Sponsors

Saturday, August 16, 2014

The Hacker Group Anonymous and the Ferguson, MO Police Shooting


I can't support what Anonymous is doing with their Robin Hood hacker tactics. First, I am an ISC2 Certified Information Systems Security Professional (CISSP), and by ISC2 ethical standards I can't support the intentional violation of Confidentially, Integrity and Availability of computer networks. Second, Anonymous runs the chance of severely interfering with Justice being served; regardless of how noble their intentions might seem at times. Case and point, they released to the public the wrong name of a police officer who was not involved with the Michael Brown killing. Remember, we want justice, not revenge.

Kind regards,

Julius, CISSP, CISA

Tuesday, March 25, 2014

POWEROCKS Magicstick Portable Battery for Charging Mobile Devices


A few months ago I was asked by the company PowerRocks to evaluate the Magicstick device. They make portable and reliable mobile device charging solutions for mobile devices, and they asked me to do a review of their product on the Clark Thought Leadership Blog and I agreed. They quickly sent me a sample to review and I immediately took it out of its packaging, connected the UBS connector that came with it to my computer and the other end to the micro port and charged it overnight. See above. The PowerRocks charging device takes 5-6 hours to fully charge up when empty.



First, I must say that the Magicstick device is very nice and sleek looking product. They sent me a blue one with a cool metal painted finish. It will definitely create conversations every time you take it out. See below.



The Powerocks Magicstick comes in the following colors.
 

I use an iPhone 5s and I am a heavy app user which results in my phone’s battery draining too fast. By using the PowerRocks device I am able to recharge my smartphone whenever I need to without worrying about finding an electrical outlet. The powerocks device fully charged my iPhone in about 2/5 hours. You will be able to get close to 2 full charges from a fully charged Powerocks device. Not bad at all.

On one end of the Magicstick device there is a Smart push-button LED indicator button that when pressed will let you know who much charging ability is available in the Magicstick. Below the LED is showing a blue light which indicates that the battery has a 70% - 100% charge.


Smart push-button LED light status legend. 
  • Blue light = 70% - 100% full
  • Green light = 30% - 70% full
  • Red light = 1% - 30% full
 
So while I was testing the Powerocks Magic stick my beautiful daughter came over to me and said, "daddy with is that?" I told her that it is a device that recharges mobile devices without having to be plugged in to an outlet. She immediately said, "wow day I can use that while at school! It is very difficult trying to recharge my phone during the dat at school." I initially said no, but as I thought about it and being the IT Security person that I am, I soon realized that the Magicstick would reduce the likelihood that my daughters' Android phone would be stolen, because instead of her plugging up her smartphone in an outlet at school where she would not be able to keep her eyes on it all the time, she could use the Powerocks Magicstick and charge her phone while it is in her book bag and not draw any attention to it. Additionally, it will allow her to focus on her school work and not worry about someone eyeing a charging phone and walking off with it while it is charging; sometimes she said she has charged her phone in empty classrooms and tried her best to hide it; not good at all!



You can find Magicstick portable recharging batteries for under $30. I think they make the perfect gift for individuals who have everything. Power for mobile devices is now a commodity and everyone needs access to power to stay connected to family, friends and work; especially in emergency situations.

I think that the Powerocks Magicstick is a great product that is affordable and one that will see use over and over by the recipient of it. I high recommend the product.


 Quick Review of Spccs.

 
 

 
 


Enjoy,

Julius







Sunday, March 23, 2014

Get 10 GB of Free Computer File Backup Space


What A Great Deal!
There is a cloud based online backup company named Symform that will give you 10GB of Free online backup space. This is the most that I have ever seen offered by any online back up company. The company's business model involves using the disk space from others and reselling it. In return one could actually get unlimited backup space by sharing the unused space on their hard drives.

Plans


I belive that every person should use online backups services. Install. Configure. Forget. Once your online backup service is instailed you can forget about it, but when your hard drive fails you will not use your priceless data. Security wise the company reports that they use 256 Bit encryption and notes that the U.S. Federal computer system are requirment is only 128 Bit encryption. Additionally, this is great for your kids laptops and computer systems. I wish their was some data available on the amount of work lost by kids k-12. I think that backing up the kids computer is the last thing that comes to the minds of parents. So before they lose any school work and start balling and crying about having to attempt to recreate it. Show them that you love them and backup their computers for free!

Enjoy!

 Julius

Thursday, January 16, 2014

The Three Headed Threat

The Highest Web Application Risks
 
The three headed web application Threats that can cause major problems for your web application and become a nightmare.
  • Cross-Site Scripting (XSS)
  • SQL Injection
  • Denial of Service (Dos)
For me these are the big three, for other security professionals it could be a mix of others. I choose these three because they occur so often.
 
Cross-Site Scripting (XSS)
Using the special characters below attackers can compromise your web application and steal its data with cross site scripting.
< >" ' % ; () & + \ # { } | ^ - [ ]
 
Filter the input andoutput of the characters mentioned above is the common method of safeguarding against cross-site scripting attacks.

Impact of Cross-Site Scripting

Hackers can successfully exploit XSS vulnerabilities in a web application by inserting a script allows them to have full control over that gives end users' account credentials. Then are able to perform many malicious activities, such as:
  • Hijack an account
  • Spread web worms
  • Access browser history and clipboard contents
  • Control the browser remotely
  • Scan and exploit intranet appliances and applications
SQL Injection
SQL Injection is input of data that can have unintended results while executing a database query. The input of the data will contain other characters that change the intended SQL string data query. 
Mitigation:
  • Have all SQL statements be built within a stored procedure instead of the application.
  • Filter key SQL elements from the data before executing your inquiry.
 
