name prio prio2 prio3 ------------------------------------------------- 1 101563 Robert Riley 1 1 1 2 101583 Cody Ayers 1 0 1 3 101825 Jason Lawler 0 0 1 4 101984 Dustin Lumis 1 0 0 5 102365 Stacy smith 1 0 0 6 102564 Frank Milon 1 0 0 7 102692 Thomas Kroning 1 0 0 8 102856 Andrew Philips 1 0 0 9 102915 Alice Davies 0 0 1 10 103785 Jon Durley 0 0 1 11 103958 Clayton Folsom 1 1 1 12 104696 Michelle Holsley 1 1 1 13 104983 Teresa Jones 1 0 1 14 105892 Betsy Prat 1 1 0 15 106859 Casey Ayers 1 1 0

    Read the article

  • What exactly is Two-way databinding in WPF ?

    - by blntechie
    I'm learning WPF with MVVM and for a starter, I viewed Jason Dolinger's video on MVVM . In that he mentioned, that one of the advantage of using MVVM with WPF is two-way data binding. My question is what does he mean by two-way data binding? Is that the feature of ability to 1) bind data from controls(View) to properties in VM and 2) any change in collections or properties are reflected in the view? If I'm wrong, can anyone please explain me in detail what it is and what are its advantages? This might be a very simple doubt, but I'm very new to WPF and it's terminologies and moving away from WinForms now.

    Read the article

  • JavaScript - checking for any lowercase letters in a string

    - by pcampbell
    Consider a JavaScript method that needs to check whether a given string is in all uppercase letters. The input strings are people's names. The current algorithm is to check for any lowercase letters. var check1 = "Jack Spratt"; var check2 = "BARBARA FOO-BAR"; var check3 = "JASON D'WIDGET"; var isUpper1 = HasLowercaseCharacters(check1); var isUpper2 = HasLowercaseCharacters(check2); var isUpper3 = HasLowercaseCharacters(check3); function HasLowercaseCharacters(string input) { //pattern for finding whether any lowercase alpha characters exist var allLowercase; return allLowercase.test(input); } Is a regex the best way to go here? What pattern would you use to determine whether a string has any lower case alpha characters?

    Read the article

  • IO redirect engine with metadata

    - by hawk.hsieh
    Is there any C library or tool to redirect IO and be able to configured by a metadata. And provide a dynamic link library to perform custom process for feeding data into next IO. For example, network video recorder: record video: socket do_something() file preview video: socket do_something() PCI device http service: download file: socket do_something(http) file socket post file: socket do_something(http) file serial control: monitor device: uart do_something(custom protocol) popen("zip") socket I know the unix-like OS has IO redirect feature and integrate all application you want. Even socket IO you can use /dev/tcp or implement a process to redirect to stdout. But this is process based , the process's foot print is big , IPC is heavy. Therefore, I am looking for something to redirect IO in a process and the data redirect between IO is configurable with a metadata (XML,jason or others).

    Read the article

  • why isn't my id showing up in django admin list?

    - by FurtiveFelon
    Hi all, I have a class Task(models.Model), and i didn't define id field explicitly (since it defines automatically for you). I checked in the database, it exists for the Task. Now i would like to display it in the list via list_display property in admin.ModelAdmin. I have a bunch of things in there, only id is not showing up for any of the rows i have. Everything else works fine. Anyone know anything special i have to do to get id to display? Thanks a lot! Jason

    Read the article

  • Err Web Service?

    - by j-t-s
    Hi All I am trying to implement a feature. But I've never had anything to do with "Web Services" before, other than using them. I have a desktop application, and I want that application to be able to sort of "post" some information (i.e. email address, username, user-selected options (just plain text) etc) to an application or "web service" on my ASP.NET web server. Can somebody please guide me in the right direction? How would I accomplish this? Thank you :) Jason

    Read the article

  • Why Can't I import a UITableViewCell subclass ? That's weird....

