Saturday, August 16, 2014

What Is The Deal With The New Facebook Messenger App?




     Smartphone users of Android and iPhone got a somewhat rude awakening earlier this month, when Facebook forced its users to switch to a third party app for messaging with Facebook. This move created a stir of blogs and posts, of mostly overblown and over hyped privacy concerns. Most of the posts highlight draconian "Terms of Use" features and policies such as "call phone numbers on your contact list without your intervention" or "use of the camera at any time without your permission" or "access to contact list without permission".

     The reason we are hearing so much about this is because of the way Android handles policy permissions on its operating system. Facebook doesn't get to write its own version of the policy and is forced to use "generic" language to comply with Android application permission rules.

     Application developers tend to have more control over Apple iOS application permissions which handle the process differently.

     Android users must agree to all the permissions at once in order to use the app. This tends to be true for most applications that are written for Android. On the iPhone, users are prompted for permissions during normal use of the application. For example, if the iPhone user never makes a call using the Facebook messenger the app might not ever ask for permission.

     iPhone users can actually deny permissions as well, when they come up. The iPhone might be considered superior to the Android if privacy is a top priority.

     What this all really boils down to is, while some users think that this is a cumbersome action to download a separate application that was once included in a single application, they aren't actually giving up much privacy in the process.

Here is a link to Facebook's help page, if you are concerned about your privacy using the app on your Android smartphone:

https://www.facebook.com/help/347452185405260

Thursday, April 10, 2014

Information Security: Heartbleed Bug

The Heartbleed Bug

The heartbleed bug is the latest security exploit that affects OpenSSL. It is officially named "CVE-2014-0160". It affects many websites that run OpenSSL, it exploits a weakness in cryptographic software library. SSL/TLS provides communication and security privacy for common web communication applications such as web, email, instant messaging and some virtual private networks. The heatbleed bug essentially allows anyone on the internet to read the memory of systems protected by vulnerable versions of OpenSSL software. This compromises the secret keys and usernames and passwords, and access to actual content. This allows attackers to eavesdrop on communications, steal data directly, and impersonate users and accounts. The attack allows a remote attacker to read up to 64kBytes of system memory from your system per attack attempt. The attack works against servers as well as clients.


 Note: You should change passwords only at sites that have patched for the security flaw, sites that have not patched yet, do not change the password, because if you change the password before a patch, the attacker may have access to your new password.


The following websites have patched their security flaws, and you should change the passwords right away:

Change these passwords now (they were patched)

  • Google, YouTube and Gmail
  • Facebook
  • Yahoo, Yahoo Mail, Tumblr, Flickr
  • OKCupid
  • Wikipedia
Don't worry about these (they don't use the affected software, or ran a different version):

  • Amazon
  • AOL and Mapquest
  • Bank of America
  • Capital One bank
  • Charles Schwab
  • Chase bank
  • Citibank
  • E*Trade
  • Fidelity
  • HSBC bank
  • LinkedIn
  • Microsoft, Hotmail and Outlook
  • PayPal
  • PNC bank
  • Scottrade
  • TD Ameritrade
  • Twitter
  • U.S. Bank
  • Wells Fargo
Don't change these passwords yet (still unclear, no response)

  • American Express
  • Apple, iCloud and iTunes
Related:



Thursday, February 27, 2014

IT credentials training and progress

I started working on obtaining my IT credentials as of August 2013.

prepped and sat for the CompTIA A+ exam August 27th, 2013, and passed.

prepped and sat for the CompTIA Network+ exam October 8th, 2013, and passed.

prepped and sat for the CompTIA Security+ exam November 14th, 2013, and passed

prepped and sat for the ISC2's SSCP exam December 5th, 2013, and failed with a 664/700.

prepped and sat for the CompTIA Healthcare IT exam February 5th, 2014.

I am currently working on my CCNA (Cisco Certified Network Associate), and plan to take it and pass it sometime on or around March 20th, 2014.