Denial of Service (DoS)
Denial of Service attacks are caused by an attacker who sends sufficient traffic volume to your web application; typically using free tools available on the internet, which cause the web service to stop responding or become unavailable to answer legitimate web traffic requests. Leaving legitimate users unable to access your web site or application.
Diagnosis:
  • Unusually slow network performance (opening files or accessing websites)
  • Unavailability of a particular website
  • Inability to access any website
  • A dramatic increase in the number of spam emails received
Mitigation:
Have a business continuity plan that utilizes alternate web server resources and IP addresses that can be easily configured to allow legitimate web traffic of customers so they can access the site.
Turn on and review log files to determine if the web application is under a DoS attack; sometimes a DoS attack may not be one at all, but something configured incorectly or something polling your website by mistake.
Their are also cloud services available that can absorb a DoS attack for your web site and only pass legitimate traffic to your site.
 
And for safety's sake; Encrypt The Data!
The only weakness that the mythical three headed dog Cerberus had was that it fell to the mighty strength of Hercules. 
 
Use the mighty strength of encryption to protect your data!
 
All three of the above threats put your data at risk. Anytime your data is at rest (stored), or in transit make sure it is encrypted.
 
 Enjoy,
 
Julius

Friday, October 18, 2013

Healthcare.gov Fix: U.S. Government Sponsored Hackathons

New Idea - The U.S. Government should make these overpriced government Information Technology firms compete against Hackathon public projects when drafting their technology proposals..

This would spark many youth to pursue careers in technology. Because of the rebellious nature of youth, many would get a kick out of creating competing products to stick it to the man! Thus, helping to solve America's STEM crisis.

 

Healthcare.gov would have been child's play for America's young adults who have built social media mega infrastructures, which were originally developed and hosted from dorm rooms and cramped apartments on computers sitting on the floor. 

Until we read again!

Take care!

Monday, September 30, 2013

Thursday, September 26, 2013

How To Prevent A Hacker From Spying On You Using Your Web Cam




Your webcam can be used against you by hackers to spy on you, record you and possibly blackmail you, or be used for revenge or extortion against you. See NBC News article--> FBI Arrests suspect in Miss Teen USA 'sextortion' case.

Because these stories are becoming more and more common in the news, Michael, a friend of mine asked me to share on his Facebook page, a way that individuals can secure their web cams and prevent it from being hacked. More like reduce the likelihood that your webcam gets hacked into. Just know that anything connected on the Internet can be hacked or compromised.
  1. Use a computer account that does not have Administrator rights. Limited rights is perfect.
  2. Keep antivirus software up to date and don't skimp, pay for the annual renewal!
  3. Set your PC or Laptop to download and install security patches automatically.
  4. Keep the computer’s firewall turned on all the time.
  5. Don’t let your children use your computer. Buy your children their own computing devices. Disable the camera on their computer if they have no need to use it. See steps 6 & 7.
  6. If your web cam is external, keep it unplugged until you need it.
  7. If your web cam is internal, consider deleting the drivers for it and purchasing an external web cam and follow step 6.
  8. For internal web cams, use tape or post-It Note to cover camera lens if you are not using it.
  9. Microphone – Turn the microphone input volume down to “zero”, when not using it.
  10. For the Ultra-Paranoid, delete the device drivers for both your web cam and microphone.
  11. Create complex login passwords.
Thanks for asking me to write this article Michael!

Enjoy,

Julius, CISSP

In addition, if you are new to the IT Security field, or have no experience and want to change your career consult with me at:


Wednesday, September 11, 2013

Getting Real. The Real Deal Costs of a Data Breach - ExcellentInfographic

Excellent Infographic

This is a great Infographic regarding the money lost due to a Data Breach. Everyone needs to be Cyber Security smart. Stop. Think. Connect
Link---> http://visual.ly/real-cost-data-breach

The Real Cost of a Data Breach

 

 

 

Monday, March 25, 2013

How To Set Up Multi-Factor/ Dual Authentication on Facebook

Enabling Dual/ Multifactor Factor authentication for Facebook is a great way to strengthen the security for your Facebook account. Multi-Factor Authentication significantly lowers the risk that someone will gain unauthorized access to your Facebook account via web browser; This is not enabled for mobile apps yet; the web browser has the higher risk surface.

Multi-Factor authentication works by requiring you to have not just your ID and Password to prove who you are, but in-addition what you have! About everyone has a mobile phone with text messaging enabled with a unique phone number that only you have. So if you have your mobile phone with you, you will be able to log into your Facebook account. This will keep Malware out, snoops and identity thieves from accessing your account from a web browser.

This will also alarm you if someone is trying to log into your account without authorization!


It will require you to enter in a code that Facebook will send to you via text message to complete your login.

How To Setup
Go to Settings and select Privacy Settings.


Select Security




Select Login Approvals



Select Require a Security Code To Access My Account from Unknown Browsers



Select Get Started

A Wizard Will Finish Walking You Through The Setup Process

A Wizard Will Finish Walking You Through The Setup Process


Facebook Will Text You a Confirmation Code to Enter Into The Box Above.


Click No  Thanks, Require a Code Right Away.



Note that Login Approvals reads: A Security Code Is Required When Logging in From an Unknown Browser.

Ther you go! Enjoy!

Julius



Get Expert Advice!