    - by user320064
    It's like this, I created a UITableViewCell subclass called NewsItemCell, then I wanna use it in my FirstViewController.m, then I tried to import it, but the compiler keeps telling me this Below is my code, it is driving me mad, thank you if you can help. import "NewsItemCell.h" import "FirstViewController.h" @implementation FirstViewController @synthesize computers; (UITableViewCell *)tableView:(UITableView *)tableView cellForRowAtIndexPath:(NSIndexPath *)indexPath { static NSString *CellIdentifier = @"NewsItemCellIdentifier"; NewsItemcell *cell = (NewsItemcell *)[tableView dequeueReusableCellWithIdentifier: CellIdentifier]; if (cell == nil) { NSArray *nib = [[NSBundle mainBundle] loadNibNamed:@"NewsItemCell" owner:self options:nil]; for (id oneObject in nib) if ([oneObject isKindOfClass:[NewsItemcell class]]) cell = (NewsItemcell *)oneObject; } NSUInteger row = [indexPath row]; NSDictionary *rowData = [self.computers objectAtIndex:row]; cell.newsTitle.text = [rowData objectForKey:@"Color"]; cell.newsDate.text = [rowData objectForKey:@"Name"]; return cell; } Jason

    Read the article

  • How to display more things in admin.StackedInline

    - by FurtiveFelon
    Hi all, I have Article model and a Comment model. Comment is created in admin.py as admin.StackedInline, and it has several fields, notably content and lastUpdate. For lastUpdate, i have specified as follows: lastUpdate = models.DateTimeField('last update', auto_now=True). Understandably, lastUpdate is not displayed when i try to add new comment (or edit old ones). However, i would like it to display for older comments if possible, as a read only thing. Is there anyway of accomplishing that? Thanks a lot! Jason

    Read the article

  • jQuery FadeTo() bg on rollover, IMG animate().width height

    - by jg462095
    Hello all, I have been reading StackOverflow for a while and now I have a question I cannot find an answer to. i am trying to fade a background and increase on img size on rollover. I have tried animate() and fadeTo(), however, the entire div fades. Do I need to absolute position my images over the div and not within it? img or img? Is that the only way to get items within a div to not fade along with the background? Thanks! Jason

    Read the article

  • How can I set breakpoints in an external JS script in Firebug

    - by Manu
    I can easily set breakpoints in embedded JS functions, but I don't see any way of accessing extarnal JS scripts via Firebug unless I happen to enter them during a debug session. Is there a way to do this w/o having to 'explore' my way into the script? @Jason: This is a good point, but in my case I do not have easy access to the script. I am specifically talking about the client scripts which are invoked by the ASP.Net Validators that I would like to debug. I can access them during a debug session through entering the function calls, but I could not find a way to access them directly.

    Read the article

  • I need to create a web service using .NET-- where should I start?

    - by j-t-s
    Hi All I am trying to implement a feature. But I've never had anything to do with "Web Services" before, other than using them. I have a desktop application, and I want that application to be able to sort of "post" some information (i.e. email address, username, user-selected options (just plain text) etc) to an application or "web service" on my ASP.NET web server. Can somebody please guide me in the right direction? How would I accomplish this? Thank you :) Jason

    Read the article

  • what's the best (most effecient) way in asp .net to return a whole page into tabbed content?

    - by ijjo
    what i want to do is every time i click on a tab, the content area is replaced by pretty much a whole new page. i don't want a full page load so i want to do it in ajax, but i'm used to sending back small jason data via page methods. i'm not sure how i would construct a whole new page and return that via ajax and i would like to simply assign the whole content returned to a div and be done with it. what's the best way to do this with the least amount of overhead (i know there are some inefficient ways the scriptmanager does ajax)? or is it better to load the tabbed content in an iframe? fyi i'm already using jquery to call lightweight pagemethods on my asp net page and that works great.

    Read the article

  • Information stored in a cookie file

    - by jklmuk
    Thanks for you help in advance. I am trying to figure out the structure of the cookie file, more specifically i want to be able to determine the expiry time. From the cookies i have created they all appear to be in a standard format. Name, Value, website,followed by 5 numbers and a star. See example below. name value www.website.co.uk/ 1536 3041141504 30135951 1632526096 30135949 * Obviously the expiry time is one of the numbers, the question is which one. From experiments I have determined that the first and fifth number don't seem to change. In a case where i generated three cookies at the same time with a 1000 second time difference i noticed that the fourth number appeared to increase by 2000 suggesting that this has a connection with the expiry time. Can anyone confirm if i am heading in the right direction? And does any one know how i convert this to a human time and date(preferably in php but any language would give me a starting point) thanks Jason

