DD
MM
YYYY

CATEGORIES

PAGES

DD
MM
YYYY

spot_img

CATEGORIES

PAGES

Home Blog Page 7806

How Secure Is Your Software Design?

By
James T Collins
-
1

Software security is a serious issue in this present age, and must be taken seriously by programmers, but the question is now seriously do we take it especially in our part of the world, where we are gradually making a name for ourselves in software design. Google is just getting to recognize and identify with our IT industry which is growing rapidly. If we don’t want to die out before we ever get on our feet, then we must start well and start strong, and software security is one of those issues that must be taken seriously, especially in web-designing and web based programming, where  you software can be accessed by anyone from anywhere.

 

To help in this area, the Common Weaknesses Enumeration (CWE), a programmers community developed collection of software weaknesses is an awesome place to start. Their documentations are open source and prepared by the experts in the industry. CWE is sponsored by the Cyber security division of the  U.S. Department of Homeland Security

 

They cover software weaknesses by category, platform (JAVA, C, WEB) and others, which are updated regularly. The documentation lists errors, how they can be capitalized upon by hackers to jeopardize the integrity of the software, and most importantly steps to take to avoid them.

 

The latest version of the document released on 1st June 2011 can be found here. Some of the errors listed in the document are highlighted bellow

CWE-5: J2EE Misconfiguration: Data Transmission Without Encryption

Summary

Information sent over a network can be compromised while in transit. An attacker may be able to

read/modify the contents if the data are sent in plaintext or are weakly encrypted.

Potential Mitigations

The application configuration should ensure that SSL or an encryption mechanism of equivalent

strength and vetted reputation is used for all access-controlled pages.

 

 

CWE-6: J2EE Misconfiguration: Insufficient Session-ID Length:

Summary

The J2EE application is configured to use an insufficient session ID length.

Extended Description

If an attacker can guess or steal a session ID, then he/she may be able to take over the user’s

session (called session hijacking). The number of possible session IDs increases with increased

session ID length, making it more difficult to guess or steal a session ID.

Potential Mitigations

Session identifiers should be at least 128 bits long to prevent brute-force session guessing. A

shorter session identifier leaves the application open to brute-force session guessing attacks.

 

CWE-7: J2EE Misconfiguration: Missing Custom Error Page

Summary

The default error page of a web application should not display sensitive information about the

software system.

Extended Description

A Web application must define a default error page for 4xx errors (e.g. 404), 5xx (e.g. 500) errors

and catch java.lang.Throwable exceptions to prevent attackers from mining information from the

application container’s built-in error response.

Potential Mitigations

Handle exceptions appropriately in source code.

Always define appropriate error pages.

Do not attempt to process an error or attempt to mask it.

Verify return values are correct and do not supply sensitive information about the system.

 

Other issues include:

CWE-18: Source Code

CWE-20: Improper Input Validation

CWE-21: Patname Traversal and Equivalence Errors

Total of 863 issues

 

The document also contains a Dictonary of issues based on platform (CWE-2000)

 

Another helpful document on the website is a list of the top 25 software errors, which I think is a good place to start.

 

To all programmers in the house, let’s strive for excellent and secure software design.

 

Existing Microcontrollers in The Global Market

By
Olabode Olakanmi
-
0

 

First what is a microcontroller? It is is a small computer on a single integrated circuit containing a processor core, memory, and programmable input/output peripherals. Program memory in the form of NOR flash or OTP ROM is also often included on chip, as well as a typically small amount of RAM. Microcontrollers are designed for embedded applications, in contrast to the microprocessors used in personal computers or other general purpose applications.(Wikipedia)

 

Today, we have more than 30 microcontroller manufacturers with many microcontroller products in the world today. They are listed below:

AMCC

PowerPC 403

PowerPC 405

PowerPC 440

 

Altera

Nios II 32-bit configurable soft microprocessor

Nios 16-bit configurable soft processor

 

Analog Devices

ADSP-21xx digital signal processor

MicroConverter series – ARM7 and 8052 cores

 

Atmel

AT89 series

AT90, ATtiny, ATmega, ATxmega series

AT91SAM (ARM architecture)

AVR32 (32-bit AVR architecture)

MARC4

 

Charmed Labs

Qwerk

XPort

 

Cypress Semiconductor

CY8C2xxxx

CY8C3xxxx

CY8C5xxxx

 

Dallas Semiconductor

8051 Series

MAXQ series

Secure Micros series

 

ELAN Microelectronics Corp.

