Monday, September 5, 2011

10 Principles of Agile Project Time Management

Timemanagement Project Time Management is one of the nine knowledge areas of the Project Management Body of Knowledge (PMBOK). It deals with the definition of activities (what are we going to do), the sequencing of the activities (in what order are we going to do them), and the development and control of the schedule (when are we going to perform those activities).

Agile Time Management
Over the past couple of weeks I have been trying to find out what the main principles of time management are in the case of agile software development. I was able to distinguish 10 principles so far, and I will present them here for your convenience. With each principle I also include a reference to an online article that (as far as I can tell) nicely describes the ideas behind it. If you don't agree with my list, or if you know some better reference material, feel free to add your thoughts!

1. Use a Definition of "Done"
How? Define what "Done" means and only count the activities that are Done.
Why? Prevent the build-up of hidden tasks ("technical debt") that cost a lot of time to fix down the road.
See: The Definition of "Done"

2. Use Timeboxes to Manage Work
How? Set a start- and end date for a collection of activities, and don't allow changes to those dates.
Why? Timeboxes keep people focused on what's most important. Don't lose time to perfectionism.
See: Time Boxing is an Effective Getting Things Done Strategy

3. Don't Add Slack to Task Estimates
How? Don't use scheduling and buffering of tasks. Add one buffer to the end of the timebox/project.
Why? All safety margins for tasks will be used ("Parkinson's Law" and "Student's Syndrom'").
See: Critical Chain Scheduling and Buffer Management

4. Defer Decisions
How? Make decisions only at the latest responsible time. "No Decision" is also a decision.
Why? The environment may change, making earlier decisions a waste of time.
See: Real Options Underlie Agile Practices

5. Reduce Cycle Time
How? Iterative cycles should be as short as possible.
Why? Speed up the learning feedback loop, and decrease the time-to-market.
See: Lean Software Development: Why reduce cycle-time?

6. Keep the Pipeline Short and Thin
How? Limit the amount of work-in-progress, and the number of people working in sequence.
Why? Improve response times, speed up throughput.
See: Managing the Pipeline

7. Keep the Discipline
How? Prevent expensive rework by doing some processes well, right from the start
Why? Solving problems late in a project is more expensive than following proper rules early.
See: The Power of Process

8. Limit Task Switching
How? Prevent unnecessary task switching between projects, and prevent interruptions.
Why? Tasks get completed faster on average, and the human brain is bad at task switching.
See: Human Task Switches Considered Harmful

9. Prevent Sustained Overtime
How? Disregard (sustained) overtime as a way to accellerate progress.
Why? Lost productivity, poor quality and bad motivation among team members.
See: The Case Against Overtime

10. Separate Urgency from Importance
How? Urgent tasks and important tasks should not be done at the same time.
Why? The important stuff will usually not get done, costing you more time in the long run.
See: A 10 Second Guide to Smoother Projects: Urgent vs. Important

Thursday, May 21, 2009

Diagnose boot problems in Windows XP using MSCONFIG

Diagnose boot problems in Windows XP using MSCONFIG


Date: May 19th, 2009
Author: Mark Kaelin


Original article by Steven Pittsley



Among all the wizards and utilities in Microsoft Windows XP is one great utility that has its roots in the Windows 9.x product line: the System Configuration Utility, or MSCONFIG. This handy utility allows you to make changes to boot files and startup parameters when troubleshooting boot problems. I’ll teach you all about the features included with MSCONFIG so you can eradicate pesky boot problems from a Windows XP workstation.

Launching MSCONFIG

To use MSCONFIG, click the Start button and select Run. In the Open box, type MSCONFIG and click OK. The utility will open, as illustrated in Figure A.

Figure A



You must be logged on to the computer using an Administrator account before you can run MSCONFIG.

The MSCONFIG window contains six tabs: General, SYSTEM.INI, WIN.INI, BOOT.INI, Services, and Startup. We’ll take a closer look at each of these tabs in the following sections.

The General tab

The MSCONFIG General tab gives you some basic options for starting a computer. As shown in Figure A, the default setting for the utility is Normal Startup. The other two options for starting the computer are Diagnostic Startup and Selective Startup.
Diagnostic Startup allows you to start the computer with only the most basic devices and services that are needed for the computer to run. This startup gives you a clean environment for troubleshooting.