    Read the article

  • Toorcon14

    - by danx
    Toorcon 2012 Information Security Conference San Diego, CA, http://www.toorcon.org/ Dan Anderson, October 2012 It's almost Halloween, and we all know what that means—yes, of course, it's time for another Toorcon Conference! Toorcon is an annual conference for people interested in computer security. This includes the whole range of hackers, computer hobbyists, professionals, security consultants, press, law enforcement, prosecutors, FBI, etc. We're at Toorcon 14—see earlier blogs for some of the previous Toorcon's I've attended (back to 2003). This year's "con" was held at the Westin on Broadway in downtown San Diego, California. The following are not necessarily my views—I'm just the messenger—although I could have misquoted or misparaphrased the speakers. Also, I only reviewed some of the talks, below, which I attended and interested me. MalAndroid—the Crux of Android Infections, Aditya K. Sood Programming Weird Machines with ELF Metadata, Rebecca "bx" Shapiro Privacy at the Handset: New FCC Rules?, Valkyrie Hacking Measured Boot and UEFI, Dan Griffin You Can't Buy Security: Building the Open Source InfoSec Program, Boris Sverdlik What Journalists Want: The Investigative Reporters' Perspective on Hacking, Dave Maas & Jason Leopold Accessibility and Security, Anna Shubina Stop Patching, for Stronger PCI Compliance, Adam Brand McAfee Secure & Trustmarks — a Hacker's Best Friend, Jay James & Shane MacDougall MalAndroid—the Crux of Android Infections Aditya K. Sood, IOActive, Michigan State PhD candidate Aditya talked about Android smartphone malware. There's a lot of old Android software out there—over 50% Gingerbread (2.3.x)—and most have unpatched vulnerabilities. Of 9 Android vulnerabilities, 8 have known exploits (such as the old Gingerbread Global Object Table exploit). Android protection includes sandboxing, security scanner, app permissions, and screened Android app market. The Android permission checker has fine-grain resource control, policy enforcement. Android static analysis also includes a static analysis app checker (bouncer), and a vulnerablity checker. What security problems does Android have? User-centric security, which depends on the user to grant permission and make smart decisions. But users don't care or think about malware (the're not aware, not paranoid). All they want is functionality, extensibility, mobility Android had no "proper" encryption before Android 3.0 No built-in protection against social engineering and web tricks Alternative Android app markets are unsafe. Simply visiting some markets can infect Android Aditya classified Android Malware types as: Type A—Apps. These interact with the Android app framework. For example, a fake Netflix app. Or Android Gold Dream (game), which uploads user files stealthy manner to a remote location. Type K—Kernel. Exploits underlying Linux libraries or kernel Type H—Hybrid. These use multiple layers (app framework, libraries, kernel). These are most commonly used by Android botnets, which are popular with Chinese botnet authors What are the threats from Android malware? These incude leak info (contacts), banking fraud, corporate network attacks, malware advertising, malware "Hackivism" (the promotion of social causes. For example, promiting specific leaders of the Tunisian or Iranian revolutions. Android malware is frequently "masquerated". That is, repackaged inside a legit app with malware. To avoid detection, the hidden malware is not unwrapped until runtime. The malware payload can be hidden in, for example, PNG files. Less common are Android bootkits—there's not many around. What they do is hijack the Android init framework—alteering system programs and daemons, then deletes itself. For example, the DKF Bootkit (China). Android App Problems: no code signing! all self-signed native code execution permission sandbox — all or none alternate market places no robust Android malware detection at network level delayed patch process Programming Weird Machines with ELF Metadata Rebecca "bx" Shapiro, Dartmouth College, NH https://github.com/bx/elf-bf-tools @bxsays on twitter Definitions. "ELF" is an executable file format used in linking and loading executables (on UNIX/Linux-class machines). "Weird machine" uses undocumented computation sources (I think of them as unintended virtual machines). Some examples of "weird machines" are those that: return to weird location, does SQL injection, corrupts the heap. Bx then talked about using ELF metadata as (an uintended) "weird machine". Some ELF background: A compiler takes source code and generates a ELF object file (hello.o). A static linker makes an ELF executable from the object file. A runtime linker and loader takes ELF executable and loads and relocates it in memory. The ELF file has symbols to relocate functions and variables. ELF has two relocation tables—one at link time and another one at loading time: .rela.dyn (link time) and .dynsym (dynamic table). GOT: Global Offset Table of addresses for dynamically-linked functions. PLT: