Thursday, February 14, 2013

Valentine Day: Not about love its all about Courage

valentineI never understand why Valentine day has been associated with love while act of saint Valentine was courageous & charismatic (once in his life time). To proof my point i search in historical document  and found following points

Courage of Saint valentine:  “Saint Valentine was imprisoned for performing weddings for soldiers who were forbidden to marry and for ministering to Christians”. To go against the Rome emperor needs courage. what happen to those soldiers after marriage is unknown perhaps they have been punished or may be absconded from Rome but Priest paid the price . Note its not about Helping Couples who were in love  but to help people to start there families ( Love don’t need marriage to be proved). 

Charisma of  Saint valentine: “He is said to have healed the daughter of his jailer Asterius when he was imprisoned”. Legend states that before his execution he wrote "from your Valentine" ( this is the form of expression every one write it with in letters)  as a farewell to her. I don't see any romantic love between these two as there ages are not known  and a healer always get lot of respect from the persons.

Red heartHeart symbol for Valentine:  I become curious how the Heart comes in picture and voila! found the answer as  Saint Valentine is said to have cut hearts from parchment, giving them to the soldiers ( note not to the girl or couple it’s soldiers may be as symbol of his blessings)

Red roseWhat about 14th Feb: Saint Valentine was buried on the Via Flaminia on February 14. In Ancient Rome, Lupercalia, observed February 13–15, was an archaic rite connected to fertility. Lupercalia was a festival local to the city of Rome. The more general Festival of Juno Februa, meaning "Juno the purifier "or "the chaste Juno", was celebrated on February 13–14.

Note: The celebration of Saint Valentine did not have any romantic connotations until Chaucer's poetry about "Valentines" in the 14th century.

Valentine's letters: In Middle Ages, men drawing the names of girls at random to couple with them and  around 1600, this has been  replaced with a religious custom of girls drawing the names of apostles from the altar.

So why Valentines day Became so famous: That’s very difficult to answers but seems it has been famous  by the Poet Chaucer's by following poem  “Parlement of Foules” (it has almost 700 lines)

For this was on seynt Volantynys day
Whan euery bryd comyth there to chese his make.

["For this was on Saint Valentine's Day, when every bird cometh there to choose his mate."]

But here is the catch This poem was written to honor the first anniversary of the engagement of King Richard II of England to Anne of Bohemia.A treaty providing for a marriage was signed on May 2, 1381 and  mid-February is an unlikely time for birds to be mating in England.

So what one should do: Ok i gave up now history is very confusing and we celebrate many ritual for wrong reasons also. We need special day for every thing due to social,Economy & marketing reasons and if some Famous/powerful  persons declare a day special people start believing in. so we have a day dedicated for Love if you believe in it Celebrate it if you don't then enjoy the life & dedicate any other day ( may be every day) for your dear and love once . – Enjoy

 

Hayle Bishop Valentine whose day this is
All the Ayre is thy Diocese
And all the chirping Queristers
And other birds ar thy parishioners
Thou marryest every yeare
The Lyrick Lark, and the graue whispering Doue,
The Sparrow that neglects his life for loue,
The houshold bird with the redd stomacher
Thou makst the Blackbird speede as soone,
As doth the Goldfinch, or the Halcyon
The Husband Cock lookes out and soone is spedd
And meets his wife, which brings her feather-bed.
This day more cheerfully than ever shine
This day which might inflame thy selfe old Valentine.

—John Donne, Epithalamion Vpon Frederick Count Palatine and the Lady Elizabeth marryed on St. Valentines day

 

 

Reference : Various sources on internet specially Wikipedia

Thursday, January 3, 2013

Pathar ka hraday (heart of stone)

Parhar ka hraday liye baitha hoon.
Apne hi sayon se ghire baitha hoon.
Na doodhna na janne ki koshish karna
Kaisa hoon kahan hoon kya piye baitha hoon.
Pathar ka ....................

poochne ka haq nahi deta kisko na aitbar karta hoon
kyon kia kaise kia, kya kiye baitha hoon.
kuch na samjhao, kuch na batlao, sab janta hoon
na samajh hoon, sab kuch samajh ke baitha hoon

Wednesday, December 26, 2012

Mulakat nahi karta

Shikayat hai ke vo mulakat nahi karta

Muskurata hai magar bat nahi karta

Shabdo ko rakhat hai motyon ki tarah

kanjoos hai kabhi istemal nahi karta

 

manta nahi kahna mera bas yunhin

Apne main magan hai kuch khayal nahi karta

har sur ko janta hai pahchanta hai har kala ko

phir bhi adhura sa hai koi pura kam nahi karta

Saturday, October 6, 2012

Obfuscation methods

While i was scrolling my old mails in search of some financial document i found one interesting doc on which i was working long time back and due to some unknown reason didn't able to continue it. Here i am posting that unfinished work. I will try to cover topics in detail in  future .

 

Obfuscation

To totally obscure with non-germane information in a verbose manner, with the intent to provide a non-answer, and provide total befuddlement.

“Any hacker worth his salt is an artist in obfuscation”.