EM78PXXX Low Pin-Count series

EM78PXXXN GPIO series

EM78PXXXN ADC Type MCU series

 

Energy Micro AS

Standard microcontrollers

Application specific microcontrollers

Custom microcontrollers

 

EPSON Semiconductor

4-bit Microcomputers S1C60/62/63 family

8-bit Microcomputers S1C88 family

16-bit Microcomputers S1C17 family

32-bit Microcomputers S1C33 family

 

Freescale Semiconductor

8-bit

68HC05 (CPU05)

68HC08 (CPU08)

68HC11 (CPU11)

16-bit

68HC12 (CPU12)

68HC16 (CPU16)

Freescale DSP56800 (DSPcontroller)

32-bit

Freescale 683XX

M·CORE

MPC500

MPC 860 (PowerQUICC)

MPC 8240/8250 (PowerQUICC II)

MPC 8540/8555/8560 (PowerQUICC III)

 

Fujitsu

F²MC Family (8/16-bit)

FR Family (32-bit)

FR-V Family (32-bit RISC)

 

Holtek

HT48FXX Flash I/O type series

HT48RXX I/O type series

HT46RXX A/D type series

HT49RXX LCD type series

HT82XX Computer Peripheral series

HT95XX Telecom Peripheral series

HT86XX Voice series

 

Infineon

8-bit

XC800 family

16-bit

XE166 family

C166 family

C167 family

32-bit

TRICORE family

 

Intel

8-bit

MCS-48

MCS-51

8xC251

16-bit

MCS-96 (8096 family – also incl. 8061)

Intel MCS-296

 

Lattice Semiconductor

Mico8 8-bit

Mico32 32-bit

 

Microchip Technology

8-bit PICmicro

PIC10 and PIC12

PIC16 series

PICAXE

PIC18 series

PIC24

32-bit

PIC32MX series

 

National Semiconductor

COP400

COP8

CR16

SC/MP

 

NEC

17K

V25

75X

78K

V850

 

Parallax

SX

SX-18, 20, 28, 48 and 52 versions with speed up to 75 MHz (75 MIPS)

Propeller

 

NXP Semiconductors

8-bit

80C51

16-bit

XA

32-bit

ARM7

LPC2000

ARM9

LPC3000

ARM Cortex-M4

LPC4300

ARM Cortex-M3

LPC1700/LPC1300/LPC1800

ARM Cortex-M0

LPC1100/LPC1200

 

Rabbit Semiconductor

Rabbit 2000

Rabbit 3000

Rabbit 4000

 

Renesas Electronics

4-bit

720

8-bit

78K

SLP

740

16-bit

M16C

H8

R8C

32-bit

SuperH

V850

RX

 

SiLabs

C8051F300

C8051F120

 

Silicon Motion

SM2XX family

SM321

SM323

SM323E

SM324

SM330

SM501

SM712

SM722

SM340

SM350

SM370

 

Sony

SPC900 Series

SPC970 Series

SR11 Series

 

STMicroelectronics

ST6 (8-bit)

ST7 (8-bit)

STM8 (8-bit)

?PSD (8-bit)

ST10 (16-bit)

STM32 (ARM Cortex M3, 32-bit)

STR7 (ARM7TDMI, 32-bit)

STR9 (ARM966E-S, 32-bit)

 

Texas Instruments

TMS370 (8-bit)

MSP430 (16-bit)

TMS320F28xx (32-bit)

C2000 (32-bit, Real-time control)

Stellaris (32-bit, ARM Cortex-M3)

TMS570 (32-bit RISC, ARM Cortex-R4)

 

Toshiba

TLCS-47 (4-bit)

TLCS-870 (8-bit)

TLCS-900 (16 and 32-bit CISC)

TX19A (32-bit RISC)

 

Ubicom

IP2022

IP3022

 

Xemics

XE8000 8-bit

 

Xilinx

Microblaze 32-bit

Picoblaze 8-bit

 

XMOS

XCore XS1 32-bit

 

ZiLOG

Zilog Z8 – 8-bit

Zilog Z180

Zilog eZ8

Zilog eZ80

Zilog Z16

 

[News Flash] Indigo Trust Awards £10,008.96 Grant To Activ Spaces Cameroon

By
Tekedia Editors
-
0

 

Activ Spaces announces that Indigo Trust has awarded them a grant of £10,008.96 to continue their efforts in facilitating technology penetration in Cameroon. This Trust has also made other awards in Africa.

 

Based on the proposal sent to Indigo, we’re pleased to announce that ActivSpaces has received a one-time grant award of £10,008.96. How will these funds be used? Our self-financed, entrepreneurial model is part of our DNA, so we’ll continue to run our operations this way. The majority of these funds will go to hire a full-time Community Manager. This role has been filled by the part-time contributions of our co-founders from the start, with varying degrees of success. Having a dedicated resource to push our vision forward will be an incredible boost for us.

 

So what is Indigo Trust?

 

The Indigo Trust is a grant making foundation that funds technology-driven projects to bring about social change, largely in African countries.  The Trust focuses mainly on innovation, transparency and citizen empowerment.  The Indigo Trust makes grants to African projects or programmes, or to organisations who operate at least partly in African countries. We believe that access to information for all empowers people to change their own lives and communities.

