Hacktober - Facebook hacks its employees

Employees for Facebook were put to the test this October on their now yearly 'Hacktober' event. 

So whats 'Hacktober'? It's when Facebook teaches its employees how to detect and prevent cyber attacks. But there's a twist, Facebook doesn't just take them on an IT security course... it hacks them. In other words, its the its the other way performing ethical hacking within the company.

'Hacktober' lasts the entire 31 days of the month, and has a number of simulated security threats. The security threats includes attacks to employee computers to see if they fall victim to the attack and to see who identifies and reports the issue.

Those lucky enough to catch the phishing scam or security threat created by Facebook and report it (it can be to their private emails or throughout the site) receive a prize.

Prizes this year included Facebook-branded shirts, bandannas and stickers.

But if the employee was unlucky enough to fall for the security threat and/or not report it, they would under go further IT security training.

Facebook's Security Director Ryan McGeehan spoke to the publishers at Mashable about their yearly event:

“Webinars don’t exactly fit in well here, so we wanted to do something unique in line with our hacking culture to teach employees about cybersecurity,” 

“We took the theme of October, fear and pranks and created something that is both fun and educational.”

October is now celebrated as a National Cyber Security Awareness month in the US. 

Ryan McGeehan added "“People don’t always lock their doors until they have been robbed,” McGeehan said. “It’s easy for cyber security awareness month to go by like a trip to the dentist, so we wanted to do something with an impact and not have the security team talk down with tips to the rest of the staff.” 

With the increasing numbers of cyber attacks, we are starting to see more and more companies introduce innovative security measures to prevent the chaos seen in other companies like PayPal, Bharat Sanchar Nigam Limited (BSNL) and thousands of other companies. 

The security threats of 2011 were enough to scare even governments around the world. Because of this, opportunities are popping up everywhere for IT Security Professionals.

Find out the top 5 IT Certifications to go for here: http://www.crisp360.com/news/top-5-it-security-certifications

WhatsApp Error: Status unavailable

WhatsApp users are seeing a message on all their contacts saying "Error: Status Unavailable".


But don't panic, WhatsApp took to twitter and facebook to state that the WhatsApp error should be resolved "soon-ish..." (See tweet to the right).

Despite this, users are still being bombarded with long messages telling them to string the message along in order to keep using WhatsApp as a free service. It also warns users that if they don't forward the message, their account will be shut down. The Whatsapp status error string message is as follows: 

"Before you read this, go to your contacts and look at everyones status! Should say error: status unavailable. Hello everyone, it seems that all the warnings were real, the use of WhatsApp cost money from summer 2012. If you send this string to 18 different on your list, your icon will be blue and will be free for you. If you do not believe me see tomorrow at 6 pm ending WhatsApp and have to pay to open it, this is by law.This message is to inform all of our users, our servers have recently been very congested, so we are asking your help to solve this problem. We require our active users forwarded this message to each of the people in your contact list to confirm our active users using WhatsApp, if you do not send this message to all your contacts WhatsApp, then your account will remain inactive with the consequence of losing all their contactsMessage from Jim Balsamic (CEO of Whatsapp) we have had an over usage of user names on whatsapp Messenger. We are requesting all users to forward this message to their entire contact list. If you do not forward this message, we will take it as your account is invalid and it will be deleted within the next 48 hours. Please DO NOT ignore this message or whatsapp will no longer recognise your activation. If you wish to re-activate your account after it has been deleted, a charge of 25.00 will be added to your monthly bill. We are also aware of the issue involving the pictures updates not showing. We are working diligently at fixing this problem and it will be up and running as soon as possible. Thank you for your cooperation from the Whatsapp team ”WhatsApp is going to cost us money soon. The only way that it will stay free is if you are a frequent user i.e. you have at least 10 people you are chatting with. To become a frequent user send this message to 10 people who receive it (2 ticks) and your WhatsApp logo should turn Red to indicate a frequent user. Am sorry had no option! And check now the status of every individual contact is showing : Status error"

Although it can get irritating, just try to ignore them and remain clam. WhatsApp does not intend to charge its users for using its services. Some users have come up with funny spoofs of the WhatsApp Error status string messages. One Facebook user posted:

Another wrote:

"Please dip you mobiles in water to get back your old status."

This isn't the first time the application has been in the media for the wrong reasons, 'WhatsApp Error: Status unavailable' follows on from the security issues identified in the application in Mid September following an exposé by Heise Security. 

The popular security site found that WhatsApp can be easily hacked using freely available tools. Adding that anyone using the application on a public Wi-Fi network risks having their data stolen and even used to send and receive messages. 

"Once hacked, there is no way to restore account security – attackers will be able to continue to use the hacked account at their discretion."