In network security, obfuscation refers to methods used to obscure an attack payload from inspection by network protection systems.

Encryption vs Obsfucation

Obfuscation
Obfuscation, in general, describes a practice that is used to intentionally make something more difficult to understand. In a programming context, it means to make code harder to understand or read, generally for privacy or security purposes. A tool called an obfuscator is sometimes used to convert a straight-forward program into one that works the same way but is much harder to understand.

Encryption

The manipulation of data to prevent accurate interpretation by all but those for whom the data is intended. Financial institutions use encryption to increase the security of data transmitted via the Internet.

Method of obfuscation

Recreational Obfuscation

There are many varieties of interesting obfuscations ranging from simple keyword substitution, use/non-use of whitespace to create artistic effects.

Obfuscation by code morphing

This is achieved by completely replacing a section of the compiled code with an entirely new block that expects the same machine state when it begins execution as the previous section, and will leave with the same machine state after execution as the original. However, a number of additional operations will be completed as well as some operations with an equivalent effect.

Obfuscation in malicious software

Spammers frequently use obfuscated JavaScript or HTML code in spam messages. The obfuscated message, when displayed by an HTML-capable e-mail client, appears as a reasonably normal message—albeit with obnoxious JavaScript behaviors such as spawning pop-up windows. However, when the source is viewed, the obfuscations make it far more difficult for investigators to discern where the links go, or what the JavaScript code does.

Trail obfuscation

The purpose of trail obfuscation is to confuse, disorientate and divert the forensic examination process. Trail obfuscation covers a variety of techniques and tools that include “log cleaners, spoofing, misinformation, backbone hoping, zombied accounts, trojan command”.

Advantages of obfuscation

Intellectual property protection

Reduced security exposure

Size reduction

Library linking

Disadvantages of obfuscation

When used alone

At best, obfuscation merely makes it time-consuming, but not impossible, to reverse engineer a

program. When security is important, measures other than obfuscation should be used.

Debugging

Obfuscated code is extremely difficult to debug. Variable names will no longer make sense, and the structure of the code itself will likely be modified beyond recognition. This fact generally forces developers to maintain two builds:

Portability

Obfuscated code often depends on the particular characteristics of the platform and compiler, making it difficult to manage if either change

Obfuscation for Evasion

Protection provided by Security devices can be bypassed by obfuscating the exploit/shellcode . Some of the known methods are:

Encoding

Directory traversing

Null characters

Spaces

Wednesday, September 19, 2012

Writing Security Story

Security Story is an artifact that anyone (developer, manager, business owner, user,  etc ) can read and feel assured that their security concerns are addressed.It is a collaborative effort that highlights how the implementation, application design, service infrastructure, organization processes, and the business environment itself protect what’s important to the business.

There is no fixed format or content for a security story as a security story should evolve over the life of an application. A story may contain text, images, diagrams, spreadsheets, links, and other formats.

security story can be write in many ways most commonly it can start with capturing the concerns of application stakeholders, including both application providers and application users followed by list down the lifelines of the application.You need to create strategy to defend the each lifeline.Build the specific defence and proof of these defenses should be included in story. security stories are not static they has to change when condition changes .

 

Reference: http://www.ruggedsoftware.org/

Tuesday, September 18, 2012

What It Takes To Be Rugged.

Recently one of my friend ask if there is any good reference to to incorporate security testing with agile development. Unfortunately we didn't able to find any such reference.Although Rugged  approach look promising and also claim to support agile way of security testing of application.  The ultimate goal of including Security testing in SDLC is to produce secure code.

Rugged approach doesn't focus only finding vulnerabilities but try to improve overall  capability of an organization to develop secure Code. To achieve this goal organization must establish process to monitor  upcoming threats. there should be a communication path so everyone can share all the security-relevant information about the application . A standard mechanism of defence should be use  across the organization . Don't trust third party component used in your product, establish guidelines for each component that details the secure use of that library. Build applications that will be largely resistant to the threats of the future for example using strong input validation, in-application attack detection and safe interpreter use can eliminate many flaws forever. Defences should  be continuously verified and monitored all the way through development and into production. Being Rugged means that you constantly patch and refactor your software development organization to eliminate the organizational bugs that are causing insecure code.

 

Reference: http://www.ruggedsoftware.org/

Monday, September 3, 2012

The Rugged Software Manifesto

  • I am rugged and, more importantly, my code is rugged.
  • I recognize that software has become a foundation of our modern world.
  • I recognize the awesome responsibility that comes with this foundational role.
  • I recognize that my code will be used in ways I cannot anticipate, in ways it was not designed, and for longer than it was ever intended.
  • I recognize that my code will be attacked by talented and persistent adversaries who threaten our physical, economic, and national security.
  • I recognize these things - and I choose to be rugged.
  • I am rugged because I refuse to be a source of vulnerability or weakness.
  • I am rugged because I assure my code will support its mission.
  • I am rugged because my code can face these challenges and persist in spite of them.
  • I am rugged, not because it is easy, but because it is necessary and I am up for the challenge.

 

Reference: http://www.ruggedsoftware.org/