Procedure Linkage Tables—works with GOT. The memory layout of a process (not the ELF file) is, in order: program (+ heap), dynamic libraries, libc, ld.so, stack (which includes the dynamic table loaded into memory) For ELF, the "weird machine" is found and exploited in the loader. ELF can be crafted for executing viruses, by tricking runtime into executing interpreted "code" in the ELF symbol table. One can inject parasitic "code" without modifying the actual ELF code portions. Think of the ELF symbol table as an "assembly language" interpreter. It has these elements: instructions: Add, move, jump if not 0 (jnz) Think of symbol table entries as "registers" symbol table value is "contents" immediate values are constants direct values are addresses (e.g., 0xdeadbeef) move instruction: is a relocation table entry add instruction: relocation table "addend" entry jnz instruction: takes multiple relocation table entries The ELF weird machine exploits the loader by relocating relocation table entries. The loader will go on forever until told to stop. It stores state on stack at "end" and uses IFUNC table entries (containing function pointer address). The ELF weird machine, called "Brainfu*k" (BF) has: 8 instructions: pointer inc, dec, inc indirect, dec indirect, jump forward, jump backward, print. Three registers - 3 registers Bx showed example BF source code that implemented a Turing machine printing "hello, world". More interesting was the next demo, where bx modified ping. Ping runs suid as root, but quickly drops privilege. BF modified the loader to disable the library function call dropping privilege, so it remained as root. Then BF modified the ping -t argument to execute the -t filename as root. It's best to show what this modified ping does with an example: $ whoami bx $ ping localhost -t backdoor.sh # executes backdoor $ whoami root $ The modified code increased from 285948 bytes to 290209 bytes. A BF tool compiles "executable" by modifying the symbol table in an existing ELF executable. The tool modifies .dynsym and .rela.dyn table, but not code or data. Privacy at the Handset: New FCC Rules? "Valkyrie" (Christie Dudley, Santa Clara Law JD candidate) Valkyrie talked about mobile handset privacy. Some background: Senator Franken (also a comedian) became alarmed about CarrierIQ, where the carriers track their customers. Franken asked the FCC to find out what obligations carriers think they have to protect privacy. The carriers' response was that they are doing just fine with self-regulation—no worries! Carriers need to collect data, such as missed calls, to maintain network quality. But carriers also sell data for marketing. Verizon sells customer data and enables this with a narrow privacy policy (only 1 month to opt out, with difficulties). The data sold is not individually identifiable and is aggregated. But Verizon recommends, as an aggregation workaround to "recollate" data to other databases to identify customers indirectly. The FCC has regulated telephone privacy since 1934 and mobile network privacy since 2007. Also, the carriers say mobile phone privacy is a FTC responsibility (not FCC). FTC is trying to improve mobile app privacy, but FTC has no authority over carrier / customer relationships. As a side note, Apple iPhones are unique as carriers have extra control over iPhones they don't have with other smartphones. As a result iPhones may be more regulated. Who are the consumer advocates? Everyone knows EFF, but EPIC (Electrnic Privacy Info Center), although more obsecure, is more relevant. What to do? Carriers must be accountable. Opt-in and opt-out at any time. Carriers need incentive to grant users control for those who want it, by holding them liable and responsible for breeches on their clock. Location information should be added current CPNI privacy protection, and require "Pen/trap" judicial order to obtain (and would still be a lower standard than 4th Amendment). Politics are on a pro-privacy swing now, with many senators and the Whitehouse. There will probably be new regulation soon, and enforcement will be a problem, but consumers will still have some benefit. Hacking Measured Boot and UEFI Dan Griffin, JWSecure, Inc., Seattle, @JWSdan Dan talked about hacking measured UEFI boot. First some terms: UEFI is a boot technology that is replacing BIOS (has whitelisting and blacklisting). UEFI protects devices against rootkits. TPM - hardware security device to store hashs and hardware-protected keys "secure boot" can control at firmware level what boot images can boot "measured boot" OS feature that tracks hashes (from BIOS, boot loader, krnel, early drivers). "remote attestation" allows remote validation and control based on policy on a remote attestation server. Microsoft pushing TPM (Windows 8 required), but Google is not. Intel TianoCore is the only open source for UEFI. Dan has Measured Boot Tool at http://mbt.codeplex.com/ with a demo where you can also view TPM data. TPM support already on enterprise-class machines. UEFI Weaknesses. UEFI toolkits are evolving