Selective Startup provides a variety of startup options that you can use for troubleshooting. By default, all the options under Selective Startup are chosen. However, deselecting one of these preselected options allows you to prevent one or more of the Selective Startup options from running.

For instance, if you think one of the programs that launch on startup is causing a problem, you can deselect the Load Startup Items option to prevent any startup program from launching. While this won’t help you determine which program is causing the problem, it will help you isolate the problem to a certain area. Please note that you’re unable to select the Use Modified BOOT.INI file unless you make a change on the BOOT.INI tab, which I’ll discuss later.
Finally, the Launch System Restore button provides easy access to the System Restore function, and the Expand File button is a very useful feature if you encounter a corrupted file and want to restore it.


The SYSTEM.INI and WIN.INI tabs


The SYSTEM.INI and WIN.INI tabs are included for legacy compatibility, and you may not need to use them very often. These tabs give you the ability to modify the SYSTEM.INI and WIN.INI files or prevent lines of code from executing when the computer is started.
In Figure B, each line of the SYSTEM.INI file is displayed in the window. Sections of the file, such as drivers, are expandable to allow you to work with the lines of code in those sections. You can also deselect a section to prevent the entire section from being executed.


Figure B



Deselect a section to prevent the entire section from being executed
The Move Up and Move Down buttons allow you to move lines or sections to other locations in the file. The Find button is used to search the file; the New button lets you add new lines; and Edit lets you change the value of a line. The Enable All and Disable All buttons at the bottom of the window will select or deselect all the lines of the program. Using these buttons to alter these files is much easier and safer than using a text editor to perform the same tasks.

As you can see in Figure C, the WIN.INI tab provides the same functionality as the SYSTEM.INI tab.

Figure C



same as before, select and deselect

Boot options using the BOOT.INI tab

The BOOT.INI tab, shown in Figure D, gives you many options for starting the computer. The top portion of the window contains the BOOT.INI file that the computer is currently using. You cannot edit this file using MSCONFIG. You can change the timeout value for the boot menu. Even if you can’t edit the file, it is easy to view the file when you use MSCONFIG.

Figure D


Microsoft recommends that you don’t attempt to use MSCONFIG to edit BOOT.INI unless you’re directed to do so by a Microsoft support professional.
Three of the four buttons provided in this window are for editing purposes and are grayed out by default. The Check All Boot Paths button is used to verify that the boot paths in the BOOT.INI file are correct. When you click this button, you’ll either receive an error message you can use for troubleshooting or a window alerting you that the boot paths have been verified.


Boot option pane

The most valuable functions on the BOOT.INI tab are the boot options, which are explained below. You can use these choices for a variety of troubleshooting techniques:

/SAFEBOOT gives you suboptions for starting the computer.
/SAFEBOOT with MINIMAL starts the computer in Safe Mode.
/SAFEBOOT with NETWORK starts the computer in Safe Mode with networking support.Note: /SAFEBOOT with NETWORK does not load the normal network configuration; instead, it loads a generic TCP/IP network configuration.
/SAFEBOOT with DSREPAIR is used to repair Directory Services on Domain Controllers.
/SAFEBOOT with MINIMAL (ALTERNATESHELL) starts the computer in Safe Mode with Command Prompt.
/NOGUIBOOT starts the computer without the VGA video driver that displays graphics during the boot process and Blue Screen crash information.
/BOOTLOG enables boot logging to help you debug and troubleshoot startup problems.
/BASEVIDEO starts the computer using a standard VGA video driver, as opposed to the one installed for the graphics card.
/SOS causes the driver names to be displayed when they’re loaded. You can use this switch to diagnose driver-related issues.
The BOOT.INI Advanced Options screen, shown in Figure E, offers you more options for starting your computer:
/MAXMEM limits the amount of memory that Windows XP can use. You can use this switch if you believe that your system has a bad memory chip.
/NUMPROC limits the number of processors used in a multiprocessor system.
/PCILOCK stops Windows XP from dynamically assigning system resources to PCI devices. The devices will use the BIOS configuration instead.
/DEBUG starts the computer in debugging mode. It allows you to configure the machine with three additional suboptions, as follows:
/DEBUG with /DEBUGPORT specifies the communications port to be used for debugging.
/DEBUG with /BAUDRATE specifies the baud rate to be used for debugging. The default baud rate is 9600 with a modem and 19200 with a null-modem cable.
/DEBUG with /CHANNEL specifies the 1394 communications channel for debugging.


