That is why security experts aren’t surprised by the Sony story. We know people who do penetration testing for a living — real, no-holds-barred attacks that mimic a full-on assault by a dogged, expert attacker — and we know that the expert always gets in. Against a sufficiently skilled, funded and motivated attacker, all networks are vulnerable.
A quote from Bruce Schneier, probably the leading cryptologist on the planet, and whose blog I regularly read.
I’ve blogged before about computer security, and the ramifications of the NASA, Google, Sony, Target, Home Depot, JP Morgan, etc. attacks are apparent. The bad guys are winning. The market is ripe for a secure computing platform.
For a recent client project working with the Salesforce.com platform I used Conga Composer to create custom quotes. The client is an engineering firm and one of the quotes listed employee hours billed under dynamic categories. Here’s how to create the quote.
Here’s a screenshot of my Delicious account loaded:
Google App Engine released PHP support, which is a bummer since I developed the app in Python but would prefer PHP. Its still nice to learn Python. At some point I’ll add tracking of read articles and tracking of new articles.
Although the article is recent the technology is old. I worked on projects 10 years ago that utilized the same concepts – military grade server hardware that is not susceptible to vibrations or EM, Ethernet based network that connects various components to various control points, a push / pull data subscription model based on widespread industry protocols (ARINC), and SBC embedded devices that interface to various equipment such as water systems, entertainment systems, lighting, etc.
In a prior post I explained how to create a simple Java application that downloads Salesforce data via the RSSBus JDBC Salesforce driver. Here’s the script to create a Windows Installer that will install the Java application onto a Windows machine.
I recently developed an application that synchronizes Salesforce.com data to a local PC. The application is developed in Java using the Swing graphical framework and uses a Salesforce.com JDBC driver provided by RSSBus. The application stores Salesforce.com credentials and synchronization interval timing data in a Java properties file. The application allows non-graphical execution via the “nogui” command argument. I also include an Apache Commons Daemon class and script that allows running the application as a service. The follow code is licensed under the GPLv3.
I couldn’t find any example code on the Net to accomplish a task that is probably common amongst many Salesforce implementations. I have a requirement to link a second account to an opportunity in Salesforce. In my use case, the primary opportunity account represents a construction project general contractor, and the second linked account represents the building owner. I need to automatically pull the building owner account contacts into the opportunity contact roles list. Here’s the Salesforce Trigger to do just that:
If I was a lawyer advising a client with a questionable criminal liability, or a person in absolute need of privacy, I’d recommend the following:
Do NOT use free anonymity services such as TOR if you are transferring sensitive information. Countless persons in government and journalists across the world have made this mistake. Ever heard of WikiLeaks – they got their start by creating TOR end nodes and snooping data.
Use a Live DVD like Amnesic Incognito Live System or Ubuntu Linux for anonymous browsing. It’s fairly simple to burn an Ubuntu DVD and to boot your laptop device from the DVD. The live system does not save any cache or browsing history to your hard disk.
Use a VPN to transmit sensitive information. There are two VPN types – SSL VPN and IPSEC VPN. Either will do. I’d suggest subscribing to a VPN service whose infrastructure is hosted outside of the government’s reach. StrongVPN has host servers located in several friendly Caribbean nations.
Use different anonymous proxy tunnels through your VPN if you plan to access a website or service regularly and wish to remain anonymous. These services have the same limitations as Tor though and shouldn’t be used for transferring sensitive information. I explain a bit more below.
There are countless SSL/TLS encryption schemes, countless SSL/TLS software implementations, and each configuration can be potentially distinguished depending on the application software stack, operating system, hardware, etc. in use. The permutations among these configurations is large enough to distinguish a browser client.