Useful Job Websites

Okay, IT friends, mentors and students: many people have been sending me resumes and telling me about their job search. The tip I’m seeing from the most successful is solid use of the Internet.

Reluctantly or not, get onto Facebook. (Never give away your real birth date, by the way. And don’t use any of the “apps” like Farmville.) You can then establish a related business page. Remember: YOU are your business!

Though quite frankly I use it less, I’d still join LinkedIn and connect to as many people as you can. You’ll have to join groups if you want to talk to real people, which isn’t bad.

And finally, if you haven’t done so already, I highly recommend setting up job search agents on the following sites:

The LoST Project: a testbed network for hackers

ISECOM and La Salle – Ramon Llull University have collaborated in building an eLearning environment for specifically dedicated to trainers and students of ethical hacking. This has long been a tricky issue: how do you train up those young (or not so young) hackers? Turn them loose in the wild?

The LoST Project gives us an opportunity to test their skills on virtual machines representing a variety of targets, from PCs to database servers. And because it’s designed to grow with each graduate student contributor, it should stay relevant for years going forward. Check it out at:
http://proyectos.salleurl.edu/grado-telematica/lostproject/index.html

Are you familiar with mind mapping?

Imagine a tool that helps you organize knowledge. It should help you set up categories, create entries, link from idea to idea and so forth. If you’ve never heard of MindMapper or FreeMap, the notion might seem pretty far-fetched. But organize and categorize they do indeed. Consider this:

FreeMind mind map

This kind of tool has been around for years, but not always in obvious ways. Consider, for instance, a team working on network enumeration and vulnerability assessment. Knowing what’s already been done (or found) saves a lot of time, especially when people are working remotely.

FreeMind is a free/open source project that lets you try this out. See:
http://freemind.sourceforge.net/wiki/index.php/Main_Page#

More TED: “All Your Devices Can Be Hacked”

Avi Rubin on TED: All your devices can be hacked

How would you feel about someone hacking your pacemaker or defibrillator? It’s been done.

Do you think you could hack into a police car’s dashcam or microphone? It’s been done.

But what happens when your speedometer can be hacked? Or your tire pressure sensors? Or your GPS? And the hacker need not be anywhere near your car? Some of these issues are pretty thought-provoking.

http://www.ted.com/talks/avi_rubin_all_your_devices_can_be_hacked.html

Freedoms Surrendered Are Never Regained: Mikko Hypponen: Three types of online attack

Mikko Hypponen: Three types of online attack

Did you know every laser printer prints an invisible pattern of yellow dots that uniquely identifies that printer? This is so authorities can hold you responsible for what you print. I am not joking.

This TED talk probably is not what you think. From whom, for instance, will these attacks come? How about criminals, corporations and governments, just for starters.

http://www.ted.com/talks/mikko_hypponen_three_types_of_online_attack.html

THIS TALK IS REQUIRED VIEWING FOR ALL SECURITY STUDENTS.

Dutch courts order the Pirate Party to stop telling people how to get to Pirate Bay

There are censorship issues here, and copyright issues. There’s the tricky issue of a political party specifically aligned with a file-sharing site. It’s freedom of information versus legitimate ownership of material. There’s no clear right or wrong here (like most of the world, I’m afraid), but there’s a very nasty nest of snakes when you try ham-handed to censor the Internet.

It doesn’t censor easily.

Read more on the as-always invaluable NakedSecurity:
http://nakedsecurity.sophos.com/2012/05/11/pirate-party-censored-from-helping-people-bypass-pirate-bay-block/

This whole business will inevitably lead to more draconian digital rights management (DRM), though frankly that’s fine by me. The “record companies” will lock up their data, the rest of the musical world will share with different degrees of freedom, and if things work properly we’ll all benefit.