Figure E


Advanced options

Working with the Services tab

The MSCONFIG Services tab, shown in Figure F, allows you to prevent specific services from starting when the computer is started. This is extremely useful when you’re troubleshooting service-related problems.

Figure F




Microsoft has designed the majority of services in Windows XP. To make it easier to find a non-Microsoft service, you can select the Hide All Microsoft Services option.


Troubleshooting using the Startup tab


The Startup tab lets you prevent items in your startup folder from starting when you log in. As you can see in Figure G, you can simply deselect the service to prevent it from starting. If you want to disable all the services, click the Disable All button. To enable all the services again, click the Enable All button.


Figure G

Startup choices

My favorite feature

The System Configuration Utility is easy to use and will help you troubleshoot a wide variety of Windows XP boot problems. The ease with which you can temporarily modify the boot files, system services, and startup files makes MSCONFIG an extremely useful troubleshooting utility. The best troubleshooting features I have found are the boot options located within the BOOT.INI tab. Remember to use caution when manipulating boot option parameters and always write down any changes you make in case you get stuck.

Friday, April 3, 2009

Microsoft Internet Explorer 8 install is broken

Microsoft Internet Explorer 8 install is broken
Author: Mark Kaelin


Microsoft Internet Explorer 8 has been released and is now being rolled out as part of the normal automatic Windows security update process. Unfortunately for many, the installation of IE8 has actually broken the browser and made it useless. My younger brother called me this morning with this problem, and I asked him to come to the office so I can get a firsthand look.
He has a Gateway notebook that is about two years running Windows XP.

Problem

This mysterious problem of IE8 not working has been echoed by several TechRepublic members to me in private messages and in the Community Forums. I have not pinned down the exact cause, but in my brother’s situation, the problem was frustrating on several levels.
First, the symptoms of this problem don’t allow for much troubleshooting analysis. Internet Explorer 8 starts as if everything is fine until it tries to load a Web page. At that point it freezes into a continuous connecting mode and stops responding to commands. There is no error code or other indication of how to correct or proceed.

The second frustrating problem involves the Control Panel Add Remove Programs applet. The installation of IE8 on my brother’s PC apparently did not progress enough to actually be listed in the tool to be removed or uninstalled.

Solution

There were two choices at this point: forget Internet Explorer and use Mozilla Firefox exclusively or uninstall IE8 and return to Internet Explorer 7.

For the sake of knowledge and this blog, we opted for choice number two, but my guess is that most will opt for Firefox, and I can’t say that I blame them at this point.

However, for our purposes, here is how we had to proceed.

The first thing I had to do was get the installation file for the Windows XP version of Internet Explorer 8. Once that was downloaded, I reinstalled it to the Gateway notebook. The process involved about 30 minutes and two restarts to complete.

My hope was that this process would install a working Internet Explorer 8. It did not. IE8 behaved the same as before: it would not load a Web page and stopped responding to commands. However, the most important thing was accomplished because Internet Explorer 8 was now on the list of Add Remove Programs in the Control Panel.

I used that entry to uninstall IE8 and return Internet Explorer to the previous version. A few minutes and a reboot later, IE7 was back and running as expected.

Your experience

This has been my experience, or at least that of my brother’s, but I am wondering what your experience has been. I don’t know if this is confined to Windows XP or if there is some other factor involved. I only know that this is certainly not the user experience Microsoft was looking for.
On my own personal computers, I have upgraded my notebook running Vista to Internet Explorer 8 without any problems at all. But I have not taken the chance on another PC yet. In addition to my brother’s story, I have had several reports of IE8 not working at all after installation, which gives me pause.
What about you? Did you get a bad Internet Explorer 8 install? How did you fix the problem? Did you go back to IE7? Did you just drop Internet Explorer and make Firefox your default browser? Let us know what is going on out in the real world.
The 10 Cisco IOS Router file management commands you must know
Date: December 12th, 2008
Author: David Davis

David Davis goes over the Cisco IOS commands you must know to manipulate files on your Cisco router flash, nvram, or other filesystems, allowing you to back up your configuration, upgrade your router, or just maintain the IOS file system.
——————————————————————————————————————-

Just like a Windows or Linux operating system, the Cisco IOS has its own list of commands to manipulate files, very similar to DOS/Windows commands. These files could be your IOS router operating system, configuration file, or other type of IOS file. Knowing these file commands is a critical requirement for any Cisco admin.
Let’s look at 10 Cisco IOS file management commands you must know.

