tv - programer

Having a solid foundation in Computer Science is important to become a successful Software Engineer. This guide is a suggested path for university students to develop their technical skills academically and non-academically through self paced hands-on learning. You may use this guide to determine courses to take, but please make sure you are taking courses required for your major in order to graduate. The online resources provided in this guide are not meant to replace courses available at your university. However, they may help supplement your learnings or provide an introduction to a topic.

Recommendations for Academic Learnings

Caintech.co.uk

 

 

In today’s society, every citizen is monitored, tracked, and profiled by their government and affiliated agencies; the American National Security Agency (NSA) and the Great Britain Government Communications Headquarters (GCHQ) are two commonly discussed examples. This page is to provide a resource for learning more about staying secure online.

Basic Security Tips:

  • When discussing potentially sensitive or anti-government issues, make sure to use a fake, online alias.
  • Never reveal your real name when associating with your online alias.
  • Always use a virtual private network.
  • Pay for things associated with your online alias, with a prepaid card. Pay for the prepaid card in cash if possible.

Virtual Private Networks

A virtual private network, also known as a VPN, is a service used to add a layer of security and privacy to networks. VPNs are often used by businesses and corporations to protect sesitive data. Although, using a VPN is becoming increasingly more popular for the average person.

Privacy and security is increased, because when active, the VPN will “replace” the users IP address with one from the VPN provider. It will also “change” your domain name system address, also known as DNS address, which will not allow your internet service provider to view what websites you are visiting. In addition to these privacy and security increases, it encrpyts your internet traffic. Most VPN providers offer at least 128-bit AES encryption, which according to documents leaked by Edward Snowden, has not been broken by the NSA yet. Some also offter 256-bit AES encryption, which is more secure.

Warnings

  • Free VPN providers are likely selling their logs and/or compromising your security.
  • Do not tell anyone what provider you are using.
  • Be sure to read the Terms of Service and Privacy Policy before using a VPN service.
  • Do your own research. Don’t trust random sources.

VPN Providers

Below is a list of paid VPN providers. We do not support or endorse any of the providers listed below. We merely provide this list as a starting point into researching the provider that is right for you.

Private Internet Access

IPVanish

AirVPN

TigerVPN

Perfect Privacy

Hide.Me

TorGuard

View a larger list of VPN Providers here.

DNS Leaking

When utilizing an anonymity service, it is extremely important that all traffic coming from your computer is routed through the anonymity network. If any traffic leaks outside of the secure connection to the network, an adversary monitoring your traffic will be able to log your activity.

DNS or the domain name system is used to translate domain names such as http://www.duckduckgo.com into numerical IP addresses such as 111.222.333.444, which are required to route packets of data on the internet. Whenever your computer needs to contact a server on the internet, such as when you enter a domain name into your browser, your computer reaches out to a DNS server and requests the IP address associated with that domain name. Most Internet service providers assign their customers a DNS server which they control and use for logging and recording your internet activities.

Under certain conditions, although connected to the anonymity network, the operating system will continue to use its default DNS servers instead of the anonymous DNS servers assigned to your computer by the anonymity service. DNS leaks are a huge privacy threat since the anonymity service may be providing a false sense of security while data is leaking.

Be sure to check if you are leaking any data by visiting one of the websites below.

DNS Leak Test
IP Leak

Search Engine Tracking

The sad truth is that no matter where we go, big corporations and governments attempt to track, profile, and control us. Even our own “beloved” Google search engine is used to track everything we search for. Everytime you use a regular search engine, your search data is recorded. Major search engines capture your IP address and use tracking cookies to make a record of your searches, the time, and the links you choose – then they store that information in a huge database.

Investigation of those searches reveal a shocking amount of personal information about you, such as your interests, family circumstances, political believes medical conditions, financial status, and more. This database is a modern-day gold mine for government officials, hackers, and marketers. To stop storing your future searches in this database, it is recommended that you use alternative search engines.