Linux - the most in demand talent in 2012

The Linux Jobs Report revealed, that out of the 2,300 surveyed, eight in ten said that hiring a Linux talent is a priority in 2012. Over 50% of the firms had also said that they planned on increasing the number of people who are Linux skilled.

The majority of the companies were looking for professionals skilled in Linux, with three to five years’ experience.

A massive 67% revealed that they’re looking for Linux Developers, while 55% are looking for Linux system administrators.

The average salary rise in the industry was only 2%, but Linux professionals “saw a five per cent increase, in their pay” according to the report. This shows the edge they have over others in the industry.

But despite being in demand, companies still face a challenge. Linux professionals are in the few and finding one is very hard.

“85 per cent say finding Linux talent is somewhat to very difficult, making Linux professionals some of the most sought after talent in 2012.”

There are two main certifications in Linux: Linux+ Powered by LPI Level 1 and LPI Level 2.

The LPI Level 1 course provides the basic hardware, software, and networking skills needed to function in an entry-level Linux role. The course covers all the major Linux distributions (Red Hat, Caldera, SuSE, Debian, TurboLinux, Slackware, etc.).

The LPI level 2 certification program is designed for IT professionals who administer a small to medium-sized site. It provides the necessary knowledge to plan, implement, maintain, secure and troubleshoot a small mixed (MS, Linux) network. Including a LAN server (samba), internet gateway (firewall, proxy, mail, news), or internet server (webserver, FTP server).

Hacktavists hit PayPal with £3.5m attack

Anonymous has launched an attack on PayPal after it announced the decision to block payments to Wikileaks.

The online transaction company was attacked by four member of the Anonymous group. The members called it 'Operation Payback'.

The prosecutor, Mr Patel said they used distributed denial of service, or DDoS, which flooded the targets computers with massive amounts of online requests. If you visited the sites under attack by the anonymous group, you'd be directed to a page with the message 'You've tried to bite the Anonymous hand. You angered the hive and now you are being stung'.

The four members are currently facing trial which is expected to last two weeks. 22 year old Christopher Weatherhead aka 'nerdo' is in the small group of cabal leaders in Anonymous. He pleaded not guilty to conspiring to impair the operation of computers between 1 August 2010 and 22 January 2011.

He also carried out attacks to MasterCard, Visa, Ministry of Sound, the British Recorded Music Industry and the International Federation of the Phonographic Industry who also opposed internet piracy.

Ashley Rhodes, 27, Peter Gibson, 24, and an 18 year old who cannot be named for legal reasons have already pleaded guilty to the charge, all from the UK.

Mr Patel stated "It is the prosecution case that Christopher Weatherhead, the defendant, is a cyber-attacker and that he, and others like him, waged a sophisticated and orchestrated campaign of online attacks that paralysed a series of targeted computer systems belonging to companies to which they took issue with, for whatever reason, and those attacks caused unprecedented harm".

He said PayPal also had to pay for more software and hardware to defend against similar attacks in the future and he said the total cost to the firm was estimated at £3.5m.

You too can learn how to perform DDoS attacks and help companies like PayPal defend themselves against it. Become a Certified Ethical Hacker (CEH) and earn on average £42,750 in the UK (ITjobswatch.co.uk). As a CEH, job opportunities are endless, you can work for private companies, or even the government. With the likes of PayPal, Government sites around the world, Sony and Nintendo’s security being compromised, more and more companies are taking their security very seriously.

How to become a Microsoft Certified Professional

By Julian Arias Beltran


As you probably know, Microsoft has changed its certification program. This can be quite confusing so we hope this blog gives you the answers and advice you need in order to know which exam to take next. Choosing the right exam now, will help you get your next certifications faster.

Where to start your certification path?

Microsoft has made their certification paths into a pyramid:

As you can see, it has been divided into three parts. You start from Associate, then Expert and finally to Master.

The first level; Associate, has three certification paths. It has the old MCTS, the MCSA 2008 and the latest MCSA 2012. 

Before we continue, it's important to note that you should check the Microsoft site to see if there have been any changes to the requirements, and to see whether exams are still available. Exams usually expires when mainstream support for the product ends.

MCSA 2008 (Microsoft Certified Solutions Associate 2008)

The MCSA 2008 (Microsoft Certified Solutions Associate) looks at configuring and supporting an Active Directory environment using Windows Server 2008. To gain this cert, you’ll need to pass the following three exams:

70-640 - Active Directory

70-642 - Network Infrastructure

70-646 - Server Administrator

If you already have an MCSA 2008, you are able to update your cert to the new MCSA 2012 in just four days by sitting the 70-417 exam which is available until the 31st of July 2014. This is twice as fast as taking the full MCSA 2012 course and saves the need to start again from the beginning.

