Attack Surface Reduction - An Often Overlooked Element of Web Application Security

In industry surveys ranging from the Symantec Threat Report to Gartner analyst reports, application security is constantly cited as the most significant area of risk for enterprises and the most prevalent threat vector for cyber crime. It certainly makes sense, why bother to spend time on reconnaissance when the front door is wide open?

Many organizations have begun to spend a great deal of energy and money to secure applications. Popular approaches include code review, threat modeling, source code analysis and black box testing. Often overlooked is the rather fundamental practice of reducing the attack surface of the application.

During development and configuration of a system and the associated application the software must typically expose both customer and business assets through network ports, database access, APIs, web services and the user interface. The entire collection of entry points in a product is called its Attack Surface. These form the ways in which an adversary can attack a system. A big attack surface generally means big security issues, or often more time and budget dollars dedicated to protecting the system. It's also important to remember that channels to local resources are not the only vectors for attack, remote resources must also be kept in mind.

Generally, when a software system is architected, implemented and configured, the top of mind issue is about providing useful functionality that meets business goals. From a security point of view, however, the design and deployment teams must also think about turning things off as well as on. From a design standpoint this involves reducing the amount of code that is executing by default, running with user privileges rather system, reducing functionality and data accessible to unauthenticated users and limiting the damage if access points are exploited. From a system configuration point of view this involves turning off unnecessary services, providing access only to required authorized users on specific subnets, and using strong ACLs to control access to resources.

The security community has done a relatively good job with respect to understanding which attack vectors are more likely targeted by adversaries. Given that perspective, keep the following in mind:

• Minimize the use of scripting engines and controls such as ActiveX, JavaScript or VBScript. • Avoid symbolic links as these are likely targets. • Restrict file permissions to the fullest extent possible. • Minimize the number of services that must run as root. • Keep up with vulnerability research and build an effective patch process.

A useful practice is to put together a design guideline for developers suitable to your design environment and the business and security requirements associated with your system. Further, at deployment time, a security configuration guide and checklist of security best practices is recommended. Interestingly, some in the industry such as SAP have invested even more heavily in this area. SAP Labs has developed and begun pilot deployment of an Eclipse extension that uses a more formal process to measure attack surfaces. Their method involves summing the damage and potential-effort ratios (DER) of relevant resources. The relevant resources of an application include its channels, such as TCP ports; methods, such as API calls; and data, whether persistent, in memory, or in transit. The DER of a resource is the ratio of potential damage to the effort required to breach the resource. The SAP tool discovers application resources and combines that data with DER numbers to generate attack surface metrics for software components. While the discovery of resources is fully automated, the tool requires context specific configuration based on experience, judgment, and a threat modeling process.

Given the complex nature of deploying SAP software securely it's not surprising that they have invested in this area. However, all systems can benefit immediately from simply measuring the potential avenues of attack and understanding the impact. This practice can be particularly beneficial for complex systems with many configuration decisions. In the healthcare sector, where Redspin has done many information security assessment projects, a good example is healthcare information exchange systems. A further example with broad deployment across many sectors is CRM systems.

Whether through design reviews, deployment guides or development tools, the practice of reducing the attack surface associated with an application has the potential to quickly yield a high return on investment.

Can I Be Taxed on My Discharge of Debt?

In the current financial crisis many financial institutions may be forced to discharge debts of taxpayers. Taxpayers will be benefit (be extremely happy) by not having to repay their debtors. However, they may end up with a tax surprise.

Many taxpayers are unaware that a discharge of debt is considered (taxable) income. The taxpayer may be happy not to owe the financial institution the debt, but the may end up owing the Internal Revenue Service (IRS) tax.

Accounting to IRS regulations income from the discharge of indebtedness is includible in gross income unless it is excludable under Code Section 108. There are other provisions created by Congress besides Code Section 108 including special circumstances for Hurricane Katrina victims.

Taxpayers may exclude the forgiveness of debt income from tax in four ways. The first is exemption from including the discharge of debt in income is if the discharge is due to bankruptcy filed under Title 11 of the US Code in which the court granted.

The second method for taxpayers to exclude the forgiveness of debt income is for the taxpayer to be involvement outside of bankruptcy. The term "insolvent" refers to an surplus of the taxpayer's liabilities over the fair market value of taxpayer's assets immediately prior to discharge. The IRS is not too generous with the exclusion, for the excluded amount is limited by which the taxpayer is insolvent.

The final two exclusions are for qualified farm indebtedness and qualified real property business indebtedness. These area are more complicated as the income may be excluded from tax, however certain tax credits and basis in property may be affected.

The taxpayer will potentially need to file additional forms with their tax return. Form 982, Reduction of Tax Attributes Due to Discharge of Indebtedness (and Section 1082 Basis Adjustment) http://www.irs.gov/pub/irs-pdf/f982.pdf, will be filed by the taxpayer to report excluded income from the discharge of indebtedness.

