by: Blaise Calpe
It isn't fair, but buying a computer is just plain easier for some than it is for others. Those who've purchased and used a computer in the past already have an idea of what they need in a new computer. But those who are new to the computer world could get lost in the myriad of choices available.
The short answer to "What should I buy?" is "The best." Of course that answer is extremely subjective because "the best" to one person is certainly different to another. Our definition of "the best" is the fastest and the biggest, but even that leaves the computer newbie confused. Here's a quick rundown of what the computer novice should do and why.
1. Buy a computer that includes basic peripherals. Every computer can be broken down into four major components: CPU unit, monitor, keyboard, and mouse. For the novice, it's best to buy a computer that has all of these components included so that when it's taken home, assembling the computer is a simple matter of plugging things in where they belong. Save the individual purchases of these components for those who have more experience.
2. Decide what you'll use the computer for. If you want to use your computer for cruising the web, sending email, or performing simple word-processing or spreadsheet tasks, a computer with the basic components that we just described should suffice. If you want to use a computer to help with a career in multimedia however, you're going to need to accessorize your system with a scanner, printer, digital camera, tablet, or digicam for example. If you want a computer to help with a career in music, you will need a quality microphone and set of speakers.
3. Create a budget and stick to it. How much can you afford to spend on a new computer? Although the prices of computers are decreasing, they can still create a hefty expense especially if you need additional peripherals described above. In addition, you'll need to figure in costs for maintenance, servicing, and insuring.
4. Start comparison shopping and look for the "fastest and biggest." By "fastest and biggest," we mean the computer with the fastest processor, the fastest modem, the biggest memory, and the biggest hard drive capacity. Even if you think that you'll never need the amount of speed or space available on the market today, it's important to have in the event that you truly do need that much in the future. Having such a large reserve will cut down on costs when the time comes to upgrade for more than what you may settle for in a computer that offers less.
5. Stick with the better-known brands. Venturing off the beaten path with lessor-known brands is again, an adventure for those who have more experience with computers. Although those better-known brands may be a tad bit more expensive, the computer novice will appreciate the comfort in purchasing a computer from a business that has a long record of building quality products, and that has the funds available for fulfilling returns, trades, servicing, and warranties.
6. Select a store. Having an idea of what you want in a computer and what kind of computer that you want, your only task left is to select the place in which you want to buy it. There are a number of places available including computer store outlets, online stores, auction sites, used computer stores, or your friendly neighborhood yard sale. For the computer novice, we recommend buying a computer from a physical store. In a physical store, you have the opportunity to see the computer of interest in person and ask questions. New computer buyers also have access to store warranties, returns, trades, and services.
These suggestions should give the computer newbie a great start in selecting a quality computer for the first time and they apply to either Windows computers or Apple Macintosh computers. After making these decisions and finally selecting one that fits your needs, you can then venture into the fascinating world of software - a world that is just as grand as the world of hardware!
If you are interested, you can find more information here:
http://www.cool-tip.com/computer
Thursday, April 30, 2009
Wednesday, April 29, 2009
Information Security Software: E-signature
by: Asna Ishrat
The conducting of business communication and transactions over networks and through computers. As most restrictively defined, electronic commerce is the buying and selling of goods and services, and the transfer of funds, through digital communications. However EC also includes all inter-company and intra-company functions (such as marketing, finance, manufacturing, selling, and negotiation) that enable commerce and use electronic mail, EDI, file transfer, fax, video conferencing, workflow, or interaction with a remote computer.
E-signature – The definition
A digital signature is an electronic (code) signature that can be used to authenticate the identity of the sender of a message or the signer of a document and to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.
A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.
A more formal definition: "(I) A value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity.
(II) Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery, e.g. by the recipient."
Source: IETF (http://www.ietf.org/rfc/rfc2828.txt).
E-signature – How It Works (with PKI)
Assume you were going to send the draft of a contract to your lawyer in another town. You want to give your lawyer the assurance that it was unchanged from what you sent and that it is really from you.
1. You copy-and-paste the contract (it's a short one!) into an e-mail note.
2. Using special software, you obtain a message hash (mathematical summary) of the contract.
3. You then use a private key that you have previously obtained from a public-private key authority to encrypt the hash.
4. The encrypted hash becomes your digital signature of the message. (Note that it will be different each time you send a message.)
At the other end, your lawyer receives the message.
1. To make sure it's intact and from you, your lawyer makes a hash of the received message.
2. Your lawyer then uses your public key to decrypt the message hash or summary.
3. If the hashes match, the received message is valid.
E-signature – The facts we all must know
It is evident from various definitions of e-signature and legislation enacted so far that almost everyone has tried to maintain technology independence so far. But generally it is also seen that use of PKI is catching up as a popular method of creating e-signatures (digital signatures) worldwide.
Use of PKI has some merits, over other methods, which are clearly seen as convenient and secure by the industry and businesses deploying such solution. The convenience of sharing keys, irreversible hashing algorithms and association of keys to an individual using digital certificate issued by a trusted party (Certificate Authority) have mainly contributed to this wining recipe.
A Certificate Authority (CA) issues a digital certificate with the information provided by the certificate subject, verifies information provided for correctness, digitally signs this certificate, associates such certificate with a public key and also publishes this key through its repository.
Through intelligently drafted legal agreements CA also puts all the responsibility liability on the certificate subscribers and relying parties whereas most popular internet browsers and email clients provide mechanism to trust a certificate implicitly or explicitly.
In such scenarios it very important for all to make sure that the certificates are only trusted and relied upon if these are issued by a trusted CA and are validated by issuing authority as not expired and/or revoked. Adding any certificate explicitly to the trust list maintained by your operating system is no less than committing hara-kiri.
