Dear Mr. Finch and Mr. DePaul, I read your article, “Don’t Let Yourself (Or Your Kid) Be The Next BlackBerry” this morning and felt compelled to respond. As a father, I agree that kids should “recognize the value of life beyond their grades” and “invest in different dimensions of their life.” Where I disagree with you, is the thought that kids shouldn’t be like BlackBerry. The notion of being “well-rounded,” which you allude to in your article, is BlackBerry. You might not know this, but we are no longer just about the smartphone, but the smart in everything from devices and cars to containers and medical equipment. For example, if you drive a Ford, GM, Audi (or Mercedes), BlackBerry software is most likely powering its infotainment system. Your new iPhone uses BlackBerry software if you work at one of the thousands of enterprises that use our mobile management platform. If you know a UCLA faculty member or student, they most likely received an alert, powered by our software, when the unfortunate shooting took place on campus in June. Your health records, personal information and bank accounts are kept safe and secure because BlackBerry software is trusted by some of the world’s largest companies in industries such as banking, healthcare and legal. In the future, you may experience less scarring, less recovery time, and less pain should you need a heart transplant thanks to our software. These are just a few examples. The reason I would want my kids (and your kids) to be like BlackBerry is this: Resiliency. We’re in the midst of an incredible transformation, bringing our software business – something we’ve always had – finally to the fore. And, it’s working due to the simple fact that BlackBerry has more than doubled its software revenue on a year-over-year basis for the past two quarters. We’re not letting one product/idea define us; rather, we are transforming our thinking, addressing our obstacles head-on to nimbly innovate in cutting-edge areas such as the Enterprise of Things. There is a lot going on at BlackBerry today, which makes me want to leave you with one piece of advice: “just because you knew someone, doesn’t mean you know them.” Your old employer certainly looks a lot different these days. Best, Marty Beard
By Erwin Friethoff Application security practices and tools can help ensure that embarrassing and costly vulnerabilities are shut out of your website or app.
Almost everything can be done online nowadays, and even some of the oldest professions in the world are modernizing and moving to the Web. Application security is becoming more and more important with the online enablement of all kinds of new services.
Since everyone and everything is online, the Dutch government decided that one of the basics of a modern society — law and order — should be facilitated through online channels as well. For example, when a lawyer wants to start a procedure, he or she can do so digitally. Proponents argued that it was good for speed and better for the environment.
The website has been modernized and, next to publishing court decisions, a lawyer or legal representative can launch a new case and upload the accompanying documents. Since it is run by the government, one would expect that the application security would be top-notch, right?
A Big Team, Lots of Money and an XSS Vulnerability
A new user experience, a new, up-to-date design, case manager tooling — the website had it all. Highly skilled people worked on the site for years, at the cost of millions of euros, so it was expected to be the best and most secure government website yet produced. Think again: Within a couple of days, an ethical hacker found a DOM-based cross-site scripting (XSS) vulnerability
According to OWASP, a DOM-based XSS attack occurs when the payload is executed by changing the DOM environment in the victim’s browser, which causes page code to operate differently.
A DOM-based XSS vulnerability is one of the vulnerabilities named in the OWASP Top 10, a powerful awareness document for Web application security. It represents a broad consensus about what the most critical flaws are — and these vulnerabilities tend to be present in many applications.
How Application Security Could Have Helped
Could this have been prevented? The answer is yes! But what steps should have been taken to ensure that the vulnerability did not exist in the first place?
To enable clients to prevent these kinds of exploits and vulnerabilities, IBM provides the AppScan portfolio. IBM AppScanscans source code and Web applications for vulnerabilities. It reports on known issues, giving advice on how to repair them and how to prevent them from being exploited. The video below shows how the IBM AppScan XSS Analyzer optimizes the success of the scan.
AmigaOne X5000 Update
Alex Perez in CardiffI’ve received numerous enquiries about the availability of the AmigaOne X5000 system. As you probably know the Cyrus boards have been in stock for quite some time with new shipments of boards arriving from Ultra Varisys almost weekly. We are just waiting for the final release version of AmigaOS 4.1 from Hyperion Entertainment and then we will be good to start shipping new AmigaOne X5000/20 systems. As with the AmigaOne X1000 “First Contact” system we will release an “early bird” model, this time entitled “Close Encounters” which we be supplied with the first version of AmigaOS 4.1 specifically configured by Hyperion Entertainment for the AmigaOne X5000.The growing tower of CyrusAgain, as with the AmigaOne x1000, regular updates of X5000 specific drivers and other software bug fixes will be released for download as soon as they become available. So if you are an experienced Amigan and like to tinker with your AmigaOS installation then the “Close Encounters” release of the AmigaOne X5000 is definitely one for you. Matthew has promised that the “registration of interest” page will go live soon. So Matthew & Hyperion Entertainment it’s now over to you. No pressure boys.
Source: Trevor’s Amiga Blog
Give your Raspberry Pi that good old Amiga Look and feel, and transform it into a Real fast Workstation!
What is AEROS? AEROS is a hybrid distribution of AROS (www.aros.org) and Linux (in the moment debian 6.0 for X86 and 7.0 for ARM is used) available for ARM and x86 systems. If there is enough interest we can start also an PPC branch. The audience may decide ; )
To see Aeros running, here a video from the Developer Pascal Papara
Adding another region to the growing list of areas which Priv is available, BlackBerry has now officially launched the device in Malaysia. Customers looking to pick up a Priv can now preorder the device through 11street with special offers in place if you’re quick. The first 60 customers who preorder through 11street will be able to purchase Priv at a discounted price of MYR 3,388.