#1 dir

This shows a directory list of files on a filesystem. To see the options, type dir ?Router#dir ?
/all List all files
/recursive List files recursively
all-filesystems List files on all filesystems
archive: Directory or file name
cns: Directory or file name
flash: Directory or file name
null: Directory or file name
nvram: Directory or file name
system: Directory or file name
tar: Directory or file name
tmpsys: Directory or file name
xmodem: Directory or file name
ymodem: Directory or file name


Router#

You can think of each of these filesystems almost like disk drives in DOS, where you have to put a colon after the name. So, the nvram is called nvram:. The default is to show a directory of the router’s flash as your default current directory is flash:

Router#

dirDirectory of flash:/
2 -rwx 18929780 Aug 29 2006 15:49:57 +00:00 c870-advipservicesk9-mz.124-15.T5.bin
3 -rwx 2143 Aug 29 2006 16:42:14 +00:00 running-config
23482368 bytes total (4544512 bytes free)

Router#

Every router will have at least flash memory and nvram (non-volatile random access memory).

#2 cd

Change directory: Use cd to change your current directory to a different device or subdirectory on that device. In the following, when I change my directory to the nvram: filesystem and do a dir, I get a list of nvram. I could also cd to a subdirectory after I have created a directory with mkdir.

Router#cd nvram:

Router#dir

Directory of nvram:/
126 -rw- 2143 startup-config
127 ---- 5 private-config
128 -rw- 2143 underlying-config
1 ---- 49 persistent-data
2 -rw- 0 ifIndex-table
131072 bytes total (116584 bytes free)

Router#

#3 copy

This is used to copy the IOS or a config file from and to somewhere. You would use this to copy the router’s configuration off the router to a TFTP server or just make a local backup of it on the router. You would also use the copy command to upgrade the router with a new IOS from a TFTP server.

Here, I am making a local backup of the router’s running configuration:

Router#copy running-config davids-backup-before-upgrade

Destination filename [davids-backup-before-upgrade]?

2181 bytes copied in 3.052 secs (715 bytes/sec)

Router#

#4 delete and rm

Very simply, you will use delete to delete files and rm to remove folders/directories. Here, I use delete to delete the backup of my config that I just created:

Router#delete davids-backup-before-upgrade

Delete filename [davids-backup-before-upgrade]?

Delete flash:/davids-backup-before-upgrade? [confirm]

Router#

#5 show flash

This is used to show the files in your flash. The command show flash is similar to dir flash: but it provides a little more information on the size and type of flash memory in your router.

Router#show flash

24576K bytes of processor board System flash (Intel Strataflash)

Directory of flash:/
2 -rwx 18929780 Aug 29 2006 15:49:57 +00:00 c870-advipservicesk9-mz.124-15.T5.bin
3 -rwx 2181 Oct 4 2006 04:03:00 +00:00 mybackup-today
23482368 bytes total (4544512 bytes free)

Router#

#6 erase and format

It can be a bit confusing why you would erase one type of filesystem, but format another. What you really need to know is that you format flash devices and erase nvram. There are other types of filesystems, and you may erase or format them, depending on their type. The erase command is most used when you want to wipe out the router’s configuration and start with a default configuration. This is done with erase startup-configuration.

Router# erase ?

/all Erase all files(in NVRAM)
/no-squeeze-reserve-space Do not reserve space for squeeze operation
flash: Filesystem to be erased
nvram: Filesystem to be erased
startup-config Erase contents of configuration memory

Router# format ?

flash: Filesystem to be formatted

Router#

#7 more

This shows a text / configuration file. Let’s say that you want to view a backup configuration file that you created. Just use the more command to view it:

Router# more my-backup-config

!

version 12.4
parser config cache interface
parser config interface
{config truncated}

#8 verify

This is used to verify the checksum or compute a MD5 signature for a file.