CA is required to publish its Certificate Policy (CP) and Certificate Practice Statement (CPS) along with other agreements such as Subscriber’s Agreement & Relying Party’s Agreement. Equally important is the fact that all parties must understand and exactly know indemnities and warranties listed in various legal contracts.
The digital certificate verifies that the key pair used for the digital signature is associated to the person whose information is provided in the certificate. The certificate may also associate a person to an enterprise as authorized signatory. This demonstrates total dependence on the trust relying party must have in the certificate issuing authority (issuing CA) and his ability to get the certificate verified from the CA. It is an accepted fact and recommended best practice to not trust a certificate that cannot be verified for its validity, this means the CA must provide online certificate validation in real-time. Any CA just providing Certificate Revocation Lists is not good enough for serious business.
Trusting a CA must always be a well-thought decision and must be based on good knowledge of the security of the CA it self, its policies and practices pertaining to certificate lifecycle management, hiring of staff, access to sensitive information and areas (physical access), segregation of staff duties etc. An individual needing to rely on a digital signature should not have to be well-informed of all the legal and contractual intricacies on the contrary the individual will be more comfortable if there is some external entity that can audit and accredit certificate issuing CA as trustworthy.
Conclusion
There is no doubt that we have come a long way in improving these technologies to provide the comfort and trust to parties conducting business through electronic documents and transactions from one end of the world to the other there is even more need for governance in a totally new territory for all of us. And I must also be content with these (web) technologies for providing such convenient ways of researching, collecting information and doing business with such speed that would not have been possible only a few decades back.
The conducting of business communication and transactions over networks and through computers. As most restrictively defined, electronic commerce is the buying and selling of goods and services, and the transfer of funds, through digital communications. However EC also includes all inter-company and intra-company functions (such as marketing, finance, manufacturing, selling, and negotiation) that enable commerce and use electronic mail, EDI, file transfer, fax, video conferencing, workflow, or interaction with a remote computer.
E-signature – The definition
A digital signature is an electronic (code) signature that can be used to authenticate the identity of the sender of a message or the signer of a document and to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.
A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.
A more formal definition: "(I) A value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity.
(II) Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery, e.g. by the recipient."
Source: IETF (http://www.ietf.org/rfc/rfc2828.txt).
E-signature – How It Works (with PKI)
Assume you were going to send the draft of a contract to your lawyer in another town. You want to give your lawyer the assurance that it was unchanged from what you sent and that it is really from you.
1. You copy-and-paste the contract (it's a short one!) into an e-mail note.
2. Using special software, you obtain a message hash (mathematical summary) of the contract.
3. You then use a private key that you have previously obtained from a public-private key authority to encrypt the hash.
4. The encrypted hash becomes your digital signature of the message. (Note that it will be different each time you send a message.)
At the other end, your lawyer receives the message.
1. To make sure it's intact and from you, your lawyer makes a hash of the received message.
2. Your lawyer then uses your public key to decrypt the message hash or summary.
3. If the hashes match, the received message is valid.
E-signature – The facts we all must know
It is evident from various definitions of e-signature and legislation enacted so far that almost everyone has tried to maintain technology independence so far. But generally it is also seen that use of PKI is catching up as a popular method of creating e-signatures (digital signatures) worldwide.
Use of PKI has some merits, over other methods, which are clearly seen as convenient and secure by the industry and businesses deploying such solution. The convenience of sharing keys, irreversible hashing algorithms and association of keys to an individual using digital certificate issued by a trusted party (Certificate Authority) have mainly contributed to this wining recipe.
A Certificate Authority (CA) issues a digital certificate with the information provided by the certificate subject, verifies information provided for correctness, digitally signs this certificate, associates such certificate with a public key and also publishes this key through its repository.
Through intelligently drafted legal agreements CA also puts all the responsibility liability on the certificate subscribers and relying parties whereas most popular internet browsers and email clients provide mechanism to trust a certificate implicitly or explicitly.
In such scenarios it very important for all to make sure that the certificates are only trusted and relied upon if these are issued by a trusted CA and are validated by issuing authority as not expired and/or revoked. Adding any certificate explicitly to the trust list maintained by your operating system is no less than committing hara-kiri.
CA is required to publish its Certificate Policy (CP) and Certificate Practice Statement (CPS) along with other agreements such as Subscriber’s Agreement & Relying Party’s Agreement. Equally important is the fact that all parties must understand and exactly know indemnities and warranties listed in various legal contracts.
The digital certificate verifies that the key pair used for the digital signature is associated to the person whose information is provided in the certificate. The certificate may also associate a person to an enterprise as authorized signatory. This demonstrates total dependence on the trust relying party must have in the certificate issuing authority (issuing CA) and his ability to get the certificate verified from the CA. It is an accepted fact and recommended best practice to not trust a certificate that cannot be verified for its validity, this means the CA must provide online certificate validation in real-time. Any CA just providing Certificate Revocation Lists is not good enough for serious business.
Trusting a CA must always be a well-thought decision and must be based on good knowledge of the security of the CA it self, its policies and practices pertaining to certificate lifecycle management, hiring of staff, access to sensitive information and areas (physical access), segregation of staff duties etc. An individual needing to rely on a digital signature should not have to be well-informed of all the legal and contractual intricacies on the contrary the individual will be more comfortable if there is some external entity that can audit and accredit certificate issuing CA as trustworthy.
Conclusion
There is no doubt that we have come a long way in improving these technologies to provide the comfort and trust to parties conducting business through electronic documents and transactions from one end of the world to the other there is even more need for governance in a totally new territory for all of us. And I must also be content with these (web) technologies for providing such convenient ways of researching, collecting information and doing business with such speed that would not have been possible only a few decades back.
Subscribe to:
Posts (Atom)