MCSA 2012 (Microsoft Certified Solutions Associate 2012)

Microsoft Certified Solutions Associate 2012 is aimed at supporting Windows Server 2012 and SQL Server. Like MCSA 2008, you will need to complete three exams in order to gain the certification.

For MCSA Windows Server 2012, you’ll need:

70-410 - Installing and Configuring Windows Server 2012

70-411 - Administering Windows Server 2012

70-412 - Configuring Advanced Windows Server 2012 Services

For MCSA SQL Server, you’ll need:

70-461 - Installing and Configuring Windows Server 2012

70-462 - Administering Windows Server 2012

70-463 - Configuring Advanced Windows Server 2012 Services

MCSE (Microsoft Certified Systems Engineer)

This certification is a level up on the pyramid; this is now in the expert level. It retired a long time ago, and some of you might remember it. But it has been brought back… kind of. It used to be called Microsoft Certified Systems Engineer, but is now called Microsoft Certified Solutions Expert, just like what happened to the MCITP and MCSA. Microsoft Certified Solutions Expert looks at solutions based on the current technology at the time. In order for someone to keep an MCSE certification, they will need to recertify as new technology it released.

There are four certification paths for MCSE:

MCSE Desktop Infrastructure

MCSE Server Infrastructure

MCSE Private Cloud

MCSE SQL Server

In order to get these certifications, you’ll need to pass the following exams:

For MCSE Desktop Infrastructure

70-415 – Implementing a Desktop Infrastructure

70-416 – Implementing Desktop Application Environments

For MCSE Server Infrastructure

70-413 – Designing and Implementing a Server Infrastructure

70-414 – Implementing an Advanced Server Infrastructure

For MCSE Private Cloud

70-246 – Configuring and Deploying a Private Cloud with System Center 2012

70-247 – Monitoring and Operating a Private Cloud with System Center 2012

For MCSE SQL Server

70-461 – Querying Microsoft SQL Server 2012

70-462 – Administering a Microsoft SQL Server 2012 Database

70-463 – Implementing Data Warehouses with Microsoft SQL Server 2012

Not including SQL, the other three certs have one thing in common; they require the MCSA Windows Server 2012certification. If you wish to follow the MCSE SQL Server path, you’ll first need the MCSA SQL Server certification.

MCSM (Microsoft Certified Solutions Master)

The next level is Master. This is the hardest level to achieve. Professionals at this level have an MCSM – Microsoft Certified Solutions Master. In order to get this certification, you’ll need to complete the relevant certification for that area. But even when that is complete, you’ll need to submit an application to Microsoft for them to approve it. It must show that you have relevant experience and expertise to be awarded this certification. It’s not easy…

The below certifications are the older Microsoft certs which almost all have expiry dates.

MCTS (The Microsoft Certified Technology Specialist)

This was most common starting point on the Microsoft certification path. Most of the current MCTS exams are due to expire soon. Depending on the certification, you will need to take one to three exams in order to pass. Currently there are 20 different technologies, and it has been said that no new MCTS certifications will be released.

MCITP (Microsoft Certified IT Professional)

The MCITP certification is what the MCSE is now; the expert level. It is aimed at IT professionals who are responsible for administering the network at a server level. But, currently almost all MCITP certifications except Exchange, Sharepoint and Lync have expiry dates of July 31 2013. It has 15 different certifications. In order to get one of these certifications, you’ll need to pass anywhere from two to five exams. If you have any of the certifications below, you will be able to upgrade them to the new MSCA Server 2012 by taking the 70-417 exam. This is the same exam needed to upgrade your MCSA 2008 to MCSA 2012.

MCITP: Virtualization Administrator

MCITP: Enterprise Desktop Administrator

MCITP: Lync Server Administrator

MCITP: Sharepoint Administrator

MCITP: Enterprise Messaging Administrator

It is important to try and move to the Associate level MCSA 2012 certification as it is the most up to date Microsoft certification and will provide a foundation for your IT career with a stepping stone to the next level: Expert.

Good luck on your chosen certification path.

About the Author:
Julian writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Julian is the companies Digital Marketer.

WE ARE LEGION – an inside look into Anonymous

For a few years now, filmmaker Brian Knappenberger had been working on ‘We Are Legion’ – a documentary based around the infamous hacktavist group Anonymous.

Anonymous originated in 2003 on the imageboard 4chan. Since then they have gained a massive wave of support and have taken part in several large scale attacks on what they deem ‘wrong’.

“The hacker ethics has a passion for truth, it wants what’s real to be out there” - WE ARE LEGION

The movie has been released and is finally available to all through the film’s official Web site as a DRM-free download. It is not fully understood why the movie was given out for free, but it does fit in with what Anonymous believe.

