A nonprofit's guide to online security: So you want to learn the lingo?        
This year marks the 25th anniversary of the World Wide Web becoming publicly available. For many of us, this is a reminder of just how much the Internet has transformed our daily lives. This rings true for nonprofits too: The Internet has revolutionized the way that nonprofits communicate, fundraise, and recruit volunteers. It has enabled nonprofits like yours to share their mission with a global audience. To raise awareness. And to change the world. 

But the power of the Internet also comes with great responsibility -- namely the need to keep information safe and secure. As a nonprofit, it can be difficult to keep up with online security, especially when terminology seems complicated. Yes, you might have heard of terms like “phishing” or “cookies,” but what do they mean?

Today, you can find the answers to your questions with our quick & easy to guide to online security terminology. In less than five minutes, you’ll be well on the way to helping keep your nonprofit safe on the Internet. 

Let’s get started! Here’s a quick guide to familiarize yourself with common lingo and learn how to distinguish terms that are friends vs foes in the online security realm. 


THE BAD GUYS: MALICIOUS ACTIONS/TERMS

  • Advanced Fee Fraud (419 scams): A technique which tricks users into sending or paying money to fraudsters on the promise of receiving greater rewards afterwards. It is most commonly associated with Nigeria, and 419 is the section of the Nigerian legal code that covers this fraud.
  • Botnet: A network of computers that are infected with malicious software without users’ knowledge, used to send viruses and spam to other computers.
  • Malware: Malicious software with the purpose of infecting devices and systems, gathering personal information, gaining access to systems or disrupting the operations of the device or systems. Essentially, any software that maliciously alters or compromises the system or device.
  • Phishing / Social Engineering Attack: An attempt by hackers who pose as trustworthy individuals or businesses in order to get your personal information such as usernames, passwords, and financial information.
  • Trojans: Malicious programs posing as or bundled with legitimate ones, which are designed to compromise your system. They are usually installed on computers from opening attachments in scam emails or by visiting infected websites. The term comes from the Trojan Horse in Greek mythology.

How to avoid social engineering attacks

THE GOOD GUYS: ONLINE SAFETY TERMS


  • [Internet] Cookie: A piece of data from a visited website and stored in the user's web browser in order to remember information that the user has entered or engaged with such as items in a shopping basket on an e-commerce site.
  • Encryption: The process of encoding data, messages, or information, such that only authorized parties can read it.
  • Firewall: A security system used to block hackers, viruses, and other malicious threats to your computer. It does this by acting as a barrier, acting on predetermined rules, which allows trusted traffic but blocks untrusted or non-secure traffic. 
  • HTTPS (Hypertext Transfer Protocol): is the protocol for secure communications over a computer network used on the Internet. It essentially provides authentication of the website and the web servers associated with it. 
  • Transport Layer Security (TLS): TLS is a protocol that encrypts and delivers mail securely, both for inbound and outbound mail traffic. It helps prevent eavesdropping between mail servers – keeping your messages private while they're moving between email providers. 
  • Two Factor Authentication / Two Step Verification: A method of using an additional process to verify your identity online. It combines both ‘something you know’ (like a password) and ‘something you have’ (like your phone or security key) — similar to withdrawing money from an ATM/cash machine, where you need both your PIN and your bank card.

That’s a wrap for now! Pass on these tips to your nonprofit partners to stay safe and secure online, so you can focus on what matters most: changing the world. 

//

To see if your nonprofit is eligible to participate, review the Google for Nonprofits eligibility guidelines. Google for Nonprofits offers organizations like yours access to Google tools like Gmail, Google Calendar, Google Drive, Google Ad Grants, YouTube for Nonprofits and more at no charge. These tools can help you reach new donors and volunteers, work more efficiently, and tell your nonprofit’s story. Learn more and enroll here.


          3 Reasons why Chromebooks might be a good fit for your nonprofit        
Nonprofits - 08_11 - Chromebooks.JPG

When we speak with nonprofit organizations, we often hear about the challenges related to technological resources. So when it comes to investing in new technology, it’s important to consider three primary factors:

  • Security: Does it keep my information private and secure?
  • Compatibility: Does it work with the programs I use?
  • Price: Is it within budget?
To address these questions, Google created the Chromebook, a series of laptops built with ChromeOS. The vision behind Chromebooks is simple — to create a safe, accessible, and affordable laptop. To improve user privacy and security, Chromebooks  automatically update to provide virus protection, encryption and safe browsing. For easy access and collaboration, they’re outfitted with Gmail, Google Docs, Hangouts (and nonprofits receive the full Google Apps bundle with 30GB of space per user at no charge). What’s more, they start at $169 USD & that’s for a laptop that has up to 10+ hours of battery life!
Nonprofits_-_08_11_-_Chromebooks2.width-1600.png
ASUS Chromebook C201 ($169)

Case Study

Charity:water, a non-profit organization that provides clean and safe drinking water to people in developing countries, has a “100 percent model,” where every dollar donated goes directly to fund clean water projects. As a result, resources are limited. In order to cover operational costs like salaries and supplies, the organization relies on a few passionate and dedicated supporters. With this in mind, Charity:water transitioned to Chromebooks to improve the efficiency of its staff’s workflow. Now, employees can spend more time focusing on their goals and working towards their mission to nourish the world.

Want to learn more?

Chromebooks gives nonprofits unified access to the Google Apps suite, including:

  • Google Docs, Sheets, Slides: Allows you to create documents, spreadsheets, and presentations in real time. They’re automatically backed up online, and you can also open and edit Microsoft Word, Powerpoint or Excel files.
  • Google Hangouts: Google Hangouts can be used to make phone calls, screenshare, and video chat.
  • Google Drive: Store, sync, and share documents in the cloud for secure and easy access.

As a nonprofit, you also receive discounted access to Chrome licenses, which give you management controls via the Chrome Device Management. Chrome Device Management is a unified way to manage all of your nonprofits’ users, devices, and data. For nonprofits, the Chrome management license is discounted to only $30 dollars — in comparison to $150!

Chromebooks are our vision for providing cheaper, easier to use, and more secure laptops. Installed with Google Apps out of the box, nonprofits can maximize impact, while saving both time and resources.


To see if your nonprofit is eligible to participate, review the Google for Nonprofits eligibility guidelines. Google for Nonprofits offers organizations like yours free access to Google tools like Gmail, Google Calendar, Google Drive, Google Ad Grants, YouTube for Nonprofits and more. These tools can help you reach new donors and volunteers, work more efficiently, and tell your nonprofit’s story. Learn more and enroll here.

To learn more about Chromebooks for nonprofits, take a look at Google for Work’s Chromebook’s website. To take advantage of the Google Nonprofit license discount, a Google partner will reach out to you once you fill out the Contact Us form.


          Basics Of Wi-Fi Security         


Hi all today i am just going to discuss how you can secure your wifi network from hackers. you must have came across many tips on securing wifi network from various blogs and all but here we will discuss from a hackers point of view and all practical and genuine approach to securing Wi-Fi network so lets begin.










 

 

Tips On Securing Wi-Fi Network -


Be Sure To Use the strongest wireless encryption your modem or router provide Making your wireless modem with wpa or wpa2 encrypt do give a trust that your wifi netwok is safe. Typically our router or modem uses various methods of encryption to protect data sent over wifi network. Always use WAP or WPA2 to use secure your wifi network if your router/modem is not having those encryption then never select that brand router/modem. If your modem/router does not provide WPA or WPA2 encryption it is strongly recommended that a new device be purchased.So you must have heard about WEP (Wired Equivalency Privacy) it is quite older technique of securing which easy for hackers to crack with that I can never say you are completely secure.




Remember the use(Change default pass) of strongest possible network password / network
key always ensure better security -














Again Its a simple tips which applies on all field for better security, As  you know general rule, the longer and more complicated the password, the more difficult for hackers to crack it. I do recommend to use minimum an eight character password should be used to allow access to your wireless network. And remember don't forget to change your modem/router default password people do forget it many time which lead to compromise the wifi network. Never use the same password to control or access more than one system or program and never use your wireless network name as your password! Doing such stupid activity makes things too easy for anyone to hack your wifi easily. Its obvious thing that most of the time our modems are designed to use a default password such as “admin”, “password” or the manufacturer’s name. These settings are easily accessible to a user when the modem and network is being set up, however because they are easily accessible and often use weak passwords will unless changed, remain potentially accessible to anyone who wishes to gain access. There are many sites available on internet which give away default passwords for modems /routers (vendor specific as well). Changing your modem or router’s default password offers a simple but effective security measure against unauthorized remote access.




Hide your SSID (network name)  - 









I know the Wi-Fi network is still Hack-able when SSID Is hidden but it makes thing bit difficult for hackers to crack any Wi-Fi network which is invisible. Typically all Wi-Fi network broadcast its presence (beacon frames) when they are turned on so making the SSID hidden keep another layer of protection in securing Wi-Fi network because if the network is not broadcasting its name that make difficult for hackers to hack it.




Access to Remote modem administration -

These days most modern modems or routers can be remotely administered over the internet. If yours can, then someone besides you can potentially locate your modem’s IP (Internet Protocol) address and potentially hack your modem.A simple fix to this vulnerability is to disable remote administration for your modem or router. If you absolutely require remote access then you can try limiting access to a particular IP address or limited range of addresses, to reduce the chance of unauthorized users gaining access to your modem’s configuration settings. As a general rule for home networks, remote access is not necessary and possibly the safest thing is to disable remote access to your modem/router.




MAC address filtering for improve security -



Encryption including WPA2 and strong passwords are the best methods to control who accesses your network, however most modems and routers offer further methods to control your network. It is a better option to make your Wi-Fi network more secure is to use mac filter as you know mac address (unique hardware address of a system)  so it ensure better protection .i know mac address can be spoofed but with all WPA2 and strong password ,mac filtering whole together ensure better security . All Most all modern modems offer the capability to restrict access to a wireless network to known devices (known MAC addresses). Trouble here is if you not setting mac filter properly then you man miss the Wi-Fi services (cannot connect to the network).





Enable modem/router firewall and security features -

Most modern modems and routers come standard with a built in firewall. A firewall can prevent unauthorized people accessing your network, can control which programs inside the network access the internet and should be enabled by default.Some hi-tech modems and routers also feature security programs known generally as intrusion detection systems (IDS). Such systems are capable of detecting attempts at unauthorized access to the system they are protecting and block many forms of attack. For additional security, all computers connected to your network should also have a software firewall system installed, or the manufacturer provided operating system firewall enabled.




Update your modem/router Firm-ware -

Some if your modem is outdated firm ware it may lead to some ready-made exploits using which any attacker can hack your network so it’s better to update firmware also the modem manufacturer provide this update firmware service for free (On modem’s website). Also keep one thing on mind unnecessary you should not make your wifi modem broad cast signal to long distance range (100m).its better to limit your modem/router signal upto 20-30 m. also always better to keep your modem at central position.So keep these things on mind while installing any wifi network and i am sure the hackers will definitely have to go through Hercules task.




This article is a Guest post by -  Chandrakant Nial



          You’re wrong, Amber Rudd – encryption is for ‘real people’        
The UK home secretary has claimed that end-to-end encryption only aids terrorists with something to hide. She’s mistaken – here's how it benefits all of us
          Raspberry Pi System Logging and Loggly        

I've already written about how useful Loggly is to log data from a Raspberry Pi, but like me, you may want to know more about how system logging actually works and what the extra configuration added by the Loggly setup script means.

This post explains how system logging works and how Loggly fits into it. It describes how the log files are rotated to avoid them filling up the disc and it also goes into a lengthy detour regarding how to encrypt the log traffic between your computer and Loggly, how all the encryption actually works and how you know you can trust it.

Read more… (20 min remaining to read)


          GuardKey USB Encryption Dongle For Drives and Cloud Review        

Introduction There are many ways to approach digital security and data safety, and today I’m taking a closer look at the GuardKey which takes a more physical approach to data safety. It combines the physical aspects of a normal key with the technical aspect of encryption to create secure storage locations for all your sensitive […]

The post GuardKey USB Encryption Dongle For Drives and Cloud Review appeared first on eTeknix.


          Apple Denies Handing Over Source Code to China        

During an Energy and Commerce Committee hearing earlier this week, entitled “Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives,” which discussed the feud between Apple and the FBI over an iPhone tied to the San Bernardino shootings, Indiana State Police Captain Charles Cohen, Commander of the Office of Intelligence and Investigative Technologies, accused the […]

The post Apple Denies Handing Over Source Code to China appeared first on eTeknix.


          Comment on How To Hack WiFi With WIFIPHISHER: Best Tool To Hack WiFi by Joycelyn Chan        
load of crap. WEP can be cracked easily. WPA2 is the best encryption by far,for wifi. #ethicalhacker
          New Post: FileExists sporadically fails        
I am trying to move to using netftp in my Keepass2Android app but things are not working as expected.

Running the code below, it seems like even though "IsConnected" returns true, a directly following call to FileExists() calls Connect (which means the connection is lost exactly between the calls?). However, as Connect() can fail every now and then, this also results in a failing FileExists() (where failing means it throws Connection refused).

Is there anything wrong with my code? Is this something to be expected, i.e. should I be prepared to retry everything I do with an FtpClient? Is there any flag to set to automatially do the retry which I have created my own for my GetClient method (which calls Connect() in a retry loop).

Thanks for any help or suggestion!

Philipp
private static T DoInRetryLoop<T>(Func<T> func)
{
    double timeout = 30.0;
    double timePerRequest = 1.0;
    var startTime = DateTime.Now;
    while (true)
    {
        var attemptStartTime = DateTime.Now;
        try
        {
            return func();
        }
        catch (System.Net.Sockets.SocketException e)
        {
            if ((e.ErrorCode != 10061) || (DateTime.Now > startTime.AddSeconds(timeout)))
            {
                throw;
            }
            double secondsSinceAttemptStart = (DateTime.Now - attemptStartTime).TotalSeconds;
            if (secondsSinceAttemptStart < timePerRequest)
            {
                Thread.Sleep(TimeSpan.FromSeconds(timePerRequest - secondsSinceAttemptStart));
            }
        }
    }       
}

internal FtpClient GetClient(IOConnectionInfo ioc)
{
    FtpClient client = new FtpClient();
    if ((ioc.UserName.Length > 0) || (ioc.Password.Length > 0))
        client.Credentials = new NetworkCredential(ioc.UserName, ioc.Password);
    else
        client.Credentials = new NetworkCredential("anonymous", ""); //TODO TEST

    Uri uri = IocPathToUri(ioc.Path);
    client.Host = uri.Host;
    if (!uri.IsDefaultPort) //TODO test
        client.Port = uri.Port;
    client.EnableThreadSafeDataConnections = false;

    client.EncryptionMode = ConnectionSettings.FromIoc(ioc).EncryptionMode;

    Func<FtpClient> connect = () =>
    {
        client.Connect();
        return client;
    };
    return DoInRetryLoop(connect);

}


string myPath = ..;
string myTempPath = myPath+".tmp";

_client = GetClient(_ioc, false);
var _stream = _client.OpenWrite(myTempPath);

//write to stream

_stream.Close();
Android.Util.Log.Debug("NETFTP", "connected: " + _client.IsConnected.ToString()); //always outputs true

if (_client.FileExists(myPath) //sporadically throws, see below
    _client.DeleteFile(myPath);
    
System.Net.Sockets.SocketException : Connection refused
10-24 13:08:07.487 I/mono-stdout(24073):          at System.Net.Sockets.SocketAsyncResult.CheckIfThrowDelayedException () [0x00017] in /Users/builder/data/lanes/3540/1cf254db/source/mono/mcs/class/System/System.Net.Sockets/SocketAsyncResult.cs:127 
          at System.Net.Sockets.SocketAsyncResult.CheckIfThrowDelayedException () [0x00017] in /Users/builder/data/lanes/3540/1cf254db/source/mono/mcs/class/System/System.Net.Sockets/SocketAsyncResult.cs:127 
10-24 13:08:07.487 I/mono-stdout(24073):          at System.Net.Sockets.Socket.EndConnect (IAsyncResult result) [0x0002f] in /Users/builder/data/lanes/3540/1cf254db/source/mono/mcs/class/System/System.Net.Sockets/Socket.cs:1593 
          at System.Net.Sockets.Socket.EndConnect (IAsyncResult result) [0x0002f] in /Users/builder/data/lanes/3540/1cf254db/source/mono/mcs/class/System/System.Net.Sockets/Socket.cs:1593 
          at System.Net.FtpClient.FtpSocketStream.Connect (System.String host, Int32 port, FtpIpVersion ipVersions) [0x0011a] in [my source folder]src
etftpandroid\System.Net.FtpClient\FtpSocketStream.cs:611 
10-24 13:08:07.487 I/mono-stdout(24073):          at System.Net.FtpClient.FtpSocketStream.Connect (System.String host, Int32 port, FtpIpVersion ipVersions) [0x0011a] in [my source folder]src
etftpandroid\System.Net.FtpClient\FtpSocketStream.cs:611 
10-24 13:08:07.487 I/mono-stdout(24073):          at (wrapper remoting-invoke-with-check) System.Net.FtpClient.FtpSocketStream:Connect (string,int,System.Net.FtpClient.FtpIpVersion)
          at (wrapper remoting-invoke-with-check) System.Net.FtpClient.FtpSocketStream:Connect (string,int,System.Net.FtpClient.FtpIpVersion)
10-24 13:08:07.487 I/mono-stdout(24073):          at System.Net.FtpClient.FtpClient.Connect () [0x000ce] in [my source folder]src
etftpandroid\System.Net.FtpClient\FtpClient.cs:807 
          at System.Net.FtpClient.FtpClient.Connect () [0x000ce] in [my source folder]src
etftpandroid\System.Net.FtpClient\FtpClient.cs:807 
          at System.Net.FtpClient.FtpClient.Execute (System.String command) [0x00136] in [my source folder]src
etftpandroid\System.Net.FtpClient\FtpClient.cs:735 
10-24 13:08:07.487 I/mono-stdout(24073):          at System.Net.FtpClient.FtpClient.Execute (System.String command) [0x00136] in [my source folder]src
etftpandroid\System.Net.FtpClient\FtpClient.cs:735 
10-24 13:08:07.487 I/mono-stdout(24073):          at System.Net.FtpClient.FtpClient.Execute (System.String command, System.Object[] args) [0x00001] in [my source folder]src
etftpandroid\System.Net.FtpClient\FtpClient.cs:694 
          at System.Net.FtpClient.FtpClient.Execute (System.String command, System.Object[] args) [0x00001] in [my source folder]src
etftpandroid\System.Net.FtpClient\FtpClient.cs:694 
10-24 13:08:07.487 I/mono-stdout(24073):          at System.Net.FtpClient.FtpClient.DirectoryExists (System.String path) [0x0005d] in [my source folder]src
etftpandroid\System.Net.FtpClient\FtpClient.cs:2679 
          at System.Net.FtpClient.FtpClient.DirectoryExists (System.String path) [0x0005d] in [my source folder]src
etftpandroid\System.Net.FtpClient\FtpClient.cs:2679 
10-24 13:08:07.487 I/mono-stdout(24073):          at System.Net.FtpClient.FtpClient.FileExists (System.String path, FtpListOption options) [0x0001c] in [my source folder]src
etftpandroid\System.Net.FtpClient\FtpClient.cs:2751 
10-24 13:08:07.487 I/mono-stdout(24073):          at System.Net.FtpClient.FtpClient.FileExists (System.String path) [0x00001] in [my source folder]src
etftpandroid\System.Net.FtpClient\FtpClient.cs:2733 
          at System.Net.FtpClient.FtpClient.FileExists (System.String path, FtpListOption options) [0x0001c] in [my source folder]src
etftpandroid\System.Net.FtpClient\FtpClient.cs:2751 
          at System.Net.FtpClient.FtpClient.FileExists (System.String path) [0x00001] in [my source folder]src
etftpandroid\System.Net.FtpClient\FtpClient.cs:2733 

          Encryption Chip Fights Off Side-Channel Attacks        
Taiwanese hardware designers say that the cloud based services are vulnerable to data leakage threat due to side-channel attacks. The side-channel attacks steal cryptographic keys used by cloud servers leaving the servers under great threat. Researchers at Taiwanese National Chiao Tung University (NCTU) have developed a chip that resists side-channel attacks. According to Chen-Yi Lee, […]
          Amazon confirms it has dropped device encryption support for Fire tablets        

 Amazon has confirmed that version 5 of Fire OS for its Fire tablet removes support for device encryption. Read More Source: techcrunch

The post Amazon confirms it has dropped device encryption support for Fire tablets appeared first on Derinmavi.


          NASA was hacked 13 times last year        

Washington: NASA said hackers stole employee credentials and gained access to mission-critical projects last year in 13 major network breaches that could compromise US national security.

National Aeronautics and Space Administration Inspector General Paul Martin testified before Congress this week on the breaches, which appear to be among the more significant in a string of security problems for federal agencies.

The space agency discovered in November that hackers working through an Internet Protocol address in China broke into the -network of NASA`s Jet Propulsion Laboratory,

Martin said in testimony released on Wednesday. One of NASA`s key labs, JPL manages 23 spacecraft conducting active space missions, including missions to Jupiter, Mars and Saturn.

He said the hackers gained full system access, which allowed them to modify, copy, or delete sensitive files, create new user accounts and upload hacking tools to steal user credentials and compromise other NASA systems. They were also able to modify system logs to conceal their actions.

"Our review disclosed that the intruders had compromised the accounts of the most privileged JPL users, giving the intruders access to most of JPL`s networks," he said.

In another attack last year, intruders stole credentials for accessing NASA systems from more than 150 employees. Martin said the his office identified thousands of computer security lapses at the agency in 2010 and 2011.

He also said NASA has moved too slowly to encrypt or scramble the data on its laptop computers to protect information from falling into the wrong hands.

Unencrypted notebook computers that have been lost or stolen include ones containing codes for controlling the International Space Station, as well as sensitive data on NASA`s Constellation and Orion programs, Martin said.

A NASA spokesman told Reuters on Friday the agency was implementing recommendations made by the Inspector General`s Office.

"NASA takes the issue of IT security very seriously, and at no point in time have operations of the International Space Station been in jeopardy due to a data breach," said NASA spokesman Michael Cabbagehe.

AIR FORCE SCRAPS IPAD PURCHASE

In a separate development, the U.S. Air Force said on Friday

it had scrapped a plan to outfit thousands of personnel with second-generation iPad tablet computers from Apple Inc, but denied the reversal was because some of the software it wanted on the devices had been written in Russia.

Two days ago, news website Nextgov raised questions about a requirement that the 2,861 iPad2s come equipped with GoodReader, an electronic document display program written by an independent Russian developer.

The devices were to be used to store and update flight information, regulations and orders, according to procurement documents.

"The cancellation was not the result of any concern about GoodReader," said Matt Durham, a spokesman at the Air Force Special Operations Command.

He said the cancellation of the six-week-old order followed a decision that the procurement should not have been reserved for small businesses.

The military and other branches of government have been putting an increased emphasis on "supply-chain security" as they try to make sure that hardware, software and other components have not been tampered with by other nations.

This has proved challenging because so many parts come from overseas. Even American companies often contract for programming work abroad.

Mike Jacobs, who headed the National Security Agency`s program for defending U.S. equipment, said in an interview he had killed a major procurement of encryption software within seconds after learning that a U.S. supplier had included a small amount of Russian-made code.

Bureau Report

Section: 
Image Caption: 
No
News Source: 

          The GSM encryption “hack,” & how it affects you        
The Wall Street Journal reports that German "hacker" Karsten Nohl demonstrated how it was possible to break the security of GSM cell phones, and to monitor conversations and text messages as they take place. However, before anyone starts fearing for their privacy, let us assess the real risk posed by this so-called breakthrough.
          Comment on Oracle Datapump Encryption by Ragip Avdijaj        
Dear mr.Natik, Can we encrypt dump file in oracle 12c Standard Edition. If yes how to enable? I have this error message when I try: Connected to: Oracle Database 12c Standard Edition Release 12.1.0.2.0 - 64bit Production ORA-00439: feature not enabled: Dump File Encryption
          BizTalk Server 2009 en SQL Server 2008 hoeksteen van gegevensverwerking bij TW4 Fulfilment Services         
Een aantal jaren geleden was de administratie van TW4 nog sterk gebaseerd op papier. Jaarlijks kwamen er meer dan een miljoen orderformulieren en brieven binnen. Voor de verwerking en opslag van alle gegevens heeft TW4 een groot aantal uiteenlopende computersystemen operationeel. Om de papierstroom te verminderen en lijn te brengen in de diversiteit aan systemen, was er behoefte aan één systeem dat de formulieren en brieven kon scannen en digitaliseren, de gegevens uit allerlei bronnen kon samenbrengen, betalingsgegevens veilig kon opslaan en de communicatie met de computersystemen op diverse locaties in de wereld kon verzorgen. De eisen die aan de oplossing werden gesteld waren zeer hoog. Zo moet het nieuwe systeem voor het betalen van de tijdschriftabonnementen vele talen, valuta en betaalmethoden ondersteunen. Om creditcard-gegevens te mogen verwerken, is PCI-compliancy (Payment Card Industry) een vereiste. Het is immers niet de bedoeling dat creditcard-nummers of andere betalingsgegevens 'op straat' komen te liggen. Jerry Dawson, Solutions Architect bij TW4 Fulfilment Services, kende BizTalk Server al en wist wat het systeem voor TW4 zou kunnen betekenen. Over de keuze voor de nieuwe versie BizTalk Server 2009 zegt hij: "Onze interesse in BizTalk Server 2009 komt voort uit de ingebouwde ondersteuning voor Microsoft SQL Server 2008. Deze database biedt Transparent Data Encryption (TDE) en deze vorm van versleuteling is een absolute vereiste, willen we aan onze strenge veiligheidseisen voldoen. TDE is één van de stappen die je moet nemen om PCI compliant te zijn. De keuze voor SQL Server 2008 was daarmee gemaakt. Daaruit volgde meteen de keuze voor BizTalk Server 2009, want waar BizTalk Server 2006 onvoldoende compatibel is met SQL Server 2008 is de nieuwe versie BizTalk Server 2009 volledig compatibel."
          How to Use Truecrypt | Truecrypt Tutorial [Screenshots] | Kali Linux, BackTrack, BackBox, Windows        
Written by Pranshu Bajpai |  | LinkedIn

Data protection is crucial. The importance of privacy--specially concerning sensitive documents--cannot be overstated, and if you’re here, you have already taken the first step towards securing it.

Truecrypt is one of the best encryption tools out there. It’s free and available for Windows and Linux. It comes pre-installed in Kali Linux and Backtrack. I first came across the tool when I was reading ‘Kingpin’ (The infamous hacker Max Butler was using it to encrypt data that could be used as evidence against him).

Here is how you can set up Truecrypt for use in Kali Linux (similar procedures will work in other Linux distros and Windows).

Goto Applications -> Accessories -> Truecrypt

Truecrypt main window opens up. As this is the first time we are using Truecrypt we need to set up a volume for our use.

Click ‘Create Volume’ and the Truecrypt volume creation wizard opens up:


Click on ‘create an encrypted file container’

This container will contain your encrypted files. The files can be of any type, as long as they lie in this container, they will be encrypted after ‘dismounting the volume’.

Now the next screen asks if you want to create a Standard or Hidden Volume. In case of hidden volume, no one would really know that it is there so they can’t ‘force’ you to provide its password.

For now we will just create a ‘Standard’ volume.



On the next screen you will asked for the ‘location’ of this volume. This can be any drive on your computer. This is where your container will lie. The container can be seen at this location but it won’t have any ‘extension’ and will have the name that you provide it during this set up.

Choose any ‘location’ on your computer for the container and carry on to the next step.

A password is now required for this volume. This is the ‘password’ which will be used to decrypt the volume while ‘mounting’ it. Needless to say, it should be strong as a weak password defeats the whole purpose of security/encryption.


Next click on ‘Format’ and the volume creation would begin. You will be shown a progress bar and it will take some time depending on how big your volume size is.



Once your ‘Formatting’ is completed. Your volume is ready to be used. You can place files in there (drag and drop works). Once done ‘Dismount’ this volume and exit Truecrypt.

When you want to access the encrypted files in the container, fire up Truecrypt and click on any ‘Slots’ on the main window.

Now goto ‘Mount’ and point to the location of the container which you selected during setting up the volume.

It will then prompt you for the password.


If you provide the correct password, you’ll see that the volume is mounted on the ‘Slot’ that you selected, if you double-click that ‘Slot’ a new explorer window would open where you can see your decrypted files and work with them. And you can add more files to the container if you want.

After you’re done, ‘Dismount’ the volume and exit Truecrypt.


          Affine Cipher Encryption Decryption Source code in Java        
Written by Pranshu Bajpai |  | LinkedIn

Encryption


/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package DICAss;
import java.io.*;
/**
 *
 * @author Pranshu
 */
public class DICAss19_AffineCipherEnc {
public static void main(String[] args) {
String Msg;
String CTxt = "";

int a = 5;
int b = 8;
int m = 26;

BufferedReader ObjIn = new BufferedReader(
new InputStreamReader(System.in));
try{
System.out.println("Enter your Message(in Caps and without spaces):");
Msg = ObjIn.readLine();

//ENCRYPTION...
for (int i = 0 ; i < Msg.length() ; i++){
CTxt = CTxt + (char)(((a * Msg.charAt(i) + b) % m) + 65);
}

System.out.println("Cipher Text :"+ CTxt);

//ENTERING CIPHER TEXT INTO A FILE...
DICAss0_FileHandling ObjFilHand = new DICAss0_FileHandling();
ObjFilHand.FileWriteFunc("BealeCipher_CTxt.txt", CTxt);
}
catch(Exception err){
System.err.print("Error: " + err);
}
}
}

Decryption


/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package DICAss;

/**
 *
 * @author Pranshu
 */
public class DICAss20_AffineCipherDec {
public static void main(String[] args) {
String Msg = "";
String CTxt;

int a = 5;
int b = 8;
int m = 26;
int a_inv = 0;
int flag = 0 ;

//Finding a_inverse...
for (int i = 0 ; i < 26 ; i++){
flag = (a * i) % 26;
if (flag == 1){
a_inv = i;
}
}

try{
DICAss0_FileHandling ObjFileHand = new DICAss0_FileHandling();
CTxt = ObjFileHand.FileReadFunc("BealeCipher_CTxt.txt");
System.out.println("CIPHER TEXT IS :"+ CTxt);


//DECRYPTION...
for (int i = 0 ; i < CTxt.length() ; i++){
Msg = Msg + (char)(((a_inv * (CTxt.charAt(i) - b)) % 26) + 65);
}

System.out.println("Original Message :"+ Msg);
}
catch(Exception err){
System.err.print("Error: " + err);
}
}
}

          Vignere Cipher Encryption Decryption Source code in Java        
Written by Pranshu Bajpai |  | LinkedIn

Encryption




/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package DICAss;

/**
 *
 * @author Pranshu
 */
public class DICAss14_VignereEnc {
public static void main(String[] args){
String Msg = "IAMUNDERATTACK";
//String Msg = "vaibs";
String Key = "CRYPTO";

String CTxt = "";

int MsgLen = Msg.length();
int KeyLen = Key.length();

int i;

//CREATING FINAL KEY TO ENCRYPT THE MESSAGE!!!
String KeyFinal = "";
if( MsgLen < KeyLen){
for( i = 0 ; i < MsgLen ; i++){
KeyFinal = KeyFinal + Key.charAt(i);
}
//System.out.println(KeyFinal);
}
else{
int Div = MsgLen / KeyLen;
int Rem = MsgLen % KeyLen;

for (i = 0 ; i < Div ; i++){
KeyFinal = KeyFinal + Key;
}

for( i = 0 ; i < Rem ; i++){
KeyFinal = KeyFinal + Key.charAt(i);
}
//System.out.println(KeyFinal);
}

System.out.println("Msg : " + Msg);
System.out.println("Key : " + KeyFinal);

//ENCRYPTION...
int temp;
char c;
int sum;
for(i = 0 ; i < MsgLen; i++){
sum = Msg.charAt(i) + KeyFinal.charAt(i);
if (sum >= 155 ){
temp = sum - 90;
}
else {
temp = sum - 64;
}

c = (char) temp;
CTxt = CTxt + c;
}
System.out.println("CiP : " + CTxt);
}
}

Decryption



/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package DICAss;

/**
 *
 * @author Pranshu
 */
public class DICAss15_VignereDec {
public static void main(String[] args){
String Msg = "";
//String Msg = "vaibs";
String Key = "CRYPTO";

String CTxt = "LSLKHSHJZJNPFC";

int CTxtLen = CTxt.length();
int KeyLen = Key.length();

//GENERATING FINAL KEY TO DECRYPT CIPHER TEXT!!!
int i;
String KeyFinal = "";
if( CTxtLen < KeyLen){
for( i = 0 ; i < CTxtLen ; i++){
KeyFinal = KeyFinal + Key.charAt(i);
}
//System.out.println(KeyFinal);
}
else{
int Div = CTxtLen / KeyLen;
int Rem = CTxtLen % KeyLen;

for (i = 0 ; i < Div ; i++){
KeyFinal = KeyFinal + Key;
}

for( i = 0 ; i < Rem ; i++){
KeyFinal = KeyFinal + Key.charAt(i);
}
//System.out.println(KeyFinal);
}

System.out.println("CiP : " + CTxt);
System.out.println("Key : " + KeyFinal);

//DECRYPTION...
int temp;
char c;
int sum;

for(i = 0 ; i < CTxtLen; i++){
sum = CTxt.charAt(i) - KeyFinal.charAt(i);
if (sum >= 0 ){
temp = sum + 64;
}
else {
temp = sum + 90;
}

c = (char) temp;
Msg = Msg + c;
}
System.out.println("Msg : " + Msg);
}
}

          One Time Pad Encryption Decryption Source code in Java        
Written by Pranshu Bajpai |  | LinkedIn

Encryption


/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package DICAss;
import java.util.Random;
import java.io.*;
/**
 *
 * @author Pranshu
 */
public class DICAss17_OneTimePadEnc {
public static void main(String[] args) {
try{
String Msg ;
String Key = "";
String CTxt = "";

//taking message from user
BufferedReader ObjIn = new BufferedReader(
new InputStreamReader(System.in));
System.out.print("Enter the Message(Without any space and in Block Letters): \n");
Msg = ObjIn.readLine();

//to Generate random no. between 0-25 and Generating Key
Random randomGenerator = new Random();
for (int idx = 1; idx <= Msg.length(); ++idx){
int randomInt = randomGenerator.nextInt(26);
Key = Key + (char)(65+randomInt);
}
System.out.println("Key: \n" + Key);

//ENCRYPTION...
int temp;
char c;
int sum;
for(int i = 0 ; i < Msg.length(); i++){
sum = Msg.charAt(i) + Key.charAt(i);

if (sum >= 155 ){
temp = sum - 90;
}
else {
temp = sum - 64;
}

c = (char) temp;
CTxt = CTxt + c;
}
System.out.println("CiP : " + CTxt);

//CREATING FILES FOR THE KEY & CIPHER TEXT... FOR TRANSMISSION!!!
DICAss0_FileHandling ObjFileHand = new DICAss0_FileHandling();
ObjFileHand.FileWriteFunc("OTP_Key.txt", Key);
ObjFileHand.FileWriteFunc("OTP_CipherText.txt", CTxt);
}
catch(Exception err){
System.err.println("Error: " + err);
}
}
}

Decryption



/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package DICAss;

/**
 *
 * @author Pranshu
 */
public class DICAss18_OneTimePadDec {
public static void main(String[] args){
String Msg = "";
String Key;
String CTxt;

DICAss0_FileHandling ObjFileHand = new DICAss0_FileHandling();
Key = ObjFileHand.FileReadFunc("OTP_Key.txt");
CTxt = ObjFileHand.FileReadFunc("OTP_CipherText.txt");

//DECRYPTION...
int temp;
char c;
int sum;

for(int i = 0 ; i < CTxt.length(); i++){
sum = CTxt.charAt(i) - Key.charAt(i);
if (sum >= 0 ){
temp = sum + 64;
}
else {
temp = sum + 90;
}

c = (char) temp;
Msg = Msg + c;
}
System.out.println("Msg : " + Msg);
}
}

          XOR Encryption Decryption Java Source Code        
Written by Pranshu Bajpai |  | LinkedIn

Encryption



package DICAss;

/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */

/**
 *
 * @author Pranshu
 */
public class DICAss10_XOREncryption {
public static void main(String[] args){
String Msg = "I AM UNDER ATTACK!";
char Key = 'k';
String CTxt = "";
int xor;
char temp;
for(int i = 0 ; i < Msg.length() ; i++){
xor = Msg.charAt(i) ^ Key;
temp = (char)xor;
CTxt = CTxt + temp;
}

System.out.println(CTxt);
}
}

Decryption




package DICAss;

/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */

/**
 *
 * @author Pranshu
 */
public class DICAss11_XORDecryption {
public static void main(String[] args){
String CTxt = "\"K*&K>%/.9K*??*( J";
char Key = 'k';
String Msg = "";
int xor;
char temp;
for(int i = 0 ; i < CTxt.length() ; i++){
xor = CTxt.charAt(i) ^ Key;
temp = (char)xor;
Msg = Msg + temp;
}

System.out.println(Msg);
}
}

          Caesar Cipher Encryption Decryption Java Source code        
Written by Pranshu Bajpai |  | LinkedIn

Source code for Caesar Cipher Encryption





package DICAss;

/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */

/**
 *
 * @author Pranshu
 */
public class DICAss12_CaesorCipherEnc {
public static void main(String[] args)
{
String Msg = "IAMUNDERATTACKW";
int Key = 3;

String CTxt = "";

int temp;
char c;
for(int i = 0 ; i < Msg.length() ; i++){
if (Msg.charAt(i) + Key > 90){
temp = (Msg.charAt(i) + Key) -26;
}
else{
temp = (Msg.charAt(i) + Key);
}

c = (char) temp;
CTxt = CTxt + c;
}

System.out.println(CTxt);
}
}

Source Code for Caesar Cipher Decryption


package DICAss;

/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */

/**
 *
 * @author Pranshu
 */
public class DICAss13_CaesorCipherDec {
public static void main(String[] args)
{
String CTxt = "LDPXQGHUDWWDFNZC";
int Key = 3;

String Msg = "";

int temp, num;
char c;
for(int i = 0 ; i < CTxt.length() ; i++){
num = ((CTxt.charAt(i) - Key) - 64);
if ( num <= 0){
temp = (90 - (num * (-1))%26);
}
else {
temp = (( num % 26) + 64);
}

c = (char) temp;
Msg = Msg + c;
}
System.out.println(Msg);
}
}

          Hacking Neighbour's Wifi (Password) | Hacking Neighbor's Wireless (Internet) | Step by Step How To        
Written by Pranshu Bajpai |  | LinkedIn

Disclaimer: For educational purposes only: This is meant merely to exhibit the dangers of using Poor wireless security. Please note that prior to beginning the test you should seek explicit consent from the owner if the access point does not belong to you.

Hacking into a Neighbor's Wifi access point

OS: Kali Linux
Test Subject: Neighbor's WiFi Access Point
Encryption: WEP

I noticed 4 wireless Access Points in the vicinity. 3 of these were using WPA / WPA2 and I was in no mood for a dictionary attack on WPA handshake, since it takes a long time and success isn't guaranteed. I found one access point using WEP Security and as you know it is an outdated protocol with poor security.

I tested penetrating this WEP access point using the same Aircrack-ng Suite of tools as I have mentioned in this previous post.

Step 1: Discovered the WEP AP having SSID 'dlink'  (Notice the weak signal power from neighbor's house to mine)




Step 2: Collected the required number of Data Packets from the WEP Network. Meanwhile, I used 'aireplay-ng --arpreplay' to increase the data rate since I am not a Patient soul.



Step 3: Saved the data packets in a file called 'neighbor-01.cap' and cracked the password using 'Aircrack-ng'


The Key for the Neighbor's Wifi turned out to be: "1234567890"   -    (An easily guessable Password, just what I expected from someone using WEP Security in 2014)

Step 4: I connected to the wifi using the decrypted key, it allocated an IP to me using DHCP (192.168.0.102)



Note: If you want a better step by step on how to hack a WiFi, check out my previous post here.

5: I was connected to the Internet.

6: Since I was part of their network now, curiosity got the better of me and I decided to scan the network and see who else is connected. I found 3 devices in the network:

One was my Laptop
Another one was my cellphone (I connected my cellphone to the network earlier)
And third was the Dlink router itself (192.168.0.1)
None of the neighbor's own devices were connected to the network at the time.

nmap told me that the dlink router had an open port 80, which reminded me to check out the control panel of this dlink device.

Step 7: So I fired up my browser and went to '192.168.0.1:80' which opened the login panel for dlink access point control panel



Step 8:  Quick google search revealed that defaults for login on dlink devices are:
username: 'admin' and password:blank
Step 9: A tried logging in with defaults and got access to the control panel.




(Again BAD security practice: leaving defaults unchanged!)




Step 10: I was getting weak power from the AP and decided to upgrade their firmware and see if it made a difference.

The Current firmware of the neighbor's wifi was '5.10'

I checked for latest Firmware available. It was '5.13'



I downloaded the upgrade on my machine ("DIR********.bin")

Step 11: I made a backup of the configuration of the Access point before upgrading. I saved backup 'config.bin' to my laptop from the neighbor's wifi

Step 12: I went ahead and upgraded the Firmware. I uploaded the DIR****.bin from my laptop to the access point and it went for a reboot.



I lost access to the WiFi after the upgrade.

I figured the new upgraded firmware changed the Password for the WiFi now and I couldn't connect to it anymore. Moreover, since I lost access to the Internet now along with the WiFi, I couldn't Google the default password for the upgraded firmware anymore.

And I couldn't crack it either because this time no one--not even the neighbor himself--would be able to authenticate to the WiFi with the new unknown password after the firmware upgrade and hence no data packets would be generated and I will have nothing to crack.

Step: I fired up 'Airodump-ng' again and noticed that the firmware upgrade simply changed the access point security to "open", ie, no password is required to connect to it.

Step: I connected to the "Open" wifi and restored the Configuration settings using the 'config.bin' backup I made earlier.

I manually selected WPA2 security and provided the same password as used earlier by my neighbor ("1234567890")

Disclaimer: Please note that I had explicit consent from the owner before commencing this test. If you do not have such permission, please try it on your own access point. Failing to do so will result in illicit activities.



          ubuntu kerberos配置        
http://www.blogjava.net/ivanwan/archive/2012/12/19/393221.html

https://help.ubuntu.com/10.04/serverguide/kerberos.html

Kerberos

Kerberos is a network authentication system based on the principal of a trusted third party. The other two parties being the user and the service the user wishes to authenticate to. Not all services and applications can use Kerberos, but for those that can, it brings the network environment one step closer to being Single Sign On (SSO).

This section covers installation and configuration of a Kerberos server, and some example client configurations.

Overview

If you are new to Kerberos there are a few terms that are good to understand before setting up a Kerberos server. Most of the terms will relate to things you may be familiar with in other environments:

  • Principal: any users, computers, and services provided by servers need to be defined as Kerberos Principals.

  • Instances: are used for service principals and special administrative principals.

  • Realms: the unique realm of control provided by the Kerberos installation. Usually the DNS domain converted to uppercase (EXAMPLE.COM).

  • Key Distribution Center: (KDC) consist of three parts, a database of all principals, the authentication server, and the ticket granting server. For each realm there must be at least one KDC.

  • Ticket Granting Ticket: issued by the Authentication Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's password which is known only to the user and the KDC.

  • Ticket Granting Server: (TGS) issues service tickets to clients upon request.

  • Tickets: confirm the identity of the two principals. One principal being a user and the other a service requested by the user. Tickets establish an encryption key used for secure communication during the authenticated session.

  • Keytab Files: are files extracted from the KDC principal database and contain the encryption key for a service or host.

To put the pieces together, a Realm has at least one KDC, preferably two for redundancy, which contains a database of Principals. When a user principal logs into a workstation, configured for Kerberos authentication, the KDC issues a Ticket Granting Ticket (TGT). If the user supplied credentials match, the user is authenticated and can then request tickets for Kerberized services from the Ticket Granting Server (TGS). The service tickets allow the user to authenticate to the service without entering another username and password.

Kerberos Server

Installation

Before installing the Kerberos server a properly configured DNS server is needed for your domain. Since the Kerberos Realm by convention matches the domain name, this section uses the example.com domain configured in the section called “Primary Master”.

Also, Kerberos is a time sensitive protocol. So if the local system time between a client machine and the server differs by more than five minutes (by default), the workstation will not be able to authenticate. To correct the problem all hosts should have their time synchronized using the Network Time Protocol (NTP). For details on setting up NTP see the section called “Time Synchronisation with NTP”.

The first step in installing a Kerberos Realm is to install the krb5-kdc and krb5-admin-server packages. From a terminal enter:

sudo apt-get install krb5-kdc krb5-admin-server 

You will be asked at the end of the install to supply a name for the Kerberos and Admin servers, which may or may not be the same server, for the realm.

Next, create the new realm with the kdb5_newrealm utility:

sudo krb5_newrealm 

Configuration

The questions asked during installation are used to configure the /etc/krb5.conf file. If you need to adjust the Key Distribution Center (KDC) settings simply edit the file and restart the krb5-kdc daemon.

  1. Now that the KDC running an admin user is needed. It is recommended to use a different username from your everyday username. Using the kadmin.local utility in a terminal prompt enter:

    sudo kadmin.local Authenticating as principal root/admin@EXAMPLE.COM with password. kadmin.local: addprinc steve/admin WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no policy Enter password for principal "steve/admin@EXAMPLE.COM":  Re-enter password for principal "steve/admin@EXAMPLE.COM":  Principal "steve/admin@EXAMPLE.COM" created. kadmin.local: quit 

    In the above example steve is the Principal, /admin is an Instance, and @EXAMPLE.COM signifies the realm. The "every day" Principal would be steve@EXAMPLE.COM, and should have only normal user rights.

    [Note]

    Replace EXAMPLE.COM and steve with your Realm and admin username.

  2. Next, the new admin user needs to have the appropriate Access Control List (ACL) permissions. The permissions are configured in the /etc/krb5kdc/kadm5.acl file:

    steve/admin@EXAMPLE.COM        * 

    This entry grants steve/admin the ability to perform any operation on all principals in the realm.

  3. Now restart the krb5-admin-server for the new ACL to take affect:

    sudo /etc/init.d/krb5-admin-server restart 
  4. The new user principal can be tested using the kinit utility:

    kinit steve/admin steve/admin@EXAMPLE.COM's Password: 

    After entering the password, use the klist utility to view information about the Ticket Granting Ticket (TGT):

    klist Credentials cache: FILE:/tmp/krb5cc_1000         Principal: steve/admin@EXAMPLE.COM    Issued           Expires          Principal Jul 13 17:53:34  Jul 14 03:53:34  krbtgt/EXAMPLE.COM@EXAMPLE.COM 

    You may need to add an entry into the /etc/hosts for the KDC. For example:

    192.168.0.1   kdc01.example.com       kdc01 

    Replacing 192.168.0.1 with the IP address of your KDC.

  5. In order for clients to determine the KDC for the Realm some DNS SRV records are needed. Add the following to /etc/named/db.example.com:

    _kerberos._udp.EXAMPLE.COM.     IN SRV 1  0 88  kdc01.example.com. _kerberos._tcp.EXAMPLE.COM.     IN SRV 1  0 88  kdc01.example.com. _kerberos._udp.EXAMPLE.COM.     IN SRV 10 0 88  kdc02.example.com.  _kerberos._tcp.EXAMPLE.COM.     IN SRV 10 0 88  kdc02.example.com.  _kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1  0 749 kdc01.example.com. _kpasswd._udp.EXAMPLE.COM.      IN SRV 1  0 464 kdc01.example.com. 
    [Note]

    Replace EXAMPLE.COM, kdc01, and kdc02 with your domain name, primary KDC, and secondary KDC.

    See Chapter 7, Domain Name Service (DNS) for detailed instructions on setting up DNS.

Your new Kerberos Realm is now ready to authenticate clients.

Secondary KDC

Once you have one Key Distribution Center (KDC) on your network, it is good practice to have a Secondary KDC in case the primary becomes unavailable.

  1. First, install the packages, and when asked for the Kerberos and Admin server names enter the name of the Primary KDC:

    sudo apt-get install krb5-kdc krb5-admin-server 
  2. Once you have the packages installed, create the Secondary KDC's host principal. From a terminal prompt, enter:

    kadmin -q "addprinc -randkey host/kdc02.example.com" 
    [Note]

    After, issuing any kadmin commands you will be prompted for your username/admin@EXAMPLE.COM principal password.

  3. Extract the keytab file:

    kadmin -q "ktadd -k keytab.kdc02 host/kdc02.example.com" 
  4. There should now be a keytab.kdc02 in the current directory, move the file to /etc/krb5.keytab:

    sudo mv keytab.kdc02 /etc/krb5.keytab 
    [Note]

    If the path to the keytab.kdc02 file is different adjust accordingly.

    Also, you can list the principals in a Keytab file, which can be useful when troubleshooting, using the klist utility:

    sudo klist -k /etc/krb5.keytab 
  5. Next, there needs to be a kpropd.acl file on each KDC that lists all KDCs for the Realm. For example, on both primary and secondary KDC, create /etc/krb5kdc/kpropd.acl:

    host/kdc01.example.com@EXAMPLE.COM host/kdc02.example.com@EXAMPLE.COM 
  6. Create an empty database on the Secondary KDC:

    sudo kdb5_util -s create 
  7. Now start the kpropd daemon, which listens for connections from the kprop utility. kprop is used to transfer dump files:

    sudo kpropd -S 
  8. From a terminal on the Primary KDC, create a dump file of the principal database:

    sudo kdb5_util dump /var/lib/krb5kdc/dump 
  9. Extract the Primary KDC's keytab file and copy it to /etc/krb5.keytab:

    kadmin -q "ktadd -k keytab.kdc01 host/kdc01.example.com" sudo mv keytab.kdc01 /etc/kr5b.keytab 
    [Note]

    Make sure there is a host for kdc01.example.com before extracting the Keytab.

  10. Using the kprop utility push the database to the Secondary KDC:

    sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com 
    [Note]

    There should be a SUCCEEDED message if the propagation worked. If there is an error message check /var/log/syslog on the secondary KDC for more information.

    You may also want to create a cron job to periodically update the database on the Secondary KDC. For example, the following will push the database every hour:

    # m h  dom mon dow   command 0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && /usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com 
  11. Back on the Secondary KDC, create a stash file to hold the Kerberos master key:

    sudo kdb5_util stash 
  12. Finally, start the krb5-kdc daemon on the Secondary KDC:

    sudo /etc/init.d/krb5-kdc start 

The Secondary KDC should now be able to issue tickets for the Realm. You can test this by stopping the krb5-kdc daemon on the Primary KDC, then use kinit to request a ticket. If all goes well you should receive a ticket from the Secondary KDC.

Kerberos Linux Client

This section covers configuring a Linux system as a Kerberos client. This will allow access to any kerberized services once a user has successfully logged into the system.

Installation

In order to authenticate to a Kerberos Realm, the krb5-user and libpam-krb5 packages are needed, along with a few others that are not strictly necessary but make life easier. To install the packages enter the following in a terminal prompt:

sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config 

The auth-client-config package allows simple configuration of PAM for authentication from multiple sources, and the libpam-ccreds will cache authentication credentials allowing you to login in case the Key Distribution Center (KDC) is unavailable. This package is also useful for laptops that may authenticate using Kerberos while on the corporate network, but will need to be accessed off the network as well.

Configuration

To configure the client in a terminal enter:

sudo dpkg-reconfigure krb5-config 

You will then be prompted to enter the name of the Kerberos Realm. Also, if you don't have DNS configured with Kerberos SRV records, the menu will prompt you for the hostname of the Key Distribution Center (KDC) and Realm Administration server.

