Open Source Versus Closed Source Software


“A cryptographic system should still be secure, if everything known about it except its key. You should not base security of your system upon its obscurity”- Auguste Kerckhoffs (1883).

Ausguste Kerckhoffs was a Flemish cryptographer and linguist who studied military communications during the Franco-Prussian War. He observed that neither side could depend upon hiding there telegraph lines and equipment from the other side because the enemy would find the hidden telegraph lines and tap into communications. One could not trust upon their system being obscure. In 1948, Claude Shannon of Bell Labs extended Kerckhoffs Law when he said, “Always assume that the enemy knows your system.” Crytopgraphers and military colleges teach Kerckhoff’s and Shannon’s laws as fundamental rules in information security.

How does this apply to computer security? There are a few basics that we should understand:  programmers write their codes in human decipherable binary object code (i.e., zeros and ones), and very few people can read binary code. For revenue developers do not release their source code when they sell software, they only release the binary object code. This closed source code is their proprietary “crown-jewels”, to be carefully guarded. In contrast, open source, software is not for profit at all, the source code is provided along with the binary object code so other developers can read and add, write new features or find and fix bugs.

So, does this mean that closed source is safer than open source because no one can see any bugs or security holes that might be hidden in the source code? No. With closed source, there is temptation to use “security via obscurity.” The history of security holes is that they become well known because there may be literally hundreds of people with access to the source code and some of these people come and go. Some take the code with them and some share with others, who post it on the internet.

Then there are the decompilers. Decompilers are software that converts binary object code back into source code. Decompilers do not produce exact copies of the original source, but they are getting better and better every day. With their use, attackers can better guess where the security holes are.
There is also inclination within the closed source community to rely upon the source code being hidden as a line of defense. In effect, they drop their guard, falsely thinking that they are safe, when in reality they become more vulnerable. The open source community has far more people able to examine the code than any closed source system. One of the beliefs of the open source community “No bug is too obscure or difficult for a million eyes.”

Also, developers’ motives are different. Open source coders generally do not write for profit. Closed source developers are inevitably writing for profit. With the profit motive comes more pressure to release software quickly to “beat the market.” Rushing code to market is one of the surest ways of releasing defective code and then we have tons of patches and releases to download every month. This type of pressure doesn’t exist in the open source world since there is not profit involved.

Can there be secure closed source software? Yes of course. But the developers must be committed to security from the very beginning on development stages. By most reasonable measures,  open source can be considered, and will continue to be more secure than closed source software.  This is what Auguste Kerckoffs would have predicted.
Open source continues the march to world code domination. Click here for the best top open source applications according to Bossie Awards 2011.

5 Firefox Add-Ons That Made Me Switch From Internet Explorer to Firefox

Hello everyone reading this post, this is my very first blog post. A little about myself; I’m a computer enthusiast/IT Person with a strong passion for Networking and Networking Security. Often times I get asked by my peers and colleagues “which browser do you prefer?” and for me the answer is always Firefox. Of course the next question is “why Firefox over Internet Explorer?” and the answer always seemed simple enough in my head (I’m an open source Fanboy) but a little more difficult to explain to a non-computer savvy person. So I came up with a list of 5 add-ons available for Firefox that make my web browsing experience so much better.

Ad Block Plus  This first add-on has to be one of my all-time favorites and one of the biggest reasons I switched from Internet Explorer back in 2005. As the name suggests, this add-on blocks all advertisements on any given web page. I know what you’re thinking “what if the website I’m using requires popups or ads to be on in order to properly use the website?” Easy, just click on tools and right there is a menu entry for ad block plus that allows you to disable it for that pesky website!


Https Everywhere This next add-on is a great add-on for encrypting your web traffic. The add-on will attempt to browse every website you visit using SSL (Secure Socket Layer). What does that mean for you? Simple, when you browse the web, your browser makes requests to webservers using http which is in plaintext, meaning your information can be seen by anyone who is sniffing your network traffic. When you use HTTPS (SSL) your traffic is encrypted before it’s sent over the internet, so even if someone was sniffing your network traffic all they would see is encrypted data.