“Anonymous was kind of like the big strong buff kid who had low self-esteem, and then all of a sudden punched someone in the face and was like ‘wholly s**t I’m really strong’” - WE ARE LEGION

You can download the full movie here: http://wearelegionthedocumentary.com/see-the-film/

One of the more recent stories Anonymous was involved in was with Amanda Todd. The 15-year-old committed suicide after struggling with depression and being bullied.

When Amanda was in the 7th grade, she flashed a camera while one of her friends was taping. A man somehow got the photo of her topless and leaked it on the web, and even to her school facebook page. Before she committed suicide she posted a video on Youtube of her talking about how she cried every night out of desperation.

Anonymous tracked down a man they feel is responsible for her death (the person who anonymously leaked the photo online). The bullying was most likely the main reason for Todd’s death, but the real villain in the eyes of Anonymous was the man who took and leaked the photo.

“We generally don’t like to deal with police first hand but were compelled to put our skills to good use protecting kids. Ironically we have some good people in Vancouver who brought this to our admin’s attention. It’s a very sad story that affects all of us.” - Anonymous

Learn all the techniques used by Anonymous and get paid for performing these attacks - legally. The average salary of a Certified Ethical Hacker in the UK is £42,750 according to ITjobswatch.co.uk. 

Learn more about becoming an ethical hacker here: http://www.firebrandtraining.co.uk/courses/ec_council/ceh/hacking.asp

19 year old hacks government server in India

Nikhil Thakur, a 19 year old boy from Khandwa India, got access to confidential data from the server of Bharat Sanchar Nigam Limited (BSNL). BSNL is a government owned provider of fixed telephony and is the fourth largest mobile telephony provider in India; it is also a provider of broadband services.

Thakur states that he is an ethical hacker and that he hacked the national website of BSNL in order to uncover vulnerabilities that might be taken advantage of by others.

But the police did not seem convinced. The deputy superintendent of police Deepak Thakur stated: “Hacking government websites is a punishable offence and attracts three years jail. Before proving his point, the teenager should have taken BSNL authorities and police into confidence and also BSNL should build a foolproof server so such incidents should not occur again.”

The chief general manager of BSNL was not happy about it either, stating: “Why this young boy is after BSNL! He should use his talent to build firewalls using these cases and do something constructive. Moreover we don’t have any private data on our website.”

But the fact that Nikhil was able to penetrate the official website of a government server truly shows how vulnerable sensitive data is. They should consider increasing security. They are lucky their server was hacked by an ethical hacker; the situation could be very different if it was someone else.

The site for the Central Bureau of Investigations was also hacked recently and major terrorist groups are under suspension. Nikhil claims that he didn’t use the information for personal gain. Either way, the government should take this as a warning for possible future attacks they can prevent.

Security threats have reached scary levels of sophistication. Internet crimes are becoming ever so problematic for companies all over the world. This is why businesses like BSNL should be (and many already are) looking for someone to prevent the malicious hackers breaching their customers’ confidential data, with the potential to steal billions of private data. That’s the job of a Certified Ethical Hacker.

Although Nikhil hacked the server illegally as there were no permissions, if Nikhil was to become a Certified Ethical Hackers, he would be able to legally attempt to penetrate the company’s systems, just like a hacker would, to find the loopholes in the security systems in place. A CEH will conduct a Vulnerability Assessment (VA) to find out the shortcomings in the technology.

The average salary of a Certified Ethical Hacker in the UK is £42,750 according to ITjobswatch.co.uk. As a CEH, job opportunities include working for private companies, or even the government. With the likes of Adidas, Sony and Nintendo’s security being compromised last year, more and more companies are taking their security very seriously, and looking for better ways to combat breaches of their data.

Nikhil is a BCA student in Indore and aspires to work in the IT sector.

Whats your opinion on Nikhil hacking the company to uncover its vulnerabilities? is it wrong or right?

Firebrand Wins Awards and Breaks Records!

EC-Council ATC of the Year, Newcomer of the Year and Instructor Circle of Excellence

We're delighted to announce that Firebrand Training has again won the EC-Council Accredited Training Centre of the Year - for a fourth time in a row! 

Jay Bavisi, President of EC-Council stated: “The annual EC-Council Awards highlight the commitment and achievements of our global partners and trainers that have contributed to the information security community...I congratulate all of the winners for their achievements and dedication to the Information Security industry in their respective region”

Top 20 IT Training Companies in the World

Firebrand Training has also been named in the Top 20 IT Training Companies in the World by TrainingIndustry.com. To be chosen for this award, the company must have:

 

• Leadership and innovation in IT training
• Breadth of IT training and delivery methods offered
• Company size and growth potential
• Strength of clients
• Geographic reach

Ken Taylor, Chief Operating Officer of Training Industry, Inc. says: “The Top 20 IT Training Companies list features organisations with a great combination of services, size, and innovation in the market. These companies provide a wide range of services and delivery methods, often over a span of multiple industries and countries.”