The dpkg-reconfigure adds entries to the /etc/krb5.conf file for your Realm. You should have entries similar to the following:

[libdefaults]         default_realm = EXAMPLE.COM ... [realms]         EXAMPLE.COM = }                                 kdc = 192.168.0.1                                admin_server = 192.168.0.1         } 

You can test the configuration by requesting a ticket using the kinit utility. For example:

kinit steve@EXAMPLE.COM Password for steve@EXAMPLE.COM: 

When a ticket has been granted, the details can be viewed using klist:

klist Ticket cache: FILE:/tmp/krb5cc_1000 Default principal: steve@EXAMPLE.COM  Valid starting     Expires            Service principal 07/24/08 05:18:56  07/24/08 15:18:56  krbtgt/EXAMPLE.COM@EXAMPLE.COM         renew until 07/25/08 05:18:57   Kerberos 4 ticket cache: /tmp/tkt1000 klist: You have no tickets cached 

Next, use the auth-client-config to configure the libpam-krb5 module to request a ticket during login:

sudo auth-client-config -a -p kerberos_example 

You will should now receive a ticket upon successful login authentication.

Resources



SIMONE 2016-07-05 11:37 发表评论

          Apache Kafka Security 101        
     摘要: http://www.confluent.io/blog/apache-kafka-security-authorization-authentication-encryptionTLS, Kerberos, SASL, and Authorizer in Apache Kafka 0.9 - Enabling New Encryption, Authorization, and Authenti...  é˜…读全文

SIMONE 2016-06-30 19:16 发表评论

          Unsupervised Learning: No. 85        

This week’s topics: The future of security testing, nuclear plant hacks, Android malware, satellite decryption, wildcard certs, military encryption, gsuite protections, WWE S3, tesla 3, jawbone, drone hacking, mental aging, millionare GPAs, discovery, recommendations, the weekly aphorism, and more… This is Episode No. 85 of Unsupervised Learning—a weekly show where I curate 3-5 hours of reading in infosec,...

__

I do a weekly show called Unsupervised Learning, where I curate the most interesting stories in infosec, technology, and humans, and talk about why they matter. You can subscribe here.


          Announcing TurnKey Hub v2.0        

Hub

I can't believe it's been over 6 years since we announced v1.0. Even more shocking is the last hub tagged blog post was over 4 years ago, given that we haven't stopped developing, improving and adding features to the Hub during that time.

The below are just a few highlights that stood out while I was reviewing the git-log for the base application, though I'm sure I missed some...

$ git diff --stat 68a14f27 HEAD
585 files changed, 54948 insertions(+), 15202 deletions(-)

Review of notable changes since the last post

On-boarding and support

  • Improved account setup flow. Since the deployment of the new on-boarding flow, we've seen a 68.3% increase in users going from zero to a fully setup account. We continue to analyze where users are getting stuck, improve the flow, and remove friction where ever we can.
  • We've been experimenting with integrated online chat and issue tracking. Obviously this has increased our support load, but the improved support we can offer users, and the insights we get are totally worth it.

IAM Role support

  • Mid 2014 we added support for IAM roles. IAM is AWS's Identity and Access Management system. An IAM role is the secure, recommended way to authorize apps to call the AWS API on your behalf.
  • Before IAM roles, the only way to provide access was to share secret keys which could get stolen. Worse, there was no way to tell who was using those keys to access your account or what they were doing.
  • With IAM roles, there are no keys to steal and it is possible to log access by role to keep track of all actions performed on your behalf by 3rd party apps.
  • We believe in multi-layered security, so we also developed what we internally call the 'hub-vault', a separate system acting as the gatekeeper for performing 'assume-role' API calls against Amazon STS.

Cloud deployment and management

  • Completely redesigned dashboards (servers, domains, assets, etc.).
  • Support for HVM instance types (bang-for-your-buck).
  • Support for 'magical' VPC deployments (creates a VPC if needed, enables DNS attributes, creates and attaches an Internet Gateway, sets up VPC/Gateway routing, creates Subnets and associates routing tables).
  • Improved launch page - inline usage fees, instance sizes tagged per generation, more advanced options (enable security notifications, availability zone selection).
  • Currently supports 14.1 appliances, updated to 14.2 when released.
  • Added support for multi-zones.
  • Reserved instances now supports 3rd party offers.
  • Server SSH fingerprints available in dashboard for OOB verification.

TurnKey Backup and Migration (TKLBAM)

  • Completely redesigned dashboard.
  • Support for IAM role STS credentials, and vanilla Amazon S3.
  • Reduced storage fees ($0.03/GB).
  • Backups are now stored in regional buckets with unique prefixes.
  • Due to supporting vanilla S3, the Hub now has a TKLBAM free plan.

New billing system

  • We now leverage Stripe to handle our billing, an industry leading payment processor who processes billions of dollars worth of transactions for thousands of companies. Integrated with end-to-end encryption from browser to Stripe, your credit card details never touch the Hub.
  • The Hub now has stream-lined upgrade/downgrade functionality, with pro-rata support, as well as free trials.
  • Previously the Hub leveraged Amazon DevPay for billing as well as TKLBAM storage. We've developed a migration mechanism to ease the move, as well as providing free-upgrades / discounts.

Amazon marketplace integration

  • Users who have instances deployed via the Amazon marketplace can now register them with the Hub, and get the standard TKLBAM plan as well as support enabled in their account.

As usual, if you have feedback or ideas for improvement, please send it our way.

The TurnKey Hub lives at: https://hub.turnkeylinux.org


          Passphrase dictionary attack countermeasures in tklbam's keying mechanism        

Background: how a backup key works

In TKLBAM the backup key is a secret encrypted with a passphrase which is uploaded to the Hub.  Decrypting the backup key yields the secret which is passed on to duplicity (and eventually to GnuPG) to be used as the symmetric key with which backup volumes are encrypted on backup and decrypted on restore.

When you create a new backup, or change the passphrase on an existing backup, a new backup key is uploaded to the Hub where it is stored in the key field for that backup record.

When you restore, tklbam downloads the backup key from the Hub and decrypts it locally on the computer performing the restore. Note that the Hub only allows you to download the backup key for backup records to which you have access (e.g., you are the owner).

Only you can decrypt your passphrase protected backups

All of this matters because it means that as long as you use a passphrase to protect the key, even the Hub can't decrypt your backups, only you can - provided you remember the passphrase (or failing that, at least have the escrow key stored in a safe place).

In other words, the decryption of the backup key happens locally and at no point does the passphrase reach the Hub, so we can't decrypt your backup even if you asked us to. Neither can an attacker that has theoretically compromised the Hub, or a government agency that comes kicking down our door with a court warrant.

The problem with cryptographic passphrases

But wait. If an attacker has local access to the key, his ability to run dictionary attacks to find the key's passphrase is limited only by the computational resources he can throw at it.

Remember there's a critical difference between a passphrase used for authentication purposes (e.g., to an online service) and a passphrase used for cryptographic purposes.

By contrast, a passphrase used for authenticating to an online service doesn't need to be as strong as a passphrase that is used cryptographically because with an online service, even if no explicit countermeasures are used (e.g., IP blacklisting on too many failed attempts) there is still a network between the attacker and the service. The available bandwidth places a debilitating upper limit on how many passphrases can be tried per second. Also, in practice there are usually  bottlenecks in other places which would slow down an online dictionary attack even further.

But a passphrase used for cryptographic purposes assumes the attacker has access to the ciphertext, and that's a whole different ball game.

To better understand what we're up against, here's the formula for calculating the size of the passphrase search space:

log(howmany_different_possible_values ** howmany_values) / log(2)

For example, consider a typical 6 letter password.

6 ASCII printable letters = maximum 42-bits of search space.

That's a maximum of 4 trillion possible combinations. Which sounds like a lot. But it really isn't, since:

  1. You can probably squeeze out about 1 million local passphrase tests per second from a modern multi-core workstation, assuming a typical passphrase encryption method is used.

  2. This is one of those problems that are trivial to parallelize.

    If you rent just 100 computers (e.g., in the cloud) you could exhaustively search through 42-bits in about 5 days.

    And remember, today the bad guys often have millions of computers at their disposal via botnets.

  3. People are very bad at choosing truly random passwords. A clever attacker will try the low hanging fruit first, so they're likely to find out your passphrase much sooner than by brute forcing blindly through the full search space.

    For example, say you know a 6 letter password is much too short for an encryption key and instead you're using a longer random combination of 10,000 common English words:

    • 2 words = 18-bits worth of search space.
    • 3 words = 27-bits worth of search space.
    • 4 words = 36-bits worth of search space.

    English words aren't very random so your "paranoid" 3 word, 17 letter passphrase may actually be easier to crack than a truly random combination of just 4 ASCII printable characters (28-bits).

    For comparison, let's see what happens if you use 6 random individual characters.

    If you just use random lowercase characters the search space is reduced to 27-bits which is 32,768 times easier to search through than the full 42-bit search space of 6-letter ASCII printable passwords.

    If you just use random lowercase characters and numbers, the search space is 30-bits which is 4,096 times easier to search through.

    If you just use random lowercase and uppercase characters and numbers, the search space is 35-bits which is 128 times easier to search through.

The good news is that each bit of search space doubles the expense for the attacker.

The bad news is that it takes a truly random combination of 11 uppercase, lowercase characters and numbers just to reach 64-bits worth of search space, and a 10M strong botnet could crack even that in an average of 10 days.

Bottom line: even your supposedly ultra-paranoid passphrase (e.g., r0m4n14nv4mp1r344rdv4rkn3st) of 4 random words from a dictionary of 150K words (in l33t speak) only has about 50-bits worth of entropy, despite being 27 characters long. A 10,000 botnet could crack that in about a day.

Countermeasures: increase computational cost

Though it's impossible to prevent these attacks entirely I've implemented a couple of countermeasures in the way TKLBAM generates passphrase protected keys:

1) The first trick: increase how computationally expensive it is to calculate the cipher key from the passphrase:

def _repeat(f, input, count):
    for x in xrange(count):
        input = f(input)
    return input

def _cipher_key(passphrase, repeats):
    cipher_key = _repeat(lambda k: hashlib.sha256(k).digest(),
                         passphrase, repeats)

The principle is that calculating a hash costs CPU time so by feeding the hash into itself enough times we can linearly increase how expensive it is to map the passphrase-space to the key-space.

For example, repeating the hash routine 100,000 times takes about a quarter second on one of the cores of my computer. If I use all 4 cores this limits me to generating 16 cipher keys per second. Down from 1.6 million cipher keys per second. So that's one way to dramatically reduce the practical feasibility of a dictionary or exhaustive brute force attack.

Note that an attacker can't circumvent this calculation by searching through the key-space directly because even after we increase the cost of generating the passphrase space a 100,000 times over, the cost of trying to bruteforce the 256-bit key-space directly is still countless trillions of times greater.

The weakness of this technique is that an attacker would have to pay the cost of mapping the passphrase-space (e.g., a dictionary) to the key-space only once when trying to crack multiple keys.

2) The second trick: increase how computationally expensive it is to decrypt the key packet by increasing the number of times we pass it through encryption:

def _cipher(cipher_key):
    return AES.new(cipher_key, AES.MODE_CBC)

ciphertext = _repeat(lambda v: _cipher(cipher_key).encrypt(v),
                     _pad(plaintext), cipher_repeats)

This part of the computational expense is key-specific so trading off memory to pre-calculate the mapped key-space won't help you with this step.

Implementation notes

Embedding repeat parameters in the key packet

The current implementation hardwires 100,000 repeats of the hash, and another 100,000 repeats of the cipher.

This makes searching through the passphrase-space about 200,000 times more expensive. On my workstation it takes 0.5 seconds to encrypt or decrypt a key (per-core).

I'm not sure these are the ideal parameters but they are in the ball park of how much you can increase the computational expense before usability suffers.

That's not to say you couldn't go higher, but there's a practical upper boundary to that too. If you're willing to wait about a minute for key generation/decryption you could increase the computational expense about 100 times over and that would give you 100 times better protection or allow you to use a password that is 100 times weaker with the same protection.

Just in case, to allow the number of repeats to change or be user configurable in the future the key formatter routine embeds the repeat parameters into the unencrypted portion of the key packet. This allows the key parsing routine to extract these parameters from the key itself so it can just as easily parse a 0.5 second key (I.e., the current default) as a 5 second, or 50 second key.

Embedding a version id

Just to make sure the key format is future proof I'm also embedding a version id into it.

Embedding a version costs almost nothing (an extra byte) and makes it easier to support incompatible changes to the key format should the need arise (e.g., changing of cipher/hash, changing the format, etc.).

Worst case scenario, we increment the version and implement a new incompatible key format. Old clients won't be able to understand the new key format but will at least fail reliably, and new clients will be able to support both new and old key formats.


          TKLBAM: a new kind of smart backup/restore system that just works        

Drum roll please...

Today, I'm proud to officially unveil TKLBAM (AKA TurnKey Linux Backup and Migration): the easiest, most powerful system-level backup anyone has ever seen. Skeptical? I would be too. But if you read all the way through you'll see I'm not exaggerating and I have the screencast to prove it. Aha!

This was the missing piece of the puzzle that has been holding up the Ubuntu Lucid based release batch. You'll soon understand why and hopefully agree it was worth the wait.

We set out to design the ideal backup system

Imagine the ideal backup system. That's what we did.

Pain free

A fully automated backup and restore system with no pain. That you wouldn't need to configure. That just magically knows what to backup and, just as importantly, what NOT to backup, to create super efficient, encrypted backups of changes to files, databases, package management state, even users and groups.

Migrate anywhere

An automated backup/restore system so powerful it would double as a migration mechanism to move or copy fully working systems anywhere in minutes instead of hours or days of error prone, frustrating manual labor.

It would be so easy you would, shockingly enough, actually test your backups. No more excuses. As frequently as you know you should be, avoiding unpleasant surprises at the worst possible timing.

One turn-key tool, simple and generic enough that you could just as easily use it to migrate a system:

  • from Ubuntu Hardy to Ubuntu Lucid (get it now?)
  • from a local deployment, to a cloud server
  • from a cloud server to any VPS
  • from a virtual machine to bare metal
  • from Ubuntu to Debian
  • from 32-bit to 64-bit

System smart

Of course, you can't do that with a conventional backup. It's too dumb. You need a vertically integrated backup that has system level awareness. That knows, for example, which configuration files you changed and which you didn't touch since installation. That can leverage the package management system to get appropriate versions of system binaries from package repositories instead of wasting backup space.

This backup tool would be smart enough to protect you from all the small paper-cuts that conspire to make restoring an ad-hoc backup such a nightmare. It would transparently handle technical stuff you'd rather not think about like fixing ownership and permission issues in the restored filesystem after merging users and groups from the backed up system.

Ninja secure, dummy proof

It would be a tool you could trust to always encrypt your data. But it would still allow you to choose how much convenience you're willing to trade off for security.

If data stealing ninjas keep you up at night, you could enable strong cryptographic passphrase protection for your encryption key that includes special countermeasures against dictionary attacks. But since your backup's worst enemy is probably staring you in the mirror, it would need to allow you to create an escrow key to store in a safe place in case you ever forget your super-duper passphrase.

On the other hand, nobody wants excessive security measures forced down their throats when they don't need them and in that case, the ideal tool would be designed to optimize for convenience. Your data would still be encrypted, but the key management stuff would happen transparently.

Ultra data durability

By default, your AES encrypted backup volumes would be uploaded to inexpensive, ultra-durable cloud storage designed to provide %99.999999999 durability. To put 11 nines of reliability in perspective, if you stored 10,000 backup volumes you could expect to lose a single volume once every 10 million years.

For maximum network performance, you would be routed automatically to the cloud storage datacenter closest to you.

Open source goodness

Naturally, the ideal backup system would be open source. You don't have to care about free software ideology to appreciate the advantages. As far as I'm concerned any code running on my servers doing something as critical as encrypted backups should be available for peer review and modification. No proprietary secret sauce. No pacts with a cloudy devil that expects you to give away your freedom, nay worse, your data, in exchange for a little bit of vendor-lock-in-flavored convenience.

Tall order huh?

All of this and more is what we set out to accomplish with TKLBAM. But this is not our wild eyed vision for a future backup system. We took our ideal and we made it work. In fact, we've been experimenting with increasingly sophisticated prototypes for a few months now, privately eating our own dog food, working out the kinks. This stuff is complex so there may be a few rough spots left, but the foundation should be stable by now.

Seeing is believing: a simple usage example

We have two installations of TurnKey Drupal6:

  1. Alpha, a virtual machine on my local laptop. I've been using it to develop the TurnKey Linux web site.
  2. Beta, an EC2 instance I just launched from the TurnKey Hub.

In the new TurnKey Linux 11.0 appliances, TKLBAM comes pre-installed. With older versions you'll need to install it first:

apt-get update
apt-get install tklbam webmin-tklbam

You'll also need to link TKLBAM to your TurnKey Hub account by providing the API-KEY. You can do that via the new Webmin module, or on the command line:

tklbam-init QPINK3GD7HHT3A

I now log into Alpha's command line as root (e.g., via the console, SSH or web shell) and do the following:

tklbam-backup

It's that simple. Unless you want to change defaults, no arguments or additional configuration required.

When the backup is done a new backup record will show up in my Hub account:

To restore I log into Beta and do this:

tklbam-restore 1

That's it! To see it in action watch the video below or better yet log into your TurnKey Hub account and try it for yourself.

Quick screencast (2 minutes)

Best viewed full-screen. Having problems with playback? Try the YouTube version.

The screencast shows TKLBAM command line usage, but users who dislike the command line can now do everything from the comfort of their web browser, thanks to the new Webmin module.

Getting started

TKLBAM's front-end interface is provided by the TurnKey Hub, an Amazon-powered cloud backup and server deployment web service currently in private beta.

If you don't have a Hub account already, request an invitation. We'll do our best to grant them as fast as we can scale capacity on a first come, first served basis. Update: currently we're doing ok in terms of capacity so we're granting invitation requests within the hour.

To get started log into your Hub account and follow the basic usage instructions. For more detail, see the documentation.

Feel free to ask any questions in the comments below. But you'll probably want to check with the FAQ first to see if they've already been answered.

Upcoming features

  • PostgreSQL support: PostgreSQL support is in development but currently only MySQL is supported. That means TKLBAM doesn't yet work on the three PostgreSQL based TurnKey appliances (PostgreSQL, LAPP, and OpenBravo).
  • Built-in integration: TKLBAM will be included by default in all future versions of TurnKey appliances. In the future when you launch a cloud server from the Hub it will be ready for action immediately. No installation or initialization necessary.
  • Webmin integration: we realize not everyone is comfortable with the command line, so we're going to look into developing a custom webmin module for TKLBAM. Update: we've added the new TKLBAM webmin module to the 11.0 RC images based on Lucid. In older images, the webmin-tklbam package can also be installed via the package manager.

Special salute to the TurnKey community

First, many thanks to the brave souls who tested TKLBAM and provided feedback even before we officially announced it. Remember, with enough eyeballs all bugs are shallow, so if you come across anything else, don't rely on someone else to report it. Speak up!

Also, as usual during a development cycle we haven't been able to spend as much time on the community forums as we'd like. Many thanks to everyone who helped keep the community alive and kicking in our relative absence.

Remember, if the TurnKey community has helped you, try to pay it forward when you can by helping others.

Finally, I'd like to give extra special thanks to three key individuals that have gone above and beyond in their contributions to the community.

By alphabetical order:

  • Adrian Moya: for developing appliances that rival some of our best work.
  • Basil Kurian: for storming through appliance development at a rate I can barely keep up with.
  • JedMeister: for continuing to lead as our most helpful and tireless community member for nearly a year and a half now. This guy is a frigging one man support army.

Also special thanks to Bob Marley, the legend who's been inspiring us as of late to keep jamming till the sun was shining. :)

Final thoughts

TKLBAM is a major milestone for TurnKey. We're very excited to finally unveil it to the world. It's actually been a not-so-secret part of our vision from the start. A chance to show how TurnKey can innovate beyond just bundling off the shelf components.

With TKLBAM out of the way we can now focus on pushing out the next release batch of Lucid based appliances. Thanks to the amazing work done by our star TKLPatch developers, we'll be able to significantly expand our library so by the next release we'll be showcasing even more of the world's best open source software. Stir It Up!


          Prey (v1.00/1.02 + DLC, MULTI10) [FitGirl Repack - Uploader - [ wahabali786.blogspot.com ]        

Prey (v1.00/1.02 + DLC, MULTI10) [FitGirl Repack - Uploader - [ wahabali786.blogspot.com ]

Prey (v1.00/1.02 + DLC, OverView

In Prey, you awaken aboard Talos I, a space station orbiting the moon in the year 2032. You are the key subject of an experiment meant to alter humanity forever – but things have gone terribly wrong. The space station has been overrun by hostile aliens and you are now being hunted. As you dig into the dark secrets of Talos I and your own past, you must survive using the tools found on the station -- your wits, weapons, and mind-bending abilities. The fate of the Talos I and everyone aboard is in your hands.

Prey (v1.00/1.02 + DLC
Prey (v1.00/1.02 + DLC, MULTI10) [FitGirl Repack - Uploader - [ wahabali786.blogspot.com ]

Prey v1.00/1.02 + DLC

Release Date: May 5, 2017
Genres/Tags: Action, Shooter, First-person, 3D, Horror
Developer: Arkane Studios
Publisher: Bethesda Softworks
Platform: PC [Repack]
Engine: CryEngine 3
Steam User Rating: 89% of user reviews are positive (based on 2,706 reviews)

Interface Language: English, French, Italian, German, Spanish, Polish, Portuguese-Brazil, Russian, Traditional Chinese, Japanese
Audio Language: English, French, Italian, German, Spanish, Polish, Portuguese-Brazil, Russian, Japanese
Crack: built-in (BALDMAN+CODEX/ALI213)


Prey (v1.00/1.02 + DLC
Prey (v1.00/1.02 + DLC, MULTI10) [FitGirl Repack - Uploader - [ wahabali786.blogspot.com ]


Game Features

Sci-fi Thriller. Nothing is as it seems aboard Talos I. As Morgan Yu, set out to unravel the clues you've left behind for yourself, and discover the truth about your past. What role will you play in TranStar’s plans, and the mysterious threat ravaging the station?
Singular Setting. Orbiting the Moon, the Talos I space station symbolizes the height of private space enterprise. Explore a lavish craft designed to reflect corporate luxury of the 1960s, and navigate interconnected, non-linear pathways built to hide countless secrets.
Unimaginable Threat. The shadowy extraterrestrial presence infesting Talos I is a living ecology bent on annihilating its prey. It’s up to you, one of the last remaining survivors aboard the station, to end the deadly attack of these haunting predators.
Play Your Way. Gain alien abilities to develop a distinct combination of powers and upgrade your unique skills. Craft increasingly useful items with the blueprints, gadgets and tools on board the station to overcome dangerous obstacles in your way. Survive unprecedented threats with your wits and ability to improvise.


Prey (v1.00/1.02 + DLC
Prey (v1.00/1.02 + DLC, MULTI10) [FitGirl Repack - Uploader - [ wahabali786.blogspot.com ]

Repack Features

Based on SteamRip release v1.00/v1.02: 25.7 GB
BALDMAN crack with CODEX emu applied, alternative ALI213 emu available in NoDVD folder after installation
100% Lossless BUT NOT MD5 Perfect: encryption on game resources was removed. This won't cause problems with future updates, since delta-patching is useless anyway and updates will have all necessary files to copy over
By default repack installs v1.00 of the game, since BALDMAN cracked that version of the game. After installation you may copy files from "_Updated files for v1.02" folder to game root, with overwrite to switch repack to v1.02, which is also playable with v1.00 crack. But do it at your own risk
NOTHING ripped, NOTHING re-encoded
Selective download feature: you may skip downloading and installing of language packs you don't need and credist movie
Significantly smaller archive size (compressed from 25.7 to 11.1~17.6 GB, depending on selected components)
Installation takes: ~20 minutes on 8-cores + SSD; ~40 minutes on 4-cores CPU + HDD; ~1 hour on 2-cores CPU + HDD
After-install integrity check so you could make sure that everything installed properly
HDD space after installation: up to 26 GB (up to 56 GB during installation)
Use "Language Selector.exe" in game "Binaries\Danielle\x64\Release" folder to change the game language
Repack uses pZlib library by Razor12911
At least 2 GB of free RAM (inc. virtual) required for installing this repack
Repack by FitGirl

Prey (v1.00/1.02 + DLC
Prey (v1.00/1.02 + DLC, MULTI10) [FitGirl Repack - Uploader - [ wahabali786.blogspot.com ]

Minimum requirements:

Operating System: Windows 7/8/10 (64-bit versions)
Processor: Intel i5-2400, AMD FX-8320
RAM: 8 GB
Video Card: GTX 660 2GB, AMD Radeon 7850 2GB
DirectX: 11
HDD Space: up to 26 GB (up to 56 GB during installation)

ATTENTION! The minimum size of the repack is 11.1 GB, read "Repack Features" section for more details.


Selective Download


You can skip downloading of credits video and language files you don't need. Here is the list of selective/optional files:
setup-fitgirl-optional-credits-video.bin (optional Credits Video)
setup-fitgirl-selective-english.bin (also requirted for Traiditional Chinese installation)
setup-fitgirl-selective-brazilian.bin
setup-fitgirl-selective-french.bin
setup-fitgirl-selective-german.bin
setup-fitgirl-selective-italian.bin
setup-fitgirl-selective-japanese.bin
setup-fitgirl-selective-polish.bin
setup-fitgirl-selective-russian.bin
setup-fitgirl-selective-spanish.bin
setup-fitgirl-selective-spanish-latam.bin

In example, if you want to launch the game with German UI/Subtitles/Voiceovers and you don't need credits videos - skip all "selective/optional" files, but download setup-fitgirl-selective-german.bin & all main files (01-05).

Credit to Repack: [ fitgirl repack ]
Uploader: wahabali786.blogspot.com
Youtube Channel: OS Tech Tips

RAR FILE PASSWORD IS: [ wahabali786.blogspot.com ]




Download Now




          Converge Detroit Podcasts        

We did a few podcasts over the Converge Detroit conference. Check them out here:

IT in the D -- Live Broadcast: Converge 2015 Security Conference. Ever had a conversation with a guy who compromised bank security ... in Beirut? How about someone who’s managed to compromise physical security all over the world ... just because scanning and getting into servers is too boringly easy? Know anything about a group that’s out there dedicated to teaching kids about computer security in a way they’ll actually want to learn? Read and listen on, friends ... read and listen on.

Hurricane Labs InfoSec Podcast -- Don’t Bother Trusting, Verify Everything. This podcast was recorded by the Hurricane Labs crew, and special guest Wolfgang Goerlich, at the 2015 Converge Conference. Topics of discussion (and witty banter) include: FBI anti-encryption rhetoric; the Hacking Team hack; Google's social responsibility; and more. Converge and BSides Detroit were fantastic - if you didn't get the chance to make it out this year, you can still view the video presentation recordings here: Converge 2015 Videos. Thanks to Wolf and all the sponsors, volunteers, speakers and everyone who made these conferences possible! 

PVCSec -- Live! At Converge Detroit. Ed & I enjoyed talking with a fantastic audience at Converge Detroit 2015 yesterday. Everyone was in fine voice. Ed & Paul embraced Converge Detroit’s invitation to podcast LIVE! from the event on the campus of Wayne State University in the Arsenal of Democracy, Detroit Michigan U.S. of A. Thanks again to the event, the sponsors, the volunteers, and of course all of those who attended. We had a blast and can’t wait for next year!


          Yii2 erro de SSL com swiftmailer        
Email autenticado com erro: swiftmailer stream_socket_enable_crypto(): SSL operation failed with code 1 yii2.     'mailer'=>[ 'transport' => [ 'class' => 'Swift_SmtpTransport', 'host' => 'smtp',, 'username' => ''user, 'password' => 'pass', 'port' => '587', 'encryption' =>'TLS', 'streamOptions' => [ 'ssl' => [ 'allow_self_signed' => true, 'verify_peer' => false, 'verify_peer_name' => false, ], ], ], ],
          Chat app Viber hopes you'll shop from its keyboard        

If you owned Viber and saw Facebook make a big deal of in-chat shopping, what would you do? Bake shopping into the very heart of your messaging app, apparently. A few months after including an Instant Shopping feature in Viber, parent company Rakuten Viber has snapped up the feature's architect, Chatter Commerce. The deal gives it full control over a keyboard that lets you browse store catalogs and either share them with your friends or commit to a purchase. You don't have to jump to a separate app or the web just to share those great shoes you found.

Source: Viber Blog


          Rock Band XBox360 Reproduce On Your Computer Easy Guide Showing You How        
Going by the number of questions we've seen coming in from our readers, there is a lot of interest in copying Xbox games. We all make copies of music CDs all the time - but is it possible to copy Xbox game discs the same way? If this can be done, how do you go about it?





We're going to tell you how to do this easily so that you can start copying Xbox games. There is one thing that we need to tell you beforehand though.





We are not endorsing the illegal copying of Xbox games (meaning ones which you do not own). What we're going to show you is meant to be used to make backup copies of your own Xbox games, which is perfectly legal and gives you a backup copy of your games in the event that one of your discs is damaged or lost.





So without further ado, let's go into how to backup your Xbox games. It's not complicated, so you ca put your notebook away - it's very simple to start copying Xbox games.





You might be asking why you can copy Xbox games with the same software that you would use to make copies of audio discs.





The short answer is that copying Xbox games takes some technologies which your existing CD burning program doesn't have.





Modern video game discs (including Xbox games) are copy protected; so unless you have the right program installed, your computer will be unable to read the disc. If you can't read the data on the disc, you aren't going to be able to make a copy of it.





Thankfully, software has been developed to get around this encryption and make copies of video game discs. Once you've installed the software, you'll be able to read those discs - so you can start copying Xbox games.





When you've downloaded and installed this program, there's really nothing to it. You place the game disc in your optical drive, your computer will read the disc and create a disc image; then all you have to do is to put a blank DVD-R in the drive and your computer will copy the game to disc.





It's so simple that literally anyone can do it.





Remember that you don't need to pay a lot of money for these programs. In fact, the best ones around are between $30-$40, but some companies will charge over $100! While you can pay as much as you want, you won't get better software just because you pay more.





This software gives you a simple way to start copying Xbox games. It's easy enough for anyone to do and you can protect your game library by making backups of all your games.








Copyright (c) 2009 Grant Dougan


Click Here to learn how you can instantly start a free trial of the top ranked game copying program out there so you can start copying XBOX games today!

rock band 2 xbox 360: rock band 2 xbox 360

rock band 2 xbox 360: rock band 2 xbox 360 best buy

Article Source: www.articlesnatch.com


          Google Analytics Glossary        

A

A/B Testing - See Content (A/B) Testing.

Admin Level - Google Analytics has two basic levels of access - View Reports Only and Account Administrator. Users with View Reports Only access can view their Profiles' reports and view and edit their own language preferences. All Account Administrators have complete administrative control of the system.

Apache - Apache is a free, open-source web server software system that is pervasive on UNIX, Linux and similar operating system types. It is also available for Windows and other operating systems. Google Analytics' admin system is powered by a variant of Apache. For more information, see Apache.org.

Authentication - Technique by which access to Internet or intranet resources requires the user to enter a username and password.

Average Page Depth - The average number of pages on a site viewed by visitors during a single session.

Average Response Value - The average revenue value of each click, calculated as total revenue divided by total clicks.

B

Bandwidth - The amount of data that can be transmitted along a communications channel in a fixed amount of time. For digital devices, the bandwidth is usually expressed in bits per second (bps) or bytes per second, where 1 byte = 8 bits.

Browsers - A browser, or more accurately, user agent, is the software used to access a website. Examples of user agents are "Explorer" (for Microsoft Internet Explorer), "Netscape" (for Netscape Navigator) and "Googlebot" (an automated robot that scours the web for website content to include in its search engine).

Bytes - A byte is a unit of information transferred over a network (or stored on a hard drive or in memory). Every web page, image or other type of file is composed of some number of bytes. Large files, such as video clips, may be composed of millions of bytes ("megabytes"). It is very important for site owners to be aware and understand that website and server performance is heavily affected by the amount of bytes transferred and web hosting providers often charge according to this measure. One byte is equal to 8 bits where each bit is either one or zero. Common terms incorporating the word "byte" are:

  • Kilobytes - 1,024 bytes
  • Megabyte - 1,048,576 bytes
  • Gigabyte - 1,073,741,824 bytes

C

Cache - A temporary storage area that a web browser or service provider uses to store common pages and graphics that have been recently opened. The cache enables the browser to quickly reload pages and images that were recently viewed.

CGI Script - A CGI script is a programme written in one of several popular languages such as Perl, PHP, Python, etc., that can take input from a web page, do something with the data and produce a customised result (among many other possible uses). CGI scripts are widely used to add dynamic behaviour to websites and to process forms.

Click - In Google Analytics, a click refers to the process of moving from one page in a site to the next via clicking the mouse button on a hyperlink (a slightly narrower definition than what is normally used). In the Click Through report, the term Clicks is used to describe the movement from the "previous" page to the page being analysed and from there to the "next" page.

Click Through Rate (CTR) - The percentage of known impressions that result in clicks.

Click-Fraud - The act of repeated clicking on a pay-per-click referral, with the intention of depleting the advertiser's budget and/or lowering their rankings in the sponsored links listing.

Code - Anything written in a language intended for computers to interpret.

Contact Name - This is the real name (generally speaking) of the user to whom you have given access to a particular Google Analytics report. The contact name can contain spaces and is not case-sensitive.

Content (A/B) Testing - Testing the relative effectiveness of multiple versions of the same advertisement or other content in referring visitors to a site. Multiple versions of content can be uniquely identified by using a utm_content variable in the URL tag.

Content (Campaign Tracking) - Content is the label for each version of an advertisement. The UTM variable for content, utm_content, indicates the version of a link on which the visitor clicked to reach a website - for example, utm_content=graphic_version1a.

Content is one of the five dimensions of campaign tracking; the other four are source, medium, campaign and term.

Content-targeted advertising - An advertising model in which the publisher displays related advertising and content together.

Conversion - A conversion is said to occur when a visitor completes an activity that you have identified as important. This activity could be a purchase, an email list registration, a download or viewing an online presentation. When you sign up for Google Analytics, you have the opportunity to specify your goal pages -- pages that a visitor can only reach by completing a conversion activity. If you use Urchin Software, you set your goal pages within a profile.

Cookie - A small amount of text data given to a web browser by a web server. The data is stored and returned to the specific web server each time the browser requests a page from that server. The main purpose of cookies is to pass a unique identifier to the website so that the website can keep track of the user as he/she steps through a website. For example, a protected site may store a temporary identifier in a cookie after you successfully log in, indicating that you are an authorised user.

The name cookie derives from UNIX objects called magic cookies. These are tokens that are attached to a user or programme and change depending on the areas entered by the user or programme. Cookies are also sometimes called persistent cookies because they typically stay in the browser for long periods of time.

Cost-per-click (CPC) - An advertising model in which the advertiser (sponsor) pays the publisher a certain amount each time the sponsor's ad is clicked. Also sometimes referred to as PPC (pay-per-click).

Cron Job - A "cron job" is a scheduled task under a UNIX-type operating system. "cron" is a daemon or programme that is always running. Its function is similar to the Windows Scheduler.

D

Daemon - A daemon is any programme under a UNIX-type operating system that runs at all times. Common daemons are servers (such as Apache or an FTP server) and schedulers (such as "cron").

Date Range - Google Analytic's Date Range feature allows you to view report data by an arbitrary time frame, from one day up to more than a year. The Date Range feature is available in most reports.

Default Page -The default page setting should be set to whatever the default (or index) page is in your site's directories. Usually, this will be 'index.html' but on Windows IIS servers, it is often 'Default.htm' or 'index.htm'. This information allows Google Analytics to reconcile log entries such as 'http://www.example.com/' and 'http://www.example.com/index.html', which are in fact the same page. Without the Default Page information entered correctly, these would be reported as two distinct pages. Only a single default page should be specified.

Directory - A directory is a virtual container for holding computer files. It is not merely a list of items, as the name would imply, but rather a key building block of a computer's storage architecture that actually contains files or other directories.

DNS Lookup - (Reverse DNS Lookup) The process of converting a numeric IP address into a text name, for example, 63.212.171.4 is converted to www.Googleanalytics.com.

Domain - A domain is a specific virtual area within the Internet, defined by the "top level" of the address or URL (Uniform Resource Locator). The top level is the end of the address; example: "whitehouse.gov". In this example, the top-level part of the domain is ".gov", indicating a US government entity. The "whitehouse" part is the second-level domain, indicating where the information in question is to be found within the ".gov" domain. Other common top-level domains include ".com", ".net", ".uk", etc.

Domain Name System - (DNS) An Internet addressing system that uses a group of names that are listed with dots (.) between them, working from the most specific to the most general group. In the United States , the top (most general) domains are network categories such as edu (education), com (commercial) and gov (government). In other countries, a two-letter abbreviation for the country is used, such as ca ( Canada ) and au ( Australia ).

Download - To retrieve a file or files from a remote machine to your local machine.

E

E-commerce - The buying and selling of goods and services and the transfer of funds through digital communications. Buying and selling over the internet, etc.

Encryption - The process of encoding information so that other Internet users cannot access it.

End User - The final user of the computer software. The end user is the individual who uses the product after it has been fully developed and marketed.

Error - Errors are defined as pages that visitors attempted to view but returned an error message instead. These errors often occur because of broken links (links to pages that do not exist anymore) or when an unauthorised visitor attempts to access restricted pages (for example, if the visitor does not have a password to access the page).

Error Code - Please see the definition of Status Code.

Exclude - "Exclude" is a filter type available in the Google Analytics Filters configuration. If an Exclude filter is applied to a Profile, all log file lines (hits) that match the Exclude string will be discarded prior to the creation of the corresponding Google Analytics reports.

F

File Type - A File Type is a designation, usually in the form of an extension (such as .gif or .jpeg), given to a file to describe its function or the software that is required to act upon it. More generally, file types can be grouped into image file types (such as .gif, .png, .jpeg), text file types (such as .doc or .txt) and many others.

Filter - A filter is a text string or regular expression that is used to either exclude certain hits or only include certain hits from a Google Analytics report. Filters are commonly used to filter out certain content, such as internal company traffic or javascript libraries or to set up special reports for only certain types of content, like a subsection of a website.

Filter Field - A filter field is the number of the field on which to apply a filter. In a log file line or hit, there are several distinct fields, each one holding a different piece of data. To apply a filter to a log file, you must first identify which field you wish to apply the filter to. This is the filter field.

Filter Name - The Filter Name is intended to be a descriptive title for a filter. It is used only as an organisational aid and may contain spaces.

Filter Pattern - A Filter Pattern is the actual text string against which Google Analytics will attempt to match log file lines. If a match is found, the log line (or "hit") will be either excluded or included, depending on the Filter Type. Patterns can be specific text to match or use wildcards as part of a "regular expression". NOTE: Filter Patterns are case-sensitive, so to filter out the Googlebot spider, for instance, use "Googlebot", not "Googlebot" (do not use quotes).

Filter to Apply - The filter to apply is the actual text string to be used to either filter in or filter out content. The Filter to Apply can be either a plain text string or a regular expression.

Filter Type - A filter must be of one of two filter types, either an Include (filter in) or Exclude (filter out). If an inclusive filter (Include) is used, only hits containing the filter string will be represented in the Google Analytics report. If an exclusive filter (Exclude) is used, no hits containing the filter string will be represented in the Google Analytics report.

Firewall - A security device placed on a LAN (local area network) to protect it from Internet intruders. This can be a special kind of hardware router, a piece of software or both.

First Time Sessions - The number of times unique visitors came to your website during a specified time period, not having visited before that period. These visitors are identified by cookies.

First Time Unique Visitor - The number of Unique Visitors to your website that had not visited prior to the time frame being analysed.

Form - In the context of the web, a form is a data-entry mechanism generally created out of HTML in conjunction with a CGI script. A form is usually a static HTML page that presents the visitor with blanks or fields . Upon entering data into the fields, the form is submitted and a script of some sort performs some type of action on the data, such as writing it to a file.

Frame- A rectangular region within the browser window that displays a web page alongside other pages in other frames.

FTP - (File Transfer Protocol) The basic method for copying a file from one computer to another through the Internet.

G

GET Method - The GET method is a way of passing parameters of an HTTP request from the browser to the server. This method puts the parameters usually separated by special characters such as ampersands ("&") in the URL itself, which is viewable to the person using the browser. The other method is POST, which is used when the site does not want to pass the parameters in the URL. This is desirable when there is a large quantity of text to send to the server or when the information is sensitive.

GIF - A graphics file type -- Graphics Interchange Format -- a compressed, bitmapped format often used on the web because of its good quality/compression ratio when used on certain image types, particularly those with large flat areas of colour.

Goal Conversion Rate - In the context of Campaign Tracking, the percentage of sessions on a site that result in a conversion goal being reached on that site.

Graphic User Interface - (GUI) Pronounced "gooey". A method of controlling software using on-screen icons, menus, dialogue boxes and objects that can be moved or resized, usually with a pointing device such as a mouse.

H

Hardware - A computer and the associated physical equipment directly involved in the performance of data processing or communication functions.

Hit - A hit is simply any request to the web server for any type of file. This can be an HTML page, an image (jpeg, gif, png, etc.), a sound clip, a cgi script and many other file types. An HTML page can account for several hits: the page itself, each image on the page and any embedded sound or video clips. Therefore, the number of hits that a website receives is not a valid popularity gauge but rather an indication of server use and loading.

HTML - Hyper Text Markup Language is used to write documents for the World Wide Web and to specify hypertext links between related objects and documents.

HTTP - Hyper Text Transfer Protocol is a standard method of transferring data between a web server and a web browser.

I

IIS - Microsoft Internet Information Server or IIS as it is commonly called, is a popular web server software system for Windows operating systems. It is currently unavailable for other operating systems. For more information, see Microsoft.com.

Impression - A display, on a search engine or other source, of a referral link or advertisement.

Include - "Include" is a filter type available in the Google Analytics Filters configuration. If an Include filter is applied to a Profile, only the log file lines (hits) that match the Include will be used in the creation of the corresponding Google Analytics reports.

Initial Session - This is the first Session conducted by a trackable Unique Visitor during the current Date Range. This value is equal to the total number of Unique Visitors during the same Date Range (each Unique Visitor has at least one session). This value is provided in contrast to Repeat Sessions.

IP Address - An identifier for a computer or device on a TCP/IP network. Networks using the TCP/IP protocol route messages based on the IP address of the destination. The format of an IP address is a numeric address written as four numbers separated by periods. Each number ranges from 0 to 255.

ISP - Internet Service Provider. A company which provides other companies or individuals with access to, or presence on, the Internet. Most ISPs are also Internet Access Providers -- extra services include help with design, creation and administration of WWW sites, etc.

J

Java - An object-oriented programming language invented by Sun Microsystems. Java is designed to run on any type of computer hardware through an intermediary layer called a virtual machine, which translates Java instructions into native code for that particular computer.

JavaScript - Small element of code embedded on web pages and executed by the browser when the page is viewed by a visitor.

K

Keyword - A keyword is a database index entry that identifies a specific record or document. Keyword searching is the most common form of text search on the web. Most search engines do their text query and retrieval using keywords. Unless the author of the web document specifies the keywords for his/her document (this is possible by using meta tags), it is up to the search engine to determine them. Essentially, this means that search engines pull out and index words that are believed to be significant. Words that are mentioned towards the top of a document and words that are repeated several times throughout the document are more likely to be deemed important.

L

Last Run - This is the time the task in question last ran, whether successfully or not. As soon as the same task is run again, this value will change to the new start time.

Log file - A file created by a web or proxy server which contains all of the access information regarding the activity on that server. Each line in a log file generated by web server software is a hit or request for a file. Therefore, the number of lines in a log file will be equal to the number of hits in the file, not counting any field definitions line(s) that may be present.

M

Medium (Campaign Tracking) - In the context of campaign tracking, medium indicates the means by which a visitor to a site received the link to that site. Examples of mediums are "organic" and "cost-per-click" in the case of search engine links and "email" and "print" in the case of newsletters. The UTM variable for medium is utm_medium.

Medium is one of the five dimensions of campaign tracking; the other four dimensions are source, campaign, term and content.

Meta Tag - A special HTML tag that provides information about a web page. Unlike normal HTML tags, meta tags do not affect the way the page is displayed. Instead, they provide information such as who created the page, how often it is updated, what the page is about and which keywords represent the page's content. Many search engines use this information when building their indices.

Multihome - A multihome, or load balanced, network means distributing processing and communications activity evenly across a computer network so that no single device is overwhelmed. Load balancing is especially important for networks where it is difficult to predict the number of requests that will be issued to a server. Busy websites typically employ two or more web servers in a load-balancing scheme. If one server starts to get swamped, requests are forwarded to another server with more capacity.

N

Navigation - Describes the movement of a user through a website or other application interface. This term also indicates the system of available links and buttons that the user can use to navigate through the website.

NCSA - NCSA stands for the National Centre for Supercomputing Applications. The NCSA developed several important web protocols and software systems, including the standard logging type used by Apache -- NCSA Extended Combined.

Network - A set of computers connected so that they can communicate and share information. Most major networks are connected to the global network-of-networks, called the Internet.

No Referral - The "(no referral)" entry appears in various Referrals reports in the cases when the visitor to the site got there by typing the URL directly into the browser window or using a bookmark/favourite. In other words, the visitor did not click on a link to get to the site, so there was no referral, technically speaking.

O

Online - A general term referring to anything connected to or conveyed through a communication network.

Organisation - The classification to which a Domain Name belongs. Typical Suffixes are: .com = Commercial, .org = Organisation, .edu = Educational, .int = International, .gov = Government, .mil = Military, net = Network

OS - (Operating System) Software designed to control the hardware of a specific data-processing system in order to allow users and application programmes to employ it easily. (MacOS, Windows 95)

P

Page - Also known as a web page, a page is defined as a single file delivered by a web server that contains HTML or similar content. Any file that is not specifically a GIF, JPEG, PING, JS (javascript) or CSS (style sheet) is considered a page.

Page View - A page is defined as any file or content delivered by a web server that would generally be considered as a web document. This includes HTML pages (.html, .htm, .shtml), script-generated pages (.cgi, .asp, .cfm, etc.) and plain-text pages. It also includes sound files (.wav, .aiff, etc.), video files (.mov, etc.) and other non-document files. Only image files (.jpeg, .gif, .png), javascript (.js) and style sheets (.css) are excluded from this definition. Each time a file defined as a page is served, a page view is registered by Google Analytics.

Password - A password is the word or code used to authenticate a user on the Google Analytics administration or reporting system, or any other protected system. It is advisable to use passwords that are difficult to guess, such as those containing numbers or symbols.

Path - A Path is defined as a series of clicks resulting in distinct page views. A Path cannot contain non-pages, such as image files. Each step in a path will have a name, such as "index.html".

Pay-per-click - An advertising model in which the sponsor (advertiser) pays a certain amount to the publisher each time the sponsor's ad is clicked. Also referred to as cost-per-click.

PDF - Portable Document Format. File format developed by Adobe Systems to allow for display and printing of formatted documents across platforms and systems. PDF files can be read on any system equipped with the Acrobat Reader software, regardless of whether or not your computer has the software that the document was created in.

Platform - A platform is a specific computer hardware and software operating system combination that represents a specific user's configuration and method of accessing the Internet. Common platforms include Windows NT/x86 (Microsoft Windows NT on a standard Intel-type PC), Mac PPC (Macintosh with Power PC processor), Red Hat Linux 6.1 x86 (Linux on a standard Intel-type PC).

Post - There are two methods to send HTML form data to a server. GET, the default, will send the form input in an URL, whereas POST sends it in the body of the submission. The latter method means you can send larger amounts of data and that the URL of the form results does not show the encoded form.

Prior Unique Visitor - A Prior Unique Visitor is defined as a unique visitor to the website that returned during the specified Date Range after previously visiting your site, as identified by tracking devices such as cookies.

Profile - A Profile is a set of rules governing the production of a set of Google Analytics reports from log file data. Generally, there will be one Profile per domain/URL (e.g., www.Googleanalytics.com). However, there can be any number of Profiles for any one source, as each may have different rules for exclusion or inclusion of certain log data elements. Google Analytics provides up to 50 Profiles per account.

Protocol - An established method of exchanging data over the Internet.

Q

Query Token - A query token is a special character in URL that differentiates the main URL from the specific query. For example, in this URL:

http://www.Google.com/search?q=analytics

the query token is the question mark.

R

Referral Errors - A referral error occurs whenever someone clicks on a link that points to your site but that contains a reference to a non-existent page or file. This action usually results in a "404 Not Found"-type error.

Referrals - A referral occurs when any hyperlink is clicked on that takes a web surfer to any page or file in another website; it could be text, an image or any other type of link. When a web surfer arrives at your site from another site, the server records the referral information in the hit log for every file requested by that surfer. If a search engine was used to obtain the link, the name of the search engine and any keywords used are recorded as well.

Referrer - The URL of an HTML page that refers visitors to a site.

Regular Expressions - Regular Expressions are tools defined by the POSIX specification used to match text strings based on rules invoked by special characters, such as asterisks ("*"). Regular Expressions are powerful tools and should be fully understood before use. For more information, please see the IEEE Sites.

Repeat Session - This is a session for which the visitor could be tracked as unique and as having been to the site before this session during the current Date Range.

Report - A report set is a distinct Google Analytics report about one particular website, part of a website or content group. A report set will have all Google Analytics' reporting features dedicated to the analysis of itself only. Generally, one report set is defined for each website, though more than one can be configured.

Returning Sessions - Returning Sessions represent the number of times unique visitors returned to your website during a specified time period.

Revenue - In versions of Google Analytics that support e-commerce reporting, the term Revenue is used in place of whichever local currency is being used, since Google Analytics supports currencies other than the US dollar. Revenue tabs appear on several reports as a data display option when appropriate.

Reverse DNS It performs the opposite function of the DNS server, which turns names into IP addresses.

ROI (Return on Investment) - (Revenue - Cost)/ Cost, expressed as a percentage.

S

Scalable - Quality of an implementation that allows it to grow as the use of the service increases.

Script - A short computer programme written in a simplified programming language, such as JavaScript, VBScript or Perl.

Search Engine - A Search Engine is a programme that searches documents for specified keywords and returns a list of the documents where the keywords were found, ranked according to relevance (or at least that is the intent). Although a search engine is really a general class of programmes, the term is often used to specifically describe systems like Google and AltaVista that enable users to search for documents on the World Wide Web.

Session - A Session is a defined quantity of visitor interaction with a website. The definition will vary depending on how Visitors are tracked. Some common visitor tracking methods and corresponding Session definitions:

  • IP-based Visitor Tracking: A Session is a series of hits from one visitor (as defined by the visitor's IP address) wherein no two hits are separated by more than 30 minutes. If there is a gap of 30 minutes or more from this visitor, an additional Session is counted.
  • IP+User Agent Visitor Tracking: A Session is a series of hits from one visitor (as defined by the visitor's IP address and user-agent, such as Netscape 4.72) wherein no two hits are separated by more than 30 minutes. If there is a gap of 30 minutes or more from this visitor, an additional Session is counted.
  • Unique Visitor Tracking (cookie-based, such as Google Analytics' UTM): A Session is a period of interaction between a visitor's browser and a particular website, ending upon the closure of the browser window or shut down of the browser programme.

Shell Archive - A shell archive is a collection of files that can be unpacked by using the Unix Bourne shell command interpreter/bin/sh.

Site Domains - Site Domains are all the valid domains (URLs) that point to a given websites. For example, the Site Domains for Google.com are: www.Google.com and Google.com.