No Script This third add-on is quite the powerful one, but it can be a nuisance to the average user at first. No Script is an add-on that blocks the usage of any type of script on a web page. This is useful when you are visiting a website you don’t trust or don’t know if you should trust it. Most web sites nowadays use scripts to enhance the content of their web pages by adding some ease of use or dynamic way of interacting with the website, but someone could also use a script to cause your computer harm in the form of a script which would run behind the scenes and the user would be none the wiser giving off info about what sites they visit, usernames and passwords, or a wide variety of other sensitive information. Again if there is a site which requires the use of scripts and you trust the website you can simply disable no script on that webpage or website depending on the need. The add-on is very easy to use and understand once you have it up and running. It will even tell you which scripts No Script has blocked and you can allow on a script by script basis.

Web of Trust The fourth add-on is a great community add-on. Web of Trust will add more security to your web browsing experience by adding little colored circles to the end of your web searches and links. The way the add-on works is by having a user base the users of the add-on can rate how “trusted” the website is or not. If users have reported the website to be unsafe you will get a warning before entering the website telling you that the site might be harmful and gives you the option of taking the risk and going in or leaving the site without entering it. I normally don’t like signing up for things I think are unnecessary but in this case I feel like the add-on’s features are worth a sign up. If you know of any websites that are malicious or harmful you can also rate them and let the community know the site is unsafe.

Stumble Upon This last add-on has been a great discovery tool for me in my travels of the internet. Stumble Upon is another community based add-on that takes into account your interests and then find random websites on the internet with those interests in mind and takes you to that page. Once you get to a page you can either up vote or down vote it and stumble upon will remember your choices and make better decisions on which sites to take you to next time. Also if there is a page which you like and think people with that interest will like you can up vote it and Stumble Upon will suggest it for other people.

I know, how could anyone use Internet Explorer with all these great add-ons out for Firefox? The best part about Firefox is that there are literally thousands and thousands of different types of add-ons waiting for you to explore and use to make your browsing experience better. Thank you all for taking the time to read my very first blog post and I hope you enjoyed.

Microsoft Outlook Shortcut Keys

Below is a list of common Outlook shortcut keys.

 

Cancel current operation

Esc

Move from field to field or area to area in a window

Tab

Moves down the folder list

Shift Tab

Select, open, or activate

Enter

Moves from item to item in most windows

Arrow keys

Select All

Ctrl A

Reply to an E-mail

Ctrl R

Forward an E-mail

Ctrl F

Print

Ctrl P

Delete

Ctrl D

Move to Folder

Ctrl+Shift V

Mark as Read

Ctrl Q

Mark as Unread

Ctrl U

Save while reading an e-mail

Ctrl S

Open the Address Book

Ctrl+Shift B

Turn the Navigation Pane on and off

Alt F1

5 Tips for Getting Customers to Pay on Time

  1. GET A SIGNED RETAINER
    Prepare a formal agreement clarifying the services or products being offered, how they will be billed, how they are expected to be paid, and what will happen if they are not paid. Sit down with customers to explain the details of this contract and have it signed by all parties.
  2. GIVE DISCOUNTS FOR PREPAID SERVICES
    Give customers an incentive if they purchase prepaid blocks of time by offering services at a discounted rate. Provide discounts if payments are received before the due date and charge interest fees for late or non-payments. Write out the payment terms and due dates on statements.
  3. ACCEPT CREDIT CARDS
    Credit cards are the most popular form of payment today. Accepting credit cards and electronic check payments encourages timely payments. If customers do not have cash at the moment to pay their bills, they will rely on credit cards as a fall back.
  4. MANAGE ACCOUNTS RECEIVABLE
    A weekly review of customers’ accounts will increase cash flow and reduce bad debt loss by detecting slow paying and non-paying clients before their debt become unmanageable. Timely issue invoices because older bills have a higher chance of being disputed and not collected.
  5. WORK OUT A PAYMENT PLAN
    Call customers that have fallen behind and offer them payment solutions. A friendly reminder works better than a letter or email. If an account goes past 90 days, consider hiring a collection service or writing it off.