Alternative Search Engines

There are many search engine alternatives to Google, Yahoo, Bing, and Yandex that are dedicated to the privacy of their users. The list below is a small list of the alternative search engines available.

DuckDuckGo

StartPage

Disconnect Search

IXQuick

 

TV Java

 

A recent update to Google’s browser Chrome, has disabled the Java plugin. So if your favourite Java game or app has stopped working I am going to show you how to re-enable Java.

As of Chrome Version 42, an additional configuration step is required to continue using NPAPI (Java) plugins.

  1. In your URL bar, enter:
    chrome://flags/#enable-npapi
  2. Click the Enable link for the Enable NPAPI configuration option.
  3. Click the Relaunch button that now appears at the bottom of the configuration page.

If you prefer to watch this on a video, I’ve created a short one for you.

Hope this helps

tv crime2A critical vulnerability in the firmware of Cisco small business phones lets an unauthenticated attacker to remotely eavesdrop on private conversation and make phone calls from vulnerable devices without needing to authenticate, Cisco warned.
LISTEN AND MAKE PHONE CALLS REMOTELY
The vulnerability (CVE-2015-0670) actually resides in the default configuration of certain Cisco IP phones is due to “improper authentication“, which allows hackers to remotely eavesdrop on the affected devices by sending specially crafted XML request.
Moreover, the vulnerability could be exploited by hackers to make phone calls remotely from the vulnerable phones as well as to carry out other attacks by making use of the information gathered through the audio interception activity.
AFFECTED DEVICES
The devices affects the Cisco’s small business SPA300 and SPA500 Internet Protocol (IP) phones running firmware version 7.5.5, however, Cisco alerts that later versions of these device may also be affected by the flaw.
It’s likely that some phones have been configured to be accessible from the Internet, so it would be very easy for hackers to locate the vulnerable devices that run on vulnerable software versions by using the popularShodan search engine.

To exploit this vulnerability, an attacker may need access to trusted, internal networks behind a firewall to send crafted XML requests to the targeted device,” the Cisco advisory says. “This access requirement may reduce the likelihood of a successful exploit.

Cisco has confirmed the issue, which was discovered and reported by Chris Watts, a researcher at Tech Analysis in Australia, along with two other flaws — an XSS vulnerability (CVE-2014-3313) and a local code execution vulnerability (CVE-2014-3312).
VULNERABILITY UNPATCHED, YET SOME RECOMMENDATIONS
The company hasn’t patched the problem yet and is working on a new version of the firmware to fix the issue, although the company offers some recommendations in order to mitigate the risk:
  • Administrators are advised to enable XML execution authentication in the configuration setting of the affected device.
  • Administrators are advised to allow network access only to trusted users.
  • Administrators are advised to use Solid firewall strategies to help protect the affected systems from external attacks.
  • Administrators may also use IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
  • Administrators are advised to closely monitor the vulnerable devices.

Windows TV

Discover a range of Microsoft books on Windows Server, Microsoft Azure, App Development and System Center as well as Windows books available free of charge! From technical overviews to drilldowns on special topics, these free Microsoft books are available in PDF, EPUB, and/or Mobi for Kindle formats. Download these eBooks at your convenience today.

App DevelopmentWindows Server

Microsoft AzureWindows 8.1

Microsoft System CenterOther Books

 

 

Read the rest of this entry »

tv-pure google

So sitting here looking out of my living room window across a very grey, cold and gloomy London I thought it might be time to spread some joy across the net.

So here are 6 fun tricks to try with Google.