Software - The programmes, routines and symbolic languages that control the functioning of the hardware and direct its operation. Written programmes or procedures or rules and associated documentation pertaining to the operation of a computer system and that are stored in read/write memory.

Source (Campaign Tracking) - In the context of campaign tracking, a source is the origin of a referral. Examples of sources are the Google search engine, the AOL search engine, the name of a newsletter or the name of a referring website. The UTM variable for source is utm_source.

Source is one of the five dimensions of campaign tracking; the other four dimensions are campaign, medium, term and content.

Source - Also know as source code. The actual text and commands stored in an HTML file (including tags, comments and scripts) that may not be visible when the page is viewed with a web browser.

Status Code - A status code, also known as an error code, is a 3-digit code number assigned to every request (hit) received by the server. Most valid hits will have a status code of 200 ("ok"). "Page not found" errors will generate a 404 error. Some commonly seen codes are shown below in bold .

  • 100 Continue
  • 101 Switching Protocols
  • 200 OK
  • 201 Created
  • 202 Accepted
  • 203 Non-Authoritative Information
  • 204 No Content
  • 205 Reset Content
  • 206 Partial Content
  • 300 Multiple Choices
  • 301 Moved Permanently
  • 302 Moved Temporarily
  • 303 See Other
  • 304 Not Modified
  • 305 Use Proxy
  • 400 Bad Request
  • 401 Authorisation Required
  • 402 Payment Required
  • 403 Forbidden
  • 404 Not Found
  • 405 Method Not Allowed
  • 406 Not Acceptable
  • 407 Proxy Authentication Required
  • 408 Request Time-Out
  • 409 Conflict
  • 410 Gone
  • 411 Length Required
  • 412 Precondition Failed
  • 413 Request Entity Too Large
  • 414 Request-URL Too Large
  • 415 Unsupported Media Type
  • 500 Server Error
  • 501 Not Implemented
  • 502 Bad Gateway
  • 503 Out of Resources
  • 504 Gateway Time-Out
  • 505 HTTP Version not supported

T

Task - A Task is a log-processing event of any type programmed into the Scheduler. Tasks can be set to execute at virtually any frequency desired, but are generally set to run at a daily interval.

Term (Campaign Tracking) - In the context of campaign tracking, term refers to the keyword(s) that a visitor types into a search engine. The UTM variable for term is utm_term. Term is one of the five campaign dimensions; the other four are source, medium, content and campaign.

Top-Level Domain For instance, the TLD of Google.com is ".com" and the TLD of Google.co.uk is ".uk".

Total Unique Visitor Sessions - The total number of Sessions from identified Unique Visitors during the time period ( Date Range ) being analysed.

U

Unique Visitor Session - A Unique Visitor Session is a quantity of visitor interaction with a website for which the visitor can be tracked and declared with a high degree of confidence as being unique for the time period being analysed.

Unique Visitors - Unique Visitors represent the number of unduplicated (counted only once) visitors to your website over the course of a specified time period. A Unique Visitor is determined using cookies.

Untrackable Session - A period of visitor interaction with a website for which the visitor cannot necessarily be distinguished as unique or not.

URL - Uniform Resource Locator is a means of identifying an exact location on the Internet. For example, http://www.Googleanalytics.com/support/platforms.html is the URL that defines the use of HTTP to access the web page platforms.html in the /support/ directory on the Google Analytics website. URLs typically have four parts: protocol type (HTTP), host domain name (www.Googleanalytics.com), directory path (/support/) and file name (platforms.html).

User - As it pertains to Google Analytics, a user is defined as a person who has specific report set access, a username and password. To set up a user in Google Analytics' administrative system, click on the Access Manager tab at the top of the screen. Then click "Add" in the Existing Access table on the right.

User Agent - A user agent is a generic term for any programme used for accessing a website. This includes browsers (such as Internet Explorer or Netscape), robots and spiders and any other software programme that acts as an "agent" for a someone or something seeking information from a website.

Username - A Username is a name used to gain access to a computer system. Usernames and usually passwords are required in multi-user systems. In most such systems, users can choose their own usernames and passwords.

UTM - The UTM is the Google Analytics Traffic Monitor, a system whereby unique visitors can be accurately tracked using a combination of server and client-side technology including cookies. Please see the UTM white paper for more information.

V

View Total - The View Total is the tally of items currently shown in the report. This total does not include items that are not shown. For example, if the report in question is showing 10 items out of 45, the View Total number represents the total for only the 10 items shown. Below the View Total listing is the Total, which represents the tally of all items in this report for this Date Range.

Visit - See Session.

Visitor - A Visitor is a construct designed to come as close as possible to defining the number of actual, distinct people who visited a website. There is of course no way to know if two people are sharing a computer from the website's perspective, but a good visitor-tracking system can come close to the actual number. The most accurate visitor-tracking systems generally employ cookies to maintain tallies of distinct visitors.

Visitor Session - A Visitor Session is a defined period of interaction between a Visitor (both unique and untrackable visitor types) and a website. The definition of a Sessionvaries depending on the type of visitor tracking employed.

Visitor Sessions - Visitor Sessions represent the number of times individual users visited your website over the course of a specified time period. This is a sum of First-time, Returning and Unknown Sessions.

Visitors Total - Visitors is the number of Total Unique Visitors plus the number of Untrackable IP-based Visitors, which represents all individual visitors to your website over the course of a specified time period.

W

W3C - The W3C, or World Wide Web Consortium, is a standards body dedicated to ensuring interoperability between all the varied system and network types that comprise the World Wide Web part of the Internet. The W3C log format is commonly used by several web server software systems, such as Microsoft IIS. For more information.

Web Server - This is a vague term whose meaning must be determined by the context in which it is used. It will mean one of two things: The physical computer that acts as a server. This is a computer just like any other. It is called a server because its main function is to deliver web pages. There is often nothing particularly special about a server's hardware, it is only a server because of the software.



          Akibat Meremehkan Allah, Bukan Kebetulan        
  11/15/16, 19:11 - Messages you send to this group are now secured with end-to-end encryption. Tap for more info. 11/15/16, 21:27 - Iibf #5 Nanang J left 11/15/16, 20:05 - Iibf Gusmuth: ReadMore >>
          Peluang Investasi Akhirat dengan Quran        
6/29/16, 15:04 - Messages you send to this chat and calls are now secured with end-to-end encryption. Tap for more info. 6/29/16, 15:04 - Is Ust Generator 2: HADIAH YANG BISA MENARIK KITA DARI JURANG NERAKA.  ReadMore >>
          How good is Sophos Endpoint?        

I'm not sure that this is a fair comparison.  Sophos covers a lot more territory than just AV and security these days is far more than just AV.  These other products don't even come close to the control that you have with Sophos.  Application control, device control, data control, web, email, NAC, encryption...We have had a fantastic experience with Sophos for the past 3 years after horrid experiences with Symantec and Mcafee for years before.  I have not had any problems with sophos being a resource hog either.  As a matter of fact we are running 8 year old systems with often less than 1GB memory.  long story short, i'm surprised to see that others have had problems with Sophos.


          How good is Sophos Endpoint?        

Whatever you do steer clear of sophos, they use incredibly complex encryption for their (728 bit) client server comms, it drains the life out of CPU and memory especially on older systems. I run enterprise Sophos and would love to use anythign else, especially reccommend Vyper anti-virus as it's very low on host resources. Also the Sophos management console is not the best in the market.

Just my thoughts.


          "This house believes that protecting users’ privacy in libraries should take precedence over any other demands on users’ data.”        

CILIP North East debate on Thursday, 23rd March, 2017, at The North of England Institute of Mining and Mechanical Engineers, Newcastle upon Tyne.

Chair:  Dr Biddy Casselden, Senior Lecturer, iSchool, Northumbria University

Proposer: Ian Clark – subject librarian at East of London University and co-founder of Voices for the Library

Seconder:  Alex Haydock – recent law graduate, specialising in technology and internet law.  Organiser for North East section of the Open Rights Group, and works together with CryptoParty Newcastle

Opposer: Robin Smith - Head of Cyber Security of Yorkshire Police (unable to attend)

Seconder:  Peter Dinsdale – experienced Data Protection office, currently working in the Information Security Team at Newcastle University.

……………………………………………………………………………………………………………………………………………………………

Blogpost

Opening Statements

Ian Clark opened the proposal of the motion by mentioning CILIP’s 12 ethical principles, focussing in particular on two of these:

Principle No. 3 – “Commitment to the defence, and the advancement, of access to information, ideas and works of the imagination”

Principle No. 8 – “Respect for confidentiality and privacy in dealing with information users”

This implies that people should be able to access information freely without being subjected to mass surveillance.  In differentiating between mass surveillance as opposed to targeted surveillance, Ian presented the argument that if ‘you are up to something, they will get you anyway’ whether users’ privacy in libraries is protected or not. He identified a key negative aspect of surveillance in that it is now very difficult for researchers looking into terrorist behaviours to find the information they need to try and understand and analyse these behaviour. Such research cannot be conducted without using terrorist related terms, which immediately attracts surveillance attention and potentially results in the blocking of key sources of information. Privacy concerns were also mentioned with regard to data being vulnerable to hackers and criminals. Ian a survey conducted in 2015 in which 32% of those surveyed said they would pay for better personal data protection, while 72% said they were concerned that their data was not secure enough.  Ian noted that post-Snowden there was a 20% reduction in page views relating to terrorism. Ian gave some US examples alternatively of jailing for refusing to testify against Vietnam War activists (Zoya Horn) and also a case of refusal of gagging orders (George Christian). Ian saw the library services as including enabling its users to get online and in a secure way, where users are shown how to protect their data online.

Peter Dinsdale, originally the Seconder for the opposing side, but due to the absence of the Opposer, was given more time to present the opposing side’s argument. He said he didn’t buy into the argument that if you have nothing to hide, you have nothing to fear. He argued that privacy is “not a binary decision”; that it hits all levels of society, and that it was up to society to determine where to draw the line between privacy and security.  At the moment, he argued, privacy is an arbitrary word, based on random choice or personal whim. He argued that the motion suggests that only absolute privacy is acceptable and that this is not realistic. Privacy, like freedom of speech, is, according to Peter, a qualified act. Privacy cannot be seen as a primary right – ‘it plays second fiddle to security issues’. Peter outlined the legal developments of rights to privacy and protection as identified in the European Convention on Human Rights, identifying the qualifiers where exemptions are allowed, similarly under data protection law, thus further promoting the argument that you cannot have absolute privacy.  He mentioned that even the watchdog, Privacy International, is not trying to promote total privacy. The new Prevent Duty law, qualifiers to Freedom of Speech rights, the Investigative Powers legislation, are all mentioned as showing that privacy cannot be absolute. Even the duty of confidence, it seems, can be overwritten.  Peter concluded by stating that the law about qualifiers to privacy rights are not arbitrary and that there is adequate provision to ensure that they laws are not abused and privacy safeguards are enshrined.

Alex Haydock, the Seconder to the debate Proposer also moved quickly into the legal arena, but from the viewpoint of demonstrating the risk of powers which are too wide, relying on internal safeguards, but risking an autocratic and arbitrary approach to the handling of data.  He mentioned the Investigative Powers Act of 2016 with its wide-ranging powers for government and NGOs to collect data, even though it claims that only targeted interception is justified.  However, telecommunications providers are required to store user data for no longer than 12 months, but it’s still a massive amount of data.  Alex identified the range of potential data that could be collected, which could results in leaked data, or misuse of data; book lending history or video rental history and/or internet browser history is already a huge of amount of data that could potentially be vulnerable.  Pervasive monitoring and mass surveillance were seen as an attack on rights to privacy. Alex concluded by stating that librarians and libraries should lead the fight; they should stand up and teach individuals how to protect their own privacy.

Questions were then asked of the two sides, from the audience.

The first question was about the concept of libraries being neutral spaces, where people don’t feel afraid that they are being watched in terms of what they take out.  Ian Clark, the proposer argued that the library spaces are not free as users’ activities are still monitored.  Again the difficulty of being able to safely conduct research on extremism was mentioned.

Algorithms applied to data sets came up next for discussion with the response from the proposer side that ‘data existence is a risk’. 

The problem of government surveillance tactics attracted the comment that while there may be trust in government’s handling of our data today but that might not be the case tomorrow.

The next question was about what we should do if we think the surveillance has too far. The first comment was to write to the local MP.  Peter Dinsdale talked about lack of engagement and the need to encourage more engagement in the democratic process.

The next question drew quite a seesaw of remarks from both the proposing side and the opposing side. The question was why is the responsibility for handling data the responsibility of the telecommunication service provider and not the government.

The opposition, Peter Dinsdale, argued that this was due to lack of money and that the ‘government doesn’t have the greatest record with IT’ therefore it’s a risk. It was further stated that privacy policies shouldn’t be driven by security and that organisations should simply have better systems of protection in place. Peter also asked the opposing team about the ‘chilling effect’ (where rights such as freedom of speech may be reduced due to fear of negative outcomes from exercising those rights). He also asked the opposing team about how can metadata be safe as it is not encrypted.

Ian Clark, on the proposing side, felt the responsibility in relation to protection shouldn’t be limited to librarians but other services too. He also queried whether the provisions of the Freedom of Information Act were strong or transparent enough or whether it was unfairly maligned.  He mentioned that information requested was disposable to the public unless there was a good reason not to do so – although this did not mean that ‘privacy was in the bag’.

In response to Peter’s question about the chilling effect, Alex Haydock on the proposing side, referred back to the point about how it can be difficult to conduct research in certain areas and get good correlations, and that this carries the risk of stifling.

With regard to the question of metadata, this was identified as problematic although it was emphasised that the content of the message itself could not be read and therefore was still protected. Ian Clark stated that libraries are public educators, who can help users understand how to protect their privacy.  “Why not teach privacy and safety?”

Then came the summing up by the debaters –

Ian Clark, on the proposing side, brought in figures form a survey in which 43% were opposed to restrictions on encryption while 29% supported theses.  Demand from the public to learn more is growing.  This is argued as a way to reduce the digital divide and improve inclusion (including showing how to stay safe).  With regards to encryption and terrorism, it was noted that in the case of the Brussels and Paris attacks, no encryption was used.

Peter Dinsdale, on the opposing side, believed that the key was digital literacy; also that mass surveillance requires some legislative control and whether this is a good thing at all is a moot point; society decides where to draw that fine line between protecting privacy and ensuring security and safety.  He concludes with his theme idea that privacy is a qualified right not an absolute right.

The chair’s summary of the three debating speakers as follows:

Ian Clark brought in the two CILIP ethical principles, gave a brief history of some of the librarians who had been locked up for not giving information.  He explained why the issues are important, that there is a difference between mass as opposed to targeted surveillance (the state will get you anyway); that protection of data and privacy is not a new and radical idea; a clear concern about data theft and ignorance about how to protect yourself was identified; that librarians need to tackle users’ lack of confidence in protecting their data and that librarians need to help them learn how to do so.

Peter Dinsdale believed that privacy is not a binary issue, that society has to decide where to draw the line between privacy and security, conventions and laws needs to be considered including the new Prevent Duty, qualifiers to rights of freedom of speech and the circumstances for allowing interceptions of communications; Peter believed that privacy cannot be seen as a primary right.

Alex Haydock, also on the proposing side, believed that in the area of digital and cyber security, librarians should be leading the fight to protect user data.  Concern was expressed about government departments not having court authorisation to conduct surveillance.  The seconder believed that it is the librarian’s duty to minimise data collection.  Internet history has shown that leaked data may provide a misleading picture of someone’s life.

In the audience vote – 8 people were convinced by the proposed motion, while 7 were more convinced by the opposition argument.  One of the audience members suggested as there was only one speaker for the opposition as opposed to two for the proposed argument, that it should be treated as a draw.

 

 

 


          How to Import RPM GPG Key        


Note: All the commands tested on CentOs 5.x. Your output may be vary depending

on distribution and version, so your results may not always look exactly like

the listings and figures shown here. Almost all everything works well on

RHEL/CentOs/Fedora.


Why to check signature of an rpm:


The signature confirms that the package was signed by an authorized party and
also confirm the integrity and origin of your file. It is extremely important
to verify the signature of the RPM files before installing them to ensure that
they have not been altered from the original source of the packages.


Checking a package's Signature:


The --checksig(or -K) option checks all the digests and signatures contained
in PACKAGE_FILE to ensure the integrity and origin of the package. Note that
signatures are now verified whenever a package is read, and --checksig is useful
to verify all of the digests and signatures associated with a package.

If you wish to verify that a package has not been corrupted or tampered with,
examine only the md5sum by typing the following command at a shell prompt (where
<rpm-file> is the file name of the RPM package):

rpm -K --nosignature <rpm-file>

The message <rpm-file>: md5 OK is displayed. This brief message means
that the file was not corrupted by the download. To see a more verbose message,
replace -K with -Kvv in the command.

For demonstration purpose I downloaded createrepo package from CentOs mirror
and used in examples.


[root@localhost ~]# rpm -K --nosignature createrepo-0.4.11-3.el5.noarch.rpm

createrepo-0.4.11-3.el5.noarch.rpm: sha1 md5 OK

On the other hand, how trustworthy is the developer who created the package? If
the package is signed with the developer's GnuPG key,you know that the developer
really is who they say they are.

An RPM package can be signed using Gnu Privacy Guard (or GnuPG), to help you
make certain your downloaded package is trustworthy. GnuPG is a tool for secure
communication; it is a complete and free replacement for the encryption technol-
ogy of PGP, an electronic privacy program. With GnuPG, you can authenticate the
validity of documents and encrypt/decrypt data to and from other recipients.
GnuPG is capable of decrypting and verifying PGP 5.x files as well.

During installation,GnuPG is installed by default. That way you can immediately
start using GnuPG to verify any packages that you receive from CentOs(RHEL/Fedor
a). Before doing so, you must first import CentOs's public key. If you not impo-
rted correct public key, you will get following error message.


[root@localhost ~]# rpm -K createrepo-0.4.11-3.el5.noarch.rpm

createrepo-0.4.11-3.el5.noarch.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING

KEYS: GPG#e8562897)

Here the GPG in parentheses indicates that there's a problem with the signature,
and the message at the end of the line (MISSING KEYS) shows what the problem is.
Basically, RPM asked GPG to verify the package against a key(GPG#e8562897) that
GPG didn't have, and GPG complained. It means you missed the correct public key.


How to import public keys:


Digital signatures cannot be verified without a public key. An ascii armored
public key can be added to the rpm database using --import. An imported public
key is carried in a header, and key ring management is performed exactly like
package management. For example, all currently imported public keys can be
displayed by:

rpm -qa gpg-pubkey*

To verify CentOs (RHEL/Fedora) packages, you must import the CentOs(RHEL/Fedora)
GPG key. To do so, execute the following command at a shell prompt:


[root@localhost ~]# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

This will create duplicate copies if one already exists.
To display a list of all keys installed for RPM verification,execute the command

[root@localhost ~]# rpm -qa gpg-pubkey*

gpg-pubkey-e8562897-459f07a4

or

RPM has the capacity to retrieve the key from a Mirror:

[root@ ~]# rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

[root@ ~]# rpm -qa gpg-pubkey*

gpg-pubkey-e8562897-459f07a4

gpg-pubkey-e8562897-459f07a4


Note: Depending on distribution and version, you have to change mirror link.

OK, public key imported, now check signature of the createrepo rpm.


[root@localhost ~]# rpm -K createrepo-0.4.11-3.el5.noarch.rpm

createrepo-0.4.11-3.el5.noarch.rpm: (sha1) dsa sha1 md5 gpg OK

This means that the signature of the package has been verified, and that it is
not corrupted. If you want to know public key builder's name , execute the
command:


[root@~]# rpm -qa gpg-pubkey\* --qf "%{name}-%{version}-%{release}-%{summary}\n"

gpg-pubkey-e8562897-459f07a4-gpg(CentOS-5 Key (CentOS 5 Official Signing Key)

<centos-5-key@centos.org>)

gpg-pubkey-e8562897-459f07a4-gpg(CentOS-5 Key (CentOS 5 Official Signing Key)

<centos-5-key@centos.org>)

gpg-pubkey-2689b887-42315a9a-gpg(Hewlett-Packard Company (HP Codesigning Service

))


Note: For showing difference I imported HP GPG key.

If you're the curious type and you want to know more information about imported
GPG key, use the following command.

rpm -qi <gpg-pubkey>


[root@localhost data]# rpm -qi gpg-pubkey-e8562897-459f07a4

Name : gpg-pubkey Relocations: (not relocatable)

Version : e8562897 Vendor: (none)

Release : 459f07a4 Build Date: Fri 07 Oct 2011 05:53:03 PM IST

Install Date: Fri 07 Oct 2011 05:53:03 PM IST Build Host: localhost

Group : Public Keys Source RPM: (none)

Size : 0 License: pubkey

Signature : (none)

Summary : gpg(CentOS-5 Key (CentOS 5 Official Signing Key) <centos-5-key@

centos.orgi>)

Description :

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: rpm-4.4.2.3 (NSS-3)



mQGiBEWfB6MRBACrnYW6yKMT+MwJlCIhoyTxGf3mAxmnAiDEy6HcYN8rivssVTJk

CFtQBlBOpLV/OW2YtKrCO2xHn46eNfnMri8FGT8g+9JF3MUVi7kiV1He4iJynHXB

+F2ZqIvHf3IaUj1ys+p8TK64FDFxDQDrGQfIsD/+pkSGx53/877IrvdwjwCguQcr

Ioip5TH0Fj0OLUY4asYVZH8EAIqFHEqsY+9ziP+2R3/FyxSllKkjwcMLrBug+cYO

LYDD6eQXE9Mq8XKGFDj9ZB/0+JzK/XQeStheeFG75q3noq5oCPVFO4czuKErIRAB

qKbDBhaTj3JhOgM12XsUYn+rI6NeMV2ZogoQCC2tWmDETfRpYp2moo53NuFWHbAy

XjETA/sHEeQT9huHzdi/lebNBj0L8nBGfLN1nSRP1GtvagBvkR4RZ6DTQyl0UzOJ

RA3ywWlrL9IV9mrpb1Fmn60l2jTMMCc7J6LacmPK906N+FcN/Docj1M4s/4CNanQ

NhzcFhAFtQL56SNyLTCk1XzhssGZ/jwGnNbU/aaj4wOj0Uef5LRGQ2VudE9TLTUg

S2V5IChDZW50T1MgNSBPZmZpY2lhbCBTaWduaW5nIEtleSkgPGNlbnRvcy01LWtl

eUBjZW50b3Mub3JnPohkBBMRAgAkBQJFnwekAhsDBQkSzAMABgsJCAcDAgMVAgMD

FgIBAh4BAheAAAoJEKikR9zoViiXKlEAmwSoZDvZo+WChcg3s/SpNoWCKhMAAJwI

E2aXpZVrpsQnInUQWwkdrTiL5YhMBBMRAgAMBQJFnwiSBYMSzAIRAAoJEDjCFhY5

bKCk0hAAn134bIx3wSbq58E6P6U5RT7Z2Zx4AJ9VxnVkoGHkVIgSdsxHUgRjo27N

F7kBDQRFnwezEAQA/HnJ5yiozwgtf6jt+kii8iua+WnjqBKomPHOQ8moxbWdv5Ks

4e1DPhzRqxhshjmub4SuJ93sgMSAF2ayC9t51mSJV33KfzPF2gIahcMqfABe/2hJ

aMzcQZHrGJCEX6ek8l8SFKou7vICzyajRSIK8gxWKBuQknP/9LKsoczV+xsAAwUD

/idXPkk4vRRHsCwc6I23fdI0ur52bzEqHiAIswNfO521YgLk2W1xyCLc2aYjc8Ni

nrMX1tCnEx0/gK7ICyJoWH1Vc7//79sWFtX2EaTO+Q07xjFX4E66WxJlCo9lOjos

Vk5qc7R+xzLDoLGFtbzaTRQFzf6yr7QTu+BebWLoPwNTiE8EGBECAA8FAkWfB7MC

GwwFCRLMAwAACgkQqKRH3OhWKJfvvACfbsF1WK193zM7vSc4uq51XsceLwgAoI0/

9GxdNhGQEAweSlQfhPa3yYXH

=o/Mx

-----END PGP PUBLIC KEY BLOCK-----

You can view above PGP public key block directly by:

vi /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

Depending on distribution, change file path.

          JSON Web Tokens, OWIN, and AngularJS        

I’m working on an exciting new project at the moment. The main UI element is a management console built with AngularJS that communicates with a HTTP/JSON API built with NancyFX and hosted using the Katana OWIN self host. I’m quite new to this software stack, having spent the last three years buried in SOA and messaging, but so far it’s all been a joy to work with. AngularJS makes building single page applications so easy, even for a newbie like me, that it almost feels unfair. I love the dependency injection, templating and model binding, and the speed with which you can get up and running. On the server side, NancyFx is perfect for building HTTP/JSON APIs. I really like the design philosophy behind it. The built-in dependency injection, component oriented design, and convention-over-configuration, for example, is exactly how I like build software. OWIN is a huge breakthrough for C# web applications. Decoupling the web server from the web framework is something that should have happened a long time ago, and it’s really nice to finally say goodbye to ASP.NET.

Rather than using cookie based authentication, I’ve decided to go with JSON Web Tokens (JWT). This is a relatively new authorization standard that uses a signed token, transmitted in a request header, rather than the traditional ASP.NET cookie based authorization.

There are quite a few advantages to JWT:

  • Cross Domain API calls. Because it’s just a header rather than a cookie, you don’t have any of the cross-domain browser problems that you get with cookies. It makes implementing single-sign-on much easier because the app that issues the token doesn’t need to be in any way connected with the app that consumes it. They merely need to have access to the same shared secret encryption key.
  • No server affinity. Because the token contains all the necessary user identification, there’s no for shared server state – a call to a database or shared session store.
  • Simple to implement clients. It’s easy to consume the API from other servers, or mobile apps.

So how does it work? The JWT token is a simple string of three ‘.’ separated base 64 encoded values:

<header>.<payload>.<hash>

Here’s an example:

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoibWlrZSIsImV4cCI6MTIzNDU2Nzg5fQ.KG-ds05HT7kK8uGZcRemhnw3er_9brQSF1yB2xAwc_E

The header and payload are simple JSON strings. In the example above the header looks like this:

{ "typ": "JWT", "alg": "HMACSHA256" }

This is defined in the JWT standard. The ‘typ’ is always ‘JWT’, and the ‘alg’ is the hash algorithm used to sign the token (more on this later).

The payload can be any valid JSON, although the standard does define some keys that client and server libraries should respect:

{
"user": "mike",
"exp": 123456789
}

Here, ‘user’ is a key that I’ve defined, ‘exp’ is defined by the standard and is the expiration time of the token given as a UNIX time value. Being able to pass around any values that are useful to your application is a great benefit, although you obviously don’t want the token to get too large.

The payload is not encrypted, so you shouldn’t put sensitive information it in. The standard does provide an option for encrypting the JWT inside an encrypted wrapper, but for most applications that’s not necessary. In my case, an attacker could get the user of a session and the expiration time, but they wouldn’t be able to generate new tokens without the server side shared-secret.

The token is signed by taking the header and payload, base  64 encoding them, concatenating with ‘.’ and then generating a hash value using the given algorithm. The resulting byte array is also base 64 encoded and concatenated to produce the complete token. Here’s some code (taken from John Sheehan’s JWT project on GitHub) that generates a token. As you can see, it’s not at all complicated:

/// <summary>
/// Creates a JWT given a payload, the signing key, and the algorithm to use.
/// </summary>
/// <param name="payload">An arbitrary payload (must be serializable to JSON via <see cref="System.Web.Script.Serialization.JavaScriptSerializer"/>).</param>
/// <param name="key">The key bytes used to sign the token.</param>
/// <param name="algorithm">The hash algorithm to use.</param>
/// <returns>The generated JWT.</returns>
public static string Encode(object payload, byte[] key, JwtHashAlgorithm algorithm)
{
var segments = new List<string>();
var header = new { typ = "JWT", alg = algorithm.ToString() };

byte[] headerBytes = Encoding.UTF8.GetBytes(jsonSerializer.Serialize(header));
byte[] payloadBytes = Encoding.UTF8.GetBytes(jsonSerializer.Serialize(payload));

segments.Add(Base64UrlEncode(headerBytes));
segments.Add(Base64UrlEncode(payloadBytes));

var stringToSign = string.Join(".", segments.ToArray());

var bytesToSign = Encoding.UTF8.GetBytes(stringToSign);

byte[] signature = HashAlgorithms[algorithm](key, bytesToSign);
segments.Add(Base64UrlEncode(signature));

return string.Join(".", segments.ToArray());
}

Implementing JWT authentication and authorization in NancyFx and AngularJS

There are two parts to this: first we need a login API, that takes a username (email in my case) and a password and returns a token, and secondly we need a piece of OWIN middleware that intercepts each request and checks that it has a valid token.

The login Nancy module is pretty straightforward. I took John Sheehan’s code and pasted it straight into my project with a few tweaks, so it was just a question of taking the email and password from the request, validating them against my user store, generating a token and returning it as the response. If the email/password doesn’t validate, I just return 401:

using System;
using System.Collections.Generic;
using Nancy;
using Nancy.ModelBinding;
using MyApp.Api.Authorization;

namespace MyApp.Api
{
public class LoginModule : NancyModule
{
private readonly string secretKey;
private readonly IUserService userService;

public LoginModule (IUserService userService)
{
Preconditions.CheckNotNull (userService, "userService");
this.userService = userService;

Post ["/login/"] = _ => LoginHandler(this.Bind<LoginRequest>());

secretKey = System.Configuration.ConfigurationManager.AppSettings ["SecretKey"];
}

public dynamic LoginHandler(LoginRequest loginRequest)
{
if (userService.IsValidUser (loginRequest.email, loginRequest.password)) {

var payload = new Dictionary<string, object> {
{ "email", loginRequest.email },
{ "userId", 101 }
};

var token = JsonWebToken.Encode (payload, secretKey, JwtHashAlgorithm.HS256);

return new JwtToken { Token = token };
} else {
return HttpStatusCode.Unauthorized;
}
}
}

public class JwtToken
{
public string Token { get; set; }
}

public class LoginRequest
{
public string email { get; set; }
public string password { get; set; }
}
}

On the AngularJS side, I have a controller that calls the LoginModule API. If the request is successful, it stores the token in the browser’s sessionStorage, it also decodes and stores the payload information in sessionStorage. To update the rest of the application, and allow other components to change state to show a logged in user, it sends an event (via $rootScope.$emit) and then redirects to the application’s root path. If the login request fails, it simply shows a message to inform the user:

myAppControllers.controller('LoginController', function ($scope, $http, $window, $location, $rootScope) {
$scope.message = '';
$scope.user = { email: '', password: '' };
$scope.submit = function () {
$http
.post('/api/login', $scope.user)
.success(function (data, status, headers, config) {
$window.sessionStorage.token = data.token;
var user = angular.fromJson($window.atob(data.token.split('.')[1]));
$window.sessionStorage.email = user.email;
$window.sessionStorage.userId = user.userId;
$rootScope.$emit("LoginController.login");
$location.path('/');
})
.error(function (data, status, headers, config) {
// Erase the token if the user fails to login
delete $window.sessionStorage.token;

$scope.message = 'Error: Invalid email or password';
});
};
});

Now that we have the JWT token stored in the browser’s sessionStorage, we can use it to ‘sign’ each outgoing API request. To do this we create an interceptor for Angular’s http module. This does two things: on the outbound request it adds an Authorization header ‘Bearer <token>’ if the token is present. This will be decoded by our OWIN middleware to authorize each request. The interceptor also checks the response. If there’s a 401 (unauthorized) response, it simply bumps the user back to the login screen.

myApp.factory('authInterceptor', function ($rootScope, $q, $window, $location) {
return {
request: function (config) {
config.headers = config.headers || {};
if($window.sessionStorage.token) {
config.headers.Authorization = 'Bearer ' + $window.sessionStorage.token;
}
return config;
},
responseError: function (response) {
if(response.status === 401) {
$location.path('/login');
}
return $q.reject(response);
}
};
});

myApp.config(function ($httpProvider) {
$httpProvider.interceptors.push('authInterceptor');
});

The final piece is the OWIN middleware that intercepts each request to the API and validates the JWT token.

We want some parts of the API to be accessible without authorization, such as the login request and the API root, so we maintain a list of exceptions, currently this is just hard-coded, but it could be pulled from some configuration store. When the request comes in, we first check if the path matches any of the exception list items. If it doesn’t we check for the presence of an authorization token. If the token is not present, we cancel the request processing (by not calling the next AppFunc), and return a 401 status code. If we find a JWT token, we attempt to decode it. If the decode fails, we again cancel the request and return 401. If it succeeds, we add some OWIN keys for the ‘userId’ and ‘email’, so that they will be accessible to the rest of the application and allow processing to continue by running the next AppFunc.

using System;
using System.Collections.Generic;
using System.Threading.Tasks;

namespace MyApp.Api.Authorization
{
using AppFunc = Func<IDictionary<string, object>, Task>;

/// <summary>
/// OWIN add-in module for JWT authorization.
/// </summary>
public class JwtOwinAuth
{
private readonly AppFunc next;
private readonly string secretKey;
private readonly HashSet<string> exceptions = new HashSet<string>{
"/",
"/login",
"/login/"
};

public JwtOwinAuth (AppFunc next)
{
this.next = next;
secretKey = System.Configuration.ConfigurationManager.AppSettings ["SecretKey"];
}

public Task Invoke(IDictionary<string, object> environment)
{
var path = environment ["owin.RequestPath"] as string;
if (path == null) {
throw new ApplicationException ("Invalid OWIN request. Expected owin.RequestPath, but not present.");
}
if (!exceptions.Contains(path)) {
var headers = environment ["owin.RequestHeaders"] as IDictionary<string, string[]>;
if (headers == null) {
throw new ApplicationException ("Invalid OWIN request. Expected owin.RequestHeaders to be an IDictionary<string, string[]>.");
}
if (headers.ContainsKey ("Authorization")) {
var token = GetTokenFromAuthorizationHeader (headers ["Authorization"]);
try {
var payload = JsonWebToken.DecodeToObject (token, secretKey) as Dictionary<string, object>;
environment.Add("myapp.userId", (int)payload["userId"]);
environment.Add("myapp.email", payload["email"].ToString());
} catch (SignatureVerificationException) {
return UnauthorizedResponse (environment);
}
} else {
return UnauthorizedResponse (environment);
}
}
return next (environment);
}

public string GetTokenFromAuthorizationHeader(string[] authorizationHeader)
{
if (authorizationHeader.Length == 0) {
throw new ApplicationException ("Invalid authorization header. It must have at least one element");
}
var token = authorizationHeader [0].Split (' ') [1];
return token;
}

public Task UnauthorizedResponse(IDictionary<string, object> environment)
{
environment ["owin.ResponseStatusCode"] = 401;
return Task.FromResult (0);
}
}
}

So far this is all working very nicely. There are some important missing pieces. I haven’t implemented an expiry key in the JWT token, or expiration checking in the OWIN middleware. When the token expires, it would be nice if there was some algorithm that decides whether to simply issue a new token, or whether to require the user to sign-in again. Security dictates that tokens should expire relatively frequently, but we don’t want to inconvenience the user by asking them to constantly sign in.

JWT is a really nice way of authenticating HTTP/JSON web APIs. It’s definitely worth looking at if you’re building single page applications, or any API-first software.


          DTNS 3073 – The Case of Australia v. Math        
We bust through the FUD around Australia’s proposed encryption law. Plus the demise of another dark web marketplace and why you might want to stick all your data in the cloud when you cross a border. MP3 Using a Screen Reader? Click here Multiple versions (ogg, video etc.) from Archive.org. Please SUBSCRIBE HERE. Follow us … Continue reading DTNS 3073 – The Case of Australia v. Math
          Daily Tech Headlines – July 14, 2017        
Australia floats encryption law, Amazon Echo chief retires, Google Music adds discovery radio. MP3 Please SUBSCRIBE HERE. Follow us on Soundcloud. A special thanks to all our supporters–without you, none of this would be possible. If you are willing to support the show or give as little as 5 cents a day on Patreon. Thank … Continue reading Daily Tech Headlines – July 14, 2017
          RMAN备份与恢复资料         
   sqlplus /nolog
   conn /as sysdba
   archive log list (查看数据库是否处于归档模式中)

   若为非归档,则修改数据库归档模式。
   startup mount
   alter database archivelog
   alter database open

2.连接到target数据库

命令: connect target  / (connect target system/oracle@ora10g,如果数据库没有起来,也可要直接在rman命令下用startup进行启动数据库)
可以连接到target database.(rman 一边连接到target数据库,另外一边连接到control file(nocatalog mode),control file 中存储rman 的备份信息)

3.用list backupset 命令查看有没有备份的东西

4. 常用备份命令:
 å¤‡ä»½å…¨åº“:
RMAN> backup database plus archivelog delete input;     (备份全库及控制文件、服务器参数文件与所有归档的重做日志,并删除旧的归档日志)
备份表空间:
RMAN> backup tablespace system plus archivelog delete input;     (备份指定表空间及归档的重做日志,并删除旧的归档日志)_
备份归档日志:
RMAN> backup archivelog all delete input;


======================对整个数据库进行备份==================

1.对整个数据库进行全备份(full backup)。

    只要输入命令: backup database;

2.list backupset 查看备份的具体信息

List of Backup Sets
===================

BS Key  Type LV Size       Device Type Elapsed Time Completion Time
------- ---- -- ---------- ----------- ------------ ---------------
1       Full    6.80M      DISK        00:00:02     06-DEC-08     
        BP Key: 1   Status: AVAILABLE  Compressed: NO  Tag: TAG20081206T201041
        Piece Name: /home/oracle/flash_recovery_area/ORA10G/backupset/2008_12_06/o1_mf_ncsnf_TAG20081206T201041_4mntz78s_.bkp
  Control File Included: Ckp SCN: 782019       Ckp time: 06-DEC-08
  SPFILE Included: Modification time: 06-DEC-08

BS(backupset), piece是一个文件,一个BS包含多个piece.

3.rman中缺省的参数,可以通过 show all ;
来进行查看(RMAN configuration parameters),我们在使用backup database命令中,可以把这些default value 用固定的值来进行替代.

4.我们可以把备份的文件才备份的目录中拷贝到磁带上,然后删除备份目录下面的备份文件,如果下次需要恢复的话,只要把文件重新拷回到用来的备份目录就可以了
5.查看control file 文件中的备份信息(因为我们做的备份是在nocatalog模式下),control file 在/u01/oracle/oradata/ora10g目录下,由于control file 是个二进制文件,要查看control file 文件中的内容,用strings control03.ctl,发现control03.ctl中有rman备份的信息了

 
====================0级增量备份===============

概念:全备份和0级增量备份。全备份和0级增量备份几乎是一样的。唯一的区别,0级增量备份能作为增量备份的基础,而全备份不能作为增量备份的基础。其它方面完全一致

1.backup incremental level=0(leve 0) database;(增量为0的备份)
2.backup incremental level 1(level=1) database;(增量为1的备份)
 
在上面的备份中,我们备份了datafile,controlfile和parameter file.没有备份的文件有归档日志,重做日志和口令文件没有备份.口令文件不需要备份,我们用orapw来创建一个

新的口令文件.rman 在nocatalog模式下,不能够对redo log file 进行备份


===================备份archivelog 在nocatalog模式下=================

命令:backup database plus archivelog delete input(delete input的意思在备份完成后,删除 archivelog文件,这个选项可要可不要,这个命令也可以用 backup incremental level=0(1,2...)来进行备份)


=======================备份表空间====================

backup tablespace tablespacename

如果我们不知道tablespace的名字,在rman中,可要通过report schema命令,来查看表空间的名字

MAN> report schema;
Report of database schema

List of Permanent Datafiles
===========================
File Size(MB) Tablespace           RB segs Datafile Name
---- -------- -------------------- ------- ------------------------
1    480      SYSTEM               ***     /home/oracle/oradata/ora10g/system01.dbf
2    25       UNDOTBS1             ***     /home/oracle/oradata/ora10g/undotbs01.dbf
3    250      SYSAUX               ***     /home/oracle/oradata/ora10g/sysaux01.dbf
4    5        USERS                ***     /home/oracle/oradata/ora10g/users01.dbf
5    200      PERFSTAT             ***     /home/oracle/oradata/ora10g/perfstat.dbf

List of Temporary Files
=======================
File Size(MB) Tablespace           Maxsize(MB) Tempfile Name
---- -------- -------------------- ----------- --------------------
1    20       TEMP                 32767       /home/oracle/oradata/ora10g/temp01.dbf

========================备份控制文件====================

backup current controlfile

backup database include current controlfile

========================备份镜像========================

在rman的备份中有两种方式:备份集(backupset)和备份镜像(image copies).镜像备份主要是文件的拷贝:copy datafile ... to ...

我们在rman>report schema;

Report of database schema

List of Permanent Datafiles
===========================
File Size(MB) Tablespace           RB segs Datafile Name
---- -------- -------------------- ------- ------------------------
1    480      SYSTEM               ***     /home/oracle/oradata/ora10g/system01.dbf
2    25       UNDOTBS1             ***     /home/oracle/oradata/ora10g/undotbs01.dbf
3    250      SYSAUX               ***     /home/oracle/oradata/ora10g/sysaux01.dbf
4    5        USERS                ***     /home/oracle/oradata/ora10g/users01.dbf
5    200      PERFSTAT             ***     /home/oracle/oradata/ora10g/perfstat.dbf

List of Temporary Files
=======================
File Size(MB) Tablespace           Maxsize(MB) Tempfile Name
---- -------- -------------------- ----------- --------------------
1    20       TEMP                 32767       /home/oracle/oradata/ora10g/temp01.dbf

rman>copy datafile 5 to '/u01/rmanbak/tbso1bak.dbf';(copy 5 对应的schme:perfstat.dbf)

它会把tbs作为一个拷贝。我们用list backupset来看,不能够查看我们刚备份的 tbs01bak.dbf',因为它不是backupset. 我们用list copy 就能够查看我们刚才刚刚备份的文件

 
=======================单命令与批命令=================

单命令: backup database;

批命令:

rman> run{
 2> allocate channel cha1 type disk;
 3> backup
 4> format '/u01/rmanbak/full_%t'
 5> tag full-backup //标签可以顺便起,没关系
 6> database;
 7> release channel cha1;
 8>}

这个run中有3条命令,分别用分号来进行分割.

format:
%c:备份片的拷贝数(从1开始编号);
%d:数据库名称;
%D:位于该月中的天数(DD);
%M:位于该年中的月份(MM);
%F:一个基于DBID唯一的名称,这个格式的形式为c-xxx-YYYYMMDD-QQ,其中xxx位该数据库的DBID,YYYYMMDD为日期,QQ是一个1-256的序列;
%n:数据库名称,并且会在右侧用x字符进行填充,使其保持长度为8;
%u:是一个由备份集编号和建立时间压缩后组成的8字符名称。利用%u可以为每个备份集产生一个唯一的名称;
%p:表示备份集中的备份片的编号,从1开始编号;
%U:是%u_%p_%c的简写形式,利用它可以为每一个备份片段(既磁盘文件)生成一个唯一的名称,这是最常用的命名方式;
%t:备份集时间戳;
%T:年月日格式(YYYYMMDD);

channel的概念:一个channel是rman于目标数据库之间的一个连接,"allocate channel"命令在目标数据库启动一个服务器进程,同时必须定义服务器进程执行备份和恢复操作使

用的I/O类型

通道控制命令可以用来:
      控制rman使用的OS资源
      影响并行度
      指定I/O带宽的限制值(设置 limit read rate 参数)
      指定备份片大小的限制(设置 limit kbytes)
      指定当前打开文件的限制值(设置 limit maxopenfiles)

 
=================================RMAN一周典型备份方案============================

1.星期天晚上      -level 0 backup performed(全备份)
2.星期一晚上      -level 2 backup performed
3.星期二晚上      -level 2 backup performed
4.星期三晚上      -level 1 backup performed
5.星期四晚上      -level 2 backup performed
6.星期五晚上      -level 2 backup performed
7.星期六晚上      -level 2 backup performed

 
如果星期二需要恢复的话,只需要1+2,
如果星期四需要恢复的话,只需要1+4,
如果星期五需要恢复的话,只需要1+4+5,
如果星期六需要恢复的话,只需要1+4+5+6.

自动备份:备份脚本+crontab
 bakl0
 bakl1
 bakl2

执行脚本:
rman target / msglog=bakl0.log cmdfile=bakl0 (/表示需要连接的目标数据库,msglog表示日志文件,cmdfile表示的是脚本文件)
rman target / msglog=bakl1.log cmdfile=bakl1
rman target / msglog=bakl2.log cmdfile=bakl2

实例:rman target system/oracle@ora10g(/) msglog=/u01/rmanbak/bakl1.log cmdfile=/u01/rmanbak/bakl0


完整的命令:/u01/oracle/product/10.2.0/bin/rman target system/oracle@ora10g(/) msglog=/u01/rmanbak/bakl1.log cmdfile=/u01/rmanbak/bakl0

 
把备份脚本放到/u01/rmanbak/script目录下面,vi bakl0,bakl0的内容为:

run{
    allocate channel cha1 type disk;
    backup
    incremental level  0
    format '/u01/rmanbak/inc0_%u_%T'(u表示唯一的ID,大T是日期,小t是时间)
    tag monday_inc0 //标签可以顺便起,没关系
    database;
    release channel cha1;
    }
,类似就可以写出bakl1,bakl2相应的脚本.

 
自动备份
crontab
crontab -e -u oracle(改命令的意思是编辑oracle用户的定时执行(-e,edit -u oracle,oracle用户))

分  时  日 月 星期(0代表星期天)
45 23  *  *    0    rman target / msglog=bakl0.log cmdfile=bakl0(星期天的23:45会以oracle用户的身份来执行命令)
45 23  *  *    1    rman target / msglog=bakl2.log cmdfile=bakl2
45 23  *  *    2    rman target / msglog=bakl2.log cmdfile=bakl2
45 23  *  *    3    rman target / msglog=bakl1.log cmdfile=bakl1
45 23  *  *    4    rman target / msglog=bakl2.log cmdfile=bakl2
45 23  *  *    5    rman target / msglog=bakl2.log cmdfile=bakl2
45 23  *  *    6    rman target / msglog=bakl2.log cmdfile=bakl2

然后启动crontab ,启动crontab的命令:
root> service crond restart
 
=======================RMAN恢复================

在非catalog模式下,备份的信息存储在controlfile文件中,如果controlfile文件发生毁坏,那么就不能能够进行恢复,
使用在备份的时候需要把controlfile也进行自动备份
 
RMAN>show all;
using target database control file instead of recovery catalog
RMAN configuration parameters are:
CONFIGURE RETENTION POLICY TO REDUNDANCY 1; # default
CONFIGURE BACKUP OPTIMIZATION OFF; # default
CONFIGURE DEFAULT DEVICE TYPE TO DISK; # default
CONFIGURE CONTROLFILE AUTOBACKUP OFF; # default
CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE DISK TO '%F'; # default
CONFIGURE DEVICE TYPE DISK PARALLELISM 1 BACKUP TYPE TO BACKUPSET; # default
CONFIGURE DATAFILE BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
CONFIGURE ARCHIVELOG BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
CONFIGURE MAXSETSIZE TO UNLIMITED; # default
CONFIGURE ENCRYPTION FOR DATABASE OFF; # default
CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default
CONFIGURE ARCHIVELOG DELETION POLICY TO NONE; # default
CONFIGURE SNAPSHOT CONTROLFILE NAME TO '/home/oracle/product/10.20/dbs/snapcf_ora10g.f'; # default

其中CONFIGURE CONTROLFILE AUTOBACKUP OFF; 没有对controlfile进行 autobackup,使用我们需要运行下面命令来对controlfile进行自动备份
RMAN> CONFIGURE CONTROLFILE AUTOBACKUP ON;

RMAN> show all;

手动备份控制文件:
backup current controlfile


Dbid表示database的一个ID,将来用于恢复spfile和controlfile时候要用到.
RMAN> connect target /
connected to target database: ORA10G (DBID=3988862108)
这个Dbid=3988862108
 

RMAN> list backup;查看以前备份的信息
RMAN>delete backupset 24;//24代表backupset 的编号
RMAN>backup format '/u01/rmanbak/full_%T_%U.bak' database plus archivelog;(进行一次全备份)

验证备份:
RMAN> validate backupset 3;  //3代表backupset的编号

口令文件丢失(不属于rman备份的范畴),我们只需要用一个命令来重建这个文件就可以了:
orapw file=orapwsid password=pass entries=5;  //口令文件的路径:/u01/oracle/product/10.20/db_1/dbs目录下
oracle> cd /u01/oracle/product/10.20/db_1/dbs
oracle> rm orapwora10g;(文件删除,模拟丢失)
oracle> orapwd file=orapwora10g password=oracle entries=5;(重新建立一个文件),entries的意思(DBA的用户最多有5个)

SPFILE丢失:
startup nomount;
set dbid 3988862108;
restore spfile from


转自:http://blog.csdn.net/newhappy2008/article/details/6546550

疯狂 2011-08-27 17:09 发表评论

          HDD External USB Seagate Free Agent Go [Alnect Komputer]        

Ingin mem-backup data? Atau, teman minta data? Tapi memori data terlalu besar? Jangan cemas, semua dapat diatasi. Berkelilinglah di Alnect Komputer Shop dengan alamat Jln. Raya Janti, Kruwing No.1 Yogyakarta.atau kunjungi Alnect Webstore. Anda akan menemukan produk bernama HDD External USB Seagate Free Agent Go.





Produk ini sangat cocok bagi Anda yang membutuhkan media penyimpan data yang simple, mudah untuk dibawa, berkapasitas besar, dan tentunya berkualitas. Mendengar nama Seagate saja pasti Anda sudah mengenalnya, produk dengan kualitas tinggi dan dapat diandalkan. HDD portable keluaran Seagate ini, memiliki tampilan yang, tepi yang halus, tubuh yang ramping, disertai lampu indikator yang manis. Seagate Free Agent Go cocok bagi para pengguna yang mementingkan tampilan dalam masalah media penyimpanan.

Dengan write speed 24.3 MB/second, read speed 20.9 MB/second, dan bus transfer rate USB 2.0 Up Speed 480 Mb/sec, Anda pasti akan menyukai performanya. HDD external ini menggunakan High Speed USB 2.0 untuk koneksi. Dengan dimensi 130 x 80 x 12.7 mm dan berat 168 gram pastinya akan membuat nyaman dibawa ke mana saja Anda butuhkan. Nilai tambah lain untuk HDD portable ini antara lain dengan HD Tune software, Encryption and Backup/Sync files, dan Reduce Noise.


Untuk penggunaan sehari-hari, menyaksikan video ataupun mendengarkan lagu, hardisk ini masih tergolong sangat nyaman digunakan.


Alnect menyediakan 3 jenis HDD External USB Seagate Free Agent Go untuk Anda.

HDD External USB Seagate Free Agent Go 250GB dengan harga Rp 650.000,00;

HDD External USB Seagate Free Agent Go 320GB dengan harga Rp 786.450,00; dan

HDD External USB Seagate Free Agent Go 500GB dengan harga Rp 1.225.000,00.

Sesuaikan dengan kebutuhan Anda lalu pesan sekarang juga!!!


Ikuti juga kontesnya. Dengan hanya mempunyai sebuah blog Anda berkesempatan memenangkan sebuah notebook dan hadiah menarik lainnya. Click tiket di bawah ini :

Alnect computer Blog Contest


          Lowongan Kerja IT Security Operation        
Graduate from reputable university S1 Majoring IT/Computer Science/EngineeringMinimum professional experience : 3 years in IT SecurityFamiliar with IT security system : Firewall IPS/IDS VPN Antivirus Web/Application Security Encryption SSL Mail/Web Content Filtering etcExperience on TCP/IP ...

