Like me, I believe most people go about their business never to give a serious thought about their assumed private correspondence when using Gmail to email friends, colleagues and business associates.  As it turns out, your daily banter may not be so private after all.  A recent article in Fortune Magazine, “Judge Rejects Google Deal Over Email Scanning” caught my attention and an immediate thought dominated my curiosity…Google email and scanning scam.  

In essence, the article describes Googles’ agreement to change the way it scans incoming messages so that it no longer reads emails while they are in transit, but only when they are in someone's inbox! So, what exactly does that mean? Judge Koh, a San Francisco federal judge, said she's not so sure about that. Her ruling claims the settlement does not provide an adequate technical explanation of Google's workaround, which involves scanning in-transit emails for security purposes, and then later parsing them for advertising data. The judge also proposed a legal settlement to pay $2.2 million to lawyers, but nothing to consumers.

My interest in this story is not so much about the proposed settlements or the specific details about how Google or any of the web giants settle claims based on vague legal language. It is however, more about the naiveté of myself and perhaps many others that never question how the email scanning process really works. I wonder, do most of us really care that Gmail uses contents of our mail to display targeted ads?

With stiff penalties for being caught and the whiff of secretive underground or even nefarious acts, computer hacking can be seen as a somewhat dubious pursuit. Not all hackers operate with the motive of emptying your Paypal account, however; there are many hackers who utilize their skills to aid companies in locating security flaws ("penetration testing") or engage in hacking with the goal of becoming cyber-freedom-fighters that champion simple human freedoms, such as the right to free speech.

Computer hacking is as much an art as it is a skill. At its simplest distillation, hacking is the systematic search for chinks in programming armor. While advanced problem-solving, intuition and sophisticated understanding of programming languages are a distinct advantage, there does exist a number of push-button programs that computing wizards have written allowing those less sophisticated in the art of hacking to break into remote computers in a variety of ways. Because of this new ubiquity, today's hackers no longer need to be a programming Wunderkind; they simply need to know where to download software and be able to turn on a computer. It really is that simple and the implications can be disturbing.

Phishing, Push-Button Programs and Brute Force Tactics

There's no need to crack a company's firewall if you have direct physical access to their computers. One aspect of hacking is the impersonation of an employee or service worker with the goal of gaining access to a company's database, where the hacker can then unleash whatever havoc he or she has planned into the system. Another is to engage in simple phishing techniques, such as impersonating an employee who forgot their password and needs help logging into the system.

Because such impersonations often fail thanks to companies becoming more security-conscious, taking over operations of a computer remotely is often the preferred method of gaining access. Such attempts can be facilitated in a variety of ways. One is the brute-force method, in which a program such as SQLmap, Nmap or Burpsuite is used; running one of these programs is analogous to trying every doorknob in a neighborhood to see which house is unlocked. Using a variety of different parameters, these programs can find access to a vulnerable computer or network in less than a minute.

Hackers can also attempt to gain access with a program like Metasploit. With literally a few clicks of a mouse, access to a remote and vulnerable computer can be achieved by a relative newbie. With a related hacking aid, called Meterpreter, a backdoor is created that allows access into an operating system. It does not install itself onto the remote computer, running instead using the computer's memory; in fact, Meterpreter can hide itself inside the operations of a perfectly valid program, so it cannot be detected even by sophisticated programmers. Once engaged, it allows a remote user carte blanche access to the system in question.

Where to Learn the Art of Hacking

Of course, for those who wish to learn the actual skills rather than download someone else's hack, there are a number of practice sites that pose an increasingly difficult set of challenges intended to train neophytes in the art of hacking. For example, Hack This Site starts beginners with the goal of cracking simple flaws in coding scripts or software such as HTML, Unix, Javascript and Apache. Their structured series of tests increase in complexity, incorporating real-word scenarios and even old-fashioned "phone phreaking" challenges that recall the bygone golden age of hacking skills displayed by Matthew Broderick in "WarGames."

Using just these simple tools and free practice sites, beginners have a powerful array of hacking resources just a simple mouse click away.