Based on the proposal sent to Indigo, we’re pleased to announce that ActivSpaces has received a one-time grant award of £10,008.96. How will these funds be used? Our self-financed, entrepreneurial model is part of our DNA, so we’ll continue to run our operations this way. The majority of these funds will go to hire a full-time Community Manager. This role has been filled by the part-time contributions of our co-founders from the start, with varying degrees of success. Having a dedicated resource to push our vision forward will be an incredible boost for us.Based on the proposal sent to Indigo, we’re pleased to announce that ActivSpaces has received a one-time grant award of £10,008.96. How will these funds be used? Our self-financed, entrepreneurial model is part of our DNA, so we’ll continue to run our operations this way. The majority of these funds will go to hire a full-time Community Manager. This role has been filled by the part-time contributions of our co-founders from the start, with varying degrees of success. Having a dedicated resource to push our vision forward will be an incredible boost for us.

Microcontroller – A blend of Software and Hardware (part 2)

By
Olabode Olakanmi
-
0

Why do we have many different Microcontrollers?

Like there are so many different car manufacturers, Toyota, Honda, Mercedes and so on, so also are many manufacturers of microcontrollers. After the idea of having a programmable device, many electronics manufacturers took the idea to develop their own chip. The internal architecture therefore differs among the manufacturers in a little ways. So learning one microcontroller facilitates learning the other. Moreover the same company manufactures many different microcontrollers, which are all almost compatible. In electronics, the requirements of projects vary; for example to make a security device, you need little memory, whereas to make a data logger you need lots of memory.

 

A remote control will not need to display data on LCD, so needs lesser number of I/O lines, whereas an industrial control unit will need to display its data, and therefore needs more I/O lines. A calculator needs only digital input, whereas a temperature controller needs to acquire analog data. These differences in requirements, makes the manufacturers produce different microcontrollers with different memory size, number of I/O lines and number of integrated peripheral devices. Otherwise they are all similar to use. Again, if you have mastered one microcontroller, it’s easy to migrate to another. So the type of microcontroller to be used in a given project will be determined by the exact requirements.

 

Microprocessor vs. Microcontroller

Essentially these two devices are similar, but with a little bit of difference. The microcontroller contains the same main elements as any computer system:

• Central processing unit (CPU)

• Memory

• Input/Output

 

In a PC, these are provided as separate chips, linked together via bus connections on board, but under the control of the microprocessor (CPU). A bus is a set of lines which carry data in parallel form which are shared by the peripheral devices. The PC can be modified to suit a particular application, by changing the type of CPU, size of memory and selection of input/output (I/O) devices tailored to the system requirements. A microcontroller on the other hand will contain, the CPU, RAM, ROM, Timers, I/O etc. all packed within one integrated circuit. This facilitates the development process, as well as reduces the requirements of external components. In microcontroller, you cannot change the number and type of integrated devices. This means that the MCU for a particular application must be chosen to suit the application at the design level from the available range of microcontrollers. In any given circuit, the microcontroller has a single dedicated function in contrast to the PC that is multifunctional. Single task application in which microcontrollers are deployed is a type of system referred to as embedded system because they are often embedded in many devices.

 

Central processing unit (CPU)

In a microcontroller system, a CPU block is in charge of all input, output, calculations and control. This cannot operate without a program, which is a list of instructions that is held in memory. The program consists of a sequence of binary codes that are fetched from memory by the CPU in sequence, and executed. The instructions are stored in numbered memory locations, and copied to an instruction register in the CPU via the data bus. Decoding the instruction is a hardware process, using a block of logic gates to set up the control lines of the processor unit, and fetching the instructions.

 

Memory

There are two types of memory: volatile and non-volatile. Volatile memory loses its data when switched off, but can be written by the CPU to store current data; this is RAM (Random Access Memory). ROM (Read Only Memory) is non-volatile, and retains its data when switched off. In a microcontroller, we have Electrically Erasable Programmable Read Only Memory (EEPROM) which is used in storing data during power down; for example, a security code or combination for an electronic lock. The ideal memory is non-volatile, read and write, fast, large and cheap. Unfortunately, it does not exist! The main trade-off is cost, size and speed of access. Flash ROM, as used in memory sticks and MP3 players, is closest to the ideal, having the advantages of being non-volatile and rewritable. This is why it is used as program memory in microcontrollers which need to be reprogrammed.

 

Input and Output

In microcontrollers, ports (input and output) are based on a data register, and set of control registers, which pass the data in and out in a controlled manner, often according to a standard protocol (method of communication). There are two main types of port: parallel and serial. In a parallel port, the data is usually transferred in and out 8 bits at a time, while in the serial port it is transmitted 1 bit at a time on a single line.

 

Existing microcontrollers in the world market today? Next series (Part 3)

 

Nigeria “Freedom of Information Act” – Available For Download

By
Tekedia Editors
-
3

The Freedom of Information Act (FOI) is ready. The National Assembly completed the job with the President few days ago. Now, you can ask for more information about how things work in the government with a legal backing. The goal? More transparency in the nation.

 

On May 28, 2011, Nigeria’s president Goodluck Jonathan signed into law a Freedom of Information (FOI) Act, heralding the conclusion of arguably the most exciting legislative odyssey in postcolonial Nigeria.

 

The bill is available here (in pdf).

1...7,8057,8067,807...7,990Page 7,806 of 7,990

© Tekedia. All rights reserved.

Term & Privacy

© Tekedia. All rights reserved.

Term & Privacy