a journal on software, mobile, marketing
This is a nice collection of information on Getting Started on M-Business Anywhere
In essence, if you are a Web Developer who is looking to have some fun with porting traditional web apps to PDAs and smartphones (Treo650, PocketPC Smartphone etc), you need to take a look at how M-Business Anywhere helps you ease the transition.
Incidentally, our Mobile Sales Force Automation product family is built on top of the same platform technology – M-Business Anywhere.
I submitted this web site to the three biggest search enginer on the web, i.e. Google, Yahoo! and MSN on the same day (4/10/2005) and was interested in a little experiment: who is the fastest to index my site.
Today I found out that the winner is, drum roll pls, Gooooogle!
The result may not be that surprising. But what’s interesting is that both Yahoo and Alexa bots have been crawling my site almost immediately after I submitted my site. But my site hasn’t registered in their database yet. On the other hand, Google bots only crawled my site once and immediately register my site. Lastly, MSN bot has not yet visited my site yet. That seems a bit too slow.
UPDATE: Yahoo! indexed my site on 04/20/2005. Still not in MSN search index yet.
Fresh All host Terry Gross interviewed Tom Friedman, who has a new book out on what he called Globlization version 3.0. (Funny how authors these days attached a version number to everything, not just software anymore.)
Basically, Friedman is arguing in his book that the world is flattened by technological advances (i.e. the internet), where individuals become increasingly powerful at what they will be able achieve. I have not read the book yet. But judging from what was talked about duing Terry’s interview, it should be a good read. I read Friedman’s first book on globalization – “The Lexus and the Olive Tree: Understanding Globalization” back in 1999. It was filled with good information. The new book could be just as good.
Web applications these days are so prevalent that its security testing should be always considered a high priority and planned accordingly instead of just a after-thought.
Michael Mullins has a good article over at Techrepublic.com on “Ask these key questions to test application security”. Besides stating the obvious – “Companies should conduct application testing from both an authorized user’s and an unauthorized user’s perspective. This testing should include all systems that make up the application. The complexity of your testing should depend on whether the organization created the application or contracted a reputable vendor to do the work.” the author provided a good list of key questions to ask of designer and testers alike:
Scripting: Can you perform administrative functions remotely from the Internet? Could someone script an attack that overwhelms the application?
Enumeration: Is it possible to enumerate account information of other users?
Sessions: Have you based tokens on some easily re-created variable, such as sequential or time and date?
Error handling: Does your application reveal any useful information about the products used to create the application?
Field variables: Have you fixed SQL injection and buffer overflows that take advantage of system calls to unauthorized programs?
Code commenting: Have you cleansed HTML source code of all comments and metadata that doesn’t serve an end-user function?
Session time-out: Do sessions expire after a reasonable period of time?
Session cache: Does information expire to prevent someone from replaying a session?
Network parameters: Have you thoroughly documented ports and protocols and filtered them for content and source origination?
The Braidy Tester at Microsoft also offers an extensive list of things to look out for, including security: http://blogs.msdn.com/micahel/articles/175571.aspx. His list also included some major security exploits like SQL Injection.
But none of the two authors mentioned Cross Site Scripting, which is arguably gaining a lot of attentions lately. I will talk more about SQL Injection and Cross Site Scripting later.
David Lazarus at SF Chronicle reported an incident last week where ADP sent out more than 1,000 post cards bearing Adecco employee’s names. The cards were supposed to contain only information on how to access benefits information online.
The company unofficially blamed the mishap on a printing error. No, it is not. It is a security bug! I am sure that they have quality assurance teams at ADP that test their printing systems. What’s missing I guess is that security testing is still not engrained in the qa process. Commonly functional tests passed with flying colors but nobody really seriously think about testing for security. Security is social engineering. Until the entire society (and companies in particular) are all become aware of security issues, there will be no end to such incidents like this.