Tuesday, November 15, 2005

Welcome to Oulu, Isaac

I got a nice shock this morning when I picked up our local newspaper, Kaleva.

There was a great story about a new CEO for an Oulu headquartered company called Codenomicon Ltd.

The name is Isaac Sundarajan.

Isaac Sundarajan, Picture Copyright Pekka Al-Aho

This picture of Isaac which appeared in today's Kaleva was taken by Pekka Ala-Aho. Pekka is an outstanding photographer in Oulu and his wife Tarja, a senior journalist at the Kaleva, sold their house to our daughter Joanna and her husband Tony. Tarja used to be our neighbour in Kampitie back in the 80's and has seen Joanna grow up as a little girl. They have their own photo art gallery in Nallikari.

I tried to get him on the phone, but as there was no answer, I sent an email.

Issac rang me back straight away as he was free from the meeting.

A product of Christian College, and then Guindy Engineering College, in Chennai (Madras) this brilliant engineer has got a top post in an up and coming Oulu company Codenomicon Ltd.. The company develops and markets state-of-the-art software testing tools for proactive elimination and prevention of security vulnerabilities.

Isaac's background has included executive management roles in leading software, EDA, and systems companies CoWare, Cadence, and Intel. During his eight years in CoWare, he played key roles in helping CoWare grow into a leading provider of systems-level design tools and a company with significant revenue. In the last several years at CoWare, Sundarajan managed sales, services, marketing and engineering functions. He also played an active role in the companys M&A strategy and was instrumental in acquiring a DSP software product line. He was the General Manager of the acquired business unit that grew in revenue and proved successful.

Isaac also held senior management positions in sales, marketing, business development and services in Cadence. In Intel he was an engineer and manager in design, CAD and test engineering. Isaac has a MS in electrical and computer engineering and an MBA.

Isaac works with Ari Takanen, the founder of this company, who is from the same department in Oulu University that I spent many years in (different laboratory).

Much after my time, Ari and his colleague, Marko Laakso, were the two guys who the discoverers of the e-mail security hole that had the computer world tizzy during the 1998 era. I covered this in great detail in one of my now defunct Findians Briefings issues way back then. If my memory serves me right, I think I may have even interviewed one of these guys.

And I was right, as I discovered this from my personal archives of Findians Briefings Volume No: 06 Issue No. 01 - - 14th August 1998!!

Findians Exclusive 1: Virus Email


BBC, Yahoo and all the major internet news providers last week were shouting their head off about a story that the University of Oulu had reported a bug in the Windows Operating system relating to email.

Being from Oulu, many readers have asked us to provide a background of the group and the people behind this research.

Oulu University is unique in that it has a a technical faculty, a medical faculty besides as well as the pure arts and science faculties.

The Secure Programming Group is part of the Technical Faculty. Their work is being carried out in the Department of Electrical Engineering in the Computer Engineering Laboratory.

The other sections in the Electrical Engineering Department include the Microelectronics (which works on laser assisted testing and micro-manufacturing, thick and thin film and sensor technologies as well as on high temperature superconductors), the Electronics (including measurement technology) and the Telecommunications Laboratories. The Department also has its own Applied Mathematics Division.

We are pleased to give you the exclusive answers provided by the Secure Programming Group to our questions:

Q. What is the background of your group doing this research into bugs in computers?
A. You can find a short introductory report about the Oulu University Secure Programming Group on the internet.

Q. Why was this group started, when, who all are involved, any significant papers published by the group at conferences, etc.
A. This is a long story and we would prefer not to get into these. The group members include

Juha Röning (associate professor, Computer Engineering Laboratory),
Marko Laakso (researcher, Department of Electrical Engineering), and
Ari Takanen (researcher, Computer Engineering Laboratory)

Q. Why has there been no report directly from the group about this bug?
A. Until the dust has settled we do not want to say anything. Our position is not to make any statements about the problem, we just simply don't have all the facts necessary. We will try to help in a coordinated technical response by the vendor independent security organizations.

Q. Why are comments or interviews not given over the phone?
A. Security issues are considered sensitive matters by us. Due to a language barrier (Ed: All of them speak perfect English!!), comments made over the phone about these matters may be easily misunderstood and misinterpreted. That is not what we want.

Q. What is the BUG significance?
A. We, as OUSPG, have not made any public statement about the significance of the bug. It is our job to stick to hardcore and verified facts. We do not want to escalate the seriousness of this problem by speculations. Due to our involvement with this, we believe that statements made by the vendors, security organizations and independent experts are a better channel for the impact evaluation. Otherwise, we are glad to help you in anyway we can, and here are a list of important documents that have appeared on the web in this connection:

List of links on documents related to the mime-bug

---------------------------------------------------------

Information
---------------------------------------------------------
Editorial by Russ Cooper, maintainer of NTBugtraq
Information Bulletin by CIAC
Netscape Security Notes
Netscape Security Update
Microsoft Security Bulletin (MS98-008)
Microsoft Press Release
Media Alert ... Media Alert ...Media Alert: E-Mail Security Issue

Publications by the media
---------------------------------------------------------
ABCNEWS.com
BBC - Invasion of the killer e-mail viruses
CNN (Reuters)
CNET News.Com
InfoWorld
MacWeek
New York Times
PC Week
PC World
San Jose Mercury news
San Jose Mercury news
Star Tribune
Time
TechWeb (Reuters)
USA Today
Wired

Examples
---------------------------------------------------------
BUGTRAQ: One of the Outlook overflows

Other documents related to the subject, in the internet
---------------------------------------------------------
The Tao of Windows Buffer Overflow" by DilDog
Smashing the stack for fun and profit" by Aleph One
About the Internet Worm of 1988: RFC 1135: The Helminthiasis of the Internet

Our special thanks to Marko for giving us this exclusive background.


I have invited Isaac to join Annikki and me at our home at his convenience. His family is still in the US, but no doubt, when he settles in, he may have some time to drop in and have a chat with us old folk and to share some of our common experiences from our days in Madras. Maybe Annikki and Isaac can even have a chat in Tamil! (I speak just a smattering of Tamil as I mainly speak Malayalam and Hindi of the Indian languages.) I know daughter, Madras-born Joanna, would just love that when she gets back from Newcastle.

Isaac must have been studying at the Guindy Engineering College just at the time we were living down the road from there at our Velacheri house!

JM Family in 1974
The JM family at the Velacheri Road house in 1974
Photo by Mathew Varghese, Helsinki


I wonder whether he attended any of the lectures I gave at his college at that time - though hardly likely as I was lecturing about Polymers, and he is a computer's guy!! I knew very little about computers in those days.

I am sure son-in-law, Professor Tony Manninen, and Isaac may have a lot in common, although I may not, as I use only Apple Macs and computer security is one subject I have never ever had to worry about in my 22 years of computing!

No comments:

Post a Comment