rapidly, but UEFI has weaknesses: assume user is an ally trust TPM implicitly, and attached to computer hibernate file is unprotected (disk encryption protects against this) protection migrating from hardware to firmware delays in patching and whitelist updates will UEFI really be adopted by the mainstream (smartphone hardware support, bank support, apathetic consumer support) You Can't Buy Security: Building the Open Source InfoSec Program Boris Sverdlik, ISDPodcast.com co-host Boris talked about problems typical with current security audits. "IT Security" is an oxymoron—IT exists to enable buiness, uptime, utilization, reporting, but don't care about security—IT has conflict of interest. There's no Magic Bullet ("blinky box"), no one-size-fits-all solution (e.g., Intrusion Detection Systems (IDSs)). Regulations don't make you secure. The cloud is not secure (because of shared data and admin access). Defense and pen testing is not sexy. Auditors are not solution (security not a checklist)—what's needed is experience and adaptability—need soft skills. Step 1: First thing is to Google and learn the company end-to-end before you start. Get to know the management team (not IT team), meet as many people as you can. Don't use arbitrary values such as CISSP scores. Quantitive risk assessment is a myth (e.g. AV*EF-SLE). Learn different Business Units, legal/regulatory obligations, learn the business and where the money is made, verify company is protected from script kiddies (easy), learn sensitive information (IP, internal use only), and start with low-hanging fruit (customer service reps and social engineering). Step 2: Policies. Keep policies short and relevant. Generic SANS "security" boilerplate policies don't make sense and are not followed. Focus on acceptable use, data usage, communications, physical security. Step 3: Implementation: keep it simple stupid. Open source, although useful, is not free (implementation cost). Access controls with authentication & authorization for local and remote access. MS Windows has it, otherwise use OpenLDAP, OpenIAM, etc. Application security Everyone tries to reinvent the wheel—use existing static analysis tools. Review high-risk apps and major revisions. Don't run different risk level apps on same system. Assume host/client compromised and use app-level security control. Network security VLAN != segregated because there's too many workarounds. Use explicit firwall rules, active and passive network monitoring (snort is free), disallow end user access to production environment, have a proxy instead of direct Internet access. Also, SSL certificates are not good two-factor auth and SSL does not mean "safe." Operational Controls Have change, patch, asset, & vulnerability management (OSSI is free). For change management, always review code before pushing to production For logging, have centralized security logging for business-critical systems, separate security logging from administrative/IT logging, and lock down log (as it has everything). Monitor with OSSIM (open source). Use intrusion detection, but not just to fulfill a checkbox: build rules from a whitelist perspective (snort). OSSEC has 95% of what you need. Vulnerability management is a QA function when done right: OpenVas and Seccubus are free. Security awareness The reality is users will always click everything. Build real awareness, not compliance driven checkbox, and have it integrated into the culture. Pen test by crowd sourcing—test with logging COSSP http://www.cossp.org/ - Comprehensive Open Source Security Project What Journalists Want: The Investigative Reporters' Perspective on Hacking Dave Maas, San Diego CityBeat Jason Leopold, Truthout.org The difference between hackers and investigative journalists: For hackers, the motivation varies, but method is same, technological specialties. For investigative journalists, it's about one thing—The Story, and they need broad info-gathering skills. J-School in 60 Seconds: Generic formula: Person or issue of pubic interest, new info, or angle. Generic criteria: proximity, prominence, timeliness, human interest, oddity, or consequence. Media awareness of hackers and trends: journalists becoming extremely aware of hackers with congressional debates (privacy, data breaches), demand for data-mining Journalists, use of coding and web development for Journalists, and Journalists busted for hacking (Murdock). Info gathering by investigative journalists include Public records laws. Federal Freedom of Information Act (FOIA) is good, but slow. California Public Records Act is a lot stronger. FOIA takes forever because of foot-dragging—it helps to be specific. Often need to sue (especially FBI). CPRA is faster, and requests can be vague. Dumps and leaks (a la Wikileaks) Journalists want: leads, protecting ourselves, our sources, and adapting tools for news gathering (Google hacking). Anonomity is important to whistleblowers. They want no digital footprint left behind (e.g., email, web log). They don't trust encryption, want to feel safe and secure. Whistleblower laws