Firebrand NORDICS Wins Microsoft Learning Partner of the Year

We’re also happy to announce that Firebrand Training NORDICS has been named as a Microsoft Learning Partner of the Year for the third time in a row! This is the first time such a feat has been achieved.  In only four years of existence, Firebrand NORDICS has gone very far. Criteria for the award included: customer satisfaction, growth and skills development.

Over 30,000 professionals have trained with us. The reason?  Frank Højgaard, Managing Director, explains: It is fantastic to receive awards and recognition from Microsoft. Thousands of students have experienced Accelerated Learning with Firebrand Training, and it has proven a massive success in the Nordics. We gain feedback from each of our students, and there is a clear trend in why they continue to recommend us. This includes: saving both time and money, being able to focus 100% on learning in our distraction-free environment, and leaving the course with a guaranteed certification. The award confirms that this is a winning combination.”

The highest place to learn PMP and CISM?

Has Firebrand Training broken a record by training candidates on PMP and CISM on the 41^st floor of the Yassat Gloria Hotel in Dubai?

Altitude training?

Firebrand trains it’s candidates at the very top of the Hotel, which is situated in Media City on Sheikh Zayed Road with an amazing panoramic view of Dubai and the Palm Jumeirah. So why not get the training of an Olympic athlete at the Dubai training centre.

It is one of the largest Apartment Hotels in the Middle East. All Apartments feature comfortable bedrooms, en-suite living/dining rooms, with balconies, fully equipped kitchens with stove, micro-wave oven, washing machine, iron & ironing board, refrigerator etc, and even dish washer in the 2 bedroom apartments.

Individual Exam Sessions for Red Hat

The idea was introduced back in June and has given students a lot more flexibility.

Traditionally, Red Hat was known for its lab based exams which were taken directly after the course. With this new method, the candidate can choose the date, place and time to take the exam. The candidate can then feel a little more prepared before going in.

The drawback is that there are a small number of individual exam centers around the world. Also, as the system is arranged through a reservation process, it depends on the availability of a lab and onsite proctor, which could mean waiting months before taking the exam.

The individual exam is exactly the same as the exam used in the classroom session.

If you fail the exam, the computer will give you the option to choose when to retake it.

The only European Red Hat individual exam location is in London. The following exams are included:

Red Hat Certified System Administrator (RHCSA) Exam (EX200)
About this exam

Red Hat Certified Engineer (RHCE) Exam (EX300)
About this exam

Red Hat Directory Services and Authentication Exam (EX423)
[You must be a current RHCE® to take EX423.]
About this exam

Red Hat Enterprise SELinux Policy Administration Expertise Exam (EX429)
[You must be a current RHCE® to take EX429]
About this exam

Red Hat Enterprise Clustering andStorage Management Exam (EX436)
[You must be a current RHCE® to take EX436.]
About this exam

Red Hat Enterprise Performance Tuning Exam (EX442)
About this exam

JBoss Certified Application Administrator (JBCAA) Exam (EX336)
[This version of the JBCAA exam relates to JBoss® Enterprise Application Platform 5.]
About this exam

JBoss Certified Application Administrator (JBCAA) Exam (EX248)
[This version of the JBCAA exam relates to JBoss Enterprise Application Platform 6.]
About this exam

JBoss Certified Developer in Persistence (JBCD-Persistence) Exam (EX297)
About this exam

JBoss Certified Developer in Seam (JBCD-Seam) Exam (EX311)
About this exam

JBoss Certified Developer in ESB (JBCD-ESB) Exam (EX431)
About this exam

How to Register for and take an Individual Exam Session:

1. Click on exam you are interested in above and then click the Enroll Today button,
2. Fill out the order form and submit payment. You’ll receive an email confirming your purchase and details of the next steps.
3. After your confirmation email, create an account with Innovative Exams.
4. You can then schedule your exam by choosing your exam, date and time. You will receive an email confirming your scheduled exam and detailing instructions on what to do on your testing day.
5. Show up for your exam on the chosen date and time, and take your exam.

Whats your opinion on these Exams? And if you have tried it, we would love to hear your review in the comment section below.

Windows Phone para Principiantes

Hace rato no posteaba sobre Windows Phone, pero hoy he creado para mis estudiantes y para sus proyectos de clase unos videos sencillos donde pueden practicar como hacer una aplicación simple de Windows Phone ahora que volvió a estar un poco más de moda por el lanzamiento de Windows Phone 8.