          Google's wardriving days are over, says Canadian privacy commissioner        
When Google's Street View cars glide through your neighborhood next, you can leave the WPA2 encryption off -- Canada says that the company has "discontinued" the practice of snooping on unsecured WiFi networks with its mapping vehicles, and "has no plans to resume it." That's one of several findings in a report by Canada's privacy commissioner today, which also claims that the controversial data collection feature was the work of a single Google engineer, and that Google intends to use smartphones to pinpoint WiFi networks from now on. Naturally, the latter caused the commissioner concern that Android phones might capture the same data as the cars. Perhaps you'd best keep those shields up after all.
          WinRAR 5.50 beta 1 (x64)        
Version 5.50 beta 1

1. WinRAR and command line RAR use RAR 5.0 archive format by default.
You can change it to RAR 4.x compatible format with "RAR4" option
in archiving dialog or -ma4 command line switch.

If you prefer RAR 4.x format by default, use "Create default..."
button on "Compression" page of WinRAR settings and set "RAR4"
in the displayed dialog.

This change affects only new clean installs. If you already saved
RAR format in the default compression profile in previous versions,
WinRAR respects stored settings.

2. Use "Set master password" button in "Organize passwords" dialog
to encrypt saved password records and protect them from unauthorized
access.

If saved passwords are protected with master password, you need to
enter the master password and press "OK" in password prompt to access
them. If entered password does not match the master password,
it is treated as a usual password for archive operations.

Once entered, the master password is valid until WinRAR is closed.
Close WinRAR and open it again after specifying the master password
if you wish to see how protection works. Enter a valid and then
empty master password to remove encryption from previously protected
password records.

This WinRAR version uses a new data format for password organizer,
so passwords stored in "Organize passwords" dialog are not readable
by older versions. It does not affect archive encryption formats
and encrypted archives are compatible with previous WinRAR version.
Organizer data is converted to a new format only when you save it
and not immediately after installing WinRAR.

3. Prompt proposing to set the master password is displayed
when storing a password in compression profile. You can enter
the master password to encrypt password data stored in Registry
and protect it from unauthorized access. You will need to enter
the master password in password prompt dialog to access
such compression profile after that.

Once entered, the master password is valid until WinRAR is closed.
Close WinRAR and open it again after specifying the master password
if you wish to see how protection works.

4. By default, WinRAR uses AES-256 in CTR mode to encrypt ZIP archives.
While AES-256 is significantly more secure than ZIP 2.0 legacy
encryption algorithm, it can be incompatible with some older
unzip software. If compatibility with such tools is required,
you can enable "ZIP legacy encryption" option in the password
dialog or use -mezl switch in the command line mode.

5. Added extraction support for .LZ archives created by Lzip compressor.

6. Modern TAR tools can store high precision file times, lengthy
file names and large file sizes in special PAX extended headers
inside of TAR archive. Now WinRAR supports such PAX headers
and uses them when extracting TAR archives.

7. New "Store modification time" option on "Time" page of archiving
dialog can be used to prohibit storing the file modification time
in RAR 5.x archives. Former "High precision modification time"
option is replaced by "High precision time format".

8. New "Full paths in title bar" option in "Settings/General" dialog.
If enabled, the full path of currently opened folder or archive
is displayed in WinRAR title bar.

9. New "Settings/Archives" page provides "File types to open as
archives first" group of options. Here you can define how Enter
or double click on a file with non-archive extension and archive
contents should be processed in WinRAR file list. Examples
of such files are .docx or self-extracting .exe archives.
You can instruct WinRAR to open such files as archives,
to run them, to handle them similarly or differently inside
and outside of archives, to never run specified file types
even if they do not include any archived contents.

Default settings are to open self-extracting exe and to run
other types of archives with non-archive extension.

Regardless of these options, you can always open any such
archive file by pressing Ctrl+PgDn on its name in WinRAR file list.

10. New "Copy full names to clipboard" command in "File" menu
places full names of selected files to clipboard.

This command is also added to context menu displayed
when right clicking the file list in WinRAR. Several other commands,
which are also present on the toolbar or in main menu,
such as "View" and "Repair", are removed from this context menu.

11. LZ and ZIPX are added to list of associations in Settings/Integration
dialog.

12. LZ and ZIPX extensions are added to default list of formats for
-ms switch ("Specify file types to store") invoked without parameters.

13. You can specify 'f' charset value in -sc switch to use UTF-8
encoding. For example:

rar a -scfl arcname @filelist.txt

to read contents of filelist.txt as UTF-8 text.

14. RAR "lt" and "vt" commands display file times with nanosecond
precision. Such precision is used in RAR5 archives created
by RAR/Unix 5.50 and newer. Archives created by WinRAR have 100ns
file time precision.

15. Only '+', '-' and '1' precision modifiers are supported
in -ts switch now. Use '+' to store the file time with maximum
precision, '-' to omit the file time and '1' to store it with
1 second precision. Intermediate precision modes previously
defined with '2' and '3' modifiers are not available in RAR 5.0
archive format and ignored by -ts switch.

16. If a wrong password is entered when unpacking an encrypted file
in RAR5 archive, WinRAR proposes to enter a valid password
for same file again instead of aborting extraction.

17. File path information is displayed if mouse pointer is placed over
a name of archiving file in the operation progress window.

18. Name of currently active compression profile is displayed
in the archiving dialog above "Profiles..." button.

19. If "Find" command is invoked from inside of archive subfolder,
"File names to find" will include the path to this subfolder.
So "Find" will search only starting from this subfolder.

20. Bugs fixed:

a) WinRAR failed to unpack files in ZIP archives compressed
with XZ algorithm and encrypted with AES;

b) if "Windows progress bars" option in WinRAR settings was turned off
and "Put each file to separate archive" archiving mode was used,
"gold" part of total progress bar did not display the compressed
data ratio correctly;

c) SFX archive extraction progress was incorrect in case of
multivolume SFX archive with total volume size exceeding 4 GB;

d) if archived folder name included trailing spaces, if user
selected and extracted some folders in non-root archive folder
and if "Allow potentially incompatible names" extraction option
was turned off, WinRAR could lose one or more leading characters
in extracted folder name;

e) if only creation or only last access file time was stored in RAR5
archive with 1 second precision, such as with -ma5 -tsm- -tsa1
switches, this stored time was ignored when extracting.

Download


          WinRAR 5.50 beta 1 (x86)        
Version 5.50 beta 1

1. WinRAR and command line RAR use RAR 5.0 archive format by default.
You can change it to RAR 4.x compatible format with "RAR4" option
in archiving dialog or -ma4 command line switch.

If you prefer RAR 4.x format by default, use "Create default..."
button on "Compression" page of WinRAR settings and set "RAR4"
in the displayed dialog.

This change affects only new clean installs. If you already saved
RAR format in the default compression profile in previous versions,
WinRAR respects stored settings.

2. Use "Set master password" button in "Organize passwords" dialog
to encrypt saved password records and protect them from unauthorized
access.

If saved passwords are protected with master password, you need to
enter the master password and press "OK" in password prompt to access
them. If entered password does not match the master password,
it is treated as a usual password for archive operations.

Once entered, the master password is valid until WinRAR is closed.
Close WinRAR and open it again after specifying the master password
if you wish to see how protection works. Enter a valid and then
empty master password to remove encryption from previously protected
password records.

This WinRAR version uses a new data format for password organizer,
so passwords stored in "Organize passwords" dialog are not readable
by older versions. It does not affect archive encryption formats
and encrypted archives are compatible with previous WinRAR version.
Organizer data is converted to a new format only when you save it
and not immediately after installing WinRAR.

3. Prompt proposing to set the master password is displayed
when storing a password in compression profile. You can enter
the master password to encrypt password data stored in Registry
and protect it from unauthorized access. You will need to enter
the master password in password prompt dialog to access
such compression profile after that.

Once entered, the master password is valid until WinRAR is closed.
Close WinRAR and open it again after specifying the master password
if you wish to see how protection works.

4. By default, WinRAR uses AES-256 in CTR mode to encrypt ZIP archives.
While AES-256 is significantly more secure than ZIP 2.0 legacy
encryption algorithm, it can be incompatible with some older
unzip software. If compatibility with such tools is required,
you can enable "ZIP legacy encryption" option in the password
dialog or use -mezl switch in the command line mode.

5. Added extraction support for .LZ archives created by Lzip compressor.

6. Modern TAR tools can store high precision file times, lengthy
file names and large file sizes in special PAX extended headers
inside of TAR archive. Now WinRAR supports such PAX headers
and uses them when extracting TAR archives.

7. New "Store modification time" option on "Time" page of archiving
dialog can be used to prohibit storing the file modification time
in RAR 5.x archives. Former "High precision modification time"
option is replaced by "High precision time format".

8. New "Full paths in title bar" option in "Settings/General" dialog.
If enabled, the full path of currently opened folder or archive
is displayed in WinRAR title bar.

9. New "Settings/Archives" page provides "File types to open as
archives first" group of options. Here you can define how Enter
or double click on a file with non-archive extension and archive
contents should be processed in WinRAR file list. Examples
of such files are .docx or self-extracting .exe archives.
You can instruct WinRAR to open such files as archives,
to run them, to handle them similarly or differently inside
and outside of archives, to never run specified file types
even if they do not include any archived contents.

Default settings are to open self-extracting exe and to run
other types of archives with non-archive extension.

Regardless of these options, you can always open any such
archive file by pressing Ctrl+PgDn on its name in WinRAR file list.

10. New "Copy full names to clipboard" command in "File" menu
places full names of selected files to clipboard.

This command is also added to context menu displayed
when right clicking the file list in WinRAR. Several other commands,
which are also present on the toolbar or in main menu,
such as "View" and "Repair", are removed from this context menu.

11. LZ and ZIPX are added to list of associations in Settings/Integration
dialog.

12. LZ and ZIPX extensions are added to default list of formats for
-ms switch ("Specify file types to store") invoked without parameters.

13. You can specify 'f' charset value in -sc switch to use UTF-8
encoding. For example:

rar a -scfl arcname @filelist.txt

to read contents of filelist.txt as UTF-8 text.

14. RAR "lt" and "vt" commands display file times with nanosecond
precision. Such precision is used in RAR5 archives created
by RAR/Unix 5.50 and newer. Archives created by WinRAR have 100ns
file time precision.

15. Only '+', '-' and '1' precision modifiers are supported
in -ts switch now. Use '+' to store the file time with maximum
precision, '-' to omit the file time and '1' to store it with
1 second precision. Intermediate precision modes previously
defined with '2' and '3' modifiers are not available in RAR 5.0
archive format and ignored by -ts switch.

16. If a wrong password is entered when unpacking an encrypted file
in RAR5 archive, WinRAR proposes to enter a valid password
for same file again instead of aborting extraction.

17. File path information is displayed if mouse pointer is placed over
a name of archiving file in the operation progress window.

18. Name of currently active compression profile is displayed
in the archiving dialog above "Profiles..." button.

19. If "Find" command is invoked from inside of archive subfolder,
"File names to find" will include the path to this subfolder.
So "Find" will search only starting from this subfolder.

20. Bugs fixed:

a) WinRAR failed to unpack files in ZIP archives compressed
with XZ algorithm and encrypted with AES;

b) if "Windows progress bars" option in WinRAR settings was turned off
and "Put each file to separate archive" archiving mode was used,
"gold" part of total progress bar did not display the compressed
data ratio correctly;

c) SFX archive extraction progress was incorrect in case of
multivolume SFX archive with total volume size exceeding 4 GB;

d) if archived folder name included trailing spaces, if user
selected and extracted some folders in non-root archive folder
and if "Allow potentially incompatible names" extraction option
was turned off, WinRAR could lose one or more leading characters
in extracted folder name;

e) if only creation or only last access file time was stored in RAR5
archive with 1 second precision, such as with -ma5 -tsm- -tsa1
switches, this stored time was ignored when extracting.

Download


          Learn How To Invest in Cryptocurrency for only $15!        
You’ve probably heard of the most popular cryptocurrency, Bitcoin, but there are a ton of new cryptocurrencies emerging every year, presenting an intriguing opportunity for the savvy investor. Cryptocurrencies are decentralized digital currencies which use encryption techniques to regulate and verify the transfer of funds, and they're growing in popularity globally. You've probably heard of the most popular cryptocurrency, Bitcoin, but there are a ton of new cryptocurrencies emerging every year, presenting intriguing opportunities for the savvy investor. Save 91% off the Beginner's Guide to Cryptocurrency Investing! Learn more Don't know where to start? CrackBerry Digital Offers is here to help with the Beginner's Guide to Cryptocurrency Investing. This course features 27 lectures and hours of content that is available to you 24/7, giving you everything you need to know to get into cryptocurrency investing. You'll learn a system for investing in altcoins and learn how to t...
          User edited Resources        
http://www.anonymizer.com/ Anonymizer
http://www.anonymouse.org Anonymouse
http://www.http-tunnel.com/html/ HTTP Tunnel
http://www.peacefire.org/circumventor/simple-circumventor-instructions.html Peacefire's Circumventor
!!Proxies
http://www.privoxy.org/ Privoxy
http://www.publicproxyservers.com/index.html Public Proxy Servers
http://tools.rosinstrument.com/proxy/ Rosinstrument
http://www.samair.ru/proxy/ Samair
http://serifos.eecs.harvard.edu/cgi-bin/blossom.pl?proxy=1/ Blossom (perspective access network tool)
http://www.gnupg.org/ Gnu PG (encryption)
http://invisiblog.com/ Invisiblog (anonymous web publishing)
http://www.opennetinitiative.net/ Open Net Initiative (filtering information)
http://www.privacy-ecosystem.com/ Privacy Ecosystem (IP lookup)
http://tor.eff.org/ TOR (onion routing)
http://portal.unesco.org/ci/en/ev.php-URL_ID=21010&URL_DO=DO_TOPIC&URL_SECTION=201.html Unesco's The Net for Journalists (guide to blogging-as-journalism in the developing world)
http://theory.kaos.to/projects.html/ Anonym.OS (anonymizing tools CD)
          UK General Election: A choice between uninspiring statism and barely concealed evil        
There is nothing to inspire me to vote Conservative in the UK General Election.  Theresa May is an unreconstructed statist big-government conservative.  She is instinctively authoritarian.  She advocated for the security and police wet-dream on surveillance as Home Secretary, so that UK ISPs and telcos now keep a record of every single website visited in the UK over the past 12 months - because somehow what you read should be able to be accessed by the state when it sees fit.  She is pushing further, driven by concern over terrorism, but wanting to sanitise the internet to make it "safe" - the state working with parents, parenting us all.

Yet, it was all known that she takes a "trust me with your private information" approach to surveillance, rather than focus on the real issue, which is Islamism.  She explicitly says that we should remember "the good that government can do" and then outlines plenty of areas the government intervenes extensively in, such as energy, but instead of blaming virtue signalling policies like the Climate Change Act (which has seen the UK Government guaranteeing to a French led consortium that it will ensure it gets paid a price for electricity generated at its forthcoming nuclear power plant double what is the current market price for electricity).  She thinks libertarians are atomistic and people who seek to take advantage of others and thinks she is as distant from that as she is from Jeremy Corbyn.

That may well be true.  She said this:

We do not believe in untrammelled free markets. We reject the cult of selfish individualism. We abhor social division, injustice, unfairness and inequality. We believe not just in society but in the good that government can do. Paying your fair share of tax is the price of living in a civilised society.

Tom Harris in the Daily Mail said she was a real socialist offering left wing policies.

I couldn't vote for her if she was my Conservative candidate, like I couldn't vote for Amber Rudd (who thinks a solution to terrorism is to "make" WhatsApp end encryption, yet stands on a platform with a known Islamist because the UK Government is too ignorant to call them out.  Fortunately I have a tolerable choice and it is a safe Conservative seat.  The Conservatives have pledged not to increase VAT, unlike the previous election when there was a pledge to not increase income tax and National Insurance (another form of income tax), because the Chancellor of the Exchequer wants "more freedom" but pledges the Conservatives are still the "low tax party".

It's nonsense.  The Conservative manifesto could almost be one from any of the Labour leaders since 1997, except the current one.  It's a cynical move to move to the centre-left to try to hoover up votes from the middle and to destroy the Labour Party, but there is one problem.  It has backfired due to ineptness, a lack of enthusiasm from the rank and file of many Conservatives and the simple fact that May does not ooze authenticity.  That doesn't mean Labour will win, thankfully, because it isn't just led by an inept naive idiot, but a nasty hater of capitalism, individual freedom and even Western liberal democracy.

I disagree with most of what the Labour Party advocates, and accept that it holds a fundamentally different view as to the role of the state from me, but Jeremy Corbyn and his closes allies are not like that.  Jeremy Corbyn has never, repeat never held any office of significance in Parliament under any Labour Government.  He was never an under-secretary, nor Chair of a select committee, although he has been on select committees.  He was never trusted with power by his colleagues, he was no Michael Foot

Corbyn invited senior members of the IRA to Parliament three weeks after the Grand Hotel bombing in Brighton which targeted the Conservative Party conference, both killing and maiming people.  His history in supporting the IRA and campaigning for those who had killed for the IRA, is brushed aside as saying he wanted to talk to "all sides", but no one can recall him ever meeting Unionists. Corbyn opposed the Anglo-Irish Agreement (which set out between the UK and Ireland how devolved government would work in Northern Ireland) and his right hand man John McDonnell opposed the Good Friday Agreement in 1998 (which ended the terror campaigns from both sides).  

Corbyn opposed the UK ejecting the fascist military dictatorship of Argentina from its invasion of the Falkland Islands.  He has called Hamas and Hezbollah "his friends" (although has apologised for his use of words), but spoke on a platform with Islamists who were calling for war with Israel.

His Shadow Chancellor John McDonnell called Lenin and Trotsky his greatest influences and stands on a platform alongside Stalinists.  Indeed Andrew Murray, a Stalinist open supporter of north Korea (which he calls "People's Korea"), is now helping Corbyn with his campaign.  The same man who after the Paris terrorist attacks said:

“The barbarism we condemn in Paris is minute compared to the barbarism wrought by imperialism across the planet in the last 13 years and we must condemn that… It is a sad lesson we have to re-learn from the attacks in Paris, it needs bringing home again and again.”

Of course Corbyn blames the US for "escalating tensions" with north Korea, not the totalitarian police state that has developed nuclear weapons and keeps testing missiles whilst uttering bombastic rhetoric about attacking the United States.  You see Corbyn was Chair of the ironically named Stop the War Coalition.  An organisation that has never once campaigned for any anti-Western regimes or militant groups to stop waging war.  It never took on Russia, Hamas, the Assad regime, Al Qaeda, ISIS, north Korea et al.  Stop the War is only too much in favour of war, as long as it is waged against any Western liberal democracy including Israel.

Corbyn claimed that 9/11 was "manipulated" into blaming Al Qaeda.  He has been paid by Iran's international propaganda TV channel, Press TV, to appear, but not, of course, to criticise human rights in Iran, but to criticise the West.  

Corbyn has admitted that he would never use nuclear weapons, effectively making the UK's nuclear deterrent worthless.  He has long campaigned for unilateral Western nuclear disarmament, including during the Cold War.  Was he a pacifist who just believed the USSR would follow, or was he not too fussed if the Red Army had rolled its way across Europe to "liberate" it from capitalism and "US imperialism"?  In any case the British Communist Party wont be fielding candidates in this election, but is uncharacteristically supporting Labour.

Corbyn is a strong supporter of the Chavez/Maduro authoritarian socialist disaster in Venezuela, but you can't be surprised at that.  After all, he says Castro was a champion of social justice, what with all those opponents he got murdered.  Corbyn also seems to attract anti-semites, not just Ken Livingstone's obsession that the Nazis were in cahoots with Zionists and Jews, but supporters.

These people appear again and again.  However he does join in on Quds Day rallies organised by the Islamic Republic of Iran (yes that bastion of peace, diversity and human rights) to criticise Israel and call for it to be pushed into the sea.

Corbyn is a sympathiser of Russia's position on Ukraine and Georgia, presumably because it is the opposite of the US and European position.  He blamed the Russian insurgency in Ukraine on "NATO belligerence".  After all, how dare Ukraine dump mother Russia led by such a nice liberal democratic regime to embrace the evil West right?

Shadow Home Secretary Diane Abbott said on balance Chairman Mao did more good than harm, which will be news to the tens of millions murdered or starved by his policies, with the bizarre justification is that he left China on the verge of a great economic boom (even though China's economic success has been because the Chinese Communist Party abandoned socialist economics).

So as awful as Theresa May is, and corporatist and centre-left as they may be, it is not a party led by IRA sympathisers, appeasers of Islamism and sympathisers of Stalin. 

The moral turpitude of these entities is utterly beyond contempt.  Corbyn refused to condemn the killing of Osama Bin Laden (much better to put him on trial, give him the benefit of the doubt), he has linked terrorism to British foreign policy (but doesn't explain, of course, why neutral Sweden and non-interventionist France get attacked).  

He and his ilk have spent decades on the backbenches campaigning for "understanding" for just about every group that sought to wage war with the UK, whether the IRA, fascist Argentina or Islamists.   He has campaigned for the UK to be disarmed, to withdraw from NATO and to distance itself from the US.  He allies himself with political leaders that torture and murder people, and who use violence.

Of course many Labour MPs know and hope he loses, just that they don't lose their seats.  It is because of them that Labour remains committed to NATO and the nuclear deterrent, both positions Corbyn opposes.

He isn't a nice guy, despite his softly spoken manner.  

He is an advocate of political violence who has appeased and turned a blind eye to brutal murderers, because he shares their political ambitions.  He supported the IRA because he believed in a united Ireland by all means necessary, and to hell with the opinions and concerns of Unionists (whose views he never courted and sought, presumably for a Marxist they were the hated bourgeoisie).  He supported the Galtieri military dictatorship, the same one that imprisoned and tortured socialists in Argentina, because it dared take on the bigger evil - Thatcher's government (hence why he didn't care less than the IRA tried to murder her and did kill several Conservatives) over the Falklands.  He is warm towards Hamas and Iran because he supports the Palestinians and supports just about any regime that dares take on the hated United States and its ally Israel.   I understand concern for the plight of the Palestinians (although keeping Hamas in power is shooting yourself in the foot), but to treat Iran as a partner is morally bankrupt.

He is without doubt the worst candidate for Prime Minister put up by any major UK political party in modern times.  Those who stand with him should be ashamed of him, and the ONLY reason to vote Conservative is to send the strong message that Corbyn and his group of violence touters have no place in government.


 


          Cloud HSM: Our secure key management approach        

Customers concerned about key management often require a HSM (hardware security module). They want the same level of key protection in the cloud as they do on-premises. An HSM provides guaranteed access to encrypted data by authorized users by storing mission-critical master encryption keys in HSM and backing it up.


          Letter Sealing launches on LINE, bringing end-to-end encryption to the messaging app        
Letter Sealing launches on LINE, bringing end-to-end encryption to the messaging appLINE has released an update to its messaging app for both Android and iOS this week that includes a brand new feature dubbed Letter Sealing....
          Leftist media thrive on "the sky is falling" narratives.        

Widely Reported WhatsApp Vulnerability Not as Serious as Initially Thought

Posted on July 18, 2017 
Back in January, prominent British publication, The Guardian, printed a story in which they claimed the popular messaging app, WhatsApp, had a critical flaw. They claimed it had a “backdoor” that could allow a malicious third-party to defeat the app’s end-to-end encryption and thus read your messages at will. With millions of users depending on WhatsApp as a safe way to privately message others, including people in war-torn countries and under oppressive governments, the report caused much alarm. At the same time, it also triggered a vocal outcry from the tech world as experts disputed the claims made in the Guardian’s article.
Now, months later, the author of the Guardian piece has stated he now accepts the expert consensus that the conclusions in the report were erroneous. At the root of the issue seems to be a misunderstanding about security decisions made by WhatsApp. In reality, there is no “backdoor” to reading user messages, and there never was. As a term that carries with it connotations of deliberate deception, it’s an inaccurate moniker.
So, what was the real story? To improve the user experience when migrating between devices or SIM cards, messages in-transit when devices are changed may be re-encrypted with a new key and delivered to a user when they return. In some very limited scenarios, this could potentially offer a way for someone to read a message — but it would require intensive effort, time, and resources and still present an enormous technical challenge. 
With encryption on the rise, it’s important to continually examine the strength and reliability of the solutions we use. However, it’s just as crucial to avoid jumping to conclusions without all the facts in hand. While the Guardian did not retract its story, choosing instead to attach an editorial note to the article, correcting the record is a good step. Staying informed is an essential part of staying secure. WhatsApp users should know that their messages remain safe from prying eyes.


          ADFS Self Signed Certificates and Microsoft Dynamics CRM.        
ADFS Self-Signed Certificates are used for internal encryption and are separate from your SSL certificates.   You can sometimes experience a situation where these internal certificates auto-rollover.  when this happens it will bring CRM down.

Below is a blog that has a fix for this that seems to work if you follow all the steps to a T:

http://blogs.msdn.com/b/arpita/archive/2012/07/17/microsoft-dynamics-crm-2011-log-in-issue-due-to-ad-fs-certificate-rollover.aspx 

Additionally there is a way to push the date out using Powershell to make the renewal duration more like 5 years instead of every 365 days.

- Happy Tuesday!
          Reset Amadmin Password (2)        
In my previous post (09/11) on this topic, I asked to have jss4.jar in the classpath and have corresponding library files in the environment. Actually it is not required. Otherwise, one will have a hard time to find and install them on a windows box. All you need to do is to set the value of property com.iplanet.security.encryptor to be "com.iplanet.services.util.JCEEncryption". The default is "com.iplanet.services.util.JSSEncryption" if you don't specify, which requires JSS.So the command to generate new password could be looked like/usr/bin/java -Dcom.iplanet.security.encryptor=com.iplanet.services.util.JCEEncryption -Dam.encryption.pwd=sZ6rTm4Dp1xp6MuXpwyQ3h0RsdcMK5eQ -cp .:/opt/sun/identity/lib/am_sdk.jar:/opt/sun/identity/lib/am_services.jar PasswordHashEncryption password
          PowerArchiver 2017 17.00.91        

PowerArchiver is a professional 64-bit (and 32-bit) compression utility, with support for over 60 formats and exclusive Advanced Codec Pack - .PA format with strongest/fastest compression.

New .PA format has two modes - Optimized Strong and Optimized Fast. It offers best compression on the market due to specialized compressors for pdf/docx/jpeg/exe/text/image/sound formats. Overall .pa format is strongest/fastest format on the market today! Over 15 various codecs and filters work together to lower the size of your files. Exclusive PDF/DOCX/ZIP re-compression - up to 85% lower size. Special data de-duplication filter will significantly compress similar files.

PA is really simple to use, it automatically selects best mode for each file. Machine learning is used to optimize codecs for best speed/compression ratio.

Superior multicore, unlimited size ZIP and ZIPX format support compared to other archivers. Fully compatible with WinZip and SecureZip.

Support for PA, ZIP, RAR, ZIPX, 7-ZIP, CAB, PGP, TAR, XZ, GZIP, BZIP2, ISO (ISO9660 and UDF), ZPAQ, WIM, BH, LHA (LZH), XXE, UUE, yENC, MIME (Base 64), ARJ, ARC, ACE, MSI, NSIS, CHM, over 60 total.

PowerArchiver 256bit AES encryption is FIPS 140-2 validated for government use. Supports Volume Shadow Copy (VSS) and UAC elevation, so you can zip any file on your computer, even in use databases or Outlook PST files. Password Policies allow setup of a minimum password policy/rule, to force users to enter passwords w/proper length and mix of characters. File Wiping wipes your temporary files by using DoD 5220.22-M suggested methods for clearing & sanitizing information on writable media.

PowerArchiver has advanced GUI with beautiful skins, ability to chose many options. It fully supports 4K displays and large DPI. Touchscreen support!

Other features include Encryption with OpenPGP, Backup, Burner, Secure FTP, Convert, Repair, Batch Extract, Batch ZIP, SFX Tool, Compression Profiles, Preview, & much more.


          PowerArchiver 2017 (Portable) 17.00.91        

PowerArchiver is a professional 64-bit (and 32-bit) compression utility, with support for over 60 formats and exclusive Advanced Codec Pack - .PA format with strongest/fastest compression.

New .PA format has two modes - Optimized Strong and Optimized Fast. It offers best compression on the market due to specialized compressors for pdf/docx/jpeg/exe/text/image/sound formats. Overall .pa format is strongest/fastest format on the market today! Over 15 various codecs and filters work together to lower the size of your files. Exclusive PDF/DOCX/ZIP re-compression - up to 85% lower size. Special data de-duplication filter will significantly compress similar files.

PA is really simple to use, it automatically selects best mode for each file. Machine learning is used to optimize codecs for best speed/compression ratio.

Superior multicore, unlimited size ZIP and ZIPX format support compared to other archivers. Fully compatible with WinZip and SecureZip.

Support for PA, ZIP, RAR, ZIPX, 7-ZIP, CAB, PGP, TAR, XZ, GZIP, BZIP2, ISO (ISO9660 and UDF), ZPAQ, WIM, BH, LHA (LZH), XXE, UUE, yENC, MIME (Base 64), ARJ, ARC, ACE, MSI, NSIS, CHM, over 60 total.

PowerArchiver 256bit AES encryption is FIPS 140-2 validated for government use. Supports Volume Shadow Copy (VSS) and UAC elevation, so you can zip any file on your computer, even in use databases or Outlook PST files. Password Policies allow setup of a minimum password policy/rule, to force users to enter passwords w/proper length and mix of characters. File Wiping wipes your temporary files by using DoD 5220.22-M suggested methods for clearing & sanitizing information on writable media.

PowerArchiver has advanced GUI with beautiful skins, ability to chose many options. It fully supports 4K displays and large DPI. Touchscreen support!

Other features include Encryption with OpenPGP, Backup, Burner, Secure FTP, Convert, Repair, Batch Extract, Batch ZIP, SFX Tool, Compression Profiles, Preview, & much more.


          File Encryption XP 1.7.303        

File Encryption eXtra Protection (XP) is password protection software for Windows. Files are encrypted with hack-proof Blowfish algorithm. This tool works with USB drives, flash memory cards, HDDs, ZIP drives, and works with any Windows PC. When encrypting files, the passwords are not "inserted" inside the encrypted files, so if you lose you data carrier, no one will be able to launch, view or alter files protected with File Encryption XP.


          Easily deliver H.264 HD video distribution with the new ZyPerHD        

November 2, 2016

ZeeVee Expands ZyPer Product Suite to easily deliver H.264 HD video distribution with the new ZyPerHD

Boston, November 2, 2016, ZeeVee, Inc. a global manufacturer of video and signal distribution technology, announced today the expansion of its award winning ZyPer Product Suite with the launch of ZyPerHD.


The ZyPerHD allows for the easy distribution and switching of high definition H.264 video, audio, and other data signals using ZyPerHD encoder and decoder modules and off-the-shelf Gigabit Ethernet switches.


Using industry standard H.264 (MPEG4) encoding technology, the ZyPerHD compliments ZeeVee’s other video IP distribution solutions and provides an affordable, easy to set up and easy to maintain IP video encoding solution enabling customers to deliver video content over their Ethernet networks.


“Like our other ZyPer products, the ZyPerHD eliminates the need to have a separate AV network or additional equipment for video and other AV content,” stated Chris Scurto, Vice President Sales and Marketing for ZeeVee. “We believe in simplifying video distribution and leveraging industry standard technology. Our ZyPerMX, ZyPer4K and now the ZyPerHD all leverage off-the-shelf Ethernet switches making it a far more versatile and cost effective installation choice,” Scurto continued.


All ZyPer products are easily set up, controlled and monitored using the ZyPer Management Platform, running ZeeVee’s MaestroZ software. For further flexibility, set up and control can also be done through 3rd party control systems using ZeeVee’s Open API for custom integration.


ZyPerHD offers: • Stunning pixel for pixel reproduction of compressed 720p and 1080p HD resolution content • Ability to change sources and content instantly without programming • Very low latency design making it perfect for demanding environments like executive boardrooms • Fully support HDMI 1.4 with HDCP encryption • 4x4 video wall support • Point-to-point configuration to transmit 1080p video up to 100 meters away • Power over Ethernet support (PoE) • Source and display control (RS232) 


ZeeVee continues to deliver innovative, cost effective, and easy to install video and signal distribution platforms. Staying true to their product development best practices and overall mission, ZeeVee products are engineered specifically to reduce the cost and lengthy process of designing, installing and expanding an HD to 4K AV over RF or IP distribution systems.


About ZeeVee
Zv is a global manufacturer of video and signal distribution technology for the ProAV and IT marketplace. As the only manufacturer today that can deliver multimedia content over coax, fiber, and CATx, Zv has transformed the digital video industry with its award-winning, HD to Ultra-HD/4K solutions. The company offers a variety of innovative, cost effective and easy to install distribution platforms. Zv is installed in thousands of facilities worldwide where there is a need to transport HD/UHD content from multiple sources to multiple displays over long distances.

For additional information please visit www.zeevee.com



          250GB 850 Evo SSD        
250GB 850 Evo SSD

250GB 850 Evo SSD

What is 3D V-NAND and how does it differ from existing technology? Samsung’s unique and innovative 3D V-NAND flash memory architecture is a breakthrough in overcoming the density limitations, performance and endurance of today’s conventional planar V-NAND architecture. 3D V-NAND is fabricated by stacking 32 cell layers vertically over one another rather than decreasing the cells dimensions and trying to fit itself onto a fixed horizontal space resulting in higher density and better performance utilising a smaller footprint. Optimise daily computing with TurboWrite technology for unrivalled read / write speeds Achieve the ultimate read / write performance to maximise your everyday computing experience with Samsung’s TurboWrite technology. You not only obtain more than a 10% better user experience than 840 EVO* but up to 1.9x faster random write speeds for 120 / 250 GB models** as well. The 850 EVO delivers the top of its class performance in sequential read (540 MB/s) and write (520 MB/s) speeds. Plus, you also gain optimised random performance in all QD for client PC usage scenario. *PCmark7 (250 GB ) : 6700(840 EVO) > 7600 (850 EVO) **Random Write (QD32, 120 GB) : 36000 IOPS (840 EVO) > 88000 IOPS (850 EVO) Get into the fast lane with the improved RAPID mode Samsung’s Magician software which provides Rapid Mode for 2x faster processing data speeds* on a system level by utilising unused PC memory (DRAM) as cache storage. The newest Magician increased the maximum memory usage in Rapid mode from 1 GB, in the previous 840 EVO version, to up to 4 GB with the 850 EVO when implementing 16 GB of DRAM. You also get a 2x performance* boost in all random Queue depth. *PCMARK7 RAW (250 GB) : 7500 > 15000 (Rapid mode) Guaranteed endurance and reliability bolstered by 3D V-NAND technology The 850 EVO delivers guaranteed endurance and reliability by doubling the TBW* compared to the previous generation 840 EVO** backed by an industry leading 5 year warranty. The 850 EVO through minimised performance degradation allows sustained performance improvements of up to 30% over the 840 EVO proving to be one of the most dependable storage devices***. *TBW : Total Bytes Written **TBW : 43 (840 EVO) > 75 (850 EVO 120 / 250 GB), 150 (850 EVO 500 / 1 TB) ***Sustained Performance (250 GB) : 3300 IOPS(840 EVO) > 6500 IOPS(850 EVO), Performance measured after 12 hours “Random Write” test Compute longer with improved energy efficiency backed by 3D V-NAND The 850 EVO delivers significantly longer battery life on your notebook with a controller optimised for 3D V-NAND now enabling Device Sleep at a highly efficient 2mW. The 850 EVO is now 25% more power efficient to the 840 EVO during write operations* thanks to 3D V-NAND only consuming half the energy than that of Planar 2D V-NAND. *Power (250 GB) : 3.2 Watt (840 EVO) > 2.4 Watt (850 EVO) Secure valuable data through advanced AES 256 encryption The 850 EVO comes fortified with the latest hardware-based full disk encryption engine. The AES 256 encryption-bit security technology secures data without any performance degradation and complies with TCG Opal 2.0. It is also compatible with Microsoft e-drive IEEE1667 so your data is protected at all times for your peace of mind. Protect against overheating with a highly responsive Dynamic Thermal Guard The 850 EVO’s Dynamic Thermal Guard constantly monitors and maintains ideal temperatures for the drive to operate in optimal conditions for the integrity of your data. When temperatures rise above an optimal threshold, the Thermal Guard automatically throttles temperatures down protecting your data while maintaining responsiveness to ensure your computer is always safe from overheating. Level up to the 850 EVO simply without any hassle In three simple steps the Samsung’s One-stop Install Navigator software easily allows you to migrate all the data and applications from the existing primary storage to the 850 EVO. The Samsung Magician software also allows you to optimise and manage your system best suited for your SSD.


          100 announcements (!) from Google Cloud Next '17        

San Francisco — What a week! Google Cloud Next ‘17 has come to the end, but really, it’s just the beginning. We welcomed 10,000+ attendees including customers, partners, developers, IT leaders, engineers, press, analysts, cloud enthusiasts (and skeptics). Together we engaged in 3 days of keynotes, 200+ sessions, and 4 invitation-only summits. Hard to believe this was our first show as all of Google Cloud with GCP, G Suite, Chrome, Maps and Education. Thank you to all who were here with us in San Francisco this week, and we hope to see you next year.

If you’re a fan of video highlights, we’ve got you covered. Check out our Day 1 keynote (in less than 4 minutes) and Day 2 keynote (in under 5!).

One of the common refrains from customers and partners throughout the conference was “Wow, you’ve been busy. I can’t believe how many announcements you’ve had at Next!” So we decided to count all the announcements from across Google Cloud and in fact we had 100 (!) announcements this week.

For the list lovers amongst you, we’ve compiled a handy-dandy run-down of our announcements from the past few days:

100-announcements-15

Google Cloud is excited to welcome two new acquisitions to the Google Cloud family this week, Kaggle and AppBridge.

1. Kaggle - Kaggle is one of the world's largest communities of data scientists and machine learning enthusiasts. Kaggle and Google Cloud will continue to support machine learning training and deployment services in addition to offering the community the ability to store and query large datasets.

2. AppBridge - Google Cloud acquired Vancouver-based AppBridge this week, which helps you migrate data from on-prem file servers into G Suite and Google Drive.

100-announcements-4

Google Cloud brings a suite of new security features to Google Cloud Platform and G Suite designed to help safeguard your company’s assets and prevent disruption to your business: 

3. Identity-Aware Proxy (IAP) for Google Cloud Platform (Beta) - Identity-Aware Proxy lets you provide access to applications based on risk, rather than using a VPN. It provides secure application access from anywhere, restricts access by user, identity and group, deploys with integrated phishing resistant Security Key and is easier to setup than end-user VPN.

4. Data Loss Prevention (DLP) for Google Cloud Platform (Beta) - Data Loss Prevention API lets you scan data for 40+ sensitive data types, and is used as part of DLP in Gmail and Drive. You can find and redact sensitive data stored in GCP, invigorate old applications with new sensitive data sensing “smarts” and use predefined detectors as well as customize your own.

5. Key Management Service (KMS) for Google Cloud Platform (GA) - Key Management Service allows you to generate, use, rotate, and destroy symmetric encryption keys for use in the cloud.

6. Security Key Enforcement (SKE) for Google Cloud Platform (GA) - Security Key Enforcement allows you to require security keys be used as the 2-Step verification factor for enhanced anti-phishing security whenever a GCP application is accessed.

7. Vault for Google Drive (GA) - Google Vault is the eDiscovery and archiving solution for G Suite. Vault enables admins to easily manage their G Suite data lifecycle and search, preview and export the G Suite data in their domain. Vault for Drive enables full support for Google Drive content, including Team Drive files.

8. Google-designed security chip, Titan - Google uses Titan to establish hardware root of trust, allowing us to securely identify and authenticate legitimate access at the hardware level. Titan includes a hardware random number generator, performs cryptographic operations in the isolated memory, and has a dedicated secure processor (on-chip).

100-announcements-7

New GCP data analytics products and services help organizations solve business problems with data, rather than spending time and resources building, integrating and managing the underlying infrastructure:

9. BigQuery Data Transfer Service (Private Beta) - BigQuery Data Transfer Service makes it easy for users to quickly get value from all their Google-managed advertising datasets. With just a few clicks, marketing analysts can schedule data imports from Google Adwords, DoubleClick Campaign Manager, DoubleClick for Publishers and YouTube Content and Channel Owner reports.

10. Cloud Dataprep (Private Beta) - Cloud Dataprep is a new managed data service, built in collaboration with Trifacta, that makes it faster and easier for BigQuery end-users to visually explore and prepare data for analysis without the need for dedicated data engineer resources.

11. New Commercial Datasets - Businesses often look for datasets (public or commercial) outside their organizational boundaries. Commercial datasets offered include financial market data from Xignite, residential real-estate valuations (historical and projected) from HouseCanary, predictions for when a house will go on sale from Remine, historical weather data from AccuWeather, and news archives from Dow Jones, all immediately ready for use in BigQuery (with more to come as new partners join the program).

12. Python for Google Cloud Dataflow in GA - Cloud Dataflow is a fully managed data processing service supporting both batch and stream execution of pipelines. Until recently, these benefits have been available solely to Java developers. Now there’s a Python SDK for Cloud Dataflow in GA.

13. Stackdriver Monitoring for Cloud Dataflow (Beta) - We’ve integrated Cloud Dataflow with Stackdriver Monitoring so that you can access and analyze Cloud Dataflow job metrics and create alerts for specific Dataflow job conditions.

14. Google Cloud Datalab in GA - This interactive data science workflow tool makes it easy to do iterative model and data analysis in a Jupyter notebook-based environment using standard SQL, Python and shell commands.

15. Cloud Dataproc updates - Our fully managed service for running Apache Spark, Flink and Hadoop pipelines has new support for restarting failed jobs (including automatic restart as needed) in beta, the ability to create single-node clusters for lightweight sandbox development, in beta, GPU support, and the cloud labels feature, for more flexibility managing your Dataproc resources, is now GA.

100-announcements-9

New GCP databases and database features round out a platform on which developers can build great applications across a spectrum of use cases:

16. Cloud SQL for Postgre SQL (Beta) - Cloud SQL for PostgreSQL implements the same design principles currently reflected in Cloud SQL for MySQL, namely, the ability to securely store and connect to your relational data via open standards.

17. Microsoft SQL Server Enterprise (GA) - Available on Google Compute Engine, plus support for Windows Server Failover Clustering (WSFC) and SQL Server AlwaysOn Availability (GA).

18. Cloud SQL for MySQL improvements - Increased performance for demanding workloads via 32-core instances with up to 208GB of RAM, and central management of resources via Identity and Access Management (IAM) controls.

19. Cloud Spanner - Launched a month ago, but still, it would be remiss not to mention it because, hello, it’s Cloud Spanner! The industry’s first horizontally scalable, globally consistent, relational database service.

20. SSD persistent-disk performance improvements - SSD persistent disks now have increased throughput and IOPS performance, which are particularly beneficial for database and analytics workloads. Read these docs for complete details about persistent-disk performance.

21. Federated query on Cloud Bigtable - We’ve extended BigQuery’s reach to query data inside Cloud Bigtable, the NoSQL database service for massive analytic or operational workloads that require low latency and high throughput (particularly common in Financial Services and IoT use cases).

100-announcements-11

New GCP Cloud Machine Learning services bolster our efforts to make machine learning accessible to organizations of all sizes and sophistication:

22.  Cloud Machine Learning Engine (GA) - Cloud ML Engine, now generally available, is for organizations that want to train and deploy their own models into production in the cloud.

23. Cloud Video Intelligence API (Private Beta) - A first of its kind, Cloud Video Intelligence API lets developers easily search and discover video content by providing information about entities (nouns such as “dog,” “flower”, or “human” or verbs such as “run,” “swim,” or “fly”) inside video content.

24. Cloud Vision API (GA) - Cloud Vision API reaches GA and offers new capabilities for enterprises and partners to classify a more diverse set of images. The API can now recognize millions of entities from Google’s Knowledge Graph and offers enhanced OCR capabilities that can extract text from scans of text-heavy documents such as legal contracts or research papers or books.

25. Machine learning Advanced Solution Lab (ASL) - ASL provides dedicated facilities for our customers to directly collaborate with Google’s machine-learning experts to apply ML to their most pressing challenges.

26. Cloud Jobs API - A powerful aid to job search and discovery, Cloud Jobs API now has new features such as Commute Search, which will return relevant jobs based on desired commute time and preferred mode of transportation.

27. Machine Learning Startup Competition - We announced a Machine Learning Startup Competition in collaboration with venture capital firms Data Collective and Emergence Capital, and with additional support from a16z, Greylock Partners, GV, Kleiner Perkins Caufield & Byers and Sequoia Capital.

100-announcements-10

New GCP pricing continues our intention to create customer-friendly pricing that’s as smart as our products; and support services that are geared towards meeting our customers where they are:

28. Compute Engine price cuts - Continuing our history of pricing leadership, we’ve cut Google Compute Engine prices by up to 8%.

29. Committed Use Discounts - With Committed Use Discounts, customers can receive a discount of up to 57% off our list price, in exchange for a one or three year purchase commitment paid monthly, with no upfront costs.

30. Free trial extended to 12 months - We’ve extended our free trial from 60 days to 12 months, allowing you to use your $300 credit across all GCP services and APIs, at your own pace and schedule. Plus, we’re introduced new Always Free products -- non-expiring usage limits that you can use to test and develop applications at no cost. Visit the Google Cloud Platform Free Tier page for details.

31. Engineering Support - Our new Engineering Support offering is a role-based subscription model that allows us to match engineer to engineer, to meet you where your business is, no matter what stage of development you’re in. It has 3 tiers:

  • Development engineering support - ideal for developers or QA engineers that can manage with a response within four to eight business hours, priced at $100/user per month.
  • Production engineering support provides a one-hour response time for critical issues at $250/user per month.
  • On-call engineering support pages a Google engineer and delivers a 15-minute response time 24x7 for critical issues at $1,500/user per month.

32. Cloud.google.com/community site - Google Cloud Platform Community is a new site to learn, connect and share with other people like you, who are interested in GCP. You can follow along with tutorials or submit one yourself, find meetups in your area, and learn about community resources for GCP support, open source projects and more.

100-announcements-8

New GCP developer platforms and tools reinforce our commitment to openness and choice and giving you what you need to move fast and focus on great code.

33. Google AppEngine Flex (GA) - We announced a major expansion of our popular App Engine platform to new developer communities that emphasizes openness, developer choice, and application portability.

34. Cloud Functions (Beta) - Google Cloud Functions has launched into public beta. It is a serverless environment for creating event-driven applications and microservices, letting you build and connect cloud services with code.

35. Firebase integration with GCP (GA) - Firebase Storage is now Google Cloud Storage for Firebase and adds support for multiple buckets, support for linking to existing buckets, and integrates with Google Cloud Functions.

36. Cloud Container Builder - Cloud Container Builder is a standalone tool that lets you build your Docker containers on GCP regardless of deployment environment. It’s a fast, reliable, and consistent way to package your software into containers as part of an automated workflow.

37. Community Tutorials (Beta)  - With community tutorials, anyone can now submit or request a technical how-to for Google Cloud Platform.

100-announcements-9

Secure, global and high-performance, we’ve built our cloud for the long haul. This week we announced a slew of new infrastructure updates. 

38. New data center region: California - This new GCP region delivers lower latency for customers on the West Coast of the U.S. and adjacent geographic areas. Like other Google Cloud regions, it will feature a minimum of three zones, benefit from Google’s global, private fibre network, and offer a complement of GCP services.

39. New data center region: Montreal - This new GCP region delivers lower latency for customers in Canada and adjacent geographic areas. Like other Google Cloud regions, it will feature a minimum of three zones, benefit from Google’s global, private fibre network, and offer a complement of GCP services.

40. New data center region: Netherlands - This new GCP region delivers lower latency for customers in Western Europe and adjacent geographic areas. Like other Google Cloud regions, it will feature a minimum of three zones, benefit from Google’s global, private fibre network, and offer a complement of GCP services.

41. Google Container Engine - Managed Nodes - Google Container Engine (GKE) has added Automated Monitoring and Repair of your GKE nodes, letting you focus on your applications while Google ensures your cluster is available and up-to-date.

42. 64 Core machines + more memory - We have doubled the number of vCPUs you can run in an instance from 32 to 64 and up to 416GB of memory per instance.

43. Internal Load balancing (GA) - Internal Load Balancing, now GA, lets you run and scale your services behind a private load balancing IP address which is accessible only to your internal instances, not the internet.

44. Cross-Project Networking (Beta) - Cross-Project Networking (XPN), now in beta, is a virtual network that provides a common network across several Google Cloud Platform projects, enabling simple multi-tenant deployments.

100-announcements-16

In the past year, we’ve launched 300+ features and updates for G Suite and this week we announced our next generation of collaboration and communication tools.

45. Team Drives (GA for G Suite Business, Education and Enterprise customers) - Team Drives help teams simply and securely manage permissions, ownership and file access for an organization within Google Drive.

46. Drive File Stream (EAP) - Drive File Stream is a way to quickly stream files directly from the cloud to your computer With Drive File Steam, company data can be accessed directly from your laptop, even if you don’t have much space on your hard drive.

47. Google Vault for Drive (GA for G Suite Business, Education and Enterprise customers) - Google Vault for Drive now gives admins the governance controls they need to manage and secure all of their files, including employee Drives and Team Drives. Google Vault for Drive also lets admins set retention policies that automatically keep what’s needed and delete what’s not.

48. Quick Access in Team Drives (GA) - powered by Google’s machine intelligence, Quick Access helps to surface the right information for employees at the right time within Google Drive. Quick Access now works with Team Drives on iOS and Android devices, and is coming soon to the web.

49. Hangouts Meet (GA to existing customers) - Hangouts Meet is a new video meeting experience built on the Hangouts that can run 30-person video conferences without accounts, plugins or downloads. For G Suite Enterprise customers, each call comes with a dedicated dial-in phone number so that team members on the road can join meetings without wifi or data issues.

50. Hangouts Chat (EAP) - Hangouts Chat is an intelligent communication app in Hangouts with dedicated, virtual rooms that connect cross-functional enterprise teams. Hangouts Chat integrates with G Suite apps like Drive and Docs, as well as photos, videos and other third-party enterprise apps.

51. @meet - @meet is an intelligent bot built on top of the Hangouts platform that uses natural language processing and machine learning to automatically schedule meetings for your team with Hangouts Meet and Google Calendar.

52. Gmail Add-ons for G Suite (Developer Preview) - Gmail Add-ons provide a way to surface the functionality of your app or service directly in Gmail. With Add-ons, developers only build their integration once, and it runs natively in Gmail on web, Android and iOS.

53. Edit Opportunities in Google Sheets - with Edit Opportunities in Google Sheets, sales reps can sync a Salesforce Opportunity List View to Sheets to bulk edit data and changes are synced automatically to Salesforce, no upload required.

54. Jamboard - Our whiteboard in the cloud goes GA in May! Jamboard merges the worlds of physical and digital creativity. It’s real time collaboration on a brilliant scale, whether your team is together in the conference room or spread all over the world.

100-announcements-17

Building on the momentum from a growing number of businesses using Chrome digital signage and kiosks, we added new management tools and APIs in addition to introducing support for Android Kiosk apps on supported Chrome devices. 

55. Android Kiosk Apps for Chrome - Android Kiosk for Chrome lets users manage and deploy Chrome digital signage and kiosks for both web and Android apps. And with Public Session Kiosks, IT admins can now add a number of Chrome packaged apps alongside hosted apps.

56. Chrome Kiosk Management Free trial - This free trial gives customers an easy way to test out Chrome for signage and kiosk deployments.

57. Chrome Device Management (CDM) APIs for Kiosks - These APIs offer programmatic access to various Kiosk policies. IT admins can schedule a device reboot through the new APIs and integrate that functionality directly in a third- party console.

58. Chrome Stability API - This new API allows Kiosk app developers to improve the reliability of the application and the system.