Router#verify flash:c870-advipservicesk9-mz.124-15.T5.bin

Verifying file integrity of flash:c870-advipservicesk9-mz.124-15.T5.bin.......{truncated}............ Done!

Embedded Hash MD5 : CA8AEC573B197AEC6BD5892DE23C4754
Computed Hash MD5 : CA8AEC573B197AEC6BD5892DE23C4754
CCO Hash MD5 : 9D39672246853C0F31533B6BCB21DFE5

Embedded hash verification successful.

File system hash verification failed for file flash:c870-advipservicesk9-mz.124-15.T5.bin(No such file or directory).

Router#

#9 mkdir

Just like in DOS, you use mkdir to create a directory/folder. I would do this to perhaps create an archive folder for backup configurations or old IOS files.

Router# mkdir backup-configs
Create directory filename [backup-configs]?
Created dir flash:backup-configs

Router#

#10 fsck

FAT filesystem check is typically used to check your flash filesystem integrity. You may do this if you have experienced some corruption of your IOS files in flash.

Router# fsck

Fsck operation may take a while. Continue? [confirm]
.....{truncated}.......
Fsck of flash: complete

Router#

While there are so many reasons to use file system commands like these, if I had to select three of the most practical uses for some of the commands listed above, here is my list:

1. Navigating the Cisco IOS filesystems — knowing what configuration files and what IOS files are on the router, perhaps before performing an upgrade.

2. Back up your configuration to the local router or off to a TFTP server, again, perhaps before a backup

3. Performing an upgrade of the Cisco IOS by copying the IOS from a TFTP server to the router.
It’s very important to understand IOS file management commands, what those commands are, and how you can use them in the real world. You don’t want to be stumbling to restore your IOS when the primary IOS is corrupt!

Thursday, January 8, 2009

Windows 7 beta ready to go


Windows 7 is going into public beta, Microsoft head Steve Ballmer announced at the Consumer Electronics Show in Las Vegas late on Wednesday.

The first beta version of the successor to Windows Vista is immediately available as a downloadable disk image to MSDN, TechBeta, and TechNet subscribers, while the general public will get to test-drive the new operating system starting Friday.

Windows 7 is expected to hit shelves toward the end of this year or the start of 2010, according to Microsoft's broad roadmap for operating system releases, which specifies a three-year gap between releases. The new OS first made an appearance in October, when a "pre-beta" version was given to attendees of Microsoft's Professional Developer Conference (PDC) 2008.



Windows 7 looks like Vista but is more suited to multitouch interaction with the PC.

(Credit: ZDNet UK)
Prior to Ballmer's Wednesday announcement, ZDNet UK talked to Microsoft's UK Windows chief, John Curran, in London. Curran, who called the beta release "feature-complete," said Windows 7 would appeal to business users and IT professionals because of its enhanced security and because the new OS does not require new hardware investments above those required by Vista.

"(The encryption feature) BitLocker was a key enhancement in Vista, but Windows 7 takes that a step further," Curran said. "BitLocker To Go is the new feature. If you take a traditional USB drive and then turn on BitLocker, you can either put in a password or lock (the USB drive) using a smart card."

A USB drive encrypted using BitLocker To Go will be usable on a PC running Windows 7, Vista, or XP--although an XP machine will only be able to read the drive after downloading software to allow this.

"Any hardware that runs Vista, you can have confidence it will run Windows 7 the same or better without a hardware upgrade," Curran said. He also claimed that, as the new OS is "fundamentally built on Vista," most Vista-compatible applications will also be compatible with Windows 7. The exceptions would be applications that are highly operating-system-specific, such as antivirus or file-management software.

Curran described Windows 7 as "designed and optimized for the mobile PC, whether it is a Netbook or a laptop", and claimed the new OS would work even on current Netbooks such as those using a 1.6GHz Intel Atom CPU.

A key feature for business users, Curran said, would be DirectAccess. This feature, also included in Windows Server 2008 R2, lets mobile workers access their corporate networks without the need for a VPN. It also lets IT professionals remotely manage laptops, even if the machines are too small to allow for the incorporation of a smart card reader.