are very weak—there's no upside for whistleblowers—they have to be very passionate to do it. Accessibility and Security or: How I Learned to Stop Worrying and Love the Halting Problem Anna Shubina, Dartmouth College Anna talked about how accessibility and security are related. Accessibility of digital content (not real world accessibility). mostly refers to blind users and screenreaders, for our purpose. Accessibility is about parsing documents, as are many security issues. "Rich" executable content causes accessibility to fail, and often causes security to fail. For example MS Word has executable format—it's not a document exchange format—more dangerous than PDF or HTML. Accessibility is often the first and maybe only sanity check with parsing. They have no choice because someone may want to read what you write. Google, for example, is very particular about web browser you use and are bad at supporting other browsers. Uses JavaScript instead of links, often requiring mouseover to display content. PDF is a security nightmare. Executible format, embedded flash, JavaScript, etc. 15 million lines of code. Google Chrome doesn't handle PDF correctly, causing several security bugs. PDF has an accessibility checker and PDF tagging, to help with accessibility. But no PDF checker checks for incorrect tags, untagged content, or validates lists or tables. None check executable content at all. The "Halting Problem" is: can one decide whether a program will ever stop? The answer, in general, is no (Rice's theorem). The same holds true for accessibility checkers. Language-theoretic Security says complicated data formats are hard to parse and cannot be solved due to the Halting Problem. W3C Web Accessibility Guidelines: "Perceivable, Operable, Understandable, Robust" Not much help though, except for "Robust", but here's some gems: * all information should be parsable (paraphrasing) * if not parsable, cannot be converted to alternate formats * maximize compatibility in new document formats Executible webpages are bad for security and accessibility. They say it's for a better web experience. But is it necessary to stuff web pages with JavaScript for a better experience? A good example is The Drudge Report—it has hand-written HTML with no JavaScript, yet drives a lot of web traffic due to good content. A bad example is Google News—hidden scrollbars, guessing user input. Solutions: Accessibility and security problems come from same source Expose "better user experience" myth Keep your corner of Internet parsable Remember "Halting Problem"—recognize false solutions (checking and verifying tools) Stop Patching, for Stronger PCI Compliance Adam Brand, protiviti @adamrbrand, http://www.picfun.com/ Adam talked about PCI compliance for retail sales. Take an example: for PCI compliance, 50% of Brian's time (a IT guy), 960 hours/year was spent patching POSs in 850 restaurants. Often applying some patches make no sense (like fixing a browser vulnerability on a server). "Scanner worship" is overuse of vulnerability scanners—it gives a warm and fuzzy and it's simple (red or green results—fix reds). Scanners give a false sense of security. In reality, breeches from missing patches are uncommon—more common problems are: default passwords, cleartext authentication, misconfiguration (firewall ports open). Patching Myths: Myth 1: install within 30 days of patch release (but PCI §6.1 allows a "risk-based approach" instead). Myth 2: vendor decides what's critical (also PCI §6.1). But §6.2 requires user ranking of vulnerabilities instead. Myth 3: scan and rescan until it passes. But PCI §11.2.1b says this applies only to high-risk vulnerabilities. Adam says good recommendations come from NIST 800-40. Instead use sane patching and focus on what's really important. From NIST 800-40: Proactive: Use a proactive vulnerability management process: use change control, configuration management, monitor file integrity. Monitor: start with NVD and other vulnerability alerts, not scanner results. Evaluate: public-facing system? workstation? internal server? (risk rank) Decide:on action and timeline Test: pre-test patches (stability, functionality, rollback) for change control Install: notify, change control, tickets McAfee Secure & Trustmarks — a Hacker's Best Friend Jay James, Shane MacDougall, Tactical Intelligence Inc., Canada "McAfee Secure Trustmark" is a website seal marketed by McAfee. A website gets this badge if they pass their remote scanning. The problem is a removal of trustmarks act as flags that you're vulnerable. Easy to view status change by viewing McAfee list on website or on Google. "Secure TrustGuard" is similar to McAfee. Jay and Shane wrote Perl scripts to gather sites from McAfee and search engines. If their certification image changes to a 1x1 pixel image, then they are longer certified. Their scripts take deltas of scans to see what changed daily. The bottom line is change in TrustGuard status is a flag for hackers to attack your site. Entire idea of seals is silly—you're raising a flag saying if you're vulnerable.