100-announcements-2

Attendees at Google Cloud Next ‘17 heard stories from many of our valued customers:

59. Colgate - Colgate-Palmolive partnered with Google Cloud and SAP to bring thousands of employees together through G Suite collaboration and productivity tools. The company deployed G Suite to 28,000 employees in less than six months.

60. Disney Consumer Products & Interactive (DCPI) - DCPI is on target to migrate out of its legacy infrastructure this year, and is leveraging machine learning to power next generation guest experiences.

61. eBay - eBay uses Google Cloud technologies including Google Container Engine, Machine Learning and AI for its ShopBot, a personal shopping bot on Facebook Messenger.

62. HSBC - HSBC is one of the world's largest financial and banking institutions and making a large investment in transforming its global IT. The company is working closely with Google to deploy Cloud DataFlow, BigQuery and other data services to power critical proof of concept projects.

63. LUSH - LUSH migrated its global e-commerce site from AWS to GCP in less than six weeks, significantly improving the reliability and stability of its site. LUSH benefits from GCP’s ability to scale as transaction volume surges, which is critical for a retail business. In addition, Google's commitment to renewable energy sources aligns with LUSH's ethical principles.

64. Oden Technologies - Oden was part of Google Cloud’s startup program, and switched its entire platform to GCP from AWS. GCP offers Oden the ability to reliably scale while keeping costs low, perform under heavy loads and consistently delivers sophisticated features including machine learning and data analytics.

65. Planet - Planet migrated to GCP in February, looking to accelerate their workloads and leverage Google Cloud for several key advantages: price stability and predictability, custom instances, first-class Kubernetes support, and Machine Learning technology. Planet also announced the beta release of their Explorer platform.

66. Schlumberger - Schlumberger is making a critical investment in the cloud, turning to GCP to enable high-performance computing, remote visualization and development velocity. GCP is helping Schlumberger deliver innovative products and services to its customers by using HPC to scale data processing, workflow and advanced algorithms.

67. The Home Depot - The Home Depot collaborated with GCP’s Customer Reliability Engineering team to migrate HomeDepot.com to the cloud in time for Black Friday and Cyber Monday. Moving to GCP has allowed the company to better manage huge traffic spikes at peak shopping times throughout the year.

68. Verizon - Verizon is deploying G Suite to more than 150,000 of its employees, allowing for collaboration and flexibility in the workplace while maintaining security and compliance standards. Verizon and Google Cloud have been working together for more than a year to bring simple and secure productivity solutions to Verizon’s workforce.

100-announcements-3

We brought together Google Cloud partners from our growing ecosystem across G Suite, GCP, Maps, Devices and Education. Our partnering philosophy is driven by a set of principles that emphasize openness, innovation, fairness, transparency and shared success in the cloud market. Here are some of our partners who were out in force at the show:

69. Accenture - Accenture announced that it has designed a mobility solution for Rentokil, a global pest control company, built in collaboration with Google as part of the partnership announced at Horizon in September.

70. Alooma - Alooma announced the integration of the Alooma service with Google Cloud SQL and BigQuery.

71. Authorized Training Partner Program - To help companies scale their training offerings more quickly, and to enable Google to add other training partners to the ecosystem, we are introducing a new track within our partner program to support their unique offerings and needs.

72. Check Point - Check Point® Software Technologies announced Check Point vSEC for Google Cloud Platform, delivering advanced security integrated with GCP as well as their joining of the Google Cloud Technology Partner Program.

73. CloudEndure - We’re collaborating with CloudEndure to offer a no cost, self-service migration tool for Google Cloud Platform (GCP) customers.

74. Coursera - Coursera announced that it is collaborating with Google Cloud Platform to provide an extensive range of Google Cloud training course. To celebrate this announcement  Coursera is offering all NEXT attendees a 100% discount for the GCP fundamentals class.

75. DocuSign - DocuSign announced deeper integrations with Google Docs.

76. Egnyte - Egnyte announced an enhanced integration with Google Docs that will allow our joint customers to create, edit, and store Google Docs, Sheets and Slides files right from within the Egnyte Connect.

77. Google Cloud Global Partner Awards - We recognized 12 Google Cloud partners that demonstrated strong customer success and solution innovation over the past year: Accenture, Pivotal, LumApps, Slack, Looker, Palo Alto Networks, Virtru, SoftBank, DoIT, Snowdrop Solutions, CDW Corporation, and SYNNEX Corporation.

78. iCharts - iCharts announced additional support for several GCP databases, free pivot tables for current Google BigQuery users, and a new product dubbed “iCharts for SaaS.”

79. Intel - In addition to the progress with Skylake, Intel and Google Cloud launched several technology initiatives and market education efforts covering IoT, Kubernetes and TensorFlow, including optimizations, a developer program and tool kits.

80. Intuit - Intuit announced Gmail Add-Ons, which are designed to integrate custom workflows into Gmail based on the context of a given email.

81. Liftigniter - Liftigniter is a member of Google Cloud’s startup program and focused on machine learning personalization using predictive analytics to improve CTR on web and in-app.

82. Looker - Looker launched a suite of Looker Blocks, compatible with Google BigQuery Data Transfer Service, designed to give marketers the tools to enhance analysis of their critical data.

83. Low interest loans for partners - To help Premier Partners grow their teams, Google announced that capital investment are available to qualified partners in the form of low interest loans.

84. MicroStrategy - MicroStrategy announced an integration with Google Cloud SQL for PostgreSQL and Google Cloud SQL for MySQL.

85. New incentives to accelerate partner growth - We are increasing our investments in multiple existing and new incentive programs; including, low interest loans to help Premier Partners grow their teams, increasing co-funding to accelerate deals, and expanding our rebate programs.

86. Orbitera Test Drives for GCP Partners - Test Drives allow customers to try partners’ software and generate high quality leads that can be passed directly to the partners’ sales teams. Google is offering Premier Cloud Partners one year of free Test Drives on Orbitera.

87. Partner specializations - Partners demonstrating strong customer success and technical proficiency in certain solution areas will now qualify to apply for a specialization. We’re launching specializations in application development, data analytics, machine learning and infrastructure.

88. Pivotal - GCP announced Pivotal as our first CRE technology partner. CRE technology partners will work hand-in-hand with Google to thoroughly review their solutions and implement changes to address identified risks to reliability.

89. ProsperWorks - ProsperWorks announced Gmail Add-Ons, which are designed to integrate custom workflows into Gmail based on the context of a given email.

90. Qwiklabs - This recent acquisition will provide Authorized Training Partners the ability to offer hands-on labs and comprehensive courses developed by Google experts to our customers.

91. Rackspace - Rackspace announced a strategic relationship with Google Cloud to become its first managed services support partner for GCP, with plans to collaborate on a new managed services offering for GCP customers set to launch later this year.

92. Rocket.Chat - Rocket.Chat, a member of Google Cloud’s startup program, is adding a number of new product integrations with GCP including Autotranslate via Translate API, integration with Vision API to screen for inappropriate content, integration to NLP API to perform sentiment analysis on public channels, integration with GSuite for authentication and a full move of back-end storage to Google Cloud Storage.

93. Salesforce - Salesforce announced Gmail Add-Ons, which are designed to integrate custom workflows into Gmail based on the context of a given email.

94. SAP - This strategic partnership includes certification of SAP HANA on GCP, new G Suite integrations and future collaboration on building machine learning features into intelligent applications like conversational apps that guide users through complex workflows and transactions.

95. Smyte - Smyte participated in the Google Cloud startup program and protects millions of actions a day on websites and mobile applications. Smyte recently moved from self-hosted Kubernetes to Google Container Engine (GKE).

96. Veritas - Veritas expanded its partnership with Google Cloud to provide joint customers with 360 Data Management capabilities. The partnership will help reduce data storage costs, increase compliance and eDiscovery readiness and accelerate the customer’s journey to Google Cloud Platform.

97. VMware Airwatch - Airwatch provides enterprise mobility management solutions for Android and continues to drive the Google Device ecosystem to enterprise customers.

98. Windows Partner Program- We’re working with top systems integrators in the Windows community to help GCP customers take full advantage of Windows and .NET apps and services on our platform.

99. Xplenty - Xplenty announced the addition of two new services from Google Cloud into their available integrations: Google Cloud Spanner and Google Cloud SQL for PostgreSQL.

100. Zoomdata - Zoomdata announced support for Google’s Cloud Spanner and PostgreSQL on GCP, as well as enhancements to the existing Zoomdata Smart Connector for Google BigQuery. With these new capabilities Zoomdata offers deeply integrated and optimized support for Google Cloud Platform’s Cloud Spanner, PostgreSQL, Google BigQuery, and Cloud DataProc services.

We’re thrilled to have so many new products and partners that can help all of our customers grow. And as our final announcement for Google Cloud Next ’17 — please save the date for Next 2018: June 4–6 in San Francisco.

I guess that makes it 101. :-)



          Encrypted app allows extremists to plot attacks without detection         
8/9/17
Encryption & terrorism
Enable IntenseDebate Comments: 
Enable IntenseDebate Comments

On 26 July 2016, ISIS terrorists Adel Kermiche and Abdel Malik Petitjean attacked a Catholic church in Normandy, France, taking nuns and worshipers hostage and slitting the throat of 85-year-old priest Jacques Hamel before being killed by police as they tried to escape.

read more


          Getting Started with Process Builder – Part 75 (Accessing Encrypted Data in Process Builder)        
Have heard about, and implemented, Shield Platform Encryption (SPE), Right? No? No worries – Trailhead is at your rescue! Trailhead has an amazing module  Get Started with Shield Platform Encryption. The module will teach you the ins and outs of platform … Continue reading
          Your knowledge companion        
Another thought blog by Visual mapper

Your knowledge companion

Regardless of where you're thought processes are right now with respect to personal databases; having one is a reality that may give you less knowledge management stress.

Now; if you're following these short thought blogs at visualmapper.org you'll be guided by my thought processes regarding the evolution of the mind mapper through information mapping to knowledge mapping.

At this point of the 21stcentury we're experiencing a quantum leap in technology. And this leap, is to me, like a fork in the road. To the left, technology offers a social media model of complete transparency, and to the right; technology offers a personal database model of encryption, security and safety.

Yes a vast majority of the connected world has a social media account; I do too, Twitter and LinkedIn is the extent of my social media exposure these days. I need to though, control my exposure due to business security and NDA's, and a personal database supplies me with absolute control.

Of course the social media user may say “hey these two things are the same thing”, I disagree. I experience very little control after I post, upload or share via any social media models. But it's clear the vast majority who use this model either, wilfully ignore the traps of transparency, or are simply conditioned out of believing encryption, security and safety are relevant.

The personal database models allow the user to have absolute control as to what is shared.

My personal choice for creating, managing and exchanging (controlled sharing) of my personal, academic and business data/information/knowledge is done via the only product that has proven to offer me the best secure, encrypted desktop to cloud sync capabilities to date.

This product/service? It's called TheBrain and you'll find it at www.thebrain.com. Most who view the brain are inquisitive knowledge management seekers who've been encouraged to take a look at it by enthusiasts and power users alike. Your first your reaction may be similar to my own when I first viewed TheBrain.

My reaction was something like: “WTF is this?” Hey I'm a Glasgow boy born and bred; I naturally react this way. But I must admit, I was very negative towards the graphical structure of this product initially. I am now a great admirer and supporter of this awesome product. You see; I was an evolving mind mapper who was stationed at a place called Visual Mapping.

My evolution was wrapped up in the environment I worked within at that time; it was the Quality management field, and boy I was struggling to manage my data and information via my traditional usage of mind maps and flowcharts and even rudimentary info-graphics.

I eventually settled with my graphical mapping product of choice www.conceptdraw.comand to date I can't be moved to use any other product range; as my charting and graphical charting needs are fully met within the ConceptDraw pro product.

My mind mapping usage has more variation that includes but isn't limited to using iMindMap, SimTech MindMapper, ConceptDraw MindMap, MindGenius, Xmind, MindManager, Comapping and Goalscape. How's that for a clear indication of graphical ADD, OCD? But alas due to the nature of my consulting work, I am compelled to keep tabs on and use most of the relevant mainstream visual mapping products to have a choice of excellent product to use to get the job done.

As much as I use and abuse many products associated with Visual Mapping; the one aspect of absolute need that has not been delivered to me by these mentioned products to date is the expansion of their single file architecture into a database file architecture. I've harped on about this in previous posts and I'll do it again no doubt.

But it is true; For all the products I use, not one of them have escaped from the single file, so restrictive, architecture. Yes I had that WTF moment when I saw TheBrain, but now I am almost in love with the TheBrain product/service. It has transformed the way I create, manage and exchange my database existence and I have complete control.

So this blog title “Your knowledge companion”; I say TheBrain can and does become your knowledge companion after you get past the WTF first impression. Visit www.thebrain.com, download the product, play with it, become frustrated with it, discover the realities it contains for your knowledge handling and after you take a step back for a bit; realize it can become your most important knowledge companion.


TheBrain: it really is yours to discover

           FTC Drills Dental Software Provider For Deceptive Encryption Promises         

By: George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law A leading dental office management software provider has agreed to pay $250,000 to settle the Federal Trade Commission’s (FTC) claims that it falsely advertised its product as having industry-standard encryption. This encryption would help clients meet obligations under federal health privacy law to protect patient information. Protecting Patient Information. The Dentrix G5 software is used by dentists to perform office tasks such as entering patient data, sending appointment reminders, submitting insurance claims and recording diagnostic information....


          China just sent a hack-proof message through space        
It's a major breakthrough that could lead to impossible to crack encryption methods and totally secure communications.
          Friday Links        
  • The European economy grew very slightly in Q2. The graph of European (and US) GDP is above.  I think it's too soon to be certain that Europe is out of the woods, but this last data point certainly does make the graph look less dismal.
  • Parts of China have slowed down badly though.
  • NSA surveillance leaks make national cyberdefense plan politically infeasible.  In general, I'm strongly in favor of national cyberdefense, and I research/design/build network intrusion detection systems for a living.  However, I have to admit that at this point I wouldn't trust the NSA with access to such systems either.  This is exactly why, in a democracy, major policy changes shouldn't be pursued in secret; it's toxic when it comes out.
  • Bruce Schneier: "Since the Snowden documents became public, I have been receiving e-mails from people seeking advice on whom to trust. As a security and privacy expert, I'm expected to know which companies protect their users' privacy and which encryption programs the NSA can't break. The truth is, I have no idea. No one outside the classified government world does. I tell people that they have no choice but to decide whom they trust and to then trust them as a matter of faith. It's a lousy answer, but until our government starts down the path of regaining our trust, it's the only thing we can do."

          Some Questions on XKeyscore        
Glenn Greenwald at the Guardian has written another very interesting article on XKeyscore, an NSA intelligence program to search huge amounts of bulk traffic that allied intelligence agencies are collecting from around the globe.  The Guardian also made available a top-secret presentation on XKeyscore from 2008.  This represents the program as it was inherited by the Obama administration from the Bush administration.  However, comments in interviews by Edward Snowden suggest that substantially similar capabilities still exist.

I wanted to draw attention to several things in the NSA presentation that the Guardian didn't mention but that struck me as interesting (having a computer security background).  The first is this map:


Several questions arise:
  • Do these nodes represent actual taps into Internet cables for raw data acquisition?  Or processing/storage nodes in the data-analysis cluster?  If the latter, why distribute them so much in places where they will be harder to guard?
  • There are many nodes shown throughout continental Europe.  Is this with the knowledge and acquiescence of European intelligence agencies?  Or is this a map of the infrastructure for spying on them?  Or just commercially leased data storage/compute facilities?
  • What does the red dot in the middle of China represent?  Ditto the one in Russia?
  • What do the string of red dots just above Antarctica represent?
Another very interesting part is this description of a possible query to XKeyscore:


VPN here will mean "Virtual Private Network" - systems which companies and other organizations use to provide secure encrypted access to the enterprise network for remote users (eg people working from home, or employees on business trips).  This slide appears to suggest that the NSA has the ability to break the encryption of at least some commercial VPN systems (if so, this is a fact that is not generally known).

It's less clear, but there's at least a hint of something similar here:


Does "content" in the last bullet mean the decrypted plaintext of the Word documents or PGP protected email?  If not, what would be the point of looking at the encrypted content?  This raises the further question; is the NSA is able to break the encryption of MS Office documents and PGP encrypted email?

Finally, this:

This suggests that the NSA scans computers for some fraction of the globe looking for vulnerabilities and maintains a database (seemingly called Tao) of those vulnerabilities to allow them to break in to those computers at a later time.  This kind of inventory is also the necessary precursor to very large-scale rapid attacks such as flash worms.

          Brussels - something to think about        
The Independent is running a story today:

Brussels attacks: Security officials accused of missing a string of opportunities to stop suicide bombers
Accomplices still on the run after day of conflicting reports and confusion
Paul Peachey, Kim Sengupta, Leo Cendrowicz, Laura Pitel

The following paragraphs are deeply troubling given the emphasis on "banning" encryption and the need for total surveillance:
The French Prime Minister, Manuel Valls, who laid a wreath at the underground station close to the European Commission headquarters where more than 20 people died, said that EU nations had to invest “massively” in their security systems. 
The most direct criticism came from Turkey, which has previously criticised France for what it said was a failure to heed a prior warning about one of the suicide attackers involved in last year’s attack in Paris in which 130 people were killed. 
Turkish officials have previously said that French authorities were warned twice by Turkey about one of the assailants in the attacks on Paris in November. A senior government source told The Independent: “We had warned France before the Paris attacks, now this. It’s ridiculous.” 
The two brothers had been known to police in Belgium for years, and operated in some of the marginalised communities in the capital that had avoided close attention from the intelligence agencies despite problems of jihadist recruitment and terrorist links. 
The Belgian federal prosecutor, Frederic van Leeuw, told reporters that the two brothers, Brussels-born Belgian citizens, had “extensive” criminal records but they were not related to terrorism.
So, ultimately the failure was both of communication between intelligence and police agencies *and* a failure to listen. Worse is that the terrorists involved were already known (last paragraph above). If the signals of possible trouble were not seen in the above then the problem certainly does not lie with extensive data collection. In fact the perpetrators actually gained privacy by effectively hiding in plain sight.

The trouble is that now politicians are in the "do something" mode of operation, where doing anything, regardless of effectiveness, is far better than actually thinking and doing the right thing.

I had the pleasure of speaking with some security experts in counter-terrorism a while back. They effectively said that politicians want more security just to be seen to be doing something - this is why we've ended up with airport security that concentrates on bottles of water but not on mitigating the real risks - queues, delays, bottlenecks. The question of profiling, as seen in Israeli aviation security is too much for the politicians to risk their careers on so everyone will suffer under increasingly intrusive and increasingly ineffective security.

Finally this quote by Simon Jenkins of The Guardian:

Those who live under freedom know it demands a price, which is a degree of risk. We pay the state to protect us – but calmly, without constant boasting or fearmongering. We know that, in reality, life in Britain has never been safer. That it suits some people to pretend otherwise does not alter the fact. 
In his admiral manual, Terrorism: How to Respond, the Belfast academic Richard English defines the threat to democracy as not the “limited danger” of death and destruction. It is the danger “of provoking ill-judged, extravagant and counterproductive state responses”.



          iOS 10.3 Now Available – Includes new file system, Find my AirPods, and other Fixes.        
Apple just pushed out iOS 10.3 which completely changes the file system to APFS. APFS has been optimized for flash/ssd storage and improves on encryption to keep your devices secure. One really nice feature is the ability for snapshots so that you can easily restore from a specific backup point. In regards to the AppStore, […]
          New Social Networking App “SecureTribe” is an Innovative, Easy-to-Use and Extremely Secure Way to Share Content        

SecureTribe is an advanced social network that lets users to create two distinct kinds of content sharing groups: private tribes that protect content with end-to-end encryption, and public tribes that can be accessed and enjoyed by anyone. The unique new app is available now from the App Store.

(PRWeb July 13, 2017)

Read the full story at http://www.prweb.com/releases/appshout/securetribe/prweb14505817.htm


          Must-Have New Privacy App “PS: Post Scriptum” Makes Enterprise-Grade Device Security Available to Everyone        

PS: Post Scriptum uses symmetric AES and asymmetric ECC encryption to secure files and communications in real-time. The new no-cost app is available for iOS and Google Play.

(PRWeb April 06, 2017)

Read the full story at http://www.prweb.com/releases/appshout/ps-post-scriptum/prweb14221850.htm


          8 major feature of Samsung Galaxy Note7 need to know        

  Samsung Galaxy Note7

  Samsung's latest Galaxy Note7, presumably caught our eye. For this much attention Samsung flagship phone, I believe there will certainly be many users have been eager to want to have. So before we Yong with it, it is necessary to understand its properties, here we get to know about:

  8 major feature of Samsung Galaxy Note7 need to know

  Features 1, a more "symmetrical" in S7 edge

  From the exterior, the Samsung Note7 like Note5 and S7 edge combination.

  On the four corners of the outline process, Samsung Note7 and Note5 remained the same, compared to S7 edge, Note7 looks more Founder and very tough. But Note7 S7 edge with a similar double-curved screens and 3D glass cover.

  On S7 edge, due to the large positive hyperbolic degree of bending at the edge of the screen, in order to leave space metal frame, although the back S7 edge is 3D glasses, but the extent of the curved edge is significantly smaller than the front.

  On Note7, Samsung reduced the degree of curvature of the front double curved screen, and increases the curvature of the back of the 3D glasses. From the side view, two 3D glass Note7 metal frame on both sides of the visual is almost completely symmetrical.

  In addition, in order to reduce the risk of double-sided glass broke, and Samsung have used before and after Note7 better anti-drop 5th generation Corning Gorilla Glass, which is currently the only one to use Note7 5th generation gorilla glass phone .

  On the border around the screen, Note7 than S7 edge would go a little bit narrow, coupled with double-curved screen, looks from the front, Note7 screen hardly see any borders. By virtue of the double surface design, compared to the already very narrow border Note5, Note7 in maintaining the 5.7-inch screen size, the whole width than Note5 even narrow 2 mm.

  2 properties, iris recognition is cool, but not practical fingerprint recognition

  From a functional point of view, Samsung Note7 biggest change is the addition of Iris should be identified.

  It works by identifying the iris of the eye is information for authentication.

  However, from a functional point of view, iris recognition and fingerprint Note7's basically no difference between the two can be used to unlock the phone and Samsung Pay payments. Note7 also built a feature called Secure Folder feature, users can not want others to see pictures and other content in this app or folder, then choose to use iris, fingerprint or traditional password encryption.

  But right now, the iris unlock process Note7 little too complicated. Users need to light up the phone screen, then slide on the lock screen, to enter the iris recognition interface, comes as no fingerprint at one go, in addition, the current iris recognition Note7 only record set iris information.

  Features 3, more feature-rich S Pen

  As in previous years, whatever you do, in each year of the new Galaxy Note, Samsung will be upgraded to the S Pen.

  Tip diameter Note7 from the previous 0.7 mm to 1.6 mm, pressure sensitive level increased to some exaggerated 4096, Samsung said that when the S Pen can Note7 use of more stable and smooth.

  In function, in addition to that, he picked up a pen like Note5 directly at the screen put out to write something outside the state, in Note7, after writing can also be directly to the content on the lock screen, as "Always-On Display" a part of.

  This feature is still a lot of scenarios, for example, you suddenly think of it this afternoon to go to the airport to meet people or to buy some important items, you can pick up a pen to record every phone to see when you can see an alert .

  Note7 the S Pen adds an animated GIF feature, users can directly use the S PEN in the interception of a phone or playing video recording up to 15 seconds of video content, Note7 automatically generates some GIF moving map.

  In addition, users can directly use the S Pen to select text and even pictures with text, Note7 can instant translation.

  It is worth mentioning, and Note7 as root S Note7 on Pen also supports IP68 level of dust and water.

  4 characteristics, performance is not enough "flagship"

  Logically speaking, the Galaxy Note this flagship product, we usually can use a "flagship" to a band before, but Note7 not entirely so.

  According to different regions, the samsung Note7 carry within some core parts will differ, Note7 SoC 820 Xiao dragon or Orion 8890 two optional, this and S7 edge exactly the same.

  It is noteworthy that, in the storage capacity, Note7 directly comes standard with a 64GB built-in memory and supports up to 256GB of Micro SD card expansion (will occupy a SIM card slot).

  But some surprise, since Samsung for many years as a true "annual flagship", Note7 "only" it equipped with 4GB of memory to run.

  Broke the news, according to some, the reason for the 6GB memory on useless, because a design flaw led to its Orion 8890 is not compatible with Samsung's own single 6GB LPDDR4 memory, although Qualcomm Xiaolong 820 is compatible with Fengyun memory, but in order to make sure both SoC's "consistency", Note7 had "committed" 4GB of memory to run.

  In our long-term use S7 edge process, although the 4GB transport exist most of the time is good enough, but 6GB of memory to run can still bring better multitasking experience, especially for memory management has been less reliable Samsung, 6GB memory on still has some significance.

  5 features, and S7 / S7 edge exactly the same camera

  Conference, Samsung made it clear that "Note7 the same camera module and S7 / S7 edge."

  Judging from the parameters, Note7 still "Front 500 million pixels + rear 13 million pixel" no front lights. The rear camera has a large aperture of f / 1.7, and supports optical image stabilization, dual-domain pixel technology has also been retained.

  Taking into account the S7 / S7 edge in the camera experience very good experience, Note7 copy down and there is no wrong.

  6 features, the battery capacity is smaller than the S7 edge

  Note7 battery capacity of 3500 mAh, although this is the largest ancient Note, but still slightly less than S7 edge 3600 mA.

  The reason than S7 edge of a small battery, one important reason is the S Pen Note7 need to occupy a lot of space inside the fuselage, plus the whole size only slightly larger than Note7 S7 edge, a little less battery capacity is not surprising.

  But on the flagship phone, Note7 battery still is relatively large, according to our experience in the S7 edge, Note7 battery life should be sufficient for most users a day heavy use.

  In addition, and as previous generations of Galaxy flagship, Note7 also supports Qualcomm's wireless QC fast charge and fast charge. On Note7, Samsung also "old" is Micro USB interface into the USB Type-C, as "compensation" included a Micro USB, Samsung will turn the USB Type-C adapter at each step Note7 in order to ensure that users hand Micro USB cable will not be eliminated directly.

  7 feature, more "younger" of TouchWiz

  Note7 equipped with a new version of TouchWiz, the overall color becomes younger.

  In this version of TouchWiz, the built-in icons have "big rounded rectangle" shape, a third party app icon will be "forced" to pull into this shape, as like it or not this "forced consensus" icon, you a matter of opinion.

  In addition, the location notification center, set menus, the new version of TouchWiz Note7 has also undergone a significant change. For example, in the Settings menu, a long menu of options had been classified into several categories.

  Characteristics 8, four color, price unknown

  In addition to conventional black, silver, gold, Note7 also adds a coral blue color, with a blue version previously introduced 8 and glory possible to launch blue iPhone 7, great blue in the second half of the smart machine popular momentum.

  Note7 will be in some other regions of the United States on sale August 19, while the market as well as Gear VR and Gear 360, but Samsung did not announce Note7 price, but surprisingly, then, the price should be slightly higher than Note7 S7 edge after Note7 market, Samsung is likely to be appropriate to reduce the price of S7 edge.

  Well, that's Samsung Galaxy Note7 eight major characteristics of a comprehensive analysis and understanding of the user in mind I am sure you have a clear understanding of the.


          Protecting Your Kid's Identity Is Your Responsibility        
Five words or less(NewsUSA) - Sponsored News - If only we could keep our kids in a bubble, insulated from the atrocities the world would inflict on them. Along with the normal worries any parent has for his or her child, you can add child identity theft to the list as well. According to IdentityTheftFacts.com, on average, victims of child identity theft have roughly $12,000 worth of fraudulent debt. In this way, it is imperative for parents to treat their children's information in much the same way as they treat their own information in order to prevent identity fraud. In addition, a recent Child Identity Fraud Report, sponsored by the Identity Theft Assistance Center (ITAC) and conducted by Javelin Strategy & Research, found that 1 in 40 households with minor children (under age 18) had at least one child whose personal information was compromised by identity criminals. All of this is to say that, clearly, this is a problem that parents need to pay attention to. Couple all of this with breaches affecting children in the commercial sector, such as that at VTech Holdings Ltd., a Hong Kong-based digital-learning toy maker, and you have a recipe for future financial disaster that could go undetected for years. In that case, the company admitted that in December of 2015, names, genders, and birth dates of 6.5 million of its child users were exposed in a data breach. About 2.9 million were U.S. children, according to the Wall Street Journal, which first reported the story. "It's a predatory crime that affects families," Virginia State Police Lt. Robert P. Chappell Jr., of Roanoke, Va., told the Deseret News in a phone interview. "I know how to recognize it and the steps to prevent it, as well as how to deal with the emotional aspects of it," he said. One such way that parents can protect their kid's identity is by keeping their digital footprint and information safe and secure. And now there is a simple cost-effective way to do that with the Gabriel app. The Gabriel app, available at the Apple App Store and the Google Play Store, was designed and built with personal privacy and security as its foundation by VirnetX, an Internet security software and technology company. For only $50 per year for five users, family members are assured that their communications -- when they talk, video, chat, text, email, or share photos or documents -- are safe and secure. No one will be able to see, hear, or intercept your communications other than the party you are in contact with because Gabriel does not transmit or store its data with any third party, not even VirnetX. It is person-to-person, end-to-end encryption that all but eliminates opportunities for hackers. Other benefits include: * Making free voice or video calls or sending IMs (instant messages) to other Gabriel users. * Receiving spamless email. * Sharing pictures or files that are immune to interception. For more information, or to download Gabriel, please visit www.gabrielsecure.com.
          Protect Your Kid's Identity        
Five words or less(NewsUSA) - Sponsored News - Much has been made about protecting your digital footprint lately. (Thank you, Apple and the FBI, for bringing this issue center stage). And, according to tech experts who follow such trends, it would seem that many people are starting to pay attention -- especially when it comes to protecting their children's privacy using encrypted communications. The argument against encryption goes like this: it allows those who exploit children to "go dark." While that is true, encryption is also a powerful tool that can help protect children from those same predators, as well as bullies and others who want to harm your kids. In short, encryption is not just for privacy and security, but also for personal safety as well as peace of mind. Think of it this way: your phone and other digital devices contain almost all of your personal information -- your current and previous locations, your home address, information about your family and friends, records of your calls and texts, email messages, and every website you've ever visited. This means that all that information is up for grabs. And in the wrong hands, it can also endanger your children. The good news is that protecting and encrypting your kids' information has never been easier or more cost-efficient. The Gabriel app, available at the Apple App Store and the Google Play Store, was designed and built with personal privacy and security as its foundation by VirnetX, an Internet security software and technology company. For only $50 per year for five users (that's only $4.17 per month), you can be assured that your children's communications -- when they talk, video, chat, text, email, or share photos or documents -- are safe and secure. No one will be able to see, hear, or intercept your kids' communications other than the parties they are in contact with because Gabriel does not transmit or store its data with any third party -- not even VirnetX. It is person-to-person, end-to-end encryption that all but eliminates opportunities for hackers. Other benefits include: * Making free voice or video calls or sending IMs (instant messages) to other Gabriel members. * Receiving spamless email. * Sharing pictures or files that are immune to interception. For more information, or to download Gabriel, please visit www.gabrielsecure.com.
          Comment on Secure password storage for i5_connect connections. by Chris Hird        
We have just completed an update to our JobQGenie PHP interface we are building and decided to add the ability to use encrypted storage for the password as suggested above. Unfortunately the overhead of constantly decrypting the password to connect through the persistent connection is adding some significant delays to the returned page. The test is being run on a Laptop connecting via Easycom to the IBM i so the decryption is taking place in the PC, the significant delay can only be attributed to the time it takes to decrypt the password. So if speed is important encryption may be a bottleneck. We will add some time stamps to see the actual differences and post the results later. Chris..
          Error 404: UK Home Secretary Amber Rudd Falls Victim to Email Prankster        
UK Home Secretary Amber Rudd has fallen victim to internet pranksters, who conned the minister into handing over sensitive personal information. Given Rudd has faced accusations of technological illiteracy over her campaign against encryption, the caper is likely to give critics much ammunition.
          Towards Secure Cloud Computing Environment        
Cloud is a developing area which is just like evolution of technology as bullock cart or horse cart to car. Initially in early 20th century nobody was thinking that horse cart will be replaced by another similar transport system. Client-server is now moving towards cloud architecture.

In early years of cloud computing to till now security and privacy are major threat assumed by users as well as technical innovators. Also some controversies related to breach of contract by some cloud players brings insecurity in market. Instances such as the secret NSA program, working with AT&T, and Verizon, which recorded over 10 million telephone calls between American citizens, causes uncertainty among privacy advocates, and the greater powers it gives to telecommunication companies to monitor user activity. However private and sensitive information including emails, health history and personal photos are explosively increasing, that's why computer scientist are seriously working on privacy issues.

Working over and solving privacy issues is not a simple task, making cloud secure without compromising performance and simplicity is a challenging task but somehow research work is attaining success which will make us sure that we can adopt cloud at personal level as well as at business level.

User can pay and use services through cloud service provider(CSP), while using these services user stores its data on unknown server which can be controlled by CSP, communication between server and user can also be monitored at any level. To ensure privacy user can send their data in encrypted format but it may affect better utilization of data if shared within organisation via cloud resources. However scientist found method of encrypted data utilization in this condition but there was threat related to leakage of sensitive information. To retrieve the data files for which user is interested keyword based retrieval adopted but that was not too efficient and data leakage problem not solved. In order to retrieve relevant file on sacrificing performance some Searchable Symmetric Encryption(SSE) adopted for cloud server. Now to ensure high performance and relevancy in data searching over cloud scientist working on multi-keyword search algorithms, among one of them i am going to implement into my Major Project of academic session. That is Two Round Searchable Encryption(TRSE) scheme. I have started working on it, and will update more comprehensive article on it soon. Thank you for reading, see you again, bye bye.

          Challenges of Cloud Computing : An Analysis        
In recent years acceptability of cloud computing encourages huge possibilities that computer science is entering into a new era. At this time cloud computing is in development phase and critics are not accepting an immature technology due to some threats. Security is considered as major challenge of cloud computing but there are other challenges which are more important rather then security.
Some of the most important challenges are as follows:

1. Standardization of cloud computing - There are too many standardization efforts can be seen in different vendors and standards bodies, it is difficult to determine which model should be applied in context of particular area of cloud computing. User's view is not taken analytically to implementation, that's why it is taking too much time to accept a definite standard of this new technology. Some of the users using cloud unknowingly, keeping feedback away from technologists.

2. Optimized storage and servers - A recent posting on ZDNet reveals that Amazon EC2 was made up of 454,600 servers in January 2012, An unofficial estimation puts the number of servers used by Google in January 2012 close to 1.8 million; this number was expected to be close to 2.4 million by early 2013. The question arises how we will manage such servers after 5 years. As we go through history computer developed from very large size to palm computers. This is possible research field to improve current storage and server system.

3. Availability and Performance - On 13 September 2013 an encryption key storage service inside Amazon Web Services, the Hardware Security Module appliance, was affected by connectivity problems over a period of an hour and 18 minutes in one availability zone. This type of news arises question like what will happen when most of the user will use only cloud, how this type of slowdown will affect depended businesses.
The complex architecture of cloud will also affect performance on implementation of more complex applications and platforms. High performance switches will be needed for uninterrupted communication between millions of cloud users with high bandwidth data transfer.

4. Ensuring competitive cost of pay per use - Due to lots of players in cloud computing and open source community cost will be reduced up-to certain limit which will somehow affect performance of services. This is the point where the technology may collapse due to throat cut competition.

5. Cloud Data ownership - Ownership of data will be big challenge for this nebulous technology, the data stored over cloud will be of user but agreement may force user to overhand ownership of data. switch to other service provider may become difficult at this time. User may also claim data of service because he paid for it.This will become difficult to justify the situation.

6. Portability or Migration from one service provider to other - Service provider may restrict user to use only services up-to he is paying, and also these services may be product oriented. For example currently Adobe is providing its products only through cloud as Adobe Creative Suite without backward compatibility. File format will not supported by any other application if i left using services of Adobe. This may also leads to application dependency.

7.Double expense for user - User will invest on bandwidth(internet connection) as well as for services of cloud there may be 1 to 100 of application used to work on different software and platform, it may be image processing task or office work. if user will pay for each application and also for internet service provider it will not business of profit.



Cloud computing has become an increasingly popular approach in recent years, with seemingly nothing but on going growth in its future. However, some industry observers say that It will grow rapidly, and is also threatened by some challenges. We hope it will become next-generation technology without any limitation.









          Keamanan Komputer (Materi presentasi ke-3)        
Teknologi informasi  yang semakin maju dan berkembang memiliki banyak keuntungan dalam kehidupan manusia, namun dibalik itu aspek negatifnya juga banyak terjadi seperti: kejahatan komputer, yang meliputi pencurian, penipuan, pemerasan, kompetitif, dan banyak lainnya. Jatuhnya informasi ke tangan pihak lain (misalnya pihak lawan bisnis) dapat menimbulkan kerugian bagi pemilik informasi. Sebagai contoh, banyak informasi dalam sebuah perusahaan yang hanya diperbolehkan diketahui oleh orang-orang tertentu di dalam perusahaan tersebut.

Penyebab Meningkatnya Kejahatan Komputer;
- Aplikasi bisnis yang menggunakan teknologi informasi dan jaringan komputer semakin meningkat.
- Desentralisasi dan distributed server menyebabkan lebih banyak sistem yang harus ditangani.
- Transisi dari single-vendor ke multi-vendor
-  Meningkatnya kemampuan pemakai di bidang komputer
- Mudahnya diperoleh software untuk menyerang komputer dan jaringan komputer
- Perangkat Hukum yang kurang akomodatif
- Semakin kompleksnya sistem yang digunakan
- Terjadinya lubang keamanan
- Semakin Banyak usaha yang memanfaatkan IT terutama berbasis jaringan

Aspek-aspek keamanan Komputer
Aspek keamanan komputer adalah bentuk pertimbangan yang menyatakan sebuah komputer bisa dinyatakan aman. aspek keamanan komputer meliputi hal-hal seperti berikut ini :
1. Authentication, yaitu agar penerima informasi dapat memastikan keaslian pesan tersebut datang dari orang yang dimintai informasi.
2. Integrity, yaitu keaslian pesan yang dikirim melalui sebuah jaringan dan dapat dipastikan bahwa informasi yang dikirim tidak dimodifikasi oleh orang yang tidak berhak dalam perjalanan informasi tersebut.
3. Nonrepudiation, yaitu merupakan hal yang yang bersangkutan dengan sipengirim, sipengirim tidak dapat mengelak bahwa dia lah yang mengirim informasi tersebut.
4. Authority, yaitu Informasi yang berada pada sistem jaringan tidak dapat dimodifikasioleh pihak yang tidak berhak atas akses tersebut.
5.  Confidentiality, yaitu merupakan usaha untuk menjaga informasi dari orang yang tidak berhak mengakses.
6. Privacy, yaitu merupakan lebih kearah data-data yang sifatnya privat (pribadi).
7. Availability, yaitu Aspek availability atau ketersediaan berhubungan dengan ketersediaan informasi ketika dibutuhkan.
8.  Access Control, yaitu Aspek ini berhubungan dengan cara pengaturan akses kepada informasi.

KONSEP KEAMANAN
Tujuan/Syarat Keamanan;
1.  Kerahasiaan (Secrecy).berhubungan dengan hak akses untuk membaca data atau informasi dari suatu sistem komputer. Dalam hal ini suatu sistem komputer dapat dikatakan aman jika suatu data atau informasi hanya dapat dibaca oleh pihak yang telah diberi hak atau wewenang.
2. Integritas (Integrity). berhubungan dengan hak akses untuk mengubah data atau informasi dari suatu sistem komputer. Dalam hal ini suatu sistem komputer dapat dikatakan aman jika suatu data atau informasi hanya dapat diubah oleh pihak yang telah diberi hak.
3. Ketersediaan(Availability). berhubungan dengan ketersediaan data atau informasi pada saat yang dibutuhkan. Dalam hal ini suatu sistem komputer dapat dikatakan aman jika suatu data atau informasi yang terdapat pada sistem komputer dapat diakses dan dimanfaatkan oleh pihak yang berhak.

Lingkup Pengamanan
  1. Pengamanan Secara Fisik. Komputer secara fisik adalah wujud komputer yang bisa dilihat dan diraba, seperti monitor, CPU, keybord, dan lain-lain.
  2. Pengamanan Akses. Ini dilakukan untuk komputer PC yang menggunakan sistem operasi lagging (penguncian) dan sistem operasi jaringan. 
  3. Pengamanan Data. Pengamanan data dilakukan dengan menerapkan sistem tingkatan atau hirarki akses di mana seseorang hanya dapat mengakses data tertentu saja yang menjadi haknya.
  4. Pengamanan Komunikasi Jaringan. Jaringan di sini berkaitan erat dengan pemanfaatan jaringan baik privat maupun publik seperti internet.
Bentuk-bentuk Ancaman
Bentuk-bentuk ancaman yang mungkin terjadi pada sistem komputer baik yang berbasis jaringan maupun tidak pada dasarnya dibedakan menjadi empat kategori, yaitu:
  1. Interruption merupakan suatu bentuk ancaman terhadap availability
  2. Interception merupakan suatu bentuk ancaman terhadap secrecy
  3. Modification merupakan suatu bentuk ancaman terhadap integrity
  4. Fabrication juga merupakan suatu bentuk ancaman terhadap integrity
Program Perusak/Penggangu
Secara garis besar program yang umumnya merusak atau mengganggu sistem komputer antara lain dapat dikelompokkan seperti Bug, Chameleons, Logic Bomb, Trojan Horse, Virus, dan Worm.
Prinsip Desain Pengamanan berupa Least Privilege, Economy of Mechanisms, Complete Mediation, Open Design, Separation of Priviledge, Least Common Mechanism, Psychological Acceptability.
Sedangkan datangnya ancaman keamanan  pada komputer bisa terjadi karena :
- serangan dari dalam atau lokal komputer (local attack),
- karena melakukan akses ke Internet, dan
- karena adanya serangan haker (Hacker attack).
      
Local Attack
Local attack atau console hacking adalah usaha rekan  kita sendiri untuk mengakses data secara tidak sah. Jadi para penyerang dapat mengakses komputer secara fisik dan berusaha masuk ke dalam penyimpanan data. Apabila komputer kita tidak diproteksi dengan password, maka data yang ada didalamnya dapat dilihat oleh siapa saja.  Ada beberapa lapis pengamanan terhadap console hackingmisalnya  Men-set BIOS password,  Men-set screen saver password,  Men-set password pada folder, Men-enkripsi dokumen-dokumen penting.

Bahaya Berinternet
Bahaya sewaktu berinternet sudah dimulai sewaktu kita berselancar dan dapat dibagi atas dua bagian besar:
     • Remote Controlled Access
     • Ιnfeksi Digital, misal virus.

Menurut Bernstein (et all, 1996) Ancaman terhadap penggunaan Internet dapat  datang dari jaringan Internet maupun dari lingkungan dalam (internal). Beberapa jenis ancaman yang dapat diproteksi ketika komputer terhubung ke jaringan, dapat dikelompokkan menjadi katagori sebagai berikut:
1. Menguping (eavesdropping).
2. Menyamar (masquerade).
3. Pengulangan (reply).
4. Manipulasi data (data manipulation).
5. Kesalahan penyampaian (misrouting).
6. Pintu jebakan atau Kuda Troyan (trapdoor).
7.  Virus (viruses).
8.  Pengingkaran (repudiation).
9.  Penolakan Pelayanan (denial of service).

Hacker Attack
Hacker menurut Eric Raymond di definisikan sebagai programmer yang pandai. Sebuah hack yang baik adalah solusi yang cantik kepada masalah programming dan "hacking" adalah proses pembuatan-nya. Menurut Raymond ada lima (5) karakteristik yang menandakan seseorang adalah hacker, yaitu:
- Seseorang yang suka belajar detail dari bahasa pemrograman atau system.
- Seseorang yang melakukan pemrograman tidak cuma berteori saja.
- Seseorang yang bisa menghargai, menikmati hasil hacking orang lain.
- Seseorang yang dapat secara cepat belajar pemrogramman.
- Seseorang yang ahli dalam bahasa pemrograman tertentu atau sistem tertentu, seperti "UNIX hacker".

Yang masih berhubungan dengan Hacker yaitu Cracker. Cracker adalah seseorang yang masuk ke sistem orang lain, biasanya di jaringan komputer, membypass password atau lisensi program komputer, atau secara sengaja melawan keamanan komputer. Cracker dapat mengerjakan hal ini untuk keuntungan, maksud jahat, atau karena sebab lainnya karena ada tantangan. Beberapa proses pembobolan dilakukan untuk menunjukan kelemahan keamanan sistem.

Dalam dunia hacker terjadi strata-strata (tingkatan) yang diberikan oleh komunitas hacker kepada seseorang karena kepiawaiannya, bukan karena umur atau senioritasnya. Untuk memperoleh pengakuan atau derajat, seorang hacker harus mampu membuat program untuk eksploit kelemahan sistem, menulis tutorial (artikel), aktif diskusi di mailing list, membuat situs web dan sebagainya. Secara umum yang paling tinggi (suhu) hacker sering di sebut ‘Elite’; di Indonesia mungkin lebih sering di sebut ‘suhu’. Sedangkan, di ujung lain derajat hacker dikenal ‘wanna-be’ hacker atau dikenal sebagai ‘Lamers’.

Cara Kerja Hacker
Gambaran tentang keseluruhan proses hacking, di bawah ini disajikan langkah-langkah logisnya, yaitu :
1. Footprinting
2. Scanning
3. Enumeration
4. Gaining Access
5. Escalating Privilege
6. Pilfering
7. Covering Tracks
8. Creating Backdoors
9. Denial of Service


Etika
Dalam komunitas hacker ternyata ada etika dan aturan main yang membedakan antara hacker dan cracker. Salah satu etika yang berhasil di formulasikan dengan baik ada di buku Hackers: Heroes of the Computer Revolution, yang ditulis oleh Steven Levy 1984, ada 6 etika yang perlu di resapi seorang hacker:
1. Akses ke komputer – dan apapaun yang akan mengajarkan kepada kita bagaimana dunia ini berjalan atau bekerja – harus dilakukan tanpa batas dan total. Selalu mengutamakan pengalaman lapangan.
 2. Semua informasi harus bebas, tidak di sembunyikan.
 3. Tidak pernah percaya autoritas – percaya pada desentralisasi.
 4. Seorang hacker hanya di nilai dari kemampuan hackingnya, bukan kriteria buatan seperti gelar, umur, posisi atau suku bangsa.
 5. Seorang hacker membuat seni & keindahan di komputer.
 6. Komputer dapat mengubah hidup kita menuju yang lebih baik.

Aturan Main Hacker
Hacker profesional akan memiliki etika aturan main sebagai hacker, yaitu :
- Di atas segalanya, hormati pengetahuan dan kebebasan informasi.
- Memberitahukan sistem administrator akan adanya pelanggaran keamanan atau lubang di keamanan yang kita lihat.
- Jangan mengambil keuntungan yang tidak fair dari hack.
- Tidak mendistribusikan dan mengumpulkan software bajakan.
- Tidak pernah mengambil resiko yang bodoh – selalu mengetahui kemampuan sendiri.
- Selalu bersedia untuk secara terbuka, bebas dan gratis memberitahukan dan mengajarkan berbagai informasi dan metoda yang diperoleh.
- Tidak pernah meng-hack sebuah sistem untuk mencuri uang.
- Tidak pernah memberikan akses ke seseorang yang akan membuat kerusakan.
- Tidak pernah secara sengaja menghapus dan merusak file di komputer yang dihack.
- Hormati mesin yang di hack, dan memperlakukannya seperti mesin sendiri.

Langkah Mengamankan Serangan Haker
Secara umum ada enam (6) langkah besar yang mungkin bisa digunakan untuk mengamankan jaringan dan sistem komputer dari serangan hacker, yaitu :
  1. Membuat Komite Pengarah Keamanan.
  2. Mengumpulkan Informasi
  3. Memperhitungkan Resiko
  4. Membuat Solusi
  5. Implementasi & Edukasi / Pendidikan.
  6. Terus Menerus Menganalisa, dan Meresponds.
Carder
Istilah carder cenderung kurang popular dibanding  hacker dan cracker. Carder merupakan istilah yang digunakan untuk kejahatan kartu kredit yang dilakukan lewat transaksi online. Ada sebagian orang yang menyatakan bahwa berlebihan jika carder ini disejajarkan dengan hacker dan cracker.
Sistem keamanan yang berkaitan dengan masalah keuangan dan E-Commerce seperti:
1. Data keuangan dapat dicuri atau dirubah oleh intruder atau hacker.
2. Dana atau kas disalahgunakan oleh petugas yang memegangnya
3. Pemalsuan uang
4.  Seseorang dapat berpura – pura sebagai orang lain dan melakukan transaksi keuangan atas nama orang lain tersebut.

Enkripsi
Enkripsi merupakan aspek yang sangat penting dalam komunikasi data melalui komputer, sehingga kerahasiaan data tetap terjamin. Enkripsiadalah sebuah proses yang mengubah suatu data menjadi kode yang tidak bisa dimengerti (tidak terbaca).

Cara Kerja Enkripsi
Enkripsi digunakan untuk menyandikan data-data atau informasi sehingga tidak dapat dibaca oleh orang yang tidak berhak. Dengan enkripsi, data kita disandikan (encrypted) dengan menggunakan sebuah kunci (key). Untuk membuka (men-decrypt) data tersebut, juga digunakan sebuah kunci yang dapat sama dengan kunci untuk mengenkripsi (privat key) atau dengan kunci yang berbeda (Public Key).
Keamanan dari enkripsi bergantung pada beberapa faktor. Pertama, Algoritma enkripsi harus cukup kuat sehingga sulit untuk men-decript ciphertext dengan dasar ciphertext tersebut. Lebih jauh lagi, keamanan dari algoritma enkripsi bergantung pada kerahasiaan dari kuncinya bukan algoritmanya. Yaitu dengan asumsi bahwa adalah sangat tidak praktis untuk men-dekripsi-kan informasi dengan dasar ciphertext dan pengetahuan tentang algoritma dekripsi atau enkripsi. Atau dengan kata lain, kita tidak perlu menjaga kerahasiaan dari algoritma tetapi cukup dengan kerahasiaan kuncinya.

Pada prinsipnya bahwa model implementasi kriptografi dalam enkripsi data dibedakan menajadi dua yaitu :
·        Kriptografi dengan enkripsi simetris. Yaitu penggunaan kunci (key) yang sama antara saat pengiriman data dan penerimaan data. Algoritma yang digunakan seperti DES (Data Encryption Standart), dan Blowfish.
·        Kriptografi dengan enkripsi asimetris. Yaitu penggunaan kunci (key) yang tidak sama (berlainan) saat pengiriman dan penerimaan. Sistem ini menggunakan dua buah key, yaitu privat key dan public key.

          Mozy Supports Key Management Interoperability Protocol        
The MozyEnterprise service now offers another encryption key option, furthering Mozy’s commitment to data security. Mozy supports the Key Management Interoperability Protocol, at no additional cost to our customers. At this point, you’re probably asking yourself a few questions. What is KMIP? Key Management Interoperability Protocol—or KMIP for short—is a communication protocol that defines secure [...]
          Donald Trump Jeopardizes Cyber Privacy And National Security        
President-Elect Donald Trump recently released a video in which he promised to work with the Department of Defense and Joint Chiefs of Staff on a “plan to protect Americas’ vital infrastructure from cyber attacks.” This promise reflects Trump’s ignorance of how cyber warfare works — calling in the Marines to secure the nation’s computers is about as effective as exterminating cockroaches with a shotgun.