1. Do a barrel roll trick:

Go to Google.com and simply type in the search box “do a barrel roll” and see the magic. The page will rotate two times.

barrel

2. Atari Breakout Trick:

Go to Google images and type “Atari Breakout”. The images will be transformed into blocks and you can play Breakout, classic arcade game of the 70’s era.

atari

3. Tilt page trick:

No this is not back to the 70’s again (that’s a pinball reference from the younger crowd). Search for “tilt” on Google and see how your page tilts a little.

tilt4. Recursion trick:

Search for “recursion” on Google and you will get stuck in an infinite loop much like recursion. Recursion means repeating. Google will show “did you mean recursion?” every time searching for recursion. Ok well that is not really fun, not like playing Breakout but at least you learn what recursion means. (Every day is a school day)

recursion

 

5. Google Gravity:

Type in “Google Gravity” in their homepage and then click on the “I’ m feeling lucky” button. It will redirect you to one of the fun projects called “Google Gravity”. It is a Chrome Experiment done by Hi-Res. See how gravity bring Google to its knees. You can even search anything.

gravity

6. Zerg Rush:

When you type “zerg rush” in Google .The ‘o’ and ‘o’ of Google appears from the top and the right of the Google page and slowly eats up the whole page leaving nothing. It’s fun to watch.

zergBonus: elgoog.im

A rotated version of Google.com, kind of google tricks. Provides you with a reversed Google site, known as Google backwards. You can also do surfing on elgoog.im, it’s fun.

elgoog

Well they cheered me up !

Ghost in the Machine

Posted: 29/01/2015 in Uncategorized
Tags: , , , ,

tv crime2A newly disclosed flaw opens up most Linux-based Web and mail servers to attack, researchers from Redwood Shores, California-based security firm Qualys disclosed today (Jan. 27).

The flaw, dubbed “GHOST” by its discoverers, “allows attackers to remotely take complete control of the victim system without having any prior knowledge of system credentials,” (i.e. administrative passwords), Qualys staffer Amol Sarwate said in a company blog posting.

“As a proof of concept, we developed a full-fledged remote exploit against the Exim mail server, bypassing all existing protections (ASLR, PIE, and NX) on both 32-bit and 64-bit machines,” Qualys researchers posted on the Openwall security mailing list earlier today.

MORE: 5 Worst Security Fails of 2014

GHOST is of immediate and urgent concern to any IT professional administering a Linux-based server, but users of desktop Linux should also install patches, which have already been pushed out by Red Hat and Ubuntu, among others. (Red Hat Fedora 20 and later, and Ubuntu 13.10 and later, were already immune.)

Various flavors of Linux power at least a third of the world’s Web servers and mail servers, but it’s likely that administrators at top Web-based companies were tipped off ahead of today’s disclosure.

GHOST, designated CVE-2015-0235 per security-industry convention, is the fourth major vulnerability in open-source software found in the past 10 months. The stampede began with the discovery of the Heartbleed flaw in OpenSSL in April, then continued with the Shellshock hole in the Bash command-line shell in September, followed by the POODLE weakness in Web encryption in October.

Such technical talk may be gobbledygook to most computer users, but arcane open-source software runs the Internet and the Web that rides on top of it. Any major open-source flaw threatens not only the massive global Internet economy, but your ability to check your own Facebook page.

“To be clear, this is NOT the end of the Internet,” wrote Jen Ellis of Boston information-security firm Rapid7 in an official blog posting. “It’s also not another Heartbleed. But it is potentially nasty, and you should patch and reboot your affected systems immediately.”

GHOST vulnerability explained

The flaw exists in older versions of the GNU C library, or glibc, a repository of open-source software written in the C and C++ coding languages. Newer versions of glibc, beginning with glibc 2.18, released in August 2013, are not affected. But many builds of Linux may still be using older versions.

In addition to Exim, server software vulnerable to GHOST includes Apache, Sendmail, Nginx, MySQL, CUPS, Samba and many others, according to a post by Qualys researchers on the Full Disclosure mailing list. CORRECTION: The applications listed on the Full Disclosure page are NOT vulnerable to GHOST.

The risk to users of massively subscribed services such as Twitter, Facebook and all of Google’s online services should be low, presuming that administrators of those company’s servers have already implemented or are currently implementing patches. (It’s possible that last night’s 40-minute Facebook outage was the result of this.)

But implementation of the patches will have to be manual, which means that millions of websites and mail servers that don’t get the same degree of administrative attention will continue to be vulnerable for an extended period of time.

Thanks to Qualys and Tom’s Guide