Taxpayers will need to be cautious when having debt forgiven. The taxpayers may end up having poor credit and triggering income subject to tax. Determining if the forgiveness of debt is taxable or meets one of the exclusions is complicated. You should contract your tax advisor if you have any specific questions.

Smoked Salmon Salad is a Healthy Lunch Option

As the new year begins, it's a great time to start a plan for changing your eating and fitness habits. This is something that many of us try to do each year, and often, something that we fail at. But this year, why not make a stronger commitment not to losing weight, but to doing something for yourself. You can start by joining a gym and really committing to going several times a week. You can also start by eating lighter at lunch, such as with the addition of smoked salmon salads to your diet. A little bit of change can go a long way toward making you feel better than you have in years.

When you commit to eating a smoked salmon salad for lunch several times a week, you're helping to make this healthy habit a routine, much like going to the gym. Once you get into a routine, it's much easier to keep it going, which means that starting and keeping a commitment to a healthy lifestyle can really change your life. It's also the reason that so many of us have a hard time breaking our unhealthy habits, as they were something that we committed to by not making an effort to life a healthy lifestyle.

Eating a smoked salmon salad several times a week as your lunch is a great way to build your commitment to healthy eating in a way that is both nutritious and good for you. Of course, the vegetables that make up a complex salad are always good for you, as long as they are dressed with a low or no fat dressing. But the secret to this salad is really in the smoked salmon. It's excellent for you for a variety of reasons. The first is that it's incredibly high in protein. This helps you to stay active during a long day.

When you're deciding what to eat as part of a healthy lunch, smoked salmon salad stands out because of how low in calories smoked salmon is. In fact, when you eat the same amount, smoked salmon is lower in calories than both steak and baked chicken. This means that you can eat less to get full, and will be consuming less calories with your lunch. It also means that you're getting a great amount of protein without a lot of empty calories along with it.

There are so many different varieties of smoked salmon salads that you can try, you will never be hard pressed to find one that you want to eat that day. One of the most simple is a smoked salmon and tomato salad. Simply take a large variety of tomato, like a beefsteak, and slice it thinly. Then layer these slices with a thin piece of smoked salmon. Finish with a drizzle of balsamic vinaigrette and you have a delicious lunch!

This year is the right time to start following a more healthy lifestyle. It's simple to do when you use smoked salmon salads as a lunch staple!

Review: Hammond World Almanac 2006 World Atlas

Publisher: Hammond World Atlas CorporationISBN: 0843709375

The Hammond World Atlas Corporation has teamed up with the bestselling World Almanac and Book of Facts in putting together a superb and educational publication, Hammond World Almanac 2006 World Atlas.

You can probably call this Almanac the bible for world class cartography and data with its 200 pages of facts and figures about people, ethnic groups, languages, religions, area, capital, GDP, head of state, and governments. And then there are the 100 pages of digital TerraScape Maps that feature three dimensional relief of land and ocean floor terrain.

When I looked at the "Contents" section of the Almanac, I was delighted to see that there is a section pertaining to the interpretation of maps. How often have you looked at a map and you haven't a clue as to what all the symbols mean or the map scales and projections?

In clear and precise language the authors of this publication explain what are map projections and explore some of the most widely used projections. They also introduce us to a new projection, the Hammond Optimal Conformal.

For those of us who are unfamiliar with the term map projection, we are informed that the challenge faced by mapmakers is to project the earth's curved surface onto a flat plane. Consequently, to accomplish this feat, cartographers have developed map projections or formulas that govern this conversion of geographic data. It is possible to identify every point on earth with the help of a geographic coordinate grid, and this grid is projected onto a flat surface.

From this starting point we are given explanations of general principles and terms, how to flatten a sphere, selected examples of projections, conic projection and the Hammond Optimal Conformal.

This initial section is followed with a comprehensive explanation as to how to use the map section. It is here where we find out how boundaries are determined, sources of names, map symbols, colors, labels and map scales.

Armed with all this introductory data we are now prepared to examine the world maps starting with the Europe and Northern Asia and then Asia, Australia and Pacific, Africa, Antarctica, South America, and North America. On the bottom of each map there are color codes differentiating the population of the various cities and towns. There is also a mileage scale denoted in either miles or kilometers. Detailed and comparative thematic maps, tables, graphs pertaining to each continent, topography, population, land use, mineral resources and consumption are also included.

The concluding section or the World Almanac Section presents key facts and figures concerning every nation such as their rankings by population and area, major oceans, ocean depths, and islands, rivers, waterfalls, continental altitudes, lakes, reservoirs, dams, highest mountains, temperatures, top languages, precipitation, population growth, energy and environment.

Examining facts and figures about a particular nation we notice that what is included is the following: topography, capital city, independence date, type of government, who is the head of state and head of government, GDP, industries, chief crops, minerals, life expectancy at birth, literacy rate and a link to the country's web site.