I am also working on my Windows Server 2012 MCSA certificate, (which consists of 3 exams, the 70-410, 70-411, and 70-412) which I plan to obtain by June or July 2014.

I also plan to take and pass the Windows 8.1 exam 70-687, hopefully sometime in June of 2014.

In summary, I hold the following credentials:

CompTIA Healthcare IT (does not expire)
CompTIA Security+ (good until Nov 14, 2016)
CompTIA Network+ (good until Nov 14, 2016)
CompTIA A+ (good until Nov 14, 2016)

I hope include to my current list of credentials, my CCNA title and MCSA title by the end of summer of 2014. 

I am using labsim/testout for both CCNA and MCSA Server 2012, along with a few books.

Preperation material for CCNA exam 200-120:

Exam objectives for CCNA 200-120:  http://www.cisco.com/web/learning/exams/docs/200-120_composite2.pdf

Online training:

 Labsim/Testout at http://www.testout.com/home/it-certification-training/library-suite

Books/e-books:

Exam Cram Cisco CCNA routing and switching exam 200-120 (fourth edition) copyright 2014. First printing December 2013.
CCNA Routing and Switching Study Guide covers exam(s) 100-101/200-101/200-120 by Todd Lammle ISBN: 978-1-118-74970-8 (ebk.) copyright 2013
Cisco CCNA Routing and Switching 200-120 Official Cert Guide Library Wendell Odem, CCIE no. 1624. ISBN-10: 1-58714-385-2 copyright 2013, first printing April 2013

Preparation material for MCSA Windows Server 2012R2:

Whats new for MCSA Windows Server 2012R2:
 https://www.dropbox.com/s/8b3vei4a12bbsk4/ebook_whats_new_in_windows_server_12.pdf

Exam objectives:

Windows Server exam 70-410
https://www.dropbox.com/s/ouxb9gkycunm75g/70-410_OD_R2.docx

Windows Server exam 70-411
https://www.dropbox.com/s/1uhexpd728bum6u/411_OD_R2.pdf

Windows Server exam 70-412
https://www.dropbox.com/s/salfzu1sqz8711n/412_OD_R2.pdf

Online Training:

Labsim/Testout at http://www.testout.com/home/it-certification-training/library-suite

Books/e-books:

Exam Ref 70-410: Installing and Configuring Windows Server 2012 R2 [Paperback]
Book Description Publication Date: March 10, 2014 | ISBN-10: 0735684243 | ISBN-13: 978-0735684249 | Edition: 1
Available on Amazon on or after March 10, 2014: http://goo.gl/6cxJfw

Exam Ref 70-411: Administering Windows Server 2012 R2 (Exam References) [Paperback]
Book Description Publication Date: June 25, 2014 | ISBN-10: 0735684790 | ISBN-13: 978-0735684799 | Edition: 1
Available on Amazon on or after June 25, 2014:  http://goo.gl/H8D77N

Exam Ref 70-412: Configuring Advanced Windows Server 2012 R2 Services [Paperback]

Book Description Publication Date: March 25, 2014 | ISBN-10: 0735673616 | ISBN-13: 978-0735673618 | Edition: 1
 Available on Amazon on or after March 25, 2014: http://goo.gl/nGu7xs

Preperation material for Windows 8.1 exam 70-687:

Exam objectives for Windows 8.1 exam 70-687:
https://www.dropbox.com/s/imdnvq60hwyydsm/70-687_OD-changes-1.pdf

Online Training:

Labsim/Testout at http://www.testout.com/home/it-certification-training/library-suite

Books/e-books:

Exam Ref 70-687: Configuring Windows 8.1 [Paperback]

Book Description Publication Date: March 28, 2014 | ISBN-10: 0735684774 | ISBN-13: 978-0735684775 | Edition: 1
Available on Amazon on or after March 28, 2014: http://goo.gl/5orAXt