    Read the article

  • Silverlight Firestarter thoughts, and thanks to one and all!

    - by Dave Campbell
    A few metrics that of course got out of hand, but some may find interesting:   1/2 My share of the MVP of the Year award in February of 2009 with Laurent Bugnion 2 Number of degrees I hold: B.S., M.S. Electrical Engineering 3 Number of years in the U.S. Army 3.5 Number of years SilverlighCream has been posted 4 Number of times awarded MVP 6 Number of professional positions I've worked: Antenna Rigger, Boilermaker, Musician, Electronic Technician, Hardware Engineer, Software Engineer 16 Number of companies I've worked for during my career as an Engineer 19 Age at which I turned my first line of code 28 Age at which I hit the workforce as an Engineer 33 Number of years working as an Engineer 43 Number of years writing code 62 Number of years since instantiation 116 Number of tags to search SilverlightCream with 645 Number of blogs I view to find articles (at this moment) 664 Number of articles tagged wp7dev at SilverlightCream right now 700 Number of Twitter followers for WynApse 981 Number of individual bloggers in the SilverlightCream database 1002 Number of SilverlightCream blogposts 1100 Number of people live in Redmond for the Firestarter (I think) 1428 Number of total blogposts at GeeksWithBlogs (not counting this one) 4200 Number of Feedburner subscribers (approximately) 6500 Number of Twitter followers for SilverlightNews (approximately) 7087 Number of posts tagged and aggregated at SilverlightCream right now 13000 Number of people registered to watch the Firestarter online (I think) The overwhelming feeling I have returning from the Silverlight Firestarter: Priceless There is absolutely no way that I could personally thank everyone that over the last few years has held their hand out and offered me a step up to get to the point that Scott Guthrie called me out in his keynote. So I'm just going to hit the highlights here... Scott Guthrie Thanks for not only being the level you are at Microsoft, but for being so approachable, easy to talk to, willing to help everyone, and above all knowledgable. My first level manager at my last position asked if Visual Studio was a graphics program... and you step up to a laptop at a conference and type "File->New Program" ... 'nuff said... oh yeah, thanks for the shoutout! John Papa Thanks for being a good friend, ramroding the Firestarter, being a great guy to be around, and for the poster... holy crap is that cool. Tim Heuer Thanks for all you did as a great DE in Phoenix, and for helping out so many of us, of course being a great guy, and for the poster as well... I think you and John shared that task. In no order at all my buddy Michael Washington, Laurent Bugnion (the other half of the first Silverlight MVP of the Year) Tim Sneath, Mike Harsh, Chad Campbell and Bryant Likes (from back in the day), Adam Kinney, Jesse Liberty, Jeff Paries, Pete Brown, András Velvárt, David Kelly, Michael Palermo, Scott Cate, Erik Mork, and on and on... don't feel bad if your name didn't appear, I have simply too many supporters to name. Silverlight Firestarter Indeed All the people mentioned here, and all the MVPs knew Silverlight was NOT dead, but because of a very unfortunate circumstance, the popular media opinion became that. Consequently the Firestarter exploded from a laid-back event to a global conference. People worked their ass off getting bits ready and presentations using those bits. All to stem the flow of misinformation. All involved please accept my personal thanks for an absolutely awesome job. I had the priviledge of watching the 'prep' on Wednesday afternoon, and was blown away the first time I saw the 3D demo... and have been blown away every time I've seen it since. Not to mention all the other goodness in Silverlight 5. Yes I hit 1000 on my blog, but more importantly, all of you are blogging and using Silverlight, and Microsoft hit one completely out of the park... no... they knocked it out of the neighborhood with the Firestarter. It was amazing to be there for it, and it will be awesome to use the new bits as we get them. Keep reading, there's tons more to come with Silverlight and SilverlightCream following along behind. As usual, this old hacker is humbled to be allowed to play with all the cool kids... Thanks one and all for everything, and Stay in the 'Light

    Read the article

  • Iron Speed Designer 7.0 - the great gets greater!