Cómo les decia en mi post anterior, no es bueno dejar de desarrollar aplicaciones para Windows Phone 7.5 aún. Es bueno continuar por que además de que tenemos más usuarios ahí que en el nuevo, lo que aprendan les servirá para Windows Phone y para Windows 8. Los que tengan la oportunidad de instalar el SDK de Windows Phone 8, háganlo pero sigan desarrollando para Windows Phone 7.5 si no necesitan nada particular de Windows Phone 8. Ese es mi consejo.

Las advertencias: son videos sencillos, no se aplica MVVM, se toca en lo más mínimo el XAML ya que todo lo trabajo a través de Expression Blend, así que lo único que necesitas saber para ver este tutorial es C#, además aprenderás sobre Linq to SQL en Windows Phone, que en terminos prácticos te sirve tambien para conectarte a un servidor y no a una base de datos local como hacemos con esta aplicación.

Para quienes están empezando, espero que noten como las herramientas de Microsoft nos evitan un montón de trabajo y facilmente podemos hacer aplicaciones, aunque mi recomendación es que saquen el tiempo adecuado para aprender XAML.

Disculpen el sonido del primer video, no habia notado que no tenia el micrófono de la diadema. Les dejo entonces los enlaces, espero les sirvan y hasta la próxima.

Ensamblando las bases de la aplicación 
https://vimeo.com/53729403

Creando las pantallas en Expression Blend 
https://vimeo.com/53729894

Codificando en Visual Studio
https://vimeo.com/53731227

Después de los videos puedes continuar con la Serie WP7, los Hands on Lab de la Maratón de Windows phone y los próximos días estaré retomándo mi congerlada serie de post de MVVM para los que les gusta aprender un poquito más de como hacerlo un poco mejor, pero ya hay varios videos así que pueden empezar mientras me pongo al día.

Saludos y hasta la próxima.

Sorey

Sale: Access to corporate computers

In a recent report by the BBC, Cybercriminals are openly selling illegal access to the computer networks of many of the world’s biggest companies for just a few pounds.

The underground network of cyber criminals is even renting out access to use the machine to design their own scams.

Criminals will have the chance to attempt a massive hacking attack on big companies by using them as a springboard.

The underground network that offers these servers, was uncovered by Brian Krebs, a security researcher. It took him two weeks to access the forums and gain the  complete list of the corporate networks offered.

Right now the site is said to have 17,000 servers up for sale but he estimated that about 300,000 have been listed since 2010, when it first appeared. Since the discovery of the site, it has been changed to members-only.

Brian Kreb stated that the site was a broker for hackers that already had access to networks from separate attacks and wanted to sell them.

"They maybe individual hackers that have no use for these but know they have value and are re-selling them” he stated.

Companies are becoming more and more aware of the dangers of hackers and are increasingly searching for IT security professionals to defend them. IT security has become one of the fastest growing sectors in the IT industry.

Taking the opportunity

Opportunities in IT security are popping up everywhere so why not take it? Get the right security certification and earn on average £50,000.

Become an ethical hacker and get paid for it

The average salary of an ethical Hacker is over £40,000! (itjobswatch.co.uk). Aka a white hat hacker is someone who hacks and exploits zero days from companies who are looking to increase their security. That's right, they will pay you to find and exploit zero days in order and get rid all possible risks.

Click here to find out more: http://www.firebrandtraining.co.uk/courses/ec_council/ceh/hacking.asp

Cross platform y prácticas para Web Móvil

En esto de la aventura con las aplicaciones móviles Cross Platform y el hecho de que estas aplicaciones tengan que ser diseñadas como pequeñas web móvil, recorde un conjunto de buenas prácticas que la W3C publicó en el 2010, espero que les sean de utilidad en este tema o en Web Móvil si las necesitan.

Les comparto los consejos de las fichas que me sirvieron de guía y también la versión renovada para aprender sobre este tipo de consideraciones.

Introducción

Las “Buenas Prácticas en Web Móvil 1.0" son un Estándar Web del W3C cuyo objetivo es ayudar a los desarrolladores Web a diseñar y publicar contenido Web que funcione adecuadamente en dispositivos móviles. Estas tarjetas resumen, en diez puntos clave, las pautas descritas en el estándar. Al cumplirlas, se incrementará el público que puede acceder a los contenidos, creando sitios Web y aplicaciones eficaces y haciendo la navegación en la Web accesible desde más dispositivos. Más información en: http://www.w3.org/TR/mobile-bp/

10 formas de hacer la Web móvil

• Diseña para una Web única
• Confía en los estándares Web
• Evita los riesgos conocidos
• Sé prudente con las limitaciones de los dispositivos
• Optimiza la navegación
• Comprueba gráficos y colores
• Hazlo en pequeño
• Economiza el uso de la red
• Facilita la entrada de datos
• Piensa en los usuarios de la Web móvil

Diseña para una Web única

Si diseñas el contenido teniendo en cuenta los diferentes dispositivos, reducirás costes, tu página será más flexible y satisfarás las necesidades de más personas.