But in the mean time, the whole exercise demonstrates the resilience of the Internet. What I want to know is this: how long will it take for people in most metropolitan areas to follow the leads of their peers in Vienna and Athens, and start setting up alternate, decentralized WiFi networks? There’s lots of info on the (there it is again) Internet about putting your old WiFi access point (WAP) in a Tupperware box, with of course a hole for the power cord, and tossing it on the roof. Really. Or hanging it from your TV antenna, or what have you. All it takes is setting it to a common ESSID, and voila, instant independent networking.

Chinese Firm Leaks Microsoft Security Data: Were You Surprised?

I’m sorry, but for business purposes we must not trust China. Not with intellectual property, not with inside information, not with vulnerability data. Chinese culture dehumanizes outsiders, making it perfectly legitimate, for instance, to poison their babies with formula spiked with melamine. That’s plastic, in case you didn’t know. This kind of thing is common practice, Standard Operating Procedure, demonstrated again and again.

So, Microsoft admitted Hangzhou DPTech Technologies into a security partnership that addresses emerging cyber threats. Hangzhou DPTech Technologies got the inside scoop on an RDP patch that was forthcoming. Violating their NDA (were you surprised?), they leaked the info. Letting the crackers stay one step ahead again. Thanks, Hangzhou DPTech Technologies. And thanks again, China.

“Yes, it is a little concerning that it was a Chinese firm that leaked the Microsoft information. That being said, what did Microsoft really expect was going to happen? The Chinese do not have a very good track record of adhering to NDA and other agreements,” says Paul Henry, security and forensic analyst.

Read one good article at http://www.darkreading.com/insider-threat/167801100/security/vulnerabilities/232901426/microsoft-fingers-chinese-firewall-ips-vendor-in-windows-exploit-leak.html.

And meditate, when you get the chance, on the image of Lucy holding the football so Charlie Brown can kick it.

You’re stupid if you trust in the face of experience and proof. Were you really surprised?

Install or Update Software With Ease

Imagine you have a new workstation and you need to install Firefox, Skype, iTunes, VLC, Flash, Java, Picasa, Reader, Dropbox, WinRAR, PuTTY, Malwarebytes, FileZilla, ImgBurn, KeePass and Microsoft Security Essentials. If you’re an Information Technology Professional with exposure to patch management or system configuration, imagining this won’t be the problem; the problem is the amount of time it takes to download each of these applications individually and install them. You are also faced with the same dilemma if you are responsible for keeping applications up to date on a computer. Those of you who have multiple new machines and don’t have the luxury of deploying disk images or using a nice piece of patch management or application management software such as Microsoft’s SCCM or GFI’s LanGuard Network Security Scanner are really going to be interested in this time-saving, nifty piece of software called Ninite that allows you to easily and quickly install or update software in one fell swoop.

It’s really easy to get started with Ninite. All you need to do is visit the Ninite website and select all of the applications that you wish to install or update. Once you are finished, click the download button and download a custom installer that contains all of the good stuff you need to install or update the applications that you selected in the previous step. Once the download is complete, launch the installer and let Ninite go to town. If the software that you selected is not yet installed, Ninite will download the software and install it. If the software is already installed on your machine, Ninite will simply update it. If your software is already up to date, Ninite will let you know. You can choose from several different categories of software to install, which includes: Web Browsers, Messaging, Media, Runtimes, Imaging, Documents, Security, File Sharing, Utilities, Compression and Developer Tools. There is also a suggestion form on the Ninite website that gives you the ability to suggest an app.

According to Co-founder Sascha Kuzins, they are planning to add support for custom apps so that users can add their own installers. The home version of the software is free, and the pro version for businesses is very affordable. The pro version also has the added benefit of allowing you to do silent installs, eliminate update notifications, perform a network discovery and deploy or update software to multiple machines from a central location. I was also impressed by the fact that you are not required to create an account or sign up for anything and both 32 and 64-bit versions of Windows are supported. Ninite will also install software in your computer’s language.

I have tried both the home and pro version of Ninite and I can see this tool saving end users and administrators time on updating or installing software. As always, the best way to get the feel of the software is to try it out for yourself. You can download the home version or the free trial of the pro version from http://www.ninite.com.