On the vast, interdependent internet, evolving technologies and best practices must be adopted across the ecosystem for anyone to be secure. An effective cyber defense requires long, hard years of continued investment in research, education, strong encryption, standards, regulations, enforcement, and global cooperation. Unfortunately, Trump’s stated policy goals promise to halt and even reverse the hard-fought progress made in recent years defining and enforcing new cyber standards. The impact on national security will be dire.


Furthermore, Trump’s call to boycott Apple for refusing to break their iPhone encryption and his plan for “closing that Internet up” expose a disregard for cyber privacy and freedom of expression that threatens to undermine our rights and our prosperity.

Stop-and-Frisk in Cyberspace

The US is a cyber superpower, alongside China, England, Israel and Russia. While Edward Snowden’s revelations suggest that the U.S. likely harbors the most potent cyber weapons, the agencies that develop and wield them have a clear mandate to use them only on foreign targets — for example, to retaliate against Russia’s repeated pattern of cyber aggression.

To Trump, however, Vladimir Putin is a friend — the nation’s true enemies lurk within the American homeland: illegal Mexican immigrants, Muslim jihadist refugees, obstructive protesters, and conspiring journalists. Echoing Rudolph Giuliani, Trump has touted stop-and-frisk as a legitimate exercise of “law and order” so we should expect the same in cyberspace, as federal agencies redirect their formidable arsenals away from foreign and toward domestic surveillance. No wonder Peter Thiel supported and now advises Trump — his company Palantir sells the software used by intelligence agencies to monitor large populations; investors plowed another $20 million into the Palantir just last week.
Peter Thiel, co-founder of Palantir

Judicial and legislative oversight bodies normally protect US citizens from mass domestic surveillance. But Trump’s tweets and campaign rally warnings about ISIS have escalated American fear of the terrorist threat to the highest point since 9–11, when Congress passed the Patriot Act. The Republican Congress and Trump-appointed judges may give the President broad leeway.

The Danger of Deregulation

Preventing cyber attacks is impossible without regulation, because cyber neglect is like polluting, drunk driving, or refusing to vaccinate — it endangers not only the reckless, but everyone else as well. The security of every online transaction depends upon the integrity of all the vendors in the ecosystem who handle payments, network traffic, email delivery, cloud servers, and more. Furthermore, any infected computer or device can be used to attack others (as we saw in the October DDoS attack that caused massive internet outages). Without broad regulations and enforcement, internet commerce cannot be secured.

Donald Trump’s campaign speeches and web site have consistently promised to reduce the rules, headcount, and overall spending in the SEC, FTC, CFPB, FCC and IS Oversight Office — the very federal regulatory agencies that have taken the lead in defining and enforcing cyber standards. (His adviser Mark Jamison openly plans to nearly eliminate the FCC.) In addition to the budget savings, Trump sees this as a key element in his plan to promote business and increase jobs. By design, these cuts will relax the rules and enforcement of cyber standards for the public companies, banks, consumer-facing merchants, and network carriers that these agencies regulate. We should expect similar cuts in other regulatory authorities such as the Center for Medicare and Medicaid Services (which enforces HIPAA rules for the healthcare industry) and the Federal Energy Regulatory Commission (which oversees NERC standards for the power grid).

Cyber deregulation will empower American businesses to sell our data to anyone collecting profiles of US citizens. Meanwhile, with a U.S. president who actually invited and benefited from Russia’s intervention in the election, Russian cyber attackers feel they enjoy free rein in American cyberspace. With the rollback of cyber regulations, consumer-facing businesses will slash their own cyber security budgets, leading to weaker systems that further accelerate the growth and severity of information breaches. With our private information exposed, brace for a dramatic rise in identity theft and cyber stalking.

In contrast, the European Union has set the standard for privacy laws that limit how businesses and government agencies can use our information. Once disdained by the business community, these laws now give Europe the competitive advantage. In the wake of Snowden’s revelations, mistrustful Europeans moved their data from US clouds and services to EU alternatives — during Trump’s presidency, Americans will join them. While some Americans look to Switzerland as a safe haven for money, and Canada as a safe haven for our families, many will look to Germany as a safe haven for data.

Cyber 9–11

President Trump’s deregulatory policies will jeopardize not only privacy, but also national security. Our homeland’s greatest vulnerability may well be the cyber threat to our critical infrastructure, potentially disrupting life-support services like power and water. Furthermore, a single breach of a water treatment facility, dam, or nuclear reactor can directly kill millions of people — a cyber 9–11. And yet today most of the nation’s utilities run unpatched software on industrial control systems that remain defenseless, awaiting NERC cyber regulations to kick in next year. A four-year reprieve from these rules by Trump’s administration will expose the U.S. to a massive terrorist attack, and open the door for Russia or other nations to embed cyber bombs in our machinery for future activation. Even if the Defense Department can accurately attribute such attacks, they can only retaliate — they cannot prevent them.

The election of Donald Trump has profound implications for the security of cyberspace. Unless Trump reverses his positions on deregulation, government surveillance, and the Russian threat, his administration will dismantle the safeguards of cyberspace, threatening America’s commercial prosperity, individual privacy, and national security.

          Investment Recommendation: Claroty Series A        
Today, Claroty came out of stealth, announcing a Series A financing led by Bessemer. $32 Million is  is a lot for Series A, but this is an important company for our nation and our planet. To explain why, I thought I'd share this excerpt from our internal investment memo.

EXCERPT from APRIL 2016:

The Need for Industrial Security


The physical infrastructure of modern civilization runs on machinery: traffic lights, railroad switches, nuclear reactors, water treatment, electricity distribution, dams, ship engines, draw bridges, oil rigs, hospitals, gas pipelines, and factories depend upon mechanical elements such as pressure valves, turbines, motors, and pumps. These actuators (like the ones in the original Bessemer steel smelting process) were once manually configured, but today these machines are controlled by software running on directly-attached, single-purpose computers known as Programmable Logic Controllers (PLC). PLCs, in turn, are connected in aggregate to computers running Human Management Interfaces (HMI) through closed, vendor-proprietary Supervisory Control & Data Acquisition (SCADA) protocols like DNP3 and Profibus. Industrial manufacturers provide the machines, the PLCs, and the HMIs, and so Operations Technology (OT) teams typically need to use a mix of controllers and interfaces. This is collectively known as an ICS. 

During the PC revolution, many of these ICS components migrated to cheap, standard PCs, and their SCADA connections migrated to LAN switches and routers that leveraged the connectivity benefits of those PCs’ standard Ethernet ports. The security implications were relatively minor until the Internet came along; but now, if any computer in the building is connected to the Internet, all the machines are potentially exposed. ICS security had once depended upon an air-gap between IT and OT networks, and where absolutely necessary devices like one-way diodes were used to send data out of the OT network to the outside world. However, trends like remote management, cloud, IoT, and the adoption of open standards are eroding the network segmentation and creating new attack vectors.

The threat of ICS attacks is very different from threats plaguing other computer networks. First, there is little valuable data to steal from a PLC (with the theoretical exception of pharmaceuticals), and yet the consequences of an attack are potentially catastrophic; the worst doomsday scenarios of cyber warfare arise from compromised machinery such as gas relays, dams, reactors, and water treatment facilities that can kill millions of people when they malfunction. To get a taste of the kind of damage we’re talking about, watch this video from 2007, where members of the Idaho National Laboratory hacked some of its own machinery.

Second, the fear of unexpected downtime also makes OT teams less willing to experiment with new hardware and software updates. These factors create an environment of older computers running older software that is never patched despite the accumulation of known vulnerabilities.

Finally, OT teams will not run encryption or conventional cybersecurity software on their computers, lest the security processes interfere with the precise and fragile timing of their network; they would rather be infected than incur downtime. And evidence of infections is mounting:

•      The Stuxnet worm, allegedly developed jointly by NSA and the Israeli Army’s intelligence arm (Unit 8200), crippled the Iranian nuclear program by destroying their centrifuges;
•      Iran crippled the operations of the most valuable company on Earth, Saudi Aramco;
•      According to BVP-funded iSIGHT Partners, the Russia-based Sandstone Team developed the Blackworm malware that shut down power for 700K Ukrainians;
•      For two years, an Iranian group controlled malware inside a dam in Rye, New York (near BVP’s  Larchmont office).

The malware behind these attacks likely lay dormant for some time, and there is no comprehensive way to know how much more already lurks in critical ICS just waiting to be activated. According to the ICS-CERT, we discover more and more infections every year in US infrastructure.
So, at a time when nation-states, terrorists, and criminal organizations are scrambling for an advantage in cyberspace, society’s most critical infrastructure remains exposed and undefended.

Claroty’s Origin

Although our small investment in cyber foundry Team8 is gaining market value, we originally invested for more strategic reasons. Following our roadmap principle of “following the attackers,” we have long known that ICS would develop into a significant target, and hoped Team8 would provide us the best opportunity to invest in this market. They did just this with Claroty (fka Team 82), which is the second spin-out. Claroty is one of two dozen companies addressing cyber attacks on ICS. While Claroty is a newer entrant in this relatively nascent space, we believe deep the experience of its team makes it the likely winner.

Recall that retired Israeli General Nadav Zafrir had founded Team8 to focus the world’s best nation-state cyber warriors on the biggest challenges of cyber security. Zafrir recently commanded Unit 8200, considered Israel’s equivalent to the US National Security Agency (NSA). But unlike the NSA, which employs career-minded employees, Unit 8200 draws and trains the smartest draftees from the Israeli population, who, like everyone else, typically resign their military commission after three years. Naturally, several of them founded cybersecurity companies like Check Point, Palo Alto Networks, and NICE. But now Zafrir, along with the Unit’s former Head of Cyber (Israel Grimberg) and former Chief Technology Officer (Assaf Mischari), recruit and commercially train the top 1% of those graduates, re-purposing them in cybersecurity startups.

A principal skill set attributed to Unit 8200 is blind protocol analysis. If, for example, you wished to hack a Siemens centrifuge, you’d need to deconstruct the packets sent back and forth between the HMI and the PLC, or between the PLC and the actuator. Most protocols were cobbled together decades ago and were rarely well documented, and in some cases the vendors themselves treat them as holy writ. Unit 8200 is reputedly the best in the world at quickly and accurately understanding and parsing them down to the individual bit level. Team8 recruited the best, most experienced ICS thought leaders in Unit 8200, led by their team leader Benny Porat (CS PhD), to staff Claroty.

When Team8 starts a new company, it marries a technical team with an entrepreneurial founder. In the case of Claroty, Team8 recruited Amir Zilberstein, who founded the successful Waterfall Security and Gita Technologies. Waterfall develops ICS security products (unrelated to Claroty’s product); Gita’s technology remains undisclosed. Team8 also recruited Galina Antova, the former head of Siemens’ Industrial Security Services division, to run business development. Antova is a super impressive executive - highly connected, brilliant, and fast-moving. [See Appendix: Due Diligence for summaries of the team reference calls.] Next step is to recruit a CMO – we hope to get Patrick McBride, who was a star at iSight.

Beyond Security 

With meaningful Operations Technology (OT) experience on the team, Claroty is taking a different approach to the market than its competitors who generally come from cybersecurity backgrounds. Rather than lead with the cybersecurity benefits of their product, Claroty has developed an OT visibility platform that first and foremost surfaces operational issues. By deconstructing the proprietary vendor protocols, Claroty has delivered the first heterogeneous HMI with analytics that span an ICS network. Seeing as how most OT teams today care more about downtime than infection, we believe this approach will enjoy a far better reception in the near-term.

          The Failure of Cyber Security and the Startups Who Will Save Us        
2014 will be remembered as the year the cyber dam broke, breached by sophisticated hackers who submerged international corporations and government agencies in a flood of hurt. Apple, Yahoo, PF Changs, AT&T, Google, Walmart, Dairy Queen, UPS, eBay, Neiman Marcus, US Department of Energy and the IRS all reported major losses of private data relating to customers, patients, taxpayers and employees. Breaches at Boeing, US Transportation Command, US Army Corps of Engineers, and US Investigations Services (who runs the FBI’s security clearance checks) reported serious breaches of national security. Prior to last year, devastating economic losses had accrued only to direct targets of cyberwarfare, such as RSA and Saudi Aramaco, but in 2014, at least five companies with no military ties -- JP Morgan, Target, Sony, Kmart, and Home Depot – incurred losses exceeding $100M from forensic expenses, investments in remediation, fines, legal fees, re-organizations, and class-action lawsuits, not to mention damaged brands.

The press has already reported on where things went wrong at each company, promoting a false sense of security based on the delusion that remediating this vulnerability or that one would have prevented the damage. This kind of forensic review works for aviation disasters, where we have mature, well understood systems and we can fix the problems we find in an airplane. But information networks are constantly changing, and adversaries constantly invent new exploits. If one doesn’t work, they simply use another, and therein lies the folly of forensics.

Only when you step back and look at 2014 more broadly can you see a pattern that points toward a systemic failure of the security infrastructure underlying corporate networks, described below. So until we see a seismic shift in how vendors and enterprises think about security, hackers will only accelerate their pace of “ownership” of corporate and government data assets.

The Sprawl of Cyberwarfare

The breaches of 2014 demonstrate how cyberwarfare has fueled the rampant spread of cyber crime.

For the past decade, the world’s three superpowers, as well as UK, North Korea and Israel, quietly developed offensive capabilities for the purposes of espionage and military action. Destructive attacks by geopolitical adversaries have clearly been reported on private and public sector targets in the US, Iran, South Korea, North Korea, Israel, Saudi Arabia and elsewhere. While Snowden exposed the extent of cyber espionage by the US, no one doubts that other nations prowl cyberspace to a similar or greater extent.

The technical distinction of these national cyber agencies is that they developed the means to target specific data assets or systems around the world, and to work their way through complex networks, over months or years, to achieve their missions. Only a state could commit the necessary combination of resources for such a targeted attack: the technical talent to create zero-day exploits and stealthy implants; labs that duplicate the target environment (e.g. the Siemens centrifuges of a nuclear enrichment facility); the field agents to conduct on-site ops (e.g. monitoring wireless communications, finding USB ports, or gaining employment); and years of patience. As a result of these investments in “military grade” cyber attacks, the best of these teams can boast a mission success rate close to 100%.

But cyber weapons are even harder to contain than conventional ones. Cyberwar victories have inspired terrorists, hacktivists and criminals to follow suit, recruiting cyber veterans and investing in the military grade approach. (Plus, some nations have started targeting companies directly.) No longer content to publish malware and wait for whatever data pop up, criminals now identify the crown jewels of businesses and target them with what we call Advanced Persistent Threats (APTs). You want credit cards? Get 56 million of them from Home Depot. You want to compromise people with the most sensitive secrets? Go to straight to the FBI’s archive of security clearances. You want the design of a new aircraft? Get it from Boeing. You need data for committing online bank theft? Get it for 76 million households at JP Morgan Chase.

That’s why cyberspace exploded in 2014.

This is Not the Common Cold

But why are the crown jewels so exposed? Haven’t these companies all spent millions of dollars every year on firewalls, anti-virus software, and other security products? Don’t their IT departments have security engineers and analysts to detect and deflect these attacks?

The problem is that up until this year, corporate networks were instrumented to defend against generic malware attacks that cause minimal damage to each victim. Generic malware might redirect your search page, crash your hard drive, or install a bot to send spam or mine bitcoin. It’s not looking for your crown jewels because it doesn’t know who you are. It may worm its way to neighboring machines, but only in a singular, rudimentary way that jumps at most one or two hops. It’s automated and scalable – stealing pennies from all instead of fortunes from a few. If it compromises a few machines here and there, no big deal.

But with Advanced Persistent Threats, a human hacker directs the activity, carefully spreading the implant, so even the first point of infection can lead to devastation. These attacks are more like Ebola than the common cold, so what we today call state-of-the-art security is only slightly more effective than taking Airborne (and that’s a low bar). As long as corporate networks are porous to any infection at all, hackers can launch stealth campaigns jumping from host to host as they map the network, steal passwords, spread their agents, and exfiltrate data. Doubling down on malware filters will help, but it can never be 100% effective. All it takes is one zero-day exploit, or a single imprudent click on a malicious email, tweet or search result, for the campaign to begin. Or the attacker can simply buy a point of entry from the multitudes of hackers who already have bots running on the Internet.

Too Big Data

The dependence on malware filters is only half the problem. Ask any Chief Information Officer about his or her security infrastructure and you will hear all about the Secure Operation Center in which analysts pour over alerts and log files  (maybe even 24/7) identifying anomalies that may indicate security incidents. These analysts are tasked with investigating the incidents and rooting out any unauthorized activity inside the network. So even if someone can trespass the network, analysts will stop them. And indeed, thousands of security products today participate in the ecosystem by finding anomalies and generating alerts for the Security Information and Event Management (SIEM) system. Every week a new startup pops up, touting an innovative way to plow through log files, network stats, and other Big Data to identify anomalies.

But sometimes anomalies are just anomalies, and that’s why a human analyst has to investigate each alert before taking any pre-emptive action, such as locking a user out of the network or re-imaging a host. And with so many products producing so many anomalies, they are overwhelmed with too much data. They typically see a thousand incidents every day, with enough time to investigate twenty. (You can try to find more qualified analysts but only with diminishing returns, as each one sees less of the overall picture.)

That’s why, for example, when a FireEye system at Target spotted the malware used to exfiltrate 40 million credit cards, it generated an alert for the Secure Operations Center in Minneapolis, and nothing happened. Similarly, a forensic review at Neiman Marcus revealed more than 60 days of uninvestigated alerts that pointed to exfiltrating malware. SONY knew they were under attack for two years leading up to their catastrophic breach, and still they couldn’t find the needles in the haystack.

And yet, the drumbeat marches on, as security vendors old and new continue to tout their abilities to find anomalies.  They pile more and more alerts into the SIEM, guaranteeing that most will drop on the floor. No wonder APTs are so successful.

A Three Step Program

"Know Thy Self, Know Thy Enemy" - Sun Tzu, The Art of War

We need to adapt to this new reality, and the cyber security industry needs to enable it. Simply put, businesses need to focus their time and capital on stopping the most devastating attacks.

The first step here is to figure out what those attacks look like. What are your crown jewels? What are the worst case scenarios? Do you have patient data, credit cards, stealth fighter designs, a billion dollars in the bank, damning emails, or a critical server that, if crippled by a Distributed Denial of Service attack, would cause your customers to instantly drop you? As you prioritize the threats, identify your adversaries. Is it a foreign competitor, Anonymous, disgruntled employees, or North Korea? Every business is different, and each has a different boogeyman. The good news is that even though most CEO’s have never thought about it, this first step is easy and nearly free. (Cyber experts like Good Harbor or the BVP-funded K2 Intelligence can facilitate the process.)

Second, businesses need real-time threat intelligence that relate to their unique threatscapes. Almost every security technology depends upon a Black List that identifies malicious IP addresses, device fingerprints, host names, domains, executables or email addresses, but naturally they come with generic, one-size-fits-all data. Dozens of startups now sell specialized threat intel, such as BVP-funded Internet Identity, which allows clusters of similar companies to pool their cyber intelligence, or BVP-funded iSight Partners, whose global field force of over 100 analysts track and profile cyber adversaries and how to spot them in your network. What better way for your analysts to investigate the most important incidents, than to prioritize the ones associated with your most formidable adversaries?

"This is a global problem. We don't have a malware problem. We have an adversary problem. There are people being paid to try to get inside our systems 24/7"         
- Tony Cole, FireEye VP on CNN

And finally, security analysts need fewer alerts, not more. Instead of finding more anomalies, startups would better spend their time finding ways to eliminate alerts that don’t matter, and highlighting the ones that do. They would provide the analysts with better tools for connecting the alerts into incidents and campaigns, tapping into the skills of experienced “military grade” hackers to profile the attack patterns.

Outlook

The challenge of securing data today is obviously complex, with many other pressing opportunities for improvement such as cloud security, mobile security, application security and encryption. But as cyberwar spreads to the commercial Internet, re-orienting enterprise security to focus on Advanced Persistent Threats should be the single most important initiative for businesses and vendors alike. Of course, inertia is powerful, and it may take boards of directors, CISOs, product managers, entrepreneurs, and venture capitalists another tumultuous year in cyberspace to get the message.

          The Coming Wave of Cloud Security Startups        
This is a reprint of an article I wrote this week for MIT Technology Review.

Our growing computer security problems will create many new companies.

The threat from cyber-intrusions seems to have exploded in just the last 18 months. Mainstream media now report regularly on massive, targeted data breaches and on the digital skirmishes waged among nation states and cybermilitants.

Unlike other looming technical problems that require innovation to address, cybersecurity never gets solved. The challenges of circuit miniaturization, graphical computing, database management, network routing, server virtualization, and similarly mammoth technical problems eventually wane as we tame their complexity. Cybersecurity is a never-ending Tom and Jerry cartoon. Like antibiotic-resistant bacteria, attackers adapt to our defenses and render them obsolete.

As in most areas of IT and computing, innovation in security springs mostly from startup companies. Larger systems companies like Symantec, Microsoft, and Cisco contribute to the corpus of cybersecurity, but mostly acquire their new technologies from startups. Government agencies with sophisticated cyberskills tend to innovate more on the offensive side. I think that in the coming years we will see many small, creative teams of security engineers successfully discovering, testing, and building out clever new ways to secure cyberspace.

Anyone looking to found or invest in one of those small security companies destined for success should focus on the tsunami of change rocking the IT world known as cloud computing. In a transformation that eclipses even the advent of client–server computing in the 1980s, business are choosing to subscribe to services in the cloud over running software on their own physical servers. Incumbents in every category of software are being disrupted by cloud-based upstarts. According to Forrester, the global market for cloud computing will grow more than sixfold this decade, to over a quarter trillion dollars.


Cloud security, as it is known, is today one of the less mature areas of cloud computing, but it has already become clear that it will become a significant chunk of that vast new market. A Gartner report earlier this year predicted that the growth of cloud-based security services would overtake traditional security services in the next three years.

Just like other software products, conventional security appliances are being replaced by cloud-based alternatives that are easier to deploy, cheaper to manage, and always up-to-date. Cloud-based security protections can also be more secure, since the vendor can correlate events and profile attacks across all of its customers’ networks. This collaborative capability will be critical in the coming years as the private sector looks to government agencies like the National Security Agency for protection from cyberattacks.

The cloud also enables new security services based on so-called big data, which could simply not exist as standalone products. Companies like SumoLogic can harvest signals from around the Web for analysis, identifying attacks and attackers that couldn’t be detected using data from a single incident or source.

These new data-centric, cloud-based security products are crucial to solving the challenges of keeping mobile devices secure. Most computers shipped today are mobile devices, and they make juicier targets than PCs because they have location and payment data, microphones, and cameras. But mobile carriers and employers cannot lock down phones and tablets completely because they are personal devices customized with personal apps. Worse, phones and tablets lack the processing power and battery life to run security processes as PCs do.

Cloud approaches to security offer a solution. Software-as-a-service security companies like Zscaler can scan our mobile data traffic using proxies and VPNs, scrubbing them for malware, phishing, data leaks, and bots. In addition we see startups like Blue Cava, Iovation, and mSignia using Big Data to prevent fraud by fingerprinting mobile devices.

Cloud security also involves protecting cloud infrastructure itself. New technologies are needed to secure the client data inside cloud-based services against theft or manipulation during transit or storage. Some security auditors and security companies already sell into this market, but most cloud developers, focused on strong customer growth, have been slow to deploy strong security. Eventually it should become possible for cloud computing customers to encrypt and destroy data using their own encryption keys. Until they do, there is an opportunity for startups such as CipherCloud and Vaultive to sell encryption technology that is used by companies over the top of their cloud services to encrypt the data inside.

Lastly, cloud security also includes protecting against the cloud, which enables creative new classes of attack. For example, Amazon Web Services can be used for brute force attacks on cryptographic protocols, like that one German hacker used in 2010 to break the NSA’s Secure Hashing Algorithm. Attackers can use botnets and virtual servers to wage distributed denial of service attacks; and bots can bypass captcha defenses by crowdsourcing the answers. Cloud-based attacks demand innovative defenses that will likely come from startups. For example, Prolexic and Defense.net (a company Bessemer has invested in) operate networks of filters that buffer their clients from cloud-based DDOS attacks.

Cloud computing may open up enormous vulnerabilities on the Internet, but it also presents great opportunity for innovative cybersecurity. In the coming decade, few areas of computing will be as attractive to entrepreneurs, technologists, and investors.
          How Long Will the U.S. Cloud Market be "Snowed In"?        
Do recent revelations about US cyber intelligence activities jeopardize our nation’s market leadership in cloud computing? Will enterprises – domestic and foreign alike – now favor foreign vendors, or even avoid the public cloud altogether? A review of the political and technical realities points to trouble for US cloud providers, but only for the short term.
In recent weeks we’ve seen a tangible backlash against the NSA’s PRISM program and those tech companies who cooperate, especially those who “don’t put up a fight.” It is the natural, reflexive reaction to the sudden awareness of a potential intrusion on our privacy, and it includes new scrutiny by individuals and enterprises as to whether they should entrust their data to US cloud vendors, who have already felt some impact on their rates of sales and churn.
As related news reports and editorials come online, they provoke a lot of comments that reflect public sentiment. These comments have expressed concern about the lack of transparency in federal policies and jurisdiction, and even outrage at what many believe to be unconstitutional surveillance.
But in the past week, public comments on news sites have started to incorporate a more balanced look at the situation. There is acknowledgement that US intelligence agencies are doing their jobs when they gather data on potential threats to national security, just as other governments do; that the NSA does not steal IP for economic gain as many other state agencies do, and that despite our deficiencies, the US agencies operate under tighter oversight than foreign agencies. Especially as Congress moves to improve transparency, there is a grudging awareness that US-based clouds may offer the best privacy, relatively.
But is it good enough to be simply less bad? As long as privacy remains a concern, there will be resistance to adoption of any public clouds, and, as the market leaders, US vendors will suffer.
Fortunately, cryptographic technology will ultimately make this issue largely moot for most cloud infrastructure, platforms and applications. To date, cloud vendors have been slow to implement proper cryptographic protocols, since demand has grown so quickly without it. But with the recent focus on privacy, SaaS, PaaS and IaaS providers must get around to implementing what they should have implemented years ago.
Specifically, data in the cloud must be encrypted using keys that are controlled by the customers who own them. So whether you use SalesForce, Box, Google Apps or Workday, you should have the option of encrypting your data both in transit and storage, and although many cloud providers offer encryption today, they typically use one key for everyone, or at best they offer individual keys that are generated and controlled by the vendor.
The recent, notable exception is Amazon, whose CloudHSM service offers AWS customers access to Hardware Security Modules for key protection inside their cloud. It's time for others to follow Amazon's lead, so that customers can comply with their own regulations, data breaches will be far less catastrophic, and intelligence agencies will have to find new ways to snoop.
Until then, interim solutions from a new class of security startup — like CipherCloud, Vaultive, Vormetric, and Navajo (acquired by SalesForce) — enable you to encrypt your data before you send it to the cloud. Unfortunately, cloud providers cannot do much with encrypted data that they cannot decrypt - their applications cannot provide features such as sorting, fuzzy searches, and comparative metrics. CipherCloud and others have had to invent some kludgy workarounds (e.g. adding additional unencrypted index fields) with some but limited success.These solutions will be less compelling when clouds are properly secured.
For IaaS and PaaS vendors, the imperative to hand the keys to the customer is clear, but for SaaS providers, it's trickier, since their apps need to "borrow" the keys. For those customers who cannot tolerate even the smallest risk of exposure to those nation states with formidable cyber capabilities, tradeoffs will have to be made between security and features. There will also be tradeoffs in convenience, since mobile devices will need key management systems or VPNs. The most difficult application to secure would be one that requires sharing among individuals who do not typically have cryptographic keys, which is why Lavabit and Silent Circle just shuttered their secure email services (although I expect Phill Zimmerman will craft a workable solution in time).
Cloud computing still promises compelling benefits, and US vendors have competed well on features and services, benefitting from deep and rapid innovation. But it's time now for them to properly defend their data, and market share, by attending to security. We should expect these cryptographic capabilities to generally come to market in 2015; until then, the forecast for the sector remains Partly Cloudy.


          drrexdexter: Facebook, Google Wake Up From Their Coma On The...        


drrexdexter:

Facebook, Google Wake Up From Their Coma On The Subject, Join Wednesday’s Massive Net Neutrality Protest - (from the nice-to-see-you-could-show-up dept.)

By Karl Bode - Jul 10, 2017

So if you hadn’t heard, Wednesday will bear witness to a major protest (both online and off) against the FCC’s plan to kill popular net neutrality protections here in the States. [https://www.techdirt.com/articles/20170517/12241437395/fcc-ignores-will-public-votes-to-begin-dismantling-net-neutrality.shtml]

Spearheaded by consumer advocacy group Fight for the Future, the “day of action” is an effort to bring attention to the attack on net neutrality, to drive more people to the FCC’s comment proceeding, and to generate a wave of backlash supporters hope will mirror the SOPA/PIPA uprising. [https://www.fcc.gov/ecfs/search/filings?proceedings_name=17-108]

Countless small companies, consumer groups, and many large companies (including Amazon, Reddit, and Netflix) will be participating in the protests.

But also joining the proceedings are several Silicon Valley giants that, in recent years, have not just been apathetic to genuine net neutrality, but in many instances have actively worked to undermine the concept. 

While they didn’t make a formal announcement (that would have been too bold), both Google and Facebook reps are quietly telling news outlets they’ll be participating in the protests. [http://thehill.com/policy/technology/340961-facebook-google-to-join-net-neutrality-demonstration]

The depth of their involvement isn’t clear, but managers of the campaign say they’re obviously happy with the support all the same [http://thehill.com/policy/technology/340961-facebook-google-to-join-net-neutrality-demonstration]:

“We have not heard directly from either Facebook or Google, but we’re glad to hear that these companies are listening to their employees and Internet users and will speak out for net neutrality with the rest of the Internet on July 12,” Evan Greer, campaign director at Fight for the Future and an organizer for the event, said in a statement.

“In previous years these companies have often been on the sidelines of these fights, so we hope that they plan to do something meaningful in the spirit of the protest and educate their users about what’s at stake if we lose net neutrality protections that protect our online free speech, and give them opportunities to take action.”

Saying that Google and Facebook have been “on the sidelines” of the net neutrality fight is understandably polite on Greer’s part. 

Both have been working hard to broaden their lobbying focus under the Trump administration, and both have been more than happy to sacrifice some integrity (and the health of the internet) in the process. 

They’ve not only been mute as the FCC has taken aim at the rules, but historically they’ve taken actions to directly undermine the entire concept of network neutrality – here and abroad.

You’ll recall Facebook faced a massive backlash in India after it tried to corner the ad market with a free, AOL-esque service that critics say gave Facebook far too much influence over what content consumers would see. [https://www.techdirt.com/blog/netneutrality/articles/20150417/10581930699/facebooks-zuckerberg-thinks-aggressively-violating-net-neutrality-is-fineif-you-just-mean-well.shtml]

Criticism only grew after the “zero rated” service initially went so far as to prohibit the use of encryption. [https://www.techdirt.com/articles/20150505/18331030896/dangerous-ridiculous-facebook-wont-let-sites-join-internetorg-program-if-they-encrypt-traffic.shtml]

India ultimately banned the practice [https://www.techdirt.com/blog/netneutrality/articles/20150507/10533030927/mozilla-if-facebook-really-wants-to-help-developing-nations-it-should-ignore-zero-rating-fund-real-internet-access.shtml] after critics like Mozilla pointed out that if you want to bring internet access to the poor – you should actually bring real internet access to the poor, not a curated walled garden that only thinly disguises your international ad ambitions. [https://www.techdirt.com/blog/netneutrality/articles/20150507/10533030927/mozilla-if-facebook-really-wants-to-help-developing-nations-it-should-ignore-zero-rating-fund-real-internet-access.shtml]

While consistently still portrayed by some press outlets as a net neutrality ally, Google has also effectively been AWOL from the discussion since 2010, when it actively worked to make the FCC’s initial rules as flimsy as possible. [https://www.techdirt.com/blog/wireless/articles/20100812/17291310611.shtml]

Working hand in hand with AT&T and Verizon, Google played a big part in ensuring the original rules didn’t even cover wireless networks. 

When efforts emerged in 2015 to craft the notably tougher rules we currently have (for now), Google was nowhere to be found – and has lobbied pretty consistently against net neutrality protections for consumers overseas. [https://www.techdirt.com/blog/netneutrality/articles/20150820/10454632018/google-lobbied-against-real-net-neutrality-india-just-like-it-did-states.shtml]

So yes, while it should be applauded that both companies are participating in Wednesday’s proceedings, the depth of their participation is far from clear, and their efforts to undermine net neutrality in recent years should not be forgotten by those working to keep the internet a relatively open and healthy platform for competition and free speech.

https://www.techdirt.com/articles/20170710/05543537752/facebook-google-wake-up-their-coma-subject-join-wednesdays-massive-net-neutrality-protest.shtml


          Leveraging Platform Synergies to Break Adoption Barriers         

A link to the full report is posted in the Subscriber's Area.

One of the big questions for every online business is how to make it easier to take people’s money. Impatience, number of clicks, creating urgency, ensuring security and insuring purchases represent important considerations that have in many respects been solved by the various providers, with software and encryption getting better all the time.


          Technologies for Trust-How does Cryptography Fit the Bill?        

On an abstract level the notion of ’trust’ is pretty clear e.g.: "The extent to which someone who relies on a system can have confidence that the system meets its specifications" (RFC 2828). Obviously, trustworthiness is a property that we’d expect from IT-systems we depend on. As a matter of fact, IT-systems are designed to be capable to create and process arbitrary patterns of binary information. This fundamental property does include the ability to manipulate data objects, return improper function call results, and exchange faked data packets or messages. Thus, how to establish confidence in services provided by operating systems as well as local or remote computing resources? How to trust received IP packets, E-Mail messages, or HTTP responses? In essence: how to bootstrap the property of trust in systems that rely on the processing of binary information while being able to manipulate any binary information? This presentation investigates base technologies for trust enhancing. It examines the role of cryptography as a trust facilitator for IT-systems: the merits of cryptographic technologies with respect to trust enhancement are identified; the relevance of recent technology initiatives in the world of XML (e.g. Liberty Alliance, SAML, WS-Security, XACML, XKMS, XML-Encryption, and XML-Signature) is analyzed.
          [Jon Koplik] <<<<< Although Apple has heavily promoted Apple Pay as an alternative to payin...        
<<<<< Although Apple has heavily promoted Apple Pay as an alternative to paying with a credit card at retail stores, in apps and on websites, it has not gained much traction with consumers or merchants. >>>>>

My favorite part of this :


nytimes.com


MAY 21, 2017


Apple Pay Violates Patents Held by Security Technology Inventor, Lawsuit Alleges


By VINDU GOEL

SAN FRANCISCO -- A small Boston company, founded by the inventor of a popular corporate encryption technology called RSA SecurID, sued Apple and Visa on Sunday, arguing that the Apple Pay digital payment technology violates its patents.

The lawsuit, filed by Universal Secure Registry in Federal District Court in Delaware, says that its chief executive, Kenneth P. Weiss, received 13 patents for authentication systems that use a smartphone, biometric identification such as a fingerprint and the generation of secure one-time tokens to conduct financial transactions.

In the suit and in an interview, Mr. Weiss said he had extensive meetings in 2010 with Visa officials, including its chief executive at the time, to discuss working together on the technology. In the interview, he said that Visa had signed a 10-year nondisclosure agreement to gain access to the technology, assigned engineers to fully understand the details, but then dropped further communication without securing a license.

Mr. Weiss said he also wrote to Apple at the same time seeking to license his technology, but the iPhone maker never responded to his inquiries.

Three years later, Visa began work on the Apple Pay technology with Apple, MasterCard and American Express. Apple released Apple Pay to iPhone users in 2014.

Although Apple has heavily promoted Apple Pay as an alternative to paying with a credit card at retail stores, in apps and on websites, it has not gained much traction with consumers or merchants. Users enroll a credit card on their phone, then touch a finger to the iPhone’s Touch ID sensor to pay a merchant that has installed a wireless terminal that can receive a signal from the phone.

Universal Secure Registry did not seek a license agreement or royalties from Apple or Visa after the release of Apple Pay. Mr. Weiss said the law firm representing his company, the patent specialists Quinn Emanuel Urquhart & Sullivan, advised him to file the suit first.

Apple declined to comment on the suit. Visa did not respond to a request for comment.

Apple has taken an aggressive stance recently against companies seeking royalties for key patents covering its iPhones, Macs and other products. It is embroiled in bitter litigation against Nokia and Qualcomm, accusing them of demanding unfairly high royalties for technology that it uses.

Quinn Emanuel, which filed the Apple Pay suit on behalf of Universal Secure Registry, represented Samsung Electronics in some of its long-running patent litigation with Apple over software in its Android-based smartphones.

Mr. Weiss said that his company has tried to license its technology to larger firms without success and is now building its own device for secure wireless authentication.

He founded Security Dynamics in 1984 and was its chairman until 1996. Security Dynamics acquired RSA Data Security in 1996, and the two companies’ technologies were eventually combined in the RSA SecurID token system that is now used by tens of millions of people to authenticate and secure communications with corporate and government computer systems. RSA is now part of Dell EMC.

After leaving Security Dynamics, Mr. Weiss turned his attention to payment technologies and planned to license them to larger companies. He said he is still hoping to reach some kind of agreement with Apple and Visa.

“My intention is still to get into a conference room with them and resolve this,” he said.



--------------------

END.

.
.
.

          How to Register an SSL Certificate        


SSL (Secure Sockets Layer) is a technology that encrypts information that is sent from a user's computer to the server. It ensures that people visiting your site have encryption when submitting private information like credit cards or social security numbers. Providing SSL on a server is the responsibility of the website owner. Registering an SSL certificate is accomplished through a valid provider.

  1. Step 1

    Register the domain name for the website. A fully qualified domain name is needed to register an SSL certificate. Several domain registries exist. Some popular ones are godaddy.com, dotster.com and register.com.

  2. Step 2

    Verify "whois" entries are valid. SSL verification involves a background check with the person registering the certificate with the information in the Whois Directory. The Whois Directory is a registry of domain names and the owners. The domain information must be valid and public. Check your domain information at whois.net.

  3. Step 3

    Generate a key by opening a new command prompt in Linux and entering the following commands:
    openssl genrsa -out www..com.key 1024
    openssl req -new -key www..com.key -out www..com.csr
    Replace "" with the name of the domain from step one. This creates a csr file needed for step four.

  4. Step 4

    Register the SSL certificate with a secure authority. The most popular company for SSL certification is Verisign. Register the certificate at verisign.com/ssl/buy-ssl-certificates/index.html. The company takes your private information and checks for contact information validity for registration.


          Learn about vSphere 6.5 at VMworld        

Ever since VMware released vSphere 6.5 late last year, the response from customers has been overwhelming positive.  Customers have been especially excited by features such as enterprise-grade vCenter Server Appliance (VCSA), built-in encryption features, and a modern API set.  Now that people have learned about these new capabilities, we decided for this year’s VMworld to

The post Learn about vSphere 6.5 at VMworld appeared first on VMware vSphere Blog.


          More Government Surveillance? World Leaders Attempt To Get Around Encryption        

Concerned about government surveillance? World leaders, from France to the United States, have been attempting to get around encryption.

The post More Government Surveillance? World Leaders Attempt To Get Around Encryption appeared first on FlashRouters Networking & VPN Blog.


          Archive vs. Ransomware        
Archives perennially ask the question "how few copies can we get away with?"
This is a question I've blogged about in 2016 and 2011 and 2010, when I concluded:
  • The number of copies needed cannot be discussed except in the context of a specific threat model.
  • The important threats are not amenable to quantitative modeling.
  • Defense against the important threats requires many more copies than against the simple threats, to allow for the "anonymity of crowds".
I've also written before about the immensely profitable business of ransomware. Recent events, such as WannaCrypt, NotPetya and the details of NSA's ability to infect air-gapped computers should convince anyone that ransomware is a threat to which archives are exposed. Below the fold I look into how archives should be designed to resist this credible threat.

Background

Before looking at the range of defenses an archive could deploy, some background on the ransomware threat.

What Is Ransomware?

Ransomware is a class of malware which, once it infects a system, typically behaves as follows:
  • It searches the network for other systems to which it can spread, either because they have vulnerabilities the ransomware knows how to exploit, or because credentials for those systems are available on the infected system.
  • It encrypts all data writable by the infected system with a unique key, and reports the key and the system's ID to the ransomware's headquarters.
  • It informs the user that their data has been encrypted, and that the user can obtain a key to decrypt it by paying a ransom, typically in Bitcoin.
Some ransomware operations, Cerber is an example, have a sterling reputation for customer service, and if paid are highly likely to deliver a key that will permit recovery of the data. Others are less professional and, through bugs, incompetence, or a get-rich-quick business model may accept payment but be unable or unwilling to enable decryption. Of course, paying the ransom merely encourages the ransomware business, already worth by some estimates $75B/yr.

From the archive's point of view, ransomware is a similar threat to other forms of external or internal attacks, such as a disgruntled sysadmin, or a catastrophic operator error. The consequence of infection can be the total loss of all stored data. I'm just using ransomware as an example threat because it is timely and credible.

How Is Ransomware Delivered?

I've been asked "Archives don't have much money, so why would ransomware target one?" It is true that archives are less lucrative targets than FedEx, Maersk, SF Muni, Rosneft, WPP, the UK NHS and other recent victims of ransomware. But it is a misconception to think that ransomware is targeted at lucrative systems. For example, a nation might think that destroying the archive of another nation would be an appropriate way to express displeasure.

Like other forms of malware, ransomware is delivered not just by targeted means, such as phishing emails, but also by many different scattershot techniques including Web drive-bys, malicious advertising, compromised system updates, and in the case of WannaCry a network vulnerability. And, since recent ransomware exploits vulnerabilities from the NSA's vast hoard, it is exceptionally virulent. Once it gets a toehold in a network, it is likely to spread very rapidly.

Defenses

I now examine the various techniques for storing data to assess how well they defend against ransomware and related threats.

Single copy

Let us start by supposing that the archive has a single copy of the content in a filesystem on a disk. We don't need to invoke ransomware to know that this isn't safe. Failure of the disk will lose the entire archive; bit-rot affecting either or both of a file and its stored hash will corrupt that file.

Disk Mirror

One way to protect data is by directing each write to two identical disks, mirrors of each other. If one fails the data can be read from the other.

But when one fails the data is no longer protected, until the system is repaired. The safety of the data depends on the operator noticing the failure, replacing the failed disk, and copying the data from the good disk to the replacement before the good disk fails.

For well-administered systems the mean time to failure of a disk is long compared to the time between operators paying attention, so if disks failed randomly and independently it would be unlikely that the good disk would fail during repair. Alas, much field evidence shows that failures are significantly correlated. For example, raised temperatures caused by cooling system failure may cause disks to fail together.

Disk mirroring doesn't protect against ransomware; the writes the malware uses to encrypt the data get to both halves of the mirror.

Filesystem Backup

Another common technique is to synchronize a master copy with a slave copy in a different filesystem on a different disk. If there is a failure in the master, the system can fail-over, promoting the slave to be the new master and having the operator (eventually) create a new slave with which it can be synchronized.

Although this technique appears to provide two filesystems, the synchronization process ensures that corruption (or encryption by ransomware) of the master is rapidly propagated to the slave. Thus it provides no protection against bit-rot or ransomware. Further, because both the master and the slave filesystems are visible to (and writable by) the same system, once it is compromised both are at risk.

Network Backup

There are two ways data can be backed up over a network to a separate system, push and pull. In push backup, data is written to a network filesystem by the system being backed up. This is equivalent to backing up to a local filesystem. Ransomware can write to, so will encrypt, the data in the network filesystem.

Pull backup is better. The remote system has read access to the system being backed up, which has no write access to the network file system. Ransomware cannot immediately encrypt the backup, but the pull synchronization process will overwrite the backup with encrypted data unless it can be disabled in time.

Both mirroring and backup have a replication factor of two; they consume twice the storage of a single copy.

RAID

Disk mirroring is technically known as RAID 1. RAID N for N > 1 is a way to protect data from disk failures using a replication factor less than two. Disk blocks are organized as stripes of S blocks. Each stripe contains D data blocks and P parity blocks, where D+P=S. The data can be recovered from any D of the blocks, so the raid can survive P failures without losing data. For example, if D=4 and P=1, data is safe despite the loss of a single drive at a replication factor of 1.25.

RAID as such offers no protection against bit-rot. Some RAID systems provide the option of data scrubbing. If this is enabled, the RAID system uses a background task to identify individual bad blocks and repair them before they are detected as the result of a user read. Data scrubbing can prevent some forms of bit-rot, typically at the cost of some performance. Anecdotally it is rarely enabled.

But, since the content still appears in a single filesystem, any compromise of the system, for example by ransomware, risks total loss. As disk capacity has increased but disk transfer speed and the unrecoverable bit error rate (UBER) have not increased to match, the time needed after the operator has noticed a disk failure to fill the replacement disk and the size of the data transfer involved mean that single parity RAID (S-D=P=1) is no longer viable.

Erasure Coding

RAID is a form of erasure coding, but more advanced systems (such as IBM's Cleversafe) use erasure coding to spread the content across multiple systems in a network rather than multiple disks in a system. This can greatly reduce the correlation between media failures. Since the erasure-coded storage appears to applications as a filesystem, it provides no protection against ransomware or other application system compromises.

Two Independent Copies

Why is it that none of the approaches above defend against ransomware? The reason is that none provides independent replicas of the data. Each system has a single point from which the ransomware can encrypt all copies.

Suppose the archive maintains two independent copies, independent in the sense that they are separate in geographic, network and administrative terms. No-one has credentials allowing access to both copies. Although both copies may have been originally ingested from the same source, there is no place from which both copies can subsequently be written or deleted. Now the ransomware has to infect both replicas nearly simultaneously, before the operators notice and take the other replica off-line.

Three Independent Copies

Of themselves, 2 independent copies do not protect against more subtle corruption of the data than wholesale encryption. It is often assumed that storing hashes together with the data will permit detection of, and recovery from, corruption. But this is inadequate. As I wrote in SHA-1 is Dead:
There are two possible results from re-computing the hash of the content and comparing it with the stored hash:
  • The two hashes match, in which case either:
    • The hash and the content are unchanged, or
    • An attacker has changed both the content and the hash, or
    • An attacker has replaced the content with a collision, leaving the hash unchanged.
  • The two hashes differ, in which case:
    • The content has changed and the hash has not, or
    • The hash has changed and the content has not, or
    • Both content and hash have changed.
The stored hashes are made of exactly the same kind of bits as the content whose integrity they are to protect. The hash bits are subject to all the same threats as the content bits.
For example, if an attacker were to modify both the data and the hash on one of two replicas, the archive would be faced with two different versions each satisfying the hash check. Which is correct? With 3 independent copies, this can be decided by an election, with the replicas voting on which version is correct.

Alternatively, techniques based on entangling hashes in Merkle Trees can be used to determine which hash has been modified. These are related to, but vastly cheaper than, blockchain technologies for the same purpose. The problem is that the Merkle tree becomes a critical resource which must itself be preserved with multiple independent copies (making the necessary updates tricky). If ransomware could encrypt it the system would be unable to guarantee content integrity.

Four Independent Copies

If one of the three independent copies is unavailable, the voting process is unavailable. Four independent copies is the minimum number that ensure the system can survive an outage at one copy.

Lots of Independent Copies

Just as with disks, it turns out that outages among notionally independent copies are correlated. And that archives, unable to afford intensive staffing, are often slow to notice and respond to problems, lengthening the outages. Both make it more likely that more than one copy will be unavailable when needed to detect and recover from corruption.

Tape Backup

The traditional way to back up data was to a cycle of tapes. To over-simplify, say the cycle was weekly. Each day the data would be backed up to, and overwrite, the same day's tape from the previous week; a replication factor of 7 that was only affordable because tape was so cheap compared to disk. With this traditional approach ransomware would have to be a good deal cleverer. It would need to intercept the backups and encrypt them as they were written while delaying encryption of the disk itself for a whole backup cycle.

In practice things would be more complex. Writing to tape is slow, and tape is not that much cheaper than disk, so that complex cycles interleaving full and incremental backups are used. Generic ransomware would be unlikely to know the details, so would fail to destroy all the backups. But recovery would be a very slow and error-prone process, unlikely to recover all the data.

Write-Once Media Backup

One excellent way to defend against ransomware and many other threats (such as coronal mass ejections) is to back the data up to write-once optical media. Kestutis Patiejunas built such a system for Facebook, and it is in production use. But few if any archives operate at the scale needed to make these systems cost-effective.

How Does This Relate To LOCKSS?

Nothing in the foregoing is specific to the LOCKSS technology; it all applies to whatever technology an archive uses. The LOCKSS system was designed to cope with a broad range of threats, set out initially in a 2005 paper, and elaborated in detail for the 2014 TRAC audit of the CLOCKSS Archive. Although these threat models don't specifically call out ransomware, which wasn't much of a threat 3 years ago, they do include external attack, internal attack and operator error. All three have similar characteristics to ransomware.

Thus the LOCKSS Polling and Repair Protocol, the means by which peers in a LOCKSS network detect and repair damage such as encryption by ransomware, was designed to operate with at least 4 copies. Assuming that no copy is ever unavailable when needed is not realistic; as with any preservation technology 4 is the minimum for safety.

Our experience with operating peer-to-peer preservation networks of varying sizes in the LOCKSS Program led us to be comfortable with the ability of these networks with realistic levels of operator attention to detect damage to, and make timely repairs to, content provided they have 7 or more peers. As the number of peers decreases, the level of operator attention needed increases, so there is a trade-off between hardware and staff costs.
          ÐžÑ‚правка почты через SMTP в 1C-Битрикс.        

Для начала качаем библиотеку swiftmailer

Затем в /bitrix/php_interfaсe/init.php пишем следующий код

require_once 'swiftmailer/swift_required.php';
 
function custom_mail($to, $subject, $msg, $additionalHeaders)
{
     if(strpos($additionalHeaders, "text/plain")){
        $text_type = "text/plain"; 
     }
     else{
        $text_type = "text/html";
     }
    $toList = explode(',',$to);
     
    Swift_Preferences::getInstance()->setCharset('iso-8859-1');
     
    $transport = Swift_SmtpTransport::newInstance('smtp.yandex.ru')
        ->setPort(465)
        ->setEncryption('ssl')
        ->setUsername('login')
        ->setPassword('pass')
    ;
     
    $mailer = Swift_Mailer::newInstance($transport);
     
    $message = Swift_Message::newInstance($subject)
        ->setFrom(array('yourmail@site.ru' => 'Your text'))
        ->setTo($toList)
        ->setBody($msg,$text_type)
    ;
     
    $result = $mailer->send($message); 
  
}

          Boards take on enhanced risk oversight role        

Companies face a rapidly evolving risk landscape, and boards must take steps to ensure they oversee those risks effectively

This article originally appeared in the Corporate Secretary 'Governance and the Boardroom' special edition. Click here for the full publication.

With widespread globalization and recent geopolitical changes, a new presidential administration and the accelerated rate of technological developments, companies seem to be facing an increasingly broad array of risks. As a result, the challenges facing boards of directors have intensified in recent years, particularly in relation to the board’s role of overseeing their company’s risk management.

A board cannot satisfy its duty to oversee a company’s risk management policies and procedures without an understanding of the principal risks the company faces, and an appreciation of their magnitude. While the biggest risks facing each company may differ, some are common to many public companies. In addition to the risks firms have traditionally focused on – and which remain relevant – such as those associated with internal and disclosure controls or regulatory compliance, there are several emerging risks applicable to many issuers that directors should be aware of and ensure management is addressing effectively.