Curran also said power-management enhancements in Windows 7 made the operating system suited to mobile computing. "Windows 7 does some clever things in terms of power management," he said. "The screen automatically dims after 30 seconds (of disuse) but, if you flick the touch pad with your finger to keep (the PC) awake, it will wait longer until the next time it auto-dims. It will adjust its behavior according to your needs."

It is not yet clear how many sleep modes will be included in Windows 7--many saw the number in Vista as too great and too confusing--but one certain addition is that of "wake to wireless," adding to the current "wake to LAN" mode.

Another enhancement for business users, Curran said, would be found in Windows 7's search functionality. Whereas Vista's integrated search covers the client PC in question, the new "syndicated search" allows search across a corporate network or even across Sharepoint.



Curran also said that Windows 7 was smaller than Vista, in terms of the amount of space it takes up on the hard drive, and that performance had been "tweaked across the board."

In its appearance, Windows 7 closely resembles Vista. Two significant exceptions are the size of the buttons in the taskbar at the bottom of the screen--these are now larger so as to be more usable in the OS's built-in multitouch mode--and the lack of the sidebar. The sidebar in Vista contained the widgets, but in Windows 7 these mini applications can be spread across the desktop in a similar way to widgets in the Android mobile operating system. As Android seems set to make its way into Netbooks, it is likely that Google's operating system will become a direct competitor to Windows 7 in that market segment.

The taskbar in Windows 7 also includes another visual enhancement over Vista, in that it will automatically display multiple tabs for a browser or multiple documents for applications such as Word.

Asked whether businesses should ignore Vista in favor of the upcoming Windows 7, Curran claimed that "the road to Windows 7 is through Vista."

"If you are running XP today, my best advice is to move to Vista today," Curran said. "Most businesses will wait for the first service pack for Windows 7 (before deploying it), but some will test Vista and (realize) they can get benefits (over XP) here today." Curran's words echoed those of Ballmer in October, when the Microsoft chief said he accepted that some companies would skip Vista, but recommended that they try Vista anyway due to the compatibility between Vista and Windows 7.

Curran refused to say whether Windows 7 would launch with the same level of marketing campaign that went into the release of Vista. He also said Microsoft had not yet decided on the minimum hardware specification for Windows 7, nor the number of versions in which it would be made available. He did, however, insist that Microsoft was "committed to an enterprise edition" of the operating system.
David Meyer reported from London.

Friday, January 2, 2009

Top 10 security predictions for 2009

What will next year hold in the ever-changing world of IT security?
By Asavin Wattanajantra

New tech means new ways for criminals to attack systems. Next year will see hackers get smart about cloud computing, social networking and more. Here's our top ten threats to keep an eye on...

Malware 2.0

Malware will increasingly target Web 2.0 as well as cloud services. New cloud-based services - such as Amazon Web Services and Microsoft Azure - are vulnerable new targets for cybercriminals or spammers.
The cloud could be used simply to send spam, but it also could launch sophisticated attacks such as hosting malicious code for downloads.
Web 2.0 has also created an environment where malware can change depending on an event or a situation. Separate harmless bits of malware can be constructed to combine and maliciously attack.
A good example of this is with mash-ups, where data from many websites can be reconstructed to create something malicious.
Malware-as-a-service becomes more common, which will allow automated malware to be bought and sold to order. This will be a big problem, as it lowers the technical level needed for criminals to become online fraudsters.

An explosion in new malware variants and web threats

Anti-virus vendor Symantec claims that new strains of malware consisting of millions of distinct threats can propagate as a single, core piece of malware. This will create a number of unique malware instances.
Indeed, research has shown we have now reached an inflection point where we are now more malicious programs than legitimate ones. Businesses and vendors need to move away from signatures and concentrate on detection methods, such as the reputation-based approach.
As web services keep increasing, and as browsers start to move towards a uniform standard for scripting language, expect new web-based threats.

Social networking spam

As the year went on, criminals were gradually moving from email-based spam to different techniques. One of these was social networking spam, where websites such as Facebook and MySpace were targeted.
Personal information is gold to the bad guys, and they will learn better tricks to persuade users to give away their details and find ways to access private accounts.
The rise in popularity of social networking sites that allow user-generated content will be a problem. Web spam will increase as will malicious posting into user-forums and blogs.
Security firm Websense claims that new web attack toolkits have emerged that allows attackers to discover posts and/or have vulnerabilities. Bots may also add more HTTP post functionality among their many capabilities.