    - by GGBlogger
    For Immediate Release Iron Speed, Inc. Kelly Fisher +1 (408) 228-3436 [email protected] http://www.ironspeed.com       Iron Speed Version 7.0 Generates SharePoint Applications New! Support for Microsoft SharePoint speeds application generation and deployment   San Jose, CA – June 8, 2010. Software development tools-maker Iron Speed, Inc. released Iron Speed Designer Version 7.0, the latest version of its popular Web 2.0 application generator. Iron Speed Designer generates rich, interactive database and reporting applications for .NET, Microsoft SharePoint and the Cloud.    In addition to .NET applications, Iron Speed Designer V7.0 generates database-driven SharePoint applications. The ability to quickly create database-driven applications for SharePoint eliminates a lot of work, helping IT departments generate productivity-enhancing applications in just a few hours.  Generated applications include integrated SharePoint application security and use SharePoint master pages.    “It’s virtually impossible to build database-driven application in SharePoint by hand. Iron Speed Designer V7.0 not only makes this possible, the tool makes it easy.” – Razi Mohiuddin, President, Iron Speed, Inc.     Integrated SharePoint application security Generated applications include integrated SharePoint application security. SharePoint sites and their groups are used to retrieve security roles. Iron Speed Designer validates the user against a Microsoft SharePoint server on your network by retrieving the logged in user’s credentials from the SharePoint Context.    “The Iron Speed Designer generated application integrates seamlessly with SharePoint security, removing the hassle of designing, testing and approving your own security layer.” -Michael Landi, Solutions Architect, Light Speed Solutions     SharePoint Solution Packages Iron Speed Designer V7.0 creates SharePoint Solution Packages (WSPs) for easy application deployment. Using the Deployment Wizard, a single application WSP is created and can be deployed to your SharePoint server.   “Iron Speed Designer is the first product on the market that allows easy and painless deployment of database-driven .NET web applications inside the SharePoint environment.” -Bryan Patrick, Developer, Pseudo Consulting     SharePoint master pages and themes In V7.0, generated applications use SharePoint master pages and contain the same content as other SharePoint pages. Generated applications use the current SharePoint color scheme and display standard SharePoint navigation controls on each page.   “Iron Speed Designer preserves the look and feel of the SharePoint environment in deployed database applications without additional hand-coding.” -Kirill Dmitriev, Software Developer, Iron Speed, Inc.     Iron Speed Designer Version 7.0 System Requirements Iron Speed Designer Version 7.0 runs on Microsoft Windows 7, Windows Vista, Windows XP, and Windows Server 2003 and 2008. It generates .NET Web applications for Microsoft SQL Server, Oracle, Microsoft Access and MySQL. These applications may be deployed on any machine running the .NET Framework. Iron Speed Designer supports Microsoft SharePoint 2007 and Windows SharePoint Services (WSS3). Find complete information about Iron Speed Designer Version 7.0 at www.ironspeed.com.     About Iron Speed, Inc. Iron Speed is the leader in enterprise-class application generation. Our software development tools generate database and reporting applications in significantly less time and cost than hand-coding. Our flagship product, Iron Speed Designer, is the fastest way to deliver applications for the Microsoft .NET and software-as-a-service cloud computing environments.   With products built on decades of experience in enterprise application development and large-scale e-commerce systems, Iron Speed products eliminate the need for developers to choose between "full featured" and "on schedule."   Founded in 1999, Iron Speed is well funded with a capital base of over $20M and strategic investors that include Arrow Electronics and Avnet, as well as executives from AMD, Excelan, Onsale, and Oracle. The company is based in San Jose, Calif., and is located online at www.ironspeed.com.

    Read the article

< Previous Page | 80 81 82 83 84 85 86 87  | Next Page >