Risks associated with Brexit
Companies with global operations have long faced risks relating to the volatility of worldwide economic and political conditions. But the UK’s decision to leave the EU has created new risks for companies with operations in the UK and/or other EU member states. Given the lack of comparable precedent, the precise impact of Brexit is not yet known. It will depend, in large part, on any agreements the UK makes to retain access to European markets, either during a transition period or more permanently.

Depending on the terms of trade ultimately negotiated, the UK’s withdrawal from the EU could disrupt the free movement of goods, services and people between the country and the EU, undermine bilateral co-operation in key policy areas and significantly disrupt trade between the UK and the region. In addition, Brexit could engender legal uncertainty, as well as potentially divergent national laws and regulations, as the UK engages in the potentially lengthy process of determining which EU laws to replace or replicate. Brexit could also potentially have more far-reaching effects. For example:

  • It could create global economic uncertainty, which poses a risk as customers may closely monitor their costs and reduce their spending budgets in response to tighter credit, negative financial news and declines in income 
or asset values
  • Over time, Brexit could adversely impact European or worldwide political, regulatory, economic or market conditions and could contribute to instability in global political institutions, regulatory agencies and financial markets. The announcement of the Brexit vote caused significant volatility in global stock markets and currency exchange rate fluctuations that resulted in the strengthening of the US dollar against certain foreign currencies. The relative strengthening of the US dollar could, in turn, affect companies’ operating results and financial condition, as companies’ reported international revenue is 
reduced because foreign currencies translate into fewer US dollars
  • Brexit could adversely change tax benefits or liabilities in jurisdictions in which some companies operate

While the full scope of the risks associated with Brexit is difficult to predict, it does appear that the potential consequences, as described above – and others that may not yet be anticipated – could affect companies’ relationships with existing and future customers, suppliers and employees, both in the UK and in other countries, and/or cause companies to face significant new costs and challenges.

Consequently, the possible effects of Brexit could include an adverse impact on some companies’ businesses, results of operations and financial performance.

Risks associated with the new US administration
In light of the election of US President Donald Trump, many companies face new risks due to uncertainties surrounding the administration’s legislative priorities, regulatory agenda and potential policies. For example, many observers expect the new administration and Congress will seek to repeal or modify legislation viewed as having over-regulated certain sectors of the US economy, yet the scope of such deregulatory measures remains unclear. Similarly, while the Trump administration has included in its agenda a potential reform of US tax laws, the extent of the expected reform – particularly as it relates to taxation of business entities – is still unknown.

Some of the uncertainties related to regulatory reforms sought by the Trump administration may have a disproportionate impact on companies in certain industries. For instance, uncertainties surrounding the new administration’s environmental policies may have an acute effect on alternative energy companies.

Other risks relating to the new administration are not sector-specific but may apply to some companies more than others. Companies that have international operations, for example, may be subject to new risks as a result of the administration’s foreign and international trade policies. Notably, Trump has raised the possibility of significantly increasing tariffs on goods imported into the US, particularly from China and Mexico.

The imposition of tariffs could increase costs for some companies, particularly foreign companies with large US customer bases and domestic retailers that rely heavily on imported goods. These increased costs may be passed on to customers, which could, in turn, reduce the competitiveness of the companies’ offerings in certain markets and result in the loss of customers.

Similarly, companies that rely on international recruitment efforts in their search for new talent might be restricted due to the Trump administration’s changes to immigration laws or policies.

Cyber-security risks
In the digital age, when more and more competitively sensitive and proprietary information and personal data are stored electronically, the threat of a data breach is significant. Given that no company seems immune from data breaches and incidents, every board needs to ensure it is properly overseeing the company’s cyber-risks.

To that end, the board needs first to understand the company’s top cyber-risks. These may include:

  • Outside attacks and misuse by current and departing employees
  • Social engineering to gain network access from users with privileged access. Social engineering refers to the psychological manipulation of people into performing actions or divulging confidential information, often in violation of 
corporate security policies
  • Inadequate authentication procedures for customers and users
  • Use of data in violation of US or foreign laws or directives
  • Lost or stolen devices that are not properly protected with encryption and/or remote management
  • Server and/or laptop and personal computer vulnerabilities
  • Risks associated with outsourcing certain functions to third-party vendors.

How boards can oversee risk effectively
Most public companies have implemented an enterprise risk management (ERM) framework to identify and assess a broad range of risks to which the company is exposed and their potential impact on all aspects of the company’s operations, as well as to implement synchronized strategies to effectively manage these risks.

The board has a fiduciary duty to oversee corporate risk – not to manage it – and is therefore charged with overseeing the execution and performance of the company’s ERM program. As indicated clearly by Delaware courts, the board’s oversight duty is fulfilled where the company has appropriate systems in place for monitoring risks and the directors are acting in good faith. In other words, what this means is that directors will be held liable for breaching their duty of care only if plaintiffs can demonstrate ‘sustained or systemic failure 
of the board to exercise oversight’.

While the bar for director liability is high, the board must ensure it is fulfilling its oversight duty adequately. There are several ingredients to effective risk oversight that can be applied to every corporate board. For example, communication between the board and management (both senior executives and operational management) is critical, as the board relies on the management to be able to identify and communicate specific risks and their potential implications. Consequently, board members should ensure they have sufficient access to relevant members of management.

Board members should also consider whether it is appropriate to engage advisers to provide additional guidance. In some cases, it may be useful for a board to engage risk-management consultants to help the board evaluate company risk-management systems and to analyze specific risks.

In presentations from and discussions with management and any relevant advisers, board members should ask thoughtful and probing questions in order to gain a full understanding of the risks and challenges facing the company and its industry, and 
the measures management is taking to mitigate those risks.

Finally, the board should make risk oversight a regular agenda item, ensuring sufficient time is spent at board and committee meetings to discuss the most significant risks facing the company.

As a corollary to the above, when discussing the company’s top risks, as with other board matters, the board chairman should ensure directors have sufficient time and opportunity not only to ask strategic questions but also to discuss and deliberate those issues fully. Directors should be able – and encouraged – to challenge assumptions and ideas, no matter how popular they are.

Likewise, the independent director presiding over the executive sessions of the board should be able to facilitate a robust discussion and ensure a thorough examination of the risks at issue by encouraging a healthy debate and the voicing of opposing viewpoints.

To maximize the effectiveness of the board’s risk oversight, board members should consider whether the board’s composition allows for appropriate oversight of the risks facing the company. In some situations, board members might consider whether it makes sense to bring on a new director who may have experience or expertise in a particular area of concern, such as cyber-security, international operations or regulation.

The board should further consider whether its oversight role is appropriately allocated among the board’s committees. For example, if a company faces particular risks in connection with its incentive compensation plan, the board might consider tasking oversight of such risks to the compensation committee. Similarly, there may be circumstances in which it might make sense for a board to create a separate compliance or risk committee.

In addition, directors should be mindful that they have valuable resources within the organization to help them execute their risk-oversight role. The company’s corporate secretary and/or legal function can assist directors in their pursuit of further educating themselves on the company and its industry, such as by setting up site visits for directors or identifying relevant director education programs.

But to generally avail themselves of such opportunities, directors must be proactive in contacting the corporate secretary and/or legal function to articulate their needs. The company’s internal audit function can also be a helpful resource, particularly for members of the audit committee. Similarly, the company’s human resources function can be helpful in answering certain questions of the compensation committee in its oversight of the risks related to a company’s compensation programs.

A final ingredient in ensuring effective board oversight is periodic board evaluations. If conducted properly, such evaluations can be a valuable tool for identifying whether the company’s business strategy is executed within an environment of prudent risk management and/or whether there are any potential areas of risk on which management should be spending more time. A comprehensive board evaluation process can thus help guide directors toward specific areas of risk on which the board needs to be more focused in its oversight role.


Yafit Cohn is counsel and Karen Hsu Kelley is a partner with Simpson Thacher & Bartlett in New York.


          1928 Judul Skripsi/Tugas Akhir        
Teknik Informatika, Manajemen Informatika, Sistem Informasi, Teknik Komputer, Teknik Elektro

Bagi kawan-kawan sesama mahasiswa terutama jurusan Teknik Informatika, Manajemen Informatika, Sistem Informasi, Teknik Komputer, Teknik Elektro maupun jurusan-jurusan lain yang pendalaman minatnya mengarah ke dunia teknologi informasi / IT kadang untuk mendapatkan ide judul skripsi yang relevan dengan jurusan minatnya tersebut mungkin mengalami kesulitan. Apalagi bagi kawan-kawan mahasiswa yang masih blank belum kepikiran untuk mengambil skripsi wkwkwkwk… Bagi yang sering mondar-mandir ke perpustakaan kampus sih kadang agak terbuka wawasannya dengan melihat-lihat judul skripsi para kakak kelas. Paling tidak jika bagi mahasiswa yang belum waktunya untuk mengambil skripsi maka sebaiknya sudah punya ancang-ancang judul skripsi apakah yang akan digunakan nanti. Berikut ini ada beberapa judul-judul skripsi jurusan Teknik Informatika, Manajemen Informatika, Sistem Informasi dll yang bisa kawan-kawan jadikan sebagai acuan untuk menentukan judul skripsi/tugas akhir nanti. Hehehehe… siapa tau dari sekian banyak judul skripsi ini ada yang bisa dijadikan inspirasi untuk judul skripsi kalian.
1. Aplikasi Pemesanan Rental Mobil Hafa Yogyakarta Dengan Layanan Web dan WAP
2. Analisis dan Perancangan Sistem Informasi Pemasaran dan Persediaan Barang PT. Nycomed Amersham
3. Perancangan Perangkat Lunak Tender untuk Jasa Konsultan
4. SET Analisa dan Perancangan Sistem Informasi Sumber Daya Manusia (SDM) PT. LEN
5. Deteksi Muka Depan Manusia dari Sebuah Citra Berwarna dengan Template Matching
6. Perangkat Lunak Sistem Informasi Pegawai PT. Stannia Bineka Jasa
7. Perangkat Lunak Pemenuhan Kebutuhan Gizi pada Orang Sakit
8. Analisa & Perancangan Sistem Monitoring Inventaris Barang PT. LEN
9. Implementasi SMS gateway dengan menggunakan bahasa alami dalam sistem informasi perdagangan (Studi Kasus Toko Amanna)
10. Studi dan Implementasi Konsep Business to Costumer dengan Teknologi M-Commerce berbasis WAP
11. Perancangan Sistem Informasi Berbasis Web pada Perpustakaan Umum Daerah di Singaraja
12. Sistem Aplikasi Try Out SPMB dan EBTANAS Berbasis Web Menggunakan PHP MySQL
13. Aplikasi Logika Fuzzy untuk Prediksi Penyakit dengan Metode Criteria Decision Making
14. Sistem Informasi Eksekutif untuk Perencanaan Tata Letak Anak Cabang Perusahaan (Studi Kasus Bank PD. BPR Bapas 69 Magelang)
15. Membangun Aplikasi Pustaka (Pusat Data Informatika) Berbasis Web
16. Aplikasi Algoritma Minimax pada Permainan Checkers
17. Sistem Pendukung Keputusan Penentuan Porsi Dana Investasi Portofolio dengan Model Indeks Tunggal
18. Rancang Bangun Multiplayer Game Real Time Strategy Berbasis Macromedia Flash MX
19. Menentukan Volume Produksi dengan Menggunakan Metode Sugeno
20. Sistem Informasi dan Analisa Akuntansi di PT. Prima Cipta Informatika Yogyakarta
21. Penentuan Lokasi Optimal untuk Distribusi Unit Pelayanan Kesehatan (Puskesmas) dengan Sistem Informasi Geografis di Kabupaten Sleman, DIY
22. Rancang Bangun Sistem Informasi Geografis Daerah Pariwisata Propinsi Bali Berbasis Web
23. Rancang Bangun Aplikasi SMS Alert untuk Job Seeker (Studi Kasus di Alumni Career Center UII)
24. Membangun Sistem Perangkat Lunak untuk Efisiensi Biaya Proyek Pembangunan dengan Memanfaatkan FLOAT pada Metode Analisis Jaringan Kerja
25. Pemanfaatan Fuzzy Linguistic Hedge sebagai Pengecek Tata Bahasa (Grammar) pada Kalimat yang Berbahasa Inggris
26. Permainan Minesweeper dengan Komputer sebagai Pemainnya Menggunakan Metode Heuristik
27. Rancang Bangun Aplikasi Mobile untuk Pembayaran Listrik, Air, dan Telepon dengan Java 2 Micro Edition (J2ME)
28. Rancang Bangun Aplikasi Game Perang Pesawat dengan Menggunakan Macromedia Flash MX
29. Rancang Bangun Aplikasi Game Merapikan Kamar Menggunakan Bahasa Action Script pada Macromedia Flash MX
30. Pengkelasan Bentuk Kromosom dengan Menggunakan Metode Fuzzy Membership-Roster
31. Aplikasi untuk Knowledge Management pada Perusahaan Pelayanan Kesehatan Berbasis Web menggunakan PHP
32. Sistem Informasi Perusahaan Terpadu Berbasis Web
33. Rancang Bangun Sistem Informasi Eksekutif (SIE) Studi Kasus pada Koperasi Unit Desa (KUD) Sri Makmur, Desa Keras Wetan, Kec. Geneng, Kab. Ngawi, Jawa Timur
34. Aplikasi Sistem Pakar untuk Diagnosa Penyakit Kulit dan Pengobatannya dengan Basis Pengetahuan yang Dinamis
35. Pengembangan e-Catalogue dengan Metode Pengembangan Berorientasi Objek
36. Membangun Aplikasi Multimedia Edukatif-Games sebagai Alat Bantu Belajar
37. Rancang Bangun Alat Bantu Ajar Matematika untuk Anak-Anak dengan Macromedia Flash MX
38. Rancang Bangun Aplikasi Action and Strategy Games Pasukan Anti Teroris Menggunakan Teknologi J2ME
39. Aplikasi Data Mining dengan Menggunakan Metode Decision Tree untuk Prediksi Penentuan Resiko Kredit
40. Simulasi dan Visualisasi Penyelesaian Job-Shop Model dengan Menggunakan Borland Delphi
41. Estimasi Biaya Empiris Menggunakan Constructive Cost Model
42. Analisis dan Perancangan Sistem Informasi Material Requirement Planning di PT. Dehatex
43. Perancangan Perangkat Lunak Perkuliahan PDP STT Telkom Bandung
44. Perancangan Database Equipment Stock Total Indonesia Balikpapan Berbasis Web
45. Implementasi Sistem Kompetensi Karyawan Berbasis Web di Lingkungan Divre III PT. Telkom
46. Perancangan Perangkat Lunak Perencanaan Anggaran Pengajaran di PDP STT Telkom
47. Pembangunan Perangkat Lunak Pelaksanaan Praktikum Jurusan Teknik Elektro
48. Aplikasi Pemesanan Tiket Biro Perjalanan Marala Tour Berbasis Web
49. Perancangan dan Implementasi Jaringan Komputer Sistem Diskless-Terminal
50. Pembuatan Aplikasi Validasi Sebagai Pendukung Integritas Data Warehouse
51. Sistem Informasi Parkir King’s Shopping Centre
52. Perangkat Lunak Sistem Pelayanan Perijinan Departemen Perindrustrian dan Perdagangan Republik Indonesia
53. Pusat Informasi Narkotik dan Obat-Obatan (Narkoba) Berbasis Web
54. Perangkat Lunak Pemenuhan Gizi Bagi Ibu Hamil
55. Pembuatan Aplikasi Manajemen Pelaporan Error dalam Pembangunan Corporate Portal Software di PT. Ebdesk Indonesia
56. Pembuatan Aplikasi Distance Learning Mengenai Activity Based Costing Basic
57. Implementasi Sistem Edutainment Berbasis Web
58. Eka Purwanti 613970025 Implementasi Sistem Edutainment Berbasis Web
59. Pemetaan Hierarki Pemanggilan Operasi Source Code Kernel Linux
60. Perancangan Sistem Pelatihan Pengoperasian Video Conference Berbasis Web
61. Perancangan Software Frontdesk Server Assistant (Fosa)
62. Perangkat Lunak Pendukung Peningkatan Audit Mutu Internal SMM ISO 9000 di PT. Forest Citra Sejahtera
63. Perangkat Lunak Tes Akademik On Line Berbasis Web
64. Perangkat Lunak Pengelolaan Administrasi Jurusan Teknik Imformatika Berbasis Web
65. Aplikasi Sistem Kepegawaian Rumah Sakit dr Slamet
66. Analisa & Perancangan Sistem Informasi Perpustakaan PT. Omedata Electronics Bandung
67. Analisis Dan Perancangan Sistem Informasi Perpustakaan STT Telkom Berbasis Web
68. Aplikasi Sistem Informasi Penjualan Properti Berbasis Web
69. Visualisasi Perencanaan Sel pada Sistem Komunikasi Bergerak Seluler Digital GSM Berbasis Web
70. Perancangan Sistem Informasi Lowongan Kerja Berbasis Web
71. Perangkat Lunak Berbasis Web Registrasi Gladi
72. Sistem Simulasi Perdagangan Berjangka Berbasis Online
73. Sistem Pendukung Pengambilan Keputusan Perdagangan Komoditi Berjangka di PT. Nusatrade Media Graha
74. Infrakstruktur Kompilasi dalam Lingkungan Linux
75. Pembangunan Prospektus STT Telkom Interaktif Berbasis Multimedia
76. Pembangunan Sistem Informasi Pelanggan PT. PLN Bandung Berbasis Web
77. Perangkat Lunak Pemasaran Perumahan Panorama Jatinangor
78. Implementasi Perdagangan On Line pada Pemilihan Obat-Obat Paten di PT. Kimia Farma
79. Perangkat Lunak Pendukung Pengelolaan Administrasi & Keuangan PDP STT Telkom Bandung
80. Perancangan & Pembuatan Aplikasi Pemantauan (Monitoring) Kondisi Memory Data Base Studi Kasus pada Data Base Kepegawaian PT. Vistalindo Global Solusi
81. Aplikasi Lelang Berbasis Web
82. Sistem Registrasi Ujian Negara STT Telkom
83. Perancangan Dan Implementasi Data Warehouse Query Report Berbasis Web
84. Pembangunan Perangkat Lunak Sistem Pakar Untuk Mengidentifikasi Kerusakan Pada Mobil Toyota Kijang
85. Sistem Informasi Keuangan CV.Epsilon Group
86. Perancangan dan Implementasi Portal Muslimah sebagai Sarana Pencarian Berbasis Web
87. Aplikasi Portal Formula I
88. Perancangan Aplikasi Forum Diskusi dengan Metoda Synchonour
89. Perangkat Lunak Monitoring Laboratorium Teknik Informatika STT Telkom Berbasis Web
90. Sistem Informasi Berbasis Web untuk Layanan Purna Jual Pelatihan Divlat PT. Telkom
91. Perangkat Lunak Otomasi Pengelolaan APDB
92. Perancangan Perangkat Lunak Sistem Informasi Layanan Data Keuangan Investor di Bursa Berjangka
93. Sistem Informasi Non Operator
94. Sistem Komputer Akutansi Koperasi Karyawan PT. Pintex
95. Perangkat Lunak Bantu Perhitungan Sewa Lahan untuk Kabel
96. Searching dan Kodefikasi Pengaksesan Dokumen Lumbung Warta Berbasis Web di Divisi Risti
97. Pembangunan Perangkat Lunak Pendaftaran Siswa Baru untuk Mendukung Proses Penyeleksian dan Penerimaan Siswa Baru di SMUN 1 Sumedang
98. Perangkat Ajar Berhitung dengan Sempoa Sistem 1-4 untuk Mewujudkan Mental Aritmetika
99. Aplikasi Pengelolaan Medical Record Pasien pada Klinik PT. LEN Indrustri Bandung Berbasis Web
100. Sistem Informasi Laboratorium Teknik Elektro STT Telkom Berbasis Web
101. Perangkat Pengidentifikasi Jenis Dan Akibat Narkotika & Obat Berbahaya
102. Pembangunan Web Site Intranet Kandatel Bekasi
103. Inventory dan Penelusuran Buku dan CD Berbasis Web Perpustakaan Virtual Procces Lab Divisi Risti
104. Analisa dan Implementasi Linux Clustering dengan menggunakan PVM
105. Aplikasi Sistem Informasi Perijinan Pengelolaan Wartel pada Distel Solo
106. Aplikasi Tutorial Berbasis Web Mata Pelajaran Biologi tentang Anatomi Tubuh Manusia
107. Aplikasi Bandung Tour Online
108. Sistem Bimbingan Belajar UMPTN Berbasis Web
109. Perangkat Lunak Pengelolaan Administrasi Jurusan Teknik Elektro STT Telkom Berbasis Web
110. Perancangan Sistem Informasi Sumber Daya Manusia di Gereja Kristen Pasundan
111. Warung On Line Kopegtel Divisi Risti
112. Perancangan Sistem Penggajian Pegawai PT. Wahana Makmur Sejahtera
113. Perangkat Lunak Sistem Inventararisasi Sim Card dan Voucher pada PT. Satelit Palapa Indonesia (Satelindo) Bandung
114. Pembangunan Perangkat Lunak Surat Ijin Usaha Perdagangan pada Dinas Perindustrian dan Perdagangan Kabupaten Sumbawa
115. Perangkat Lunak Pembantu Pembuatan Perangkat Bantu Ajar Tutorial Berbasis Komputer
116. Pembangunan Perangkat Lunak Inventari Hotel Berbasis Web (Studi Kasus Hotel Yehezkiel Bandung)
117. Sistem Informasi Pariwisata Berbasis Web Propinsi Bengkulu
118. Sistem Pendukung Pengambilan Keputusan Penyeleksian Calon Siswa SMU Negeri 3 Bandung
119. Aplikasi Pengelolaan Transaksi Penjualan dan Pemesanan Berbasis Web pada Toko Gonzo
120. Sistem Pengelolaan Sumber Informasi dan Pengetahuan Berbasis Web
121. Sistem Informasi Administrasi KK-KTP pada Dinas Catatan Sipil PEMDA Kab. Bangli
122. Aplikasi Pengelolaan Data Pelanggan Telkom Vision di PT. INTI Berbasis Web
123. Perangkat Lunak Penjualan Komputer di Toko Media Tama Jaya Plaza
124. Monitoring Prestasi Akademik dan Aktivitas Siswa Sekolah Menengah Umum Berbasis Web (Studi Kasus SMUN 3 Bandung)
125. Desain dan Implementasi Aplikasi Pelaporan Gangguan Sistem Scada (LGS) pada PT. PLN APD Bandung
126. Sistem Informasi Penjualan Barang Bekas
127. Pembangunan Perangkat Lunak Sistem Informasi Inventori Buku di Toko Al-Huda Bandung
128. Pembangunan Perangkat Lunak Pelaporan Performansi Top Ten Indikator Berbasis Web untuk Kancatel Cikajang Kabupaten Garut
129. Perangkat Lunak Bantu Pengajaran Komputer Grafik dengan Pemograman Open GL Berbasis Web
130. Perangkat Lunak Sistem Informasi Komersial Distributor Buku CV,Adipura D.I Yogyakarta Berbasis Web
131. Mobile Registration STT Telkom Bandung
132. Pembangunan Perangkat Lunak Untuk Persediaan Hasil Hutan pada PT. Perhutani (Persero) Unit III Jawa Barat KPH Sukabumi
133. Pembangunan Perangkat Lunak Pengelolaan Pengajuan Peminatan Atas Tender pada Dinas Pekerjaan Umum Kabupaten Sidoarjo Berbasis Web
134. Perancangan Sistem Informasi Penjualan Suku Cadang Mobil
135. Perangkat Lunak Aplikasi Pemesanan Kado Online (Studi Kasus di Toko Altari)
136. Sistem Informasi Mahasiswa Berbasis Web di Lembaga Pusat Tutorial dan Pelayanan Mahasiswa (LPTPM) Universitas Terbuka Unit Bandung Utara
137. Perangkat Lunak Sistem Informasi Keuangan BMT Bina Dhuafa Beringharjo Yogyakarta
138. Sistem Informasi Penggajian Yayasan Sandhykara Putra Telkom
139. Aplikasi Pemesanan Pementasan Seni Wayang Golek Giriharja 3 Basis Web
140. Sistem Pendukung Pengambilan Keputusan Rekrutasi Calon Karyawan Bank BNI Padang
141. Sistem HRM (Human Resource Management) Terpusat Dengan Menggunakan Jaringan Internet Untuk Multi Holding
142. Perancangan Perangkat Lunak Rapat Online
143. Perangkat Lunak Sistem Informasi Monitoring Dakwah di PUSDAI Jawa Barat
144. Aplikasi Penjadwalan Pengajaran Menggunakan Algoritma Genetika (Contoh Kasus SMU 14 Bandung)
145. Sistem Informasi Kost di Bandung Berbasis Web
146. Perangkat Lunak Pengontrolan Trafik pada Perangkat Sentral EWSD
147. Aplikasi Penilaian Prestasi Kerja Karyawan di Kandatel Garut
148. Perangkat Lunak Visualisasi Pengerjaan Intruksi Mesin 8088 untuk Pengajaran BPTR
149. Aplikasi Bantu Pentarifan Dasar Payroll dalam Implementasi SAP/R3 pada PT. Telekomunikasi Indonesia Tbk
150. Sistem Pendukung Pengambilan Keputusan Penyeleksian Pemberian Kredit Bagi Distributor Lokal Area Lumbung Dolog Jombang
151. Sistem Pelayanan Informasi Olah Raga Berbasis Short Message Service (SMS) Di Radio Paramuda Fm
152. Perangkat Lunak Sistem Informasi Jasa Travel Pariwisata
153. Perancangan Aplikasi Bimbingan Tugas Akhir Secara Online
154. Perangkat Lunak Sistem Administrasi Test Toefl Lab. Bahasa STT Telkom
155. Pembangunan Perangkat Lunak Sistem Informasi Inventory Control PT. Fdk Indonesia
156. Pembangunan Perangkat Lunak Sistem Informasi Akademik STT Telkom Berbasis Web
157. Aplikasi Sistem Informasi Departement Front Office Di Hotel Kharisma Cirebon Berbasis Web
158. Aplikasi Tutorial Cara Cepat Belajar Membaca Al Qur’an pada Anak Berbasis Multimedia
159. Perangkat Lunak Pemodelan 3d Dengan Menggunakan Metode Nurbs
160. Sistem Pendukung Pengambilan Keputusan Pemilihan SLTA Untuk Usms Di STT Telkom
161. Sistem Informasi Keuangan Pada Unit Simpan Pinjam Di Pusat Koperasi Karyawan Daerah Istimewa Yogyakarta
162. Perancangan Sistem Informasi Di Penerbit Buku Sinar Baru Pada Bagian Pemasaran Berbasis Web
163. Sistem Pendukung Pengambilan Keputusan Seleksi Penerima Beras untuk Keluarga Miskin (Raskin) Studi Kasus : Kelurahan Bandarharjo Kodya Semarang
164. Sistem Informasi Geografis (SIG) Pemantauan Status Gizi Balita Kab. Bandung
165. Sistem Informasi E-Commerce PT. Mqs Daarut Tauhid
166. Aplikasi MSALES dengan Menggunakan MIDLET pada Perangkat CLDC
167. Simulasi Bisnis Manufaktur dengan Fuzzy Logic Metode Hoxley
168. Pembangunan Perangkat Lunak Sistem Informasi Pelayanan Purna Jual Produk Cpe (Costumer Premise Equipment) Pt,Inti
169. Aplikasi Perangkat Lunak Pendokumentasian Arsip
170. Perangkat Lunak Sistem Informasi Hotel Papandayan Jakarta
171. Perangkat Lunak Sistem Informasi Divisi Perkapalan Di Pt,Pelayaran Korindo Berbasis Web
172. Penggambaran Obyek-obyek 3D dengan Metode Koleksi Obyek
173. Sistem Pakar Untuk Konsultasi Kesehatan
174. Pembangunan Perangkat Lunak Toko Online
175. Aplikasi Bursa Kerja Bidang Teknologi Informasi Berbasis Web
176. Perangkat Lunak Sistem Informasi Administrasi Akademik netMaster Institute
177. Sistem Informasi Administrasi Pajak Bumi dan Bangunan Berbasis Web di Kantor Dinas Pelayanan Pajak Bumi dan Bangunan Bandung Satu
178. Pembangunan Perangkat Lunak Administrai Persewaan Gedung Di Taman Budaya
179. Sistem Informasi Administrasi Dan Perawatan Pelayanan Tahanan Dan Narapidana
180. Tes Online Berbasis Text Mode Menggunakan Unix Shell Programming
181. Pembangunan Perangkat Lunak Pengelolaan Asuransi Mobil Berbasis Web di PT. Asuransi Raksa Pratikara
182. Perangkat Lunak Administrasi Keanggotaan Berbasis Web di Koperasi Mahasiswa STTTekom Bandung
183. Perangkat Lunak Sistem Informasi Pengelolaan Keuangan
184. Sistem Informasi Akademik TPB STT Telkom Berbasis Web
185. Perancangan Sistem Informasi Berbasis Web Tempat Rehabilitasi Pecandu Narkoba Di Jawa Barat
186. Perangkat Lunak Ensiklopedi Pesawat Tempur Bermesin Jet Produksi Amerika Berbasiskan Multimedia
187. Perangkat Lunak Sistem Informasi Pemeliharaan Lokomotif Di PT. Kereta Api
188. Pengelolaan Data Saham Anggota Usaha Bersama (UB) Sumber Rejeki
189. Pembangunan Perangkat Lunak Administrasi Hak-hak Atas Tanah untuk Notariat
190. Pembangunan Perangkat Lunak Sistem Informasi Penjualan Dan Inventarisasi Suku Cadang Mobil Di Toko Bangkit Jaya Motor Karangampel Berbasis Web
191. Perangkat Lunak Logistik di POLWIL Priangan Garut
192. Aplikasi Komunitas Buku Berbasis Web
193. Perancangan Sistem Informasi Manajemen pada Agen Koran dan Majalah (Contoh Kasus Rajab Agency Bandung)
194. Sistem Informasi Kemahasiswaan untuk Unit Kegiatan Mahasiswa STT Telkom Berbasis Web
195. Pembangunan Perangkat Lunak Pengelolaan Inventaris Kendaraan Bermotor Berbasis Web Di PT. Telkom Area Pelayanan Jambi
196. Pembangunan Perangkat Lunak Rekam Medis Rs Santo Yusup Berbasis Web
197. Perangkat Lunak Aplikasi Sistem Informasi Pendidikan dan Pelatihan Yayasan Penyantun Wiyata Guna
198. Sistem Pendukung Pengambilan Keputusan Pemilihan Mahasiswa Melalui Jalur USMS Di STT Telkom
199. Aplikasi Riset Pasar Dalam Bidang Telekomunikasi Di PT. Inti
200. Perangkat Lunak Sistem Informasi Pengelolaan Suku Cadang Krl Di PT. Kereta Api Bandung
201. Sistem Informasi Penjualan Perhiasan (Studi Kasus : Damai Jaya)
202. Sistem Informasi Geografis (SIG) Pemantauan Tingkat Kerawanan Aktivitas Gunung Berapi Propinsi Jawa Barat
203. Perancangan Perangkat Lunak Sistem Informasi Inventarisasi pada PT. PINDAD Persero
204. Career Development Centre Online
205. Sistem Informasi Kemahasiswaan untuk Himpunan Mahasiswa STT Telkom
206. Perancangan Sistem Informasi Pengelolaan Pengalokasian Dan Penyaluran Dana Dan Dompet Dhuafa Replubika Bandung Berbasis Web
207. Aplikasi Bank Darah Berbasis Web (Studi Kasus Pmi Cab Kotamadya Bandung)
208. Sistem Pendukung Pengambilan Keputusan Seleksi Calon Mahasiswa Akper Muhammadiyah
209. Sistem Informasi Pemesanan Dan Pembayaran Hotel Berbasis Web
210. Sistem Informasi Pengelolaan Dokumen Technical Publication di Bagian Konfigurasi dan Data management SBU-Helicopter PT. Dirgantara Indonesia
211. Perangkat Lunak Sistem Informasi Pemesanan dan Penjualan Koperasi Pegawai Telkom Bogor Berbasis Web
212. Sistem Informasi Kegiatan Pembangunan Pemerintah Daerah (Studi Kasus pada Pemerintah Daerah Tingkat II Demak)
213. Aplikasi Pendukung Sistem Informasi Keuangan Regina Cafe & Restaurant
214. Sistem Informasi Pemasaran Berbasis Web PT. Pertamina (Persero) UPMS I Cabang Pemasaran Pekan Baru
215. Aplikasi Penyusunan Neraca Produksi Pemerintah Propinsi Jawa Barat untuk Perhitungan PDB/PDRB (Produk Domestik Bruto/Produk Domestik Regional Bruto)
216. Aplikasi Pendukung Sistem Informasi Penjualan dan Pergudangan pada Toko Koperasi Obor Bima
217. Aplikasi Layanan Pasca Proyek pada PT. Samudra Aplikasi Indonesia (SAI)
218. Perangkat Lunak Administrasi Kredit di Bank Jabar Cabang Sukabuni
219. Sistem Informasi Pelayanan Wisma Remaja GKPRI Jawa Barat
220. Pembangunan Perangkat Lunak Yield Management di Hotel Ibis Tamarin
221. Aplikasi Penjualan dan Pengadaan Barang di Griya Wanita Boutique
222. Sistem Informasi Manajemen Arsip Kendaraan Bermotor
223. Aplikasi Perangkat Lunak Penjurusan untuk Siswa SMU
224. Pembangunan Perangkat Lunak Sistem Penjualan dan Pengadaan Barang di Gudang (Studi Kasus pada Hemart Retail Indonesia)
225. Perangkat Lunak Administrasi Pembedahan di Instalasi Bedah Sentral RSUD Saiful Anwar malang
226. Sistem Informasi Pasar Komoditi Pertanian Berbasis Web
227. Perangkat Lunak Distribusi Gas Elpiji dan Air Mineral pada U.D. Karya Jaya
228. Sistem Informasi Penanganan Persoalan Perempuan Korban Kekerasan Berbasis Web (Studi Kasus di Institut Perempuan Bandung)
229. Aplikasi Pengaturan Antrian dan Pemanggilan Pasien pada Unit Pelayanan Pasien Rawat Jalan RSUD Muragan Yogyakarta
230. Aplikasi Administrasi dan Distribusi Penjualan Koran pada Harian Umum Pikiran Rakyat
231. Perangkat Lunak Pelayanan Rawat Inap RS Al Islam
232. Sistem Informasi Inventory Control Gudang ATK Perusahaan Surat Kabar Pikiran Rakyat Bandung
233. Aplikasi Penjualan Barang dan Simpan Pinjam KPN Bahtera Kencana BKKBN Kabupaten Tulungagung Berbasis Web
234. Sistem Controlling Informasi Running Text Melalui Aplikasi WAP
235. Pembangunan Shell Sistem Pakar Klasifikasi dengan Representasi Decision Tree
236. Aplikasi Pendukung Sistem Informasi Keuangan CV. Evy Beatrec
237. Sistem Informasi Asset Alat Produksi Sentral di Bidang Umum Telkom Divre II Jakarta Berbasis Web
238. Perangkat Lunak Absensi Mesin Smart Card dilingkungan Intranet PT. Indosat Gedung Wismantara Berbasis Web
239. Perangkat Lunak Pembantu Penggunaan Komputer Bagi Tuna Netra
240. Sistem Informasi Pengiriman Barang DFA Express Bandung Berbasis Web
241. Aplikasi Pengingat Jadwal Periksa Medis Berbasis Short Message Service (SMS) di Klinik Pramita Laboratorium
242. Pembuatan Perangkat Lunak Sistem Informasi Persewaan Barang pada PD. Kharizma Baru
243. Aplikasi Monitoring Pelaksanaan Proyek di CV. Samudra Aplikasi Indonesia (SAI)
244. Perangkat Lunak Administrasi Akademik di Lembaga Pendidikan Mulya Mitra College Divisi Komputer
245. Monitoring Order Perbaika Divisi Maintenance Service Center (MSC) PT. Telkom Berbasis Web
246. Perangkat Lunak Penjualan dan Pengadaan Barang di AA Motor
247. Pembuatan Perangkat Lunak Sistem Informasi Penyediaan Barang dan Penjualan PD. Setiadi Jaya Rubber Bandung
248. Aplikasi Perancangan Jaringan dengan Standard UMTS di Bandung
249. Sistem Informasi Pergudangan di Kantor Dirjen Bea Cukai Semarang
250. Perangkat Lunak Kepenghunian Asrama di Lingkungan Intranet STT Telkom
251. Pembangunan Perangkat Lunak Pemantau Fungsionalitas Elemen Jaringan di MSC PT. Telkomsel Regional IV Bandung
252. Pembangunan Perangkat Lunak Reminder Surat Dinas di PT. Telkom
253. Aplikasi Penjualan Buku di Toko Buku Perdana
254. Perangkat Lunak Pemasaran Percetak PT. Karya Kita Bandung
255. Sistem Informasi Panti Asuhan Yatim Piatu Taman Harapan Muhammadiyah Berbasis Web di Buah Batu
256. Aplikasi Administrasi dan Pembelajaran Lembaga Bimbingan Belajar Nurul Fikri Bandung Berbasis Web
257. Perangkat Lunak Administrasi Instalasi Gawat Darurat Rumah Sakit Al Islam
258. Aplikasi Sistem Pakar Pemilihan Printer dan Monitor Bagi Customer di HEXA COMPUTER
259. Perangkat Lunak Administrasi dan Tes Penempatan Siswa di LBPP LIA Berbasis Web
260. Pembangunan Perangkat Lunak Manajemen Proyek (Software Project Management) Berbasis Web
261. Perangkat Lunak Pemasangan Iklan Majalah dan Surat Kabar Secara Online pada CV Citama Advertising Yogyakarta
262. Aplikasi Mobile Shop (Toko Bergerak) Berbasis WAP dengan Studi Kasus Cellular Shop
263. Track Reporting Software
264. Aplikasi Pengadaaan dan Penjualan Komputer & Asesoris Berbasis Web
265. Perangkat Lunak Lembar Informasi Ketenagakerjaan Propinsi jawa Barat Berbasis Web
266. Aplikasi Penyedia Layanan Pemesanan Perjalanan dan Konsultasi Haji dan Umroh pada PT. Rama Tour & Travel Berbasis Web
267. Aplikasi Pendukung Pembayaran Pajak Penghasilan Berbasis WAP pada Kantor Pelayanan Pajak di Bandung
268. Sistem Keamanan Pengiriman Short Message Service (SMS) Berbasis Java pada Telepon Seluler
269. Aplikasi Bimbingan Belajar Jarak Jauh Berbasis Web
270. Aplikasi Web Pendukung Manajemen SDM Berbasiskan Kompetensi di Bank Mandiri Jakarta
271. Sistem Pakar Akupressure
272. Aplikasi Tes Toefl On Line pad Laboratorium Bahasa STT Telkom Berbasis Web
273. Pembangunan Aplikasi Try Out Online SPMB
274. Aplikasi Pelaporan Manajemen Berbasis Web Studi Kasus : Sub Direktorat Telecommunication and MIDI Marketing PT. Indosat
275. Pembangunan Perangkat Lunak Pengelolaan Obat dan Alat Kesehatan di Apotik Mega Farma Singkawang
276. Perangkat Ajar Dreadlocks Hairstyle
277. Aplikasi Katalog Islam Dinamis Berbasis Web
278. Sistem Informasi Pengolahan Transaksi Asuransi Jiwa Berbasis Web pada AJB Bumiputera 1912
279. Aplikasi Hasil Psikotest Mahasiswa STT Telkom Bandung
280. Perangkat Lunak Pengelolaan Data Peserta Uji Ketrampilan pada Subdinas Peningkatan Kualitas Tenaga Kerja dan Purna Kerja Berbasis Web (Studi Kasus di Dinas Tenaga Kerja & Transmigrasi Jawa Barat)
281. Aplikasi Penghitungan Kredit Poin untuk Pengajuan Kenaikan Pangkat Guru (Studi Kasus di Dinas Pendidikan Daerah Kot Solok)
282. Pembangunan Perangkat Lunak Administrasi Poli Mata di Instalasi Rawat Jalan RSUD Dr. Haryoto Lumajang
283. Aplikasi Pendukung Hasil Survei Khusus Pemotongan Ternak Propinsi Jawa Barat
284. Aplikasi Short Message Service (SMS) untuk Mendukung Layanan Informasi Tagihan Listrik Studi Kasus PT. PLN Persero Bandung
285. Perangkat Lunak Bantu Belajar (Studi Kasus Pelajaran Fisika SLTP)
286. Pembangunan Perangkat Lunak Medical Checkup RS ST. Borromeus Bandung
287. Perangkat Lunak Wajib Lapor Ketenagakerjaan Berbasis Web pada Dinas Tenaga Kerja dan Transmigrasi
288. Perangkat Lunak Sistem Informasi Subbagian Kepegawaian Dinas Perhubungan Propinsi Jabar
289. Perangkat Lunak Pengolahan Anggaran Keuangan Dinas Pendidikan Kecamatan Pengasih
290. Sistem Informasi Pendayagunaan Aset Setjen Departemen Pendidikan Nasional Berbasis Web
291. Sistem Pembuat Janji Dosen dan Mahasiswa dengan Teknologi Web dan WAP
292. Aplikasi Pengiriman Medical Report ke Short Message Service (SMS) dan Email di Laboratorium Klinik Prodia
293. Aplikasi Perpanjangan Izin Kerja Tenaga Asing (IKTA) Berbasis Web
294. Perancangan dan Implementasi Sistem Informasi SPMB STTTelkom Berbasis Computer Telephony Integration
295. Informasi Tagihan Listrik Berbasis WAP Studi Kasus di PT. PLN (Persero) Bandung Selatan
296. Sistem Layanan Pelanggan Orlen Car Wash PT. Orlen Prima Sejahtera
297. Buku Elektronik Berbasis Web Pelajaran Ilmu Pengetahuan Alam Kelas 6 Sekolah Dasar Bab Makhluk Hidup
298. Aplikasi Pemesanan Tiket Bioskop 21 Cineplex Bandung Berbasis WAP (Wireless Application Protocol)
299. Aplikasi Kemitraan Inti Plasma pada Koperasi Peternakan Unggas Berbasis Web
300. Aplikasi Pemesanan dan Pengingat Jadwal Kunjungan Klinik Perawatan Wajah Natasha Skin Care Bandung Menggunakan Layanan SMS
301. Aplikasi IQ Test Berbasis WAP
302. Aplikasi Pendukung Keamanan Hasil Pemeriksaan (Studi Kasus : Laboratorium Klinik Sigma Galatika Indonesia)
303. Perangkat Lunak Tuntunan Shalat Wajib untuk Remaja Berbasis Multimedia
304. Perangkat Lunak Pengawasan Panjar dan Tagihan (Waspat) Berbasis Web untuk Divisi Keuangan pada PT. Telkom Bogor
305. Aplikasi Pelayanan Information Jadwal, Nilai dan Registrasi Berbasis WAP
306. Reservasi Tiket Mobile Garuda Indonesia Citilink
307. Pembangunan Aplikasi Pemesanan Food and Drink On Line di Pizza Hut Bandung dengan WAP
308. Aplikasi Informasi Beasiswa Berbasis Web dan Via SMS
309. Aplikasi Pendukung Survei Indikator Ekonomi Propinsi Jawa Barat
310. Perangkat Lunak Pengelolaan Data Sentra Produksi Sayuran di Dinas Pertanian dan Tanaman Pangan Jawa Barat (Studi Kasus di Dinas Pertanian dan Tanaman Pangan Daerah Jawa Barat)
311. Aplikasi Pendukung Sistem Informasi Inventory Control System (ICS) Bagian Buku di Alifa Moslem’s Shopping Center
312. Perangkat Lunak Pengelolaan Data Dana SPP SMU Negeri 1 Bandung Berbasis Web
313. Aplikasi Short Message Service (SMS) Informasi Pemutaran Film dan Pemesanan Tiket Bioskop
314. Aplikasi Pengolahan Hasil Pemeriksaan Laboratorium Mikrobiologi R.S. DR M Djamil Padang
315. Aplikasi Pengelolaan Data Pegawai PT. Asean Aceh Fertilizer Berbasis Web
316. Aplikasi Inventori Barang Kebutuhan Produksi di Departemen Logistik PT. Asean Aceh Fertilizer Berbasis Web
317. Aplikasi Administrasi Markom (Marketing dan Komunikasi) Studi Kasus di Rumah Zakat DSUQ Bandung
318. Aplikasi Perhitungan Pajak Kendaraan Bermotor pada Kantor Samsat UPTD Pajak Daerah Wilayah III Propinsi Lampung di Kotabumi Lampung Utara
319. Aplikasi untuk Pelayanan Informasi dan Pengingat Peserta Qurban Berbasis Short Message Service (SMS) Studi Kasus di Divisi Qurban Rumah Zakat Indonesia DSUQ Pusat Bandung
320. Web Service Penyedia Layanan Validasi Pengajuan Kartu Kredit
321. Aplikasi Administrasi Perpustakaan Berbasis Web SMU Negeri 1 Bandung
322. Aplikasi Sistem Penggajian Studi Kasus di CV. Delta Jaya Surabaya
323. Aplikasi Pengelolaan Beasiswa Divisi Pendidikan di Rumah Zakat Indonesia DSUQ Berbasis Web
324. Perancangan dan Implementasi Aplikasi Keuangan Kopma STT Telkom
325. Perangkat Lunak Untuk Mendukung Sistem Informasi Curanmor Polres Cimahi Berbasis Web
326. Perancangan dan Implementasi Aplikasi Layanan Delivery Service Pemesanan Makanan Berbasis J2ME Studi Kasus di Hoka - Hoka Bento
327. Penggunaan E-Commerce pada Aplikasi Penjualan Adidas
328. Perangkat Lunak Sistem Informasi Akademik S2 STT Telkom Berbasis Web
329. Sistem Pakar untuk Diagnosis Penderita HIV/AIDS
330. Perangkat Lunak Monitoring Pertumbuhan Penduduk di Kecamatan Polokarto
331. Aplikasi Pentarifan Biaya Pengiriman Barang pada Perusahaan Cargo Royal Brunei di Denpasar Bali
332. Aplikasi Berlangganan Koran Menggunakan Layanan SMS (Studi Kasus di Mitra Bisnis (Group Pikiran Rakyat))
333. Perancangan dan Implementasi Aplikasi Layanan Telkom Info Berbasis Teknologi WAP Studi Kasus di PT. Telekomunikasi Indonesia Divre III STO Dago
334. Aplikasi Layanan Informasi Jadwal Keberangkatan dan Pemesanan Tiket di PT. Pahala Kencana Bandung Berbasis SMS
335. Sistem Pemesanan Taksi dengan Menggunakan SMS
336. Perangkat Lunak Monitoring Pengiriman Paket Pad CV. Bandung Express
337. Aplikasi Administrasi Pajak Penghasilan Studi Kasus Kantor Pelayanan Pajak Tasikmalaya
338. Sistem Informasi Gerakan Kakak Asuh BMT Al Amin STT Telkom
339. Aplikasi Pendaftaran Periksa Medis di Rumah Sakit Petrokimia Gresik Menggunakan Layanan SMS
340. Perangkat Lunak Operasional dan Keuangan di Look Design
341. Aplikasi Manajemen SPPD (Surat Perintah Perjalanan Dinas) Studi Kasus PT. Telekomunikasi Indonesia Divre V Kandatel Madiun
342. Aplikasi Pengelolaan Meeting Room di Grand Hotel Preanger
343. Alat Bantu Pembuatan Buku Raport Siswa yang Dilengkapi Sistem Pendukung Pengambilan Keputusan Pengurutan Ranking di SD Negeri Cijoho II Kuningan
344. Aplikasi Administrasi ZISWAF (Zakat, Infaq, Wakaf) Studi Kasus Rumah Zakat DSUQ Bandung
345. Aplikasi Pendistribusian Rokok Berbasis Web di PT. Panamas Malang
346. Aplikasi Pendaftaran Penduduk dan Pencetakan Dokumen Kependudukan Berbasis Web
347. Perangkat Lunak Administrasi Peminjaman dan Penjualan Barang di Koperasi Karyawan RS Bayukarta (Kopkar RSB)
348. Aplikasi SMS untuk Mendukung Layanan Informasi Nilai dan Jadwal Kuliah di Fakultas MIPA UNESA
349. Aplikasi Pengelolaan Transaksi di Theodore.co Bandung
350. Aplikasi Penentuan Kenaikan Kelas dan Jurusan Siswa SMAN 1 Bandung
351. Aplikasi Layanan Informasi Perawatan dan Perbaikan Body serta Aksesoris Mobil di Wahana Auto Care Berbasis Web
352. Sistem Pemesanan Tiket Kereta Api Eksekutif Turangga dan Argo Willis Berbasis SMS di Stasiun Hall Bandung
353. Sistem Pengelolaan Inventaris Kendaraan Bermotor PT. Telkom Kandatel Bandung
354. Aplikasi Pemesanan Rental Mobil Hafa Yogyakarta dengan Layanan Web dan WAP
355. Aplikasi Perangkat Lunak untuk Pengelolaan Data Keanggotaan dan Inventarisasi Unit Kerja Mahasiswa Racana Soedirman
356. Aplikasi Pengolahan Data Keuangan Usaha Toko Badan Keuangan Muslim (BKM) STT Telkom Berbasis Web
357. Sistem Pengelolaan Data Nilai SLTPN 1 Tulungagung Berbasiskan Web dan SMS
358. Aplikasi Penerimaan Mahasiswa Baru STT Telkom Via WAP
359. Perangkat Lunak Bantu Pembayaran Klaim Asuransi Kendaraan Bermotor PT. Asuransi Berdikari Bandung
360. Aplikasi Bantu Penjadwalan Order Distribusi Produk di PT. Sampoerna Transport Nusantara Berbasis Web
361. Aplikasi Penghitungan Zakat pada Perangkat Mobile dengan Menggunakan J2ME
362. Perangkat Lunak Pendataan Penduduk pada Badan Pusat Statistik Jawa Barat
363. Pemesanan Tiket Pesawat Terbang via SMS
364. Sistem Pendukung Keputusan Kelompok Pemilihan Mahasiswa Berprestasi di STT Telkom dengan Metode Promethee
365. Aplikasi Administrasi Data Perkebunan Tebu Pabrik Gula Tersana Baru
366. UKM Band STT Telkom Community Web
367. Aplikasi Web Portal Pondok Pesantren Shiddiqiyyah Jombang
368. Sistem Monitoring Realisasi Anggaran dan Performansi Kerja dalam Program Rehap PT. Telkom Kandatel Jakarta Timur
369. Aplikasi Web Penunjang Perkuliahan (Studi Kasus D3 Jurusan Teknik Informatika STT Telkom)
370. Aplikasi Pencarian Jarak Terdekat Obyek Wisata yang Berada Disekitar User Berbasis WAP (Studi Kasus : Daerah Kunjungan Wisata di Bandung)
371. Sistem Informasi Geografis (SIG) Pariwisata Jawa Barat
372. Payment Gateway Via SMS
373. Perangkat Ajar Pembelajaran Bermain Gitar Berbasis Multimedia
374. Pemetaan Jaringan Pipa Air Bersih PDAM Kota Bandung Wilayah Bojonegara Studi Kasus pada Perusahaan Daerah Air Minum Kota Bandung
375. Aplikasi Tel69 Berbasis Web (Studi Kasus di Kancatel Blitar)
376. Pembangunan Perangkat Lunak Administrasi Geladi STT Telkom Berbasis WAP
377. Perangkat Lunak Bantu Pengadministrasian Data Warkom Berbasis Web Studi Kasus PT. Telkom Jakarta Pusat
378. Perangkat Lunak Reservasi Hotel Shangri La Berbasis WAP
379. Aplikasi Bisnis Kemitraan UFO (BKB UFO) Berbasis Web
380. Perangkat Lunak Case Tool Skema Normalisasi
381. Sistem Pendukung Pengambilan Keputusan Penentuan Prioritas Kriteria Kualitas Perguruan Tinggi Swasta
382. Perancangan Dan Implementasi Sistem Perpustakaan Pada Media Handphone Berbasis J2ME Menggunakan Simple Object Access Protocol(SOAP)
383. Sistem Navigasi Kota Dengan Menggunakan GPS
384. Manajemen Pengetahuan Tugas Akhir Mahasiswa Berbasis Ontologi dan Semantik (2005-on Progress)
385. Sistem Pendukung Keputusan Perencanaan Strategi Promosi Pemasaran SLJJ
386. Sistem Pendukung Pengambilan Keputusan Pemberian Bantuan Dana Bagi Organisasi Kemahasiswaan di STT Telkom
387. Perbandingan Perfomansi SOAP dan XML-RPC sebagai Message Interchange pada Teknologi Web Service
388. Sistem Pendukung Pengambilan Keputusan Peserta Co-op di PT. Telkom
389. Internal Control Online Proses Bisnis SOA 302 & 404 PT. Telekomunikasi Indonesia, Tbk (2005-on Progres)
390. Pemfilteran Email Spam Menggunakan Metode Pembeda Markov
391. Sistem Pendukung Keputusan Undangan Saringan Masuk STT Telkom (USMS) dengan
392. Metode Technique for Order Preference by Similarity to Ideal Solution (TOPSIS)
393. Sistem Pendukung Pengambilan Keputusan Untuk Analisis Pergerakan Harga Saham
394. Analisa Perbandingan E-Commerce Dengan Kolaborasi Antara E-Commerce Dan Epinion (Studi Kasus : IDC Nusantara INTI)
395. Sistem Pendukung Pengambilan Keputusan Penentuan Prioritas Pengembangnan Industri Kecil Menengah di Kabupaten Bangkalan Madura
396. Sistem Pendukung Pengambilan Keputusan Pengukuran Kinerja Sdm Dengan Pendekatan Hr Scorecard (Studi Kasus : PT. AQS JAWA BARAT)
397. Sistem Pendukung Pengambilan Keputusan Penentuan Prioritas Daerah Tujuan Transmigrasi Bagi Calon Transmigran Dari Propinsi Jawa Barat
398. Sistem Pendukung Keputusan Pengukuran Kinerja Proyek Non Fisik Menggunakan Metode Control Project Management Dan Ahp Di Disnakertrans Jawa Barat
399. Sistem Pendukung Pengambilan Keputusan Seleksi Pengangkatan Calon Kepala Sekolah Smp/Sma Negeri Pada Dinas Pendidikan Dan Olahraga Daerah
400. Aplikasi Business Plan Online Dengan Sistem Pendukung Pengambilan Keputusan Untuk Tracking Dan Peningkatan Performansi Perusahaan
401. Sistem Pendukung Keputusan Persetujuan Pemeriksaan Pajak Rutin
402. (Studi Kasus Direktorat Jenderal Pajak Kantor Wilayah Jawa Bagian Barat II)
403. Implementasi Sistem Pendiagnosa Interoperabilitas Pada Web Services
404. Implementasi Web Service Untuk Menambah dan Mengurangi Service Pada Web Service Lain
405. Implementasi Metode Implicit Rating Untuk Menentukan User Interest Terhadap Informasi Pada Web Page
406. Sistem Pendidikan SMU Terintegrasi dengan pengenalan sidik jari dan sms gateway (2005)
407. Aplikasi Pencatatan Kehadiran Mahasiswa Menggunakan Sidik Jari Studi Kasus STT Telkom
408. Sistem Pendukung Pengambilan Keputusan Pengukuran Kontribusi Teknologi Voip PT. Telkom Dengan Model Teknometrik (Study Kasus: Divisi Multimedia Subdivisi Voip)
409. Detection Cells Capacity Problem
410. Pembangunan Jaringan Dokumen Menggunakan Query-Dependent PageRank {2005-on Progress}
411. Sistem Pendukung Pengambilan Keputusan Penentuan Prioritas Implementasi Sistem Informasi Pada Disnaker Kabupaten/Kota (Study Kasus : Disnakertrans Jawa Barat)
412. Analisis dan Implementasi Aplikasi Bursa Kerja di Propinsi Jawa Barat Berbasis Sistem Pendukung Pengambilan Keputusan (SPPK) (Studi Kasus Kota Bandung)
413. Sistem Pendukung Keputusan Penentuan Pembiayaan Usaha Mikro dengan Prinsip Syariah
414. Sistem pendukung pengambilan keputusan pengukuran kepuasan terhadap mutu SLTP menggunakan metode Smart dan Maut (Studi Kasus : Kandepdiknas Manado)
415. Implementasi Perangkat Lunak Manajemen Supply Chain pada Poultry Shop. Studi Kasus: PT. Satwa Unggul PS
416. Implementasi dan Analisis Keamanan Data Pada XML Web Services Dengan Enkripsi SOAP
417. Perangkat Lunak Pengelolaan Kualitas Dan Pengendalian Pencemaran Air Sungai Dengan Metode Storet Dan Indeks Pencemaran (Studi Kasus : Bplhd Propinsi DKI Jakarta)
418. Perancangan dan Implementasi Perangkat Lunak Pengkonversi Not Balok Kunci G dengan Menggunakan Metode Statistik
419. Pembaca Quick Response Code Menggunakan Perangkat Mobile Berbasis Sistem Operasi Symbian
420. Analisis dan Implementasi Aplikasi Survey Data Pelanggan PLN Menggunakan PDA dan GPS
421. Sistem Informasi Pendayagunaan Aset Setjen Departemen Pendidikan Nasional Berbasis Web
422. Sistem Pengelolaan Data Nilai SLTPN 1 Tulungagung Berbasis Web Dan Sms
423. Jaringan Pipa Pelanggan Air Bersih PDAM Kota Bandung
424. Sistem Pendukung Pengambilan Keputusan Perencanaan Strategi Telkom Risti Bandung
425. Aplikasi Penyusunan Neraca Produksi Pemerintah Propinsi Jawa Barat untuk Perhitungan PDB/PDRB
426. (Produk Domestik Bruto/Produk Domestik Regional Bruto)
427. Aplikasi Katalog Islam Dinamis Berbasis Web
428. Aplikasi Penghitungan Kredit Poin untuk Pengajuan Kenaikan Pangkat Guru (Studi Kasus di Dinas Pendidikan Daerah Kota Solok)
429. Aplikasi Pendukung Hasil Survei Khusus Pemotongan Ternak Propinsi Jawa Barat
430. Perangkat Lunak Bantu Belajar (Studi Kasus Pelajaran Fisika SLTP)
431. Perangkat Lunak Wajib Lapor Ketenagakerjaan Berbasis Web pada Dinas Tenaga Kerja dan Transmigrasi
432. Aplikasi Pendukung Survei Indikator Ekonomi Propinsi Jawa Barat
433. Sistem Informasi Inventory Control Gudang ATK Perusahaan Surat Kabar Pikiran Rakyat Bandung
434. Analisis dan Simulasi Channel Switching Pada Mobile Live Multi-Channel TV Streaming
435. Business Process Improvement Sistem Penjadwalan Produksi PT. Samindo Electronics
436. Business Process Reengineering Sistem Pengadaan Kebutuhan Material Untuk Perencanaan dan Pengendalian Produksi
437. Sistem Pakar Anamnesa Keterlambatan Perkembangan Anak
438. Desain Dan Implementasi Sistem Pakar Virtual Psychologist Dalam Mengatasi Stress
439. Visualisasi SSL (Secure Socket Layer) Pada Aplikasi Ecommerce
440. Rancangan Jaringan Komputer Baru Sekolah Tinggi Teknologi Telkom dengan Menggunakan Teknologi Virtual LAN
441. Analisa Perbandingan Koneksi Host to Host Menggunakan Metoda Telnet dan Metoda Messaging Pada Sistem Pembayaran Online di PT. Telkomsel
442. Perangkat Lunak E-Mail Client pada Telepon Genggam Berbasiskan Teknologi J2ME
443. Perancangan dan implementasi sistem citra steganography menggunakan metode transformasi dudex
444. Pembangunan Aplikasi Perhitungan Beban Tugas Dosen Berbasis Web
445. Perancangan dan Implementasi sistem Antrian Bank Pada Transaksi Multiteller berbasis jaringan
446. Pembangunan Sistem Reservasi ASI Tiket kereta dan pesawat menggunakan Wirelles Aplication Protocol (WAP) Service Pada Media Handphone WAP
447. Implementasi Teori Fraktal Pada Kompresi Citra Dengan System Fungsi Iterasi Terpartisi
448. Pengendalian Jarak Jauh Berbasis Short Message Service Sebagai Alat Bantu Pada Sistem Pengendalian Sentral Telepon NEAX
449. Perancangan dan Implementasi Aplikasi Pengoperasian dan Pemeliharaan Sentral Telepon NEAX Berbasis TCP/IP
450. Pembangunan Prototipe Siastem Arbiterasi Mata Uang dengan menggunakan Algoritma Genetika
451. Perangkat Lunak Dokumentasi Desain Terstruktur
452. Implementasi Edge Detection Filtering pada Citra Digital dengan Metode Prewitt Operator dan Sobel Operator
453. Penerapan Elektronik Mail Pada Mobile Phone dengan Menggunakan Wireless Application Protocol
454. Perancangan dan Implementasi Teknik Watermarking pada citra Digital menggunakan Blowfish dan Message Digest 5
455. Aplikasi Algoritma SKIPJACK Terhadap Penyandian Data
456. Penajaman Sisi Citra Menggunakan Metode Fourier Phase Only Synthesis dengan pembetulan Fase
457. Implementasi CORBA Pada Aplikasi Client - Server Berbasis Web
458. Studi dan Implementasi Algoritma Kriptografi Twofish untuk Penyandian Data
459. Analisa Pemanfaatan Protokol TCP Melalui Media Satelit dan Implementasi Perangkat Lunak Simulasinya
460. Studi dan Implementasi Algoritma Semijoin pada Pemrosesan Query Terdistribusi
461. Implementasi transformasi wavelet pada analisa tekstur untuk identifikasi osteoporosis berdasarkan metode indeks singh
462. Analisa Perbandingan Koneksi Host to Host Menggunakan Metoda Telnet dan Metoda Corba Pada Sistem Pembayaran Online Di PT. Telkomsel
463. Deteksi Sudut Multiskala Dengan Menggunakan Transformasi Wavelet
464. Pendeteksian Sisi menggunakan Isotropic Operator dengan Proses Awal Pemuliaan Citra menggunakan Teknik Manipulasi Histogram
465. Perbandingan Metode Hybrid HMM/MLP dan Metode HMM dalam Proses Pengenalan Ucapan Berbahasa Indonesia.
466. Pendeteksian Wajah Berbasis Jaringan Syaraf Tiruan
467. Pencarian Jalur Teroptimal Dengan Algoritma A* Dan Metoda Akses R+ Tree Dalam Pemrosesan Queri Spasial
468. Pembangunan Aplikasi Online Trading Perusahaan Efek Dalam Bursa Efek Jakarta Berbasis Wireless Application Protocol (Studi Kasus Pada PT. Dinar Sekuritas)
469. Metode Peningkatan Performansi Pada Pengambilan Informasi Latent Semantic Indexing (LSI)
470. Perancangan dan Implementasi Perangkat Lunak Pengkonversi Teks ke Suara dengan Primitif Satuan Bunyi
471. Implementasi Sistim Informasi Geografi untuk Jalur Transportasi Darat Di Wilayah Kodya Bandung
472. Aplikasi Knowledge Management On Line di PDAM Ka. Bandung
473. Perancangan Sistem Informasi Jaringan Sekolah Tinggi Teknologi Telkom Bandung
474. Perangkat Lunak Pengelolaan Warposnet Dengan Menggunakan Metodologi Analisis Dan Perancangan Sistem Terstruktur
475. Segmentasi Citra Digital Menggunakan Algoritma Region Merging dan Representasi Quadtree
476. Analisa Study Topology Jaringan Ring & Mesh Kota Metropolitan dengan Study Kasus Kota Surabaya
477. Pembangunan Perangkat Lunak Sistem Loket Pembayaran Online Dengan Studi Kasus Pembayaran Tagihan PT. Telkomsel
478. Analisa Performansi Filtering Citra Digital Menggunakan Metoda Two-Dimensional Median Filter Dan Multilevel Median Filter
479. Plane Cover Multiple Acces : Pendekatan untuk Memaksimalkan Kapasitas Sistem Selular
480. Simulasi Perbandingan Metode Restorasi Link dan Path Pada Jaringan WDM Bertopologi Mesh
481. Simulasi Pengendalian KA menggunakan Infrastruktur Jaringan GSM
482. Perancangan Dan Implementasi Teknik Watermarking Pada Citra Digital Dengan Metode Fractal
483. Pengembangan sistem Keamanan pada Dial UP Networking Melalui Jalur Telepon Menggunakan Smart Card
484. Desain dan Implementasi Mesin Query Untuk XML
485. Study dan Implementasi Algoritma Kriptografi Misty Untuk Penyandian Data
486. Analisa Forecasting Demand Menggunakan Jaringan Syaraf Tiruan Adaptive Resonance Theory : Studi Kasus Demand Sambungan Telepon Seluler
487. Analisa Algoritma Conflation pada Kata atau Kalimat Bahasa Indonesia
488. Pembuatan Alat Bantu Data Cleansing Pada Komponen Akuisisi Data Warehouse
489. Pengembangan Layanan WAP untuk Sistem Informasi Rute Jalan Raya Menggunakan Algoritma Modified Bi -directional A*
490. Studi Metode Terstruktur Dalam Rekayasa Perangkat Lunak
491. Penerapan Algoritma Genetik Dalam Pendeteksian Multiuser Pada Sistem Komunikasi CDMA
492. Aplikasi Mail Box Dalam Layanan Intranet Berbasis WAP
493. Sistem Pendukung Keputusan Dalam Pengendalian dan Perencanaan Kebutuhan Material Study Kasus Produk Tas Rapino
494. Implementasi Transformasi Karhunen Loeve dan Wavelet dalam Aplikasi Kompresi Citra Multispektral
495. Implementasi Algoritma Kriptograpi MARS untuk Penyandian Data
496. Implementasi M- Commerce Menggunakan WAP Studi Kasus Pemesanan Tiket Bioskop Online
497. Penempatan Kapasitas pada Survivable WDM Network Berdasarkan Skema Partial Path
498. Teknik Kompresi Citra Fraktal Berbasis Metode Two Level Image Partition
499. Data Mining Dengan Algoritma Apriori Pada RDBMS Oracle
500. Media Interaktif Pembelajaran Matematika Untuk Sekolah Dasar Kelas Dua Pada SD Laboratorium Universitas Negeri Malang
501. Aplikasi Sistem Akreditasi Dosen berbasis Web
502. Analisis Unjuk Kerja Network adress Port translator (NAPT) pada Jaringan TCP/IP
503. Analisa dan Implementasi Sintesa Awan dengan Metode Fractal dan Metode Solid Modelling
504. Perancangan dan Implementasi Perankat Lunak sebagai alat bantu Management Proyek
505. Simulasi Query Optimizer
506. Optimasi Concurency Locking
507. Implementasi Kamus Diphone Pada Aplikasi Text To Speech Bahasa Indonesia Dengan Unit Speech Diphone
508. Study dan Implementasi Algoritma Kriptografi RC 6 Untuk Penyandian Data
509. Enkripsi Data Dengan Algoritma Kriptografi Kunci Simetris Menggunakan Metode LOKI 97
510. Analisa Dan Implementasi Manajemen Pengetahuan ( knowledge management ) Pada Sistem Syaraf Digital ( Digital Nervous System)
511. Pembangunan Perangkat Lunak Translator File Midi Menjadi Notasi Musik
512. Pembangunan Perangkat Lunak Contextual Memory Test Sebagai Alat Bantu Dalam Bidang Psikologi
513. Optimasi LZ78 Pada Kompresi Data
514. Perancangan Perangkat Lunak Perhitungan Kebutuhan Bandwidth VoIP untuk Pembangunan Link Antar Kota
515. Perancangan Perangkat Lunak Bank Data Pemerintahan Daerah Berbasis Data Dimensional Secara Online ( Studi Kasus Pada Pemda DKI Jakarta )
516. Aplikasi Layanan Informasi Billing Dan Customer Service Berbasis Wireless Application Protocol (WAP)
517. Algoritma Genetika Untuk Penyusunan Jadwal Kuliah di STT Telkom
518. Pembangunan Perangkat Lunak Untuk Perencanaan Jaringan CCS No. 7 Di Divisi Risti PT. Telkom
519. Analisa Implementasi Mekanisme Recovery Pada DBMS Oracle
520. Perancangan dan implementasi sistem informasi jalan raya menggunakan algoritma BI-Directional A+
521. Implementasi Algoritma Kompresi Hybrid LZ77 Dan RLE Menggunakan Elias Gama Code
522. Algoritma Diffie - Hellman Sebagai Salah Satu Pendukung Kriptografi Kunci Publik
523. Implementasi Penelusuran Balik dari Data View Ke Data Tabel Pada Lingkungan Data Warehousing
524. Implementasi Algoritma DSA Dalam Pembuatan Tanda Tangan Digital
525. Aplikasi Sistem Keamanan Gedung Berbasis SMS
526. Perancangan dan Implementasi Sistem Keamanan Web Dinamis Berbasiskan Penanganan Cookies Sebagai Kunci Enkripsi
527. Pembangunan Prototype Sistem Pembelian KArtu Isi Ulang Melalui Telepon Genggam Berbasis WAP
528. Text To Speech Pada Personal Digital Assistant (PDA) : Kasus Sistem Navigasi
529. Metode Akses Spasial Bersarang Pada Citra Dua Dimensi ( The NR-Tree: A spatial Access Method For Two-Dimensional Image)
530. Analisa Implementasi Run Length Encoding dan Arithmetic Encoding Orde - o pada Kompresi data Berbasis Transformasi Burrow Wheeler
531. Penanganan Asynchronous Read dan Write Data dengan menggunakan Bi-Directional Bounded Buffer pada Aplikasi Multithreading
532. Analisa dan Implementasi Pemecahan Data
533. Ekstraksi Kata Kunci Dokumen Bahasa Indonesia dengan Menggunakan Algoritma Genetika
534. Analisis Pembagian Bandwidth yang Merata Pada Jaringan ATM ABR Dengan Algoritma Switching Erica+
535. Implementasi Modul Pendaftaran Pelatihan Di Intranet PT. Telkom Dengan Menggunakan Teknik Aliran Pekerjaan
536. Sistem Pendukung Pengambilan Keputusan Pengembangan Jaringan Usaha untuk Teknik Pemasaran Networking Marketing
537. Analisis Perbandingan Unjuk Kerja ATM CLS- Reassembly Mode Dengan ATM CLS- Streaming Mode Menggunakan Propotional Rate Control
538. Studi dan Implementasi Algoritma Kriptografi SERPENT Untuk Penyandian Data
539. Interpolasi Citra Digital Menggunakan Jaringan Syaraf Tiruan Metoda Radial Basis Function (RBF)
540. Implementasi Linguistic Analysis pada Text to Speech Bahasa Indonesia dengan unit Ucapan Diphone
541. Website Content Displayer Pada Telepon Seluler dengan Wireless Application Protocol
542. Implementasi Kompresi Citra Warna Fractal Berbasis Recurrent Iterated Function Systems (RIFSs)
543. Simulasi Implementasi Algoritma Ruting Virtual Path pada jaringan ATM berdasarkan konsep eqiuvalent bandwidth
544. Analisis Transaksi SIP (Session Initiation Protocol) untuk IP Telephony dengan menggunakan Proxy Server dan Redirect Server
545. Analisa Interoperabilitas Pemprograman Objek Terdistribusi dengan Menggunakan Arsitektur CORBA
546. Peningkatan Performansi Penggunaan Fasilitas Short Message Service (SMS) lintas Operator dalam jaringan GSM
547. Analisa Implementasi Fuzzy Controller Untuk Mengendalikan Aliran Trafik ABR Pada Jaringan ATM
548. Aplikasi Chatting Berbasis Client/Server Pada Sistem Operasi Linux
549. Perancangan dan Implmentasi Perangkat Lunak Visualisasi Objek Tiga Dimensi dengan Metode Perspektive Projection
550. Sistem Pendukung Pengambilan Keputusan Menentukan Faktor Penyebab Kegagalan Terbesar Mahasiswa, dalam Pengambilan Mata Kuliah Aljabar Linear dengan Metode Analysis Hierarchy Proses
551. Pendeteksian Wajah dengan Pengekstraksian Area Wajah yang Memanfaatkan Ruang Warna LHS
552. Pengukuran Kemampuan Dengan Sistem Manajemen Pembelajaran Menggunakan Metode Asynchronous Learning Networks (ALN)
553. Enkripsi XML ( Menggunakan Algoritma Triple Data Encryption Standard (3 DES) )
554. Simulasi Pembayaran Three Party Dengan Pengamanan Bertingkat Pada E-Commerce
555. Perancangan dan Implementasi Aplikasi Smartcard untuk Sistem Registrasi di STT Telkom
556. Peningkatan Keamanan Jaringan dengan Intrusion Detection System Berbasis Distributed System
557. Implementasi Teknik Data Hiding pada Pembangkitan Citra Fractal dengan Metode Pemfilteran Fourier
558. Perangkat Lunak Visualisasi Objek 3D ‘Landscape’ Dengan Fractal
559. Peningkatan QoS Voice over IP dengan mengimplementasikan FRF -12 pada Frame Relay
560. Implementasi Data Mining untuk Penggalian Kaidah Asosiasi Menggunakan Metode Bottom Up Algoritma Eclat
561. Pengenalan Pola Transaksi Pada Database Transaksi Menggunakan Data Mining Sequential Pattern
562. Desain dan Implementasi Manajemen Jaringan Berbasis Web untuk Jaringan IP (Internet Protocol)
563. Kompresi Citra Berwarna Menggunakan Metode Adaptive Huffman
564. Pembangunan RPC (Remote Procedure Call) Pada UMS (Unified Messaging System)
565. Sistem Realokasi Bandwidth pada XNMS
566. Implementasi Elliptic Curve Cryptosystem pada Program Enkripsi - Dekripsi
567. Implementasi dan Analisa Penggunaan Voice XML dan SOAP pada Aplikasi Pengaksesann Web dan Basis Data Berbasis Voice
568. Routing Bebas Deadlock Dan Bebas Livelock Dengan Algoritma Prefix Routing Pada Jaringan Tak Teratur
569. Analisis Terhadap Kemampuan Pendekatan Berorientasi Objek dalam Mengakomodasi Perubahan Kebutuhan pada Pengembangan Perangkat Lunak
570. Implementasi BPCS- Steganography pada citra digital menggunakan metode Complexity Based Region Segmentation
571. Penciptaan Pengguna Anonim dalam E-Commerce dengan Bantuan Sistem Pihak Ketiga
572. Pemeriksaan Tata Bahasa dalam Kalimat Bahasa Inggris Menggunakan Algoritma Left Corner Parsing
573. Analisa Quality Of Service Jaringan Paket Data GPRS Berdasarkan Mekanisme Retransmisi Selective Repeat
574. Penentuan Posisi Benda Berdasarkan Intensitas Cahaya
575. Pembangunan Prototype Kuis Interaktif Menggunakan Fasilitas Interactive Voice Response (IVR) dengan Studi Kasus di PT. Telkomsel
576. Implementasi, Analisa dan Perbandingan Kompresi Audio MPEG-1 Layer 3, MPEG-2 Advanced Audio Coding dan Wavelet Packet Audio Coding
577. Implementasi Autentikasi Citra Digital menggunakan Watermarks Berupa Has Citra dengan Transformasi Fourier
578. Aplikasi Messaging Agent dengan Menggunakan User Preferences
579. Implementasi Merchant Payment Gateway dan Certificate Authority Pada Transaksi E-Commerce yang Berbasis Smart Card
580. Perancangan dan Implementasi Perangkat Lunak Network Management Berbasis Web untuk jaringan Internet Protokol (IP) dengan menggunakan SOAP dan XML
581. Desain dan Implementasi Text Mining untuk Optimisasi Hasil Query Dengan Teknik Collaborative Filtering
582. Implementasi Honeypot sebagai Alat Bantu Deteksi pada Keamanan Jaringan
583. Perancangan Web Viewer pada PDA ( Personal Digital Assistance ) Berbasis Windows CE
584. Aplikasi Intrusion Prevention System Berbasis Loadable Kernel Module Pada Sistem Operasi Linux
585. Perancangan dan Implementasi Java Applet Decompiler
586. Pengembangan Layanan Monitoring dan Reporting Akses Web Site Berbasis Web dan WAP
587. Implementasi Sistem Basis Data Deductive dengan Intelligent Database Interface
588. Analisa Perbandingan Aplikasi Transformasi Fourier dan Transformasi Wavelet pada Proses Kompresi Citra Digital
589. Implementasi Digital Signature Pada Sistem Keamanan Mobile Banking
590. Analisis Algoritma Duplicate Hash Routing pada Sistem Web Cache Terdistribusi
591. Sistem Informasi Unit Telesales di Citybank
592. Perancangan dan Implementasi Perangkat Lunak Visualisasi Obyek Tiga Dimensi Dengan Metode Hierarchical B-Spline
593. Pemrosesan Bahasa Alamiah Secara Kontekstual
594. Implementasi Algoritma Genetika Klasik Untuk Menyelesaikan Masalah Transportasi Linier Pada Sistem Manufaktur Dengan Menggunakan Algoritma A* Sebagai Masukan Jarak/Cost
595. Implementasi Basis Data Terdistribusi Dengan Fasilitas Recovery Pada Aplikasi Otomasi Perhitungan Fund Managament Di PT. (Persero) Asuransi Kesehatan Indonesia Jakarta
596. Pengenalan Sidik Jari dengan Metoda Circular Sampling
597. Optimasi Proses Packing List dengan Menggunakan Algoritma Genetika
598. Implementasi Sistem Cluster Untuk Optimalisasi Metode Ray Casting
599. Kompresi Citra Warna Lossless dan Near- Lossless dengan Metode Edge Adaptive Quantization
600. Sistem Penjadwalan Perawatan Mesin pada Industri Manufaktur
601. Analisa Perbandingan Performansi IP- Over -ATM dan -IP-Over SONET pada Backbone Internet
602. Intellegent Recommender System Untuk Pemilihan Film Menggunakan Collaborative Filtering Dan Content Based Filtering
603. Aplikasi Pengaturan Trafik Kereta Api Berbasis Intelejensia Buatan Dengan Penjadwalan Design To Criteria Serta Bantuan Komunikasi Melalui SMS
604. Simulasi Kontrol Perangkat Elektronik dengan Bluetooth Menggunakan J2ME
605. Perancangan dan Realisasi SMS Gateway untuk Reservasi
606. Pembuatan Aplikasi Operator Pesan Suara Pada Virtual Phone ( VIPO ) (Studi Kasus Div RisTI PT. Telekomunikasi Indonesia)
607. Deteksi Wajah Menggunakan Filter Gabor Wavelet dan Algoritma Genetik
608. Kompresi Citra menggunakan Metode Statistical Coding
609. Analisa perbandingan Perfomansi Binary Exponential Backoff dan Binary logarithmic Arbitration Method pada teknologi ethernet ( IEEE 802.3 )
610. Implementasi Transformasi Wavelet Pada Kompresi Citra Digital Menggunakan Teknik Pengkodean Recursive Splitting Huffman
611. Analisa Multipoint Relaying pada Optimized Link State Routing Protocol untuk Mobile Ad Hoc Network
612. Studi dan Implementasi Single Sign On Menggunakan LDAP
613. Analisa Perbandingan Performansi Destination-Sequenced Distance-Vektor Routing dan Adhoc On-Demand Distance Vector Routing Pada Adhoc Network
614. Implementasi Transformasi Burrows Wheeler Pada Kompresi Data Dengan Menggunakan Teknik Pengkodean Run Length
615. Simulasi Location Based Service Menggunakan SMS
616. Analisis Data Confidentiality dengan Menggunakan Teknik chaffing and Winnowing
617. Implementasi Elliptic Curves Cryptosystem pada Pembuatan Digital Signature
618. Analisa Implementasi Fuzzy Based Rate Control Pada Real-Time MPEG Video Di Jaringan ATM
619. Perancangan Aplikasi Voice Converence Menggunakan Protokol RTP Pada Jaringan Intranet
620. Pembentukan Panorama dengan Image Mosaicing
621. Analisa Pemilihan Lintasan Pada QOS- Routing dengan Algoritma A*
622. Studi Dan Implementasi Watermarking Untuk Penyimpanan Index Data Pada Gambar Menggunakan Transformasi Wavelet
623. Manajemen Buffer dengan Fuzzy Control Priority pada Asynchronous Transfer Mode (ATM)
624. Analisis Kualitas Layanan Jaringan Internet Melalui Sistem Rekayasa Trafik dengan Mekanisme MPLS
625. Studi Unjuk Kerja Usage Parameter Control (UPC) Pada Jaringan ATM dengan Mekanisme Leaky Bucket
626. Pembuatan Database terpusat dengan Pemodelan Object Relational
627. Perancangan Sistem Pelayanan Rawat Jalan Rumah Sakit Berbasis Smart Card
628. Implementasi Metode Kompresi LZ77 dengan Algoritma Two-Level Hashing
629. Perancangan dan Implementasi Aplikasi Monitoring System Global Area Pada Oracle 8i Untuk Peningkatan Performansi Dengan Tuning Memori
630. Penggunaan Tanda Tangan Digital pada File
631. Pemanfaatan Teknologi Telemetri untuk Informasi Peringatan Dini Banjir
632. Sistem Pendukung Pengambilan Keputusan Menentukan Faktor Kesuksesan Kerja Divisi Pelatihan Telkom (Studi Kasus : Divlat Telkom)
633. Analisis dan Desain Sistem Informasi Apotek Kentungan Yogyakarta
634. Simulasi Virtual Time CSMA/CD Pada Jaringan Broadeast Kanal Tunggal Dengan Menggunakan Sistem Waktu Nyata
635. Perencanaan Tata Guna Lahan dengan Algoritma Genetika
636. Implementasi Remote Network Management pada Router dan Network Interface Card dengan Simple Network Management Protocol
637. Aplikasi Yellow Pages dengan Menggunakan Teknologi J2ME untuk Mobile Devices
638. Implementasi Algoritma BHRA pada Jaringan ATM PNNI Berdasarkan Quality of Service
639. Perancangan dan Implementasi Sistem Perpustakaan pada Media Handphone Berbasis J2ME Menggunakan Simple Object Access Protocol (SOAP)
640. Representasi Data Obyek Tiga Dimensi Berdasarkan Metode Akses R+Tree Dengan Pendekatan Teknik Similarity
641. Repository Partitur Musik Klasik
642. Perangkat Lunak Konfigurasi Packet Filtering Menggunakan Ipchains Dan Iptables Pada Kernel 2.4
643. Simulasi Soft Handoff pada Komunikasi Bergerak dengan Logika Fuzzy
644. Morphing Berbasis Vektor pada Objek Dua Dimensi Berdasarkan Model Extended Circular Image (ECI)
645. Simulation Algoritma Greedy pada Multicast Routing yang Dinamis dalam Jaringan ATM
646. Implementasi Help Desk dengan Instant Messaging Studi Kasus Penanganan Gangguan Komputer di STT Telkom
647. Implementasi dan Analisa RSVP pada Jaringan IP Integrated Service
648. Perancangan Sistem Informasi Geogerfis (SIG) Kependudukan Dan Sosial Ekonomi Pada Daerah Perkotaan Studi Kasus Masalah Daerah Pemukiman Kumuh Di Kota Bandung
649. Aplikasi Mailing List Dan Guess Word Pada Short Message Service
650. Model Pengembangan Teknologi Handset untuk Layanan Teletext
651. Algoritma ANTNET untuk Pencarian Rute Secara Dinamis pada Jaringan Connectionless
652. Kajian Implementasi Konsep Himpunan dan Keanggotaan Fuzzy untuk Pengklasifikasian Objek pada Relational Database Management System
653. Manajemen Sejarah Kerusakan Perangkat Berbasis SNMP
654. Perangkat Lunak Bantu Pendokumentasian Object Basis Data Oracle
655. Editor Visual Pemrograman Berorientasi Objek Berbasis UML
656. Pemodelan Dan Simulasi Sistem Tranportasi Cerdas Pada Peta Jalan Kota Bandung Dengan Pencarian Jalur Optimal Secara Dinamis
657. Studi dan Implementasi Migrator antar - RDBMS
658. Optimasi Sistem Operasi Linux Mini untuk Aplikasi Sistem Embedded
659. Penggunaan Transformasi Wavelet untuk Pendeteksian Mikrokalsifikasi pada Citra Mammogram
660. Perangkat Lunak Untuk Konfigurasi Switch Berbasis Simple Network Management Protocol (SNMP)
661. Sistem Pengaksesan Nilai Perkuliahan Menggunakan Mobile Phone denganTeknologi J2ME (Studi Kasus : Jurusan Teknik Informatika STT Telkom)
662. Deteksi Kemiripan Wajah Menggunakan Logika Samar dan Metode Berbasis Proyeksi
663. Perangkat Lunak untuk Memproteksi File Berekstensi Exe
664. Penentuan Posisi Obyek Secara Kinematik Berdasarkan Format Input Global Positioning System
665. Prediksi Kebutuhan Bandwidth Di Virtual Path Jaringan ATM Menggunakan Algoritma Genetika
666. Perancangan dan Implementasi Sistem Registrasi Kuliah Berbasis SMS di STT Telkom
667. Analisis Perbandingan Packet Scheduling untuk Fair sevice antar Koneksi pada Internet
668. Implementasi Sistem Keamanan Web Services Terpusat Menggunakan XML Signature dan XML Encryption
669. Pengajaran Bahasa Berbasis Komputer untuk Tata Bahasa Inggris (Computer Assisted Language Learning/Call for English Grammar)
670. Prototype Sistem Berbasis WAP dan GPS untuk Reservasi Taksi
671. Analisis Perbandingan Pemrosesan File XML dengan Pendekatan Simple Api for XML (SAX) dan Document Object Model (DOM)
672. Implementasi Algoritma Ant Colony pada Pemecahan Travelling Salesman Problem
673. Penyediaan Layanan pada Perangkat Bergerak Menggunakan Jini
674. Penerapan Algoritma Ant Colony dalam Pemecahan Asymmetric Travelling Sales Problem (Studi Kasus Penentuan Rute pada Antaran Surat Kotak Pos di KP II Bandung)
675. Perancangan Data Warehouse pada Basis Data Nilai Akademik STT Telkom Menggunakan Model Data Star Schema
676. Pembangunan Aplikasi Pengelompokkan Dokumen dengan Metode Suffix Tree Clustering pada kumpulan hasil dari Mesin Pencarian
677. Implementasi Pengawasan Performansi Jaringan Ethernet dengan Menggunakan Remote Network Monitoring Management I
          Top 6 Encryption Tools        
sumber: http://sectools.org/crypto.html