Outsourcing IT needs in the corporate world has become extremely popular because it is cost-efficient and it gives IT resources to companies that may not otherwise be able to afford them. Another positive side effect of IT outsourcing is that it has brought many technology jobs back to the United States.

As convenient and patriotic as IT outsourcing has become, it also have several limitations that have caused many companies to re-think the idea of funding their own internal IT group. It is important for a company to be completely familiar with these limitations before developing any kind of company policy in regards to IT.

The Customer Could Outgrow The Outsource Company

When an IT outsourcing company first takes on a new client, the relationship is beneficial to both sides. But things can start to get inconvenient for the client when the client's business starts to outgrow the capabilities of the IT outsource group.

An IT outsourcing company can become entrenched in the daily routine of its clients, which is great at first. But when the IT company can no longer keep pace with the growth of its clients, then the clients are stuck trying to find a new solution and keep track of its own IT assets at the same time.

The IT Outsourcing Company Lacks The Necessary Technical Expertise

IT outsourcing clients like to believe that their support company knows everything there is to know about computers and the Internet. But every IT support company has its areas of expertise and they have the technical areas where they are not quite as strong. If the client starts to experience needs from the areas where the IT outsourcing company is not so strong, then that can become a significant business issue.

This problem can be amplified if the client is a small business experiencing growth. An IT outsourcing company is not as likely to bring on new personnel for a smaller client, which leaves the client without a solution.

The Client Losses A Measure Of Control Over Its Data

No matter how large or successful an IT outsourcing company may be, there will always be the limitation of client security and the protection of critical customer data. All it takes is one rogue employee of the IT outsourcing company to compromise all of the client's critical data.

Some IT outsourcing companies have safeguards put in place to try and prevent client data compromise, but those safeguards are limited by how much access the IT company has to the client network. In most cases, that access has to be comprehensive for the IT outsourcing company to be able to do its job.

Outsourcing IT responsibilities can take a lot of stress off of a client and allow that client to operate his business by focusing on his core competencies. But there are limitations to IT outsourcing that could make it necessary for a client to do his own IT support and pay the extra costs.

I will begin our blog on Java Tutorial with an incredibly important aspect of java development:  memory management.  The importance of this topic should not be minimized as an application's performance and footprint size are at stake.

From the outset, the Java Virtual Machine (JVM) manages memory via a mechanism known as Garbage Collection (GC).  The Garbage collector

• Manages the heap memory.   All obects are stored on the heap; therefore, all objects are managed.  The keyword, new, allocates the requisite memory to instantiate an object and places the newly allocated memory on the heap.  This object is marked as live until it is no longer being reference.
• Deallocates or reclaims those objects that are no longer being referened. 
• Traditionally, employs a Mark and Sweep algorithm.  In the mark phase, the collector identifies which objects are still alive.  The sweep phase identifies objects that are no longer alive.
• Deallocates the memory of objects that are not marked as live.
• Is automatically run by the JVM and not explicitely called by the Java developer.  Unlike languages such as C++, the Java developer has no explict control over memory management.
• Does not manage the stack.  Local primitive types and local object references are not managed by the GC.

So if the Java developer has no control over memory management, why even worry about the GC?  It turns out that memory management is an integral part of an application's performance, all things being equal.  The more memory that is required for the application to run, the greater the likelihood that computational efficiency suffers. To that end, the developer has to take into account the amount of memory being allocated when writing code.  This translates into the amount of heap memory being consumed.

Memory is split into two types:  stack and heap.  Stack memory is memory set aside for a thread of execution e.g. a function.  When a function is called, a block of memory is reserved for those variables local to the function, provided that they are either a type of Java primitive or an object reference.  Upon runtime completion of the function call, the reserved memory block is now available for the next thread of execution.  Heap memory, on the otherhand, is dynamically allocated.  That is, there is no set pattern for allocating or deallocating this memory.  Therefore, keeping track or managing this type of memory is a complicated process. In Java, such memory is allocated when instantiating an object:

String s = new String();  // new operator being employed
String m = "A String";    /* object instantiated by the JVM and then being set to a value.  The JVM
calls the new operator */