COHERENCIA TEMÁTICA: Asegúrate de que el contenido al que se accede desde una URI aporta la misma información esencial al usuario, independientemente del dispositivo que utilice.
CAPACIDADES: Aprovecha las capacidades del dispositivo para proporcionar al usuario una mejor experiencia.
PROBLEMAS EN LA IMPLEMENTACIÓN: Toma las medidas convenientes para evitar problemas en la implementación.
PRUEBAS: Haz pruebas sobre dispositivos móviles y emuladores.

Confía en los estándares Web

En un mercado tan fragmentado como el de dispositivos y navegadores, los estándares son la mejor garantía de Interoperabilidad.

ETIQUETADO VÁLIDO: crea documentos que sean válidos según las gramáticas formales disponibles.
COMPATIBILIDAD DE FORMATO: envía el contenido en un formato que sea compatible con el dispositivo.
FORMATO DE CONTENIDO PREFERIDO: siempre que sea posible, envía el contenido en el formato deseado por el usuario.
COMPATIBLIDAD DE LA CODIFICACIÓN DE CARACTERES: asegúrate de que la codificación de caracteres del contenido es compatible con el dispositivo.
USO DE LA CODIFICACIÓN DE CARACTERES: indica la codificación de caracteres que se está utilizando.
USO DE HOJAS DE ESTILO: utiliza hojas de estilo para la maquetación y presentación del contenido, a no ser que el dispositivo no las admita.
ESTRUCTURA: utiliza las funciones del lenguaje de etiquetado para definir la estructura lógica del documento.
MENSAJES DE ERROR: intenta que tus mensajes de error sean informativos y facilita la forma de regresar al contenido anterior.

Evita los riesgos conocidos

Un diseño bien planificación ayuda a reducir los problemas de usabilidad causados por pantallas y teclados pequeños, u otras funciones de los dispositivos móviles.

VENTANAS EMERGENTES: Evita las ventanas emergentes, y no cambies de ventana sin informar al usuario.
TABLAS ANIDADAS: No uses tablas anidadas.
DISEÑO CON TABLAS: No uses tablas para maquetar.
GRÁFICOS PARA EL ESPACIADO: No uses gráficos para el espaciado.
MARCOS: No uses marcos.
MAPAS DE IMAGEN: Evita los mapas de imagen, a no ser que sepas que el dispositivo los interpreta eficazmente.

Sé prudente con las limitaciones de los dispositivos

Cuando elijas una tecnología Web concreta, ten en cuenta que los dispositivos móviles tienen funciones muy diversas.

COOKIES: No cuentes siempre con que haya cookies disponibles.
OBJETOS O SCRIPTS: No dependas de los objetos o los scripts integrados.
COMPATIBILIDAD DE LAS TABLAS: No uses tablas a no ser que estés seguro de que el dispositivo es compatible.
ALTERNATIVAS A LAS TABLAS: Siempre que sea posible, utiliza alternativas a la presentación tabular.
COMPATIBILIDAD CON LAS HOJAS DE ESTILO: Organiza los documentos de forma que sea posible leerlos sin hojas de estilo.
TIPOGRAFÍA: No confíes en la compatibilidad de los tipos de letra.
USO DE COLORES: Asegúrate de que la información transmitida mediante colores también puede comprenderse sin color.

Optimiza la navegación

La simplificación de la navegación y del uso del teclado son factores esenciales cuando se utilizan pantallas y teclados pequeños, y se tiene un ancho de banda limitado.

BARRA DE NAVEGACIÓN: Concentra la navegación en la parte superior de la página y redúcela al máximo.
NAVEGACIÓN: Utiliza mecanismos de navegación coherentes.
IDENTIFICACIÓN DEL DESTINO: Identifica claramente el destino de cada enlace.
FORMATO DEL DESTINO: Indica el formato del archivo de destino, a no ser que sepas con seguridad que el dispositivo es compatible.
TECLAS DE ACCESO RÁPIDO: Asigna teclas de acceso rápido a los enlaces en los menús de navegación y a las funciones más utilizadas.
URIS: Intenta que las URls sean cortas.
EQUILIBRIO: Intenta encontrar un equilibrio entre tener demasiados enlaces en una página y hacer que el usuario vaya de un sitio a otro hasta llegar a lo que está buscando.