This almanac is a magnificent achievement to be savored and repeatedly enjoyed. It fills an educational niche and is a perfect addition for libraries, classrooms, and personal book collections, where vital geographical data is at your finger tips.

The above review was contributed by: NORM GOLDMAN Editor of Bookpleasures. CLICK TO VIEW MORE OF Norm Goldman's Reviews

How to Reverse Diabetes

There are 20.8 million children and adults in the United States, or 7% of the population, who have diabetes. American people diabetes rates have long been highest in the world. However, the question remains unanswered; can diabetes be reverted? Are there traditional or non-traditional methods to try?

Mike Fox, executive director of the Intertribal Bison Cooperative points out that eating elk decreased diabetes rates among American Indian tribes; the ones that restored bison herds and reintroduced it as meat in their diets have diabetes rates under 1 percent. Some tribes have been working restoring elks during 15 years - South Dakota Groups for example-.

Nevertheless, this study has not been validated yet and years coming will tell us if this elk-treatment could in some way be applied to a largest diabetic population. At time, we can follow some traditional ways to reduce high blood sugar levels.

A) Eliminating consumption of refined sugars and grains B) Taking slowly point A, Do not quit unhealthy foods abruptly. C) Getting off of antidepressant drugs D) Increasing your consumption of plant-based fats E) Taking quality nutritional products that provide minerals in natural and bio-available forms F) Controlling blood sugar with herbs, spices and nutritional supplements G) Picking up the habit of regular exercise

The most important aspect to consider, it is the fact that diabetes is reversible and no matter what you have heard before, you can and should try to control it with diet, medications or insulin, so you can start forgetting about being a diabetic forever.

Jiayu Liao, Riverside Assistant Professor of Bioengineering from University of California, discovered a small molecule that has been shown to control diabetes, this one was called as Boc5 and it can stimulate insulin function in response to high levels of glucose as well as reduce body weight by twenty percent.

This can be a future way of orally available insulin used to control diabetes and weight as well. The researchers reported in an article that appeared in the Jan. 16 edition of the Proceedings of the National Academies of Science titled "A nonpeptidic agonist of glucagon-like peptide 1 receptors with efficacy in diabetic db/db mice."

Summing up and as you can see, it is a fact that years coming will bring us effective diabetes reversing techniques and treatments, doing a little bit each day against diabetes, it is the very best way to control this disease.

Choosing the Outdoor Furniture Set That's Right for You

Summer is around the corner. You want new outdoor furniture for your yard or patio, or around your pool (you lucky soul!). You are not alone. Many people see their outdoor spaces as an extension of their home. You can furnish that space with love seats, chairs, dining sets; even rugs and lamps. There's a vast array of choices available to you. Where to begin? Perhaps by considering exactly what you need, you'll be able to narrow down the choices and focus on finding the right outdoor furniture pieces for you and your lifestyle.

Do you use your outdoor area primarily for personal/close family relaxation, or large-group entertainment? How large is your area? How often do you use your outdoor area? Do you have a tendency to use it at particular times of day? Do you use the area in the evening or night? Does the outdoor area receive a lot of sun? Is the area sheltered, or is it completely open to the elements? What pieces of furniture do you have in mind? Do you want chairs only, or a dining set; or lounge chairs? Do you want a bar or cocktail arrangement? How formal or casual do you want your area to be? Do you plan to move or rearrange furniture often? Does your area experience harsh winters? Answers to these questions will help you to identify the ideal type of materials your new outdoor furniture should be made from, how many pieces of furniture you need, what types and which accessories. You want outdoor furniture made with the comfort and style you desire as well as the strength and durability you need. This will help you to make the best furniture choice for you and your lifestyle. For example, if you plan to move chairs and other pieces around often to accommodate guests, you may decide to choose lightweight materials like recycled plastic and aluminum. If you have young children, you may look for materials that are very durable and clean easily. Cushions should be made with fade- and weather-resistant fabrics. As you begin to identify materials like teak wood, outdoor or synthetic wicker, recycled plastic, etc, you can determine how easy or difficult it will be to maintain your new outdoor furniture at its best.

If you mostly use the area for casual breakfasts with your family, a bistro-style outdoor furniture set may be more appropriate than an elaborate dining set for twelve. Of course if you want to relax outdoors, you'll consider recliners and deep-cushioned seating with ottomans. If your area is open and receives a lot of sun, you may want to think about adding a patio umbrella, awning; or if space allows, a portable gazebo for welcome shade. Nighttime use may call for lighting with torches, or electric or solar powered lamps.

Also consider the climate where you live. If you live where winters are harsh, will your outdoor furniture be able to remain outdoors year-round, or will you have to store your furniture during winter? Do you have the required storage space? Investing in outdoor furniture covers will help maintain your outdoor furniture at its best.

Once you define your outdoor furniture needs and desires, you can begin to compare those needs against the wide variety of offerings and price points. Hopefully these tips will guide you to make the best decision. Happy summer!