More legitimate website hacking

It arose as a big problem in 2008 and is sure to continue next year, as criminals realise that hacking a legitimate website is a great way to persuade users to click and downloads malicious files.
Many users are still unfamiliar with web-based malware and 2009 could a boom year as cybercriminals look to capitalise on this ignorance. It is a very recent evolution to exploit flaws in browsers and web servers, and new toolkits are now constantly being made to take advantage.
The fact that these toolkits often don’t need users to have a great technical knowledge lowers the barrier for entry for cybercriminals and pushes the threat level even higher than before.

Unemployment creates more cybercriminals

The credit crunch will affect the security landscape in a number of ways. One of the scariest prospects is that the economic downturn will make it tempting for unemployed IT workers to use their technical knowledge to commit internet crime.
It’s a very lucrative business - and as mentioned before - the growth of malware-as-a-service will make it very easy for people to make money on the web, even if they lack the right technical knowledge.
It could also be a problem in developing countries, as the lack of IT jobs could force qualified and skilled technical workers into the arms of criminal gangs, who will exploit their skills in aid of making money over the web.

Security budgets unlikely to grow

Although the threats keep multiplying, most would agree that in the current economic climate, budgets are unlikely to grow significantly.
This means that there will be more consolidation in the security field and means that instead of multiple boxes carrying out single functions, it will be consolidated into single boxes.
In 2008 this has already been happening, but with budgetary pressures there is no doubt this will accelerate.
It will also be interesting to see how the new focus on data security will affect the way businesses work, and whether there will be a change of focus in security to securing the data, rather than protecting the network.

Mobile computing hacks

The growth in popularity of smartphones will make them a bigger target to criminals as they will not have the security protection that PCs have had for years.
Applications and associated data will be accessed from anywhere and make them a big target for hackers. IT administrators need to be on their guard as these threats will have multiple points of entry, targeting different devices and applications.
This is made even more important by the fact that the use of mobile internet will have increased significantly by the end of 2009.
The value of the data that new sophisticated phones will carry will mean that subscribers will expect mobile operators to take greater security measures to protect personal data, especially when mobile commerce takes off.

The new generation of botnets

At the end of 2008 many of the biggest botnets were taken down with the closing of the McColo server. MessageLabs predicted that these will find new hosting services in countries such as Russia or China, improving botnet technology.
A particular sophisticated type of botnet that was described takes the form of hypervisor technology, with malware existing as a virtualisation layer running directly on the hardware and incorporating key operating system calls.
The “real” operating system remains unaware of the existence of underlying malware controlling the computer. Particularly technical attacks like SQL injection and cross-site scripting will also continue, and become more commonplace in 2009.

Cyber hacking on virtual worlds

Like social networking, hackers are likely to move away from the traditional forms of email spamming and move towards the potential goldmine of virtual worlds.
This could be gaming universes like World of Warcraft, or more social reality-based worlds like Second Life, where stolen virtual goods could be sold for real hard cash.
Users are often more relaxed about their personal details in online worlds, and this means that there could be a good opportunity for criminals to create technology which steal this data.
The increasing use of virtual worlds by businesses will also be a factor, as the value of data that these worlds will carry may grow significantly. This will make it more profitable, and therefore attract more criminals.

Reputation hijacking flourishes

The vulnerability in the design of the Domain Name System (DNS) found by Dan Kaminsky could in theory poison a server’s cache causing people sending emails or requesting a website to be given the wrong IP address.
This could mean victims are sent to a fake website which is looking for personal details, but looks perfectly real. If organised gangs manage to exploit this DNS vulnerability it could mean a whole different set of problems in 2009.
There was a multi-vendor patch deployed in August to protect servers from attack, but it has been made clear that the vulnerability had only been slowed down – not eliminated.

Thursday, December 18, 2008

Vista-Style Command Link

The Vista-Style Command Link control is an elegant Button control designed to mimic the look of command link control in Windows Vista. It is completely code-generated, meaning that it is portable across Windows versions. Built upon the Button .NET class, the Command Link control can be easily integrated on top of existing button controls.