Comprueba gráficos y colores

Las imágenes, los colores y el estilo destacan el contenido, pero hay dispositivos con pantallas de bajo contraste o problemas de compatibilidad con algunos formatos.

REDIMENSIÓN DE LAS IMÁGENES: Redimensiona las imágenes en el servidor si tienen un tamaño intrínseco.
GRÁFICOS GRANDES: Evita imágenes que no puedan ser mostradas desde el dispositivo. Evita las imágenes grandes o de mucha resolución a no ser que, sin ellas, se pierda información valiosa.
TAMAÑO DE IMAGEN ESPECIFICADO: Especifica el tamaño de la imagen en el etiquetado si tiene un tamaño intrínseco.
ALTERNATIVAS A LOS ELEMENTOS NO TEXTUALES: Facilita un equivalente en forma de texto para cada elemento no textual.
CONTRASTE DE COLOR: Asegúrate de que entre el color del fondo y el del primer plano hay suficiente contraste.
LEGIBILIDAD DE LA IMAGEN DE FONDO: Cuando utilices imágenes de fondo, asegúrate de que el contenido sigue siendo legible en el dispositivo correspondiente.
MEDIDAS:No utilices medidas en píxeles ni unidades absolutas en los valores de los atributos del lenguaje de etiquetado, ni en los valores de las propiedades de las hojas de estilo.

Hazlo en pequeño

Un sitio Web de tamaño reducido supondrá un ahorro de tiempo y dinero para los usuarios.

MINIMIZAR: Utiliza un etiquetado conciso y eficaz.
LÍMITE EN EL TAMAÑO DE LA PÁGINA: Asegúrate de que el tamaño total de la página es apropiado para las limitaciones de memoria del dispositivo.
TAMAÑO DE LAS HOJAS DE ESTILO: Utiliza hojas de estilo pequeñas.
SCROLLING: Limita el scrolling a una sola dirección a no ser que sea imposible evitar un desplazamiento secundario.

Economiza el uso de la red

Las funciones de los protocolos Web pueden mejorar la experiencia del usuario al reducir los retrasos y los tiempos de espera en la red.

ACTUALIZACIÓN AUTOMÁTICA: No crees páginas con una actualización automática periódica, a no ser que hayas informado al usuario y éste pueda desactivarla.
REDIRECCIÓN: No uses el etiquetado para redirigir las páginas automáticamente. En cambio, configura el servidor para que ejecute redirecciones a través de códigos HTTP 3xx.
RECURSOS EXTERNOS: Intenta reducir el número de enlaces externos al mínimo.
CACHÉ: Facilita información para la caché en las respuestas HTTP.

Facilita la entrada de datos

En los dispositivos móviles, los teclados y demás métodos de introducción de datos pueden ser tediosos para el usuario. Un diseño eficaz minimiza su uso.

MINIMIZA EL USO DEL TECLADO: Reduce el uso del teclado al mínimo.
EVITA LA INTRODUCCIÓN DE TEXTO: Siempre que sea posible, evita la introducción de texto por parte de los usuarios.
SELECCIÓN POR DEFECTO: Siempre que sea posible, establece valores preseleccionados por defecto.
MODO DE ENTRADA POR DEFECTO: Especifica un modo de entrada de texto, un lenguaje y/o un formato de entrada, por defecto, si el dispositivo es compatible.
ORDEN DE TABULACIÓN: Crea un orden lógico mediante enlaces, controles de formulario y objetos.
ETIQUETADO DE CONTROLES: Etiqueta todos los controles de formulario adecuadamente y asocia explícitamente las etiquetas con los controles.
POSICIÓN DE CONTROLES: Coloca adecuadamente las etiquetas con respecto a los controles de formulario a los que se refieren.

Piensa en los usuarios de la Web móvil

Los usuarios de la Web móvil necesitan información sintetizada al disponer de poco tiempo y existir distracciones externas.

TÍTULO DE LA PÁGINA: Ponle un título a la página que sea corto pero descriptivo.
CLARIDAD: Utiliza un lenguaje sencillo y claro.
CONTENIDO RELEVANTE: Asegúrate de que el contenido esencial de la página esté antes que el contenido que no lo es.
CONTENIDO LIMITADO: Limita el contenido a lo que el usuario ha solicitado.
ADECUACIÓN: Asegúrate de que el contenido es adecuado para su uso en un contexto móvil.
TAMAÑO PRÁCTICO DE LA PÁGINA: Divide las páginas en secciones manejables pero con un tamaño limitado.

http://www.w3.org/Mobile

Traducción realizada por http://www.w3c.es

©2007 W3C (ERCIM, Keio University, MIT)

 ;