1. GnuPG / PGP : Secure your files and communication w/advanced encryption
PGP is the famous encryption program by Phil Zimmerman which helps secure your data from eavesdroppers and other risks. GnuPG is a very well-regarded open source implementation of the PGP standard (the actual executable is named gpg). While GnuPG is always free, PGP costs money for some uses.

2. OpenSSL : The premier SSL/TLS encryption library
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.

3. Tor : An anonymous Internet communication system
Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, irc, ssh, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features. For a free cross-platform GUI, users recommend Vidalia

4. Stunnel : A general-purpose SSL cryptographic wrapper
The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries.

5. OpenVPN : A full-featured SSL VPN solution
OpenVPN is an open-source SSL VPN package which can accommodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. OpenVPN implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN uses OpenSSL as its primary cryptographic library.

6. TrueCrypt : Open-Source Disk Encryption Software for Windows and Linux
TrueCrypt is an excellent open source disk encryption system. Users can encrypt entire filesystems, which are then on-the-fly encrypted/decrypted as needed without user intervention beyond entering their passphrase intially. A clever hidden volume feature allows you to hide a 2nd layer of particularly sensitive content with plausible deniability about whether it exists. Then if you are forced to give up your passphrase, you give them the first-level secret. Even with that, attackers cannot prove that a second level key even exists.
          What to Sell on eBay and Where to Get It        
http://img709.imageshack.us/img709/675/whattosellonebayandwher.jpg


          Smart Phone or Mobile Browser - Part II        
In my first post on this topic, I talked about the history of web-based applications, and also quickly took a look at Japan, the land of mobile browsers (as opposed to smartphones).

In this post, I'll dig into specific issues with applications in general, and web-based apps in particular. So let's get stuck in.

In order for applications to be enjoyable to use, there are a number of factors that must meet certain strict requirements. Putting aside prettiness (which is a factor, but is less critical than these three), we all require the following from applications: responsiveness, reliability, and privacy (this last one is increasingly an issue in a thoroughly networked world). Let's look at each in turn.

Responsiveness

Responsiveness is a critical usability feature in any modern, GUI-based application. It is critical in GUI applications because we interact at such a fine-grained level with the application, performing little operations one at a time, such as typing a single character, selecting a single item, or choosing a single command.

Responsiveness is even more important in mobile applications, because we are operating these applications in high-demand situations. Situations where we need to achieve our goal in a strictly limited amount of time. Poor responsiveness will obstruct us from achieving our goal, and will force us into using alternative mechanisms (for example, something other than our phone) to achieve our goals.

There are two forms of responsiveness that are relevant to this discussion:

  • Interaction responsiveness

    This is the speed at which an application responds to our interactions, our typing a character or selecting an individual item, or issuing an individual command.

    AJAX, Flash, and other technologies have vastly improved this type of responsiveness in Web 2.0 apps. There are still restrictions, but this type of responsiveness is rarely a problem any more. It has never been a problem for client-based software, except when the hardware was simply too underpowered, or an inappropriate technology (like Java) was used.
  • Invocation responsiveness

    This is the speed with which an application instance can be invoked. In other words, how long does it take to bring up the application in order to do some work in it?

    This is an area that Web 2.0 applications are poor at. Web 2.0 apps need to be downloaded into the browser at every invocation. Browsers are heavy pieces of client software, and tend not to be left pre-loaded in phones, so the invocation of the browser is another issue that tells against Web 2.0 apps. Finally, few phones give equal priority to bookmarks as to installed application icons, so reaching a Web 2.0 app requires a multistep process -- start the browser, open the bookmark list, choose a bookmark, log in. This is an easy problem to solve though, and is a good idea for a nice, simple utility.

    An example of poor invocation responsiveness is the way people will often use a physical phone directory in preference to a web based one, because turning their computer on, starting it up, starting up the web browser, and going to the online directory takes far longer than picking up the phone book. The fact that searching for names can be much faster online than in the book (an example of interaction responsiveness) is often irrelevant.

    Interestingly, mobile phones and PDAs in general make great efforts to improve invocation responsiveness, being designed to be constantly turned on, carryable, etc., so any reduction in invocation responsiveness really cuts against the grain.
So, Web 2.0 apps are now responsive in interaction, but still poor in invocation. The invocation issue is exacerbated in a mobile environment because of the unreliability of the mobile data connection. Which leads into the next topic.

Reliability

The reliability of any application can be expressed via a simple equation.

Let's take reliability as a number between 0 (never works) and 1.0 (works 100% of the time), ie. a probability of something working.

Let's then write the reliability of a component as R(component).

So:

R(system) = R(component1) * R(component2) ...

In other words, the reliability of a system is the product of the independent reliabilities of its components. (This requires the reliabilities to be independent -- if they are dependant the easiest way to handle this is to collapse them into one measurement.)

So, the reliability of client-based software is:

R(client software) = R(client app) * R(client OS) * R(client HW)

Or, in English, the reliability of client-based software is the product of the reliabilities of the client application software itself, the client operating system it's running on, and the client hardware.

As a specific example, the reliability of DreamConnect 3 (a UIQ 3 contacts manager) is:

R(DC 3 app) = R(DC3) * R(UIQ3) * R(phone)

Until recently R(UIQ3) was pretty poor, so R(DC 3 app) overall was unsatisfactory. However, now all reliabilities are up, and R(DC 3 app) is at a level where a user can be happy. From the user's perspective, it is tempting to think only the final reliability matters, but users are more sophisticated than that. They can deduce that R(UIQ 3) was poor, for example, and that will encourage them to move to a different platform. Users can even differentiate between R(OS) and R(HW) if they have enough experience. As ISVs, we have direct control only over R(app), but we do have indirect control over R(OS) and R(HW) by deciding what platform and hardware to support. It is worth bearing this in mind.

So, how about Web 2.0 apps? What does their reliability equation look like?

R(web app) = R(AJAX app) * R(browser) * R(client OS) * R(client HW) * R(network) * R(server app) * R(web server) * R(server OS) * R(server HW)

As you can see, there are lot more components involved. Let's quickly work through them:
  • AJAX app: This is the component of the Web 2.0 app that runs inside the browser on the client machine. It may use some technology other than AJAX, but I'm just using that as a convenient label.
  • Browser: The browser is an important component of this type of solution -- it has the misfortune of being used as a development environment but needing to meet the expectations of a user application.
  • Client OS and Client HW: Same as for normal client software, except the reliability of the local storage has less of an impact on this scenario, since it is used only for invoking the client OS and browser, and not for storing the application data.
  • Network: The reliability of the network is a critical part of the functionality of a Web 2.0 app. The app is invoked across the network, various amounts of functionality are implemented in the server, and all data is stored on the server. The network reliability is thus fairly critical.
  • Server app: This is the component of the application that runs on the server side -- it often involves database code, (and the underlying database software, which is usually very reliable), etc.
  • Web server: The web server software itself, which is important to the function of a Web 2.0 app. Web servers are generally very reliable pieces of software.
  • Server OS and HW: The server's operating system and hardware, which is generally very reliable, more so than client equivalents.

So, what's the end result? Well, as mentioned above, R(server) component (R(web server) * R(server OS) * R(server HW)) is very reliable, and we could probably approximate it as approaching 1.0, and so remove it from the equation. This still leaves:

R(web app) = R(AJAX app) * R(browser) * R(client OS) * R(client HW) * R(network) * R(server app)

We can further simplify this by saying that R(app SW) = R(AJAX app) * R(server app) and we could assume that, since this is under the control of the developer, it's likely to equal R(client app). So:

R(web app) = R(app SW) * R(browser) * R(client OS) * R(client HW) * R(network)

Now we can see that Web 2.0 software is less reliable than client software by the following amount:

R(web app unreliability factor) = R(browser) * R(network)

In the past, R(browser) has been very poor, and has dramatically impacted the reliability of any Web 2.0 software. I would argue that R(browser) is still a significant issue, and counts heavily against web software, including on a PC. Of course, the impact of R(browser) is less than, say, a storage failure, so long as the software is designed properly (ie. regular saving of information -- Google has just recently recognised this by putting a very regular auto-save feature into the Web 2.0 app I'm using to write this).

On the other hand, R(network) varies widely between desktop-bound PCs and mobile smartphones. R(network) nowadays is usually quite high for fixed networks, but for mobile networks it is still quite low, especially for 3G and when moving. For example, I only need to travel ten minutes west to drop out of 3G coverage into 2G, and few minutes further (into the mountains) to drop out of 2G coverage as well. If I were using a Web 2.0 mapping/routing application (such as Google maps), it would fail me almost as soon as I left the city heading west.

In conclusion, then, R(network) is an absolute killer for Web 2.0 style apps on the mobile. Michael Mace observed this in a less formal way a while back.

Privacy

Privacy is an issue that hasn't really surfaced yet. Since I have a background in security (working on secure OS's as well as Internet security), it's one that I'm keenly aware of.

At present, Web 2.0 apps are either about sharing information, which reduces the privacy concerns, or simply make promises about privacy. There are limited technological systems in place to ensure the privacy of your data.

I have a family blog. It is restricted to only the people that I invite, namely my family. Because I've restricted it to just these people, I can feel free to write about my family's private life. Or can I? What assurance do I have that programmers at Google aren't poring over the (rather boring and very unsordid) details of my life? What assurance do I have that Google won't suddenly copy my private ponderings to the top of every search result they return to their millions of users? Well, I have Google's word. That's all.

Does Google's word protect me from a mistake in their software? No. Does Google's word protect me from a malicious programmer within (or even outside) Google? No.

Imagine this: it is 2017, MS has collapsed under its own weight. Google rules supreme. For some reason, you want to bring a suit against Google, and you are preparing your legal arguments. Using Google Office's word processor. Which saves the text on Googles servers. Encrypted by software that runs on Google's servers. How easy is it for Google to capture your password (they don't need to change the software on your machine -- it's uploaded to your machine every time you open it, so they just change it on their server, which they have every right to do and you can't prevent them doing) and to decrypt and pore over your arguments? Google may desire to do no evil, but how can we trust them to keep their word?

In contrast, client-based software allows firewalling, packet sniffing, and so on, to ensure absolute security.

But the current situation is much worse than that. I'm not even aware of any Web 2.0 apps that provide encryption. Let alone anonymization (so that the app provider can't snoop on your behavior). But both of these, in combination as often as possible, are crucial privacy protections. We're so used to relying on the inaccessibility (except by direct physical access) of our storage, but that's not a part of the Web 2.0 world.

How does encryption work for Web 2.0? Well, it only works when a) you don't want to share the data publicly, and b) you don't want the server to process the data (channel encryption, such as SSL, can still be used, though). So any document, calendar, or database should be encrypted, with the decryption key known only to you. If you wish to share pieces of this, those pieces should be stored separately, with no links back to the encrypted data (which would unnecessarily violate the security of your main data store). Why, then, aren't Google calendars encrypted? Or Google mail messages, etc.? Well, because no-one cares about privacy. Yet.

And what about anonymization? This is a technology that's useful when your data needs to be processed by a server, but doesn't need to be associated with you in particular. For example, a search query doesn't need to be associated with you (unless you want it to be, in order to benefit from the search engine's knowledge of your interests), neither does a location-based services request. Does Google search or Google maps use anonymization? No, because people aren't asking for it and it has a cost associated with it (you need a third party -- the anonymizer -- and it doubles the traffic in the cloud).

While both of these technologies have costs (encryption increases processor load and slightly increases network load), their benefits will eventually become so clearly important that we will see them implemented. I don't have time to talk about all the concerns here, but Bruce Schneier's blog is a great source for this sort of thing. Unfortunately, Web 2.0 apps are difficult to validate (because they're so easy to modify and can even present different versions to different users), so this is another stroke against Web 2.0 apps.

Conclusion

Phew! This has been a long trek. But at the end we can see that, while Web 2.0 apps make sense for some situations on desktop PCs, they have significant disadvantages for mobile usage.

In my next post, I'll talk about a third way, namely the Web Services model, in which client applications use web services to deliver a powerful solution. This is something that smartphones can excel at.

Addendum

Google has released Google Gears which is an attempt to reduce the impact of R(network) described above. Google Gears allows Web 2.0 apps to work with a client-side cache while disconnected from the network, and to synchronise the local cache with the server when the network is available.

This is a great piece of technology, if it works, since it massively reduces the impact of R(network) just as connected clients (to be discussed in my next post) do. Basically, it transforms Web 2.0 apps into connected clients. Web 2.0 apps still have the disadvantage of R(browser), of course (not to mention the memory and performance impacts of the browser and associated technologies), but this is a worthwhile improvement.


          Getting Secrets Out of Source Code        
Secrets are valuable information targeted by attackers to get access to your system and data. Secrets can be encryption keys, passwords, private keys, AWS secrets, Oauth tokens, JWT tokens, Slack tokens, API secrets, and so on. Unfortunately, secrets are sometimes … Continue reading
          Every time you hear of some Left Wing Nut Job talking about giving the government more control, remember this: "Governments are not in Control"        
Sweden's government is in crisis after a government agency accidentally leaked the entire country's personal details database by offshoring its storage without adequate safeguards. Two ministers have been fired and the entire government may fall.
Swedish prime minister Stefan Löfven confirmed on Monday that private information concerning citizens of Sweden had been exposed to serious security risks after the government outsourced IT services for the Swedish Transport Agency (Transportstyrelsen) to IBM in 2015.
IBM, in turn, left an astounding amount of information exposed to a number of unauthorized users around the world — including the names, home addresses, and photos of every member of the police, secret military units, information from the witness-relocation program, information regarding the weight capacity of all roads and bridges, and details regarding the specifications of all government and military vehicles (and their drivers).

Apparently, the transport agency mistakenly emailed their entire database of sensitive information to marketers in plain text. And upon realizing their error, the agency decided to merely ask subscribers to delete the old message and later sent out an updated one.

Spectacular as it is, the Swedish disaster is just the latest in a seemingly unending series of similar catastrophes of which the OPM records loss , Snowden defection, State Dept secret cable loss, NSA toolkit theft are but a few well known examples. The casualties flash past like milestones in a blur. Britain's NHS lost 100,000 patient records the other day. Pakistan's Prime Minister Nawaz Sharif lost his job today due to "documents leaked from a Panama-based law firm" proving he was corrupt. In an age where the media use unnamed sources to launder leaks and section 702 of the Foreign Intelligence Surveillance Act is allegedly used for political surveillance no one's secrets are safe. We appear to have entered the age of digital nakedness and not even politicians are immune. Hillary was supposedly robbed of her election by Russian hackers who stole her secrets and broadcast them though some of the losses may actually have been due the DNC's own careless selection of fraudsters to run their IT operation.

When the Hillary Clinton as Secretary of State runs her own unsecured private server for all her messages, when the Obama Administration uses the NSA to spy on its political opponents, when the Democrats in Congress hire a criminal Pakistani family to run it's IT services, and the Edward Snowden data leaks that have rocked the entire US government, the idea that giving the government even more control is positively scary.

These people are NOT the "best and the brightest,"  and they are not to be trusted.

Here is a list of the top ten (so far) biggest government data breaches.

10. State of Texas: 3.5 Million Affected (April 2011)
9. South Carolina Department of Revenue: 3.6 Million Affected (October 2012)
8. Tricare: 4.9 Million Affected (September 2011)
7. Georgia Secretary of State Office: 6.2 Million Affected (November 2015)
6. Office of the Texas Attorney General: 6.5 Million Affected (April 2012)
5. Virginia Department of Health Professions: 8.3 Million Affected (May 2009)
4. U.S. Office of Personnel Management (OPM): 21.5 Million (June 2015)
3. U.S. Department of Veteran Affairs: 26.5 Million Affected (May 2006)
2. National Archives and Records Administration (NARA): 76 Million Affected (October 2009)
1. U.S. Voter Database: 191 Million Affected (December 2015)

Hillary famously claimed she understood the implications of artificial intelligence and robotics but does she really? Did the Swedes really? It's entirely possible that, despite their show of outward confidence no one fully understands the changes we've unleashed, least of all politicians nurtured in bureaucracy. The death of privacy appears to be an externality of the information age just as pollution was the unintended consequence of the industrial revolution. Nobody knows how much it will cost and the elite doesn't know how to deal with it.

Though governments pretend to be in control the facts suggest otherwise. Part of the problem is the government's habit of power. They've had it for so long they think it is theirs by right. Bureaucrats want the public to remain unprotected by encryption, the better to keep the public safe, though probably the better to keep everyone under control. And they're not succeeding. ...

          DBA Best Practices - A Blog Series: Episode 2 - Password Lists        

 

Digital World, Digital Locks

One of the biggest digital assets that any company has is its secrets. These include passwords, key rings, certificates, and any other digital asset used to protect another asset from tampering or unauthorized access.

As a DBA, you are very likely to manage some of these assets for your company - and your employer trusts you with keeping them safe. Probably one of the most important of these assets are passwords. As you well know, the can be used anywhere: for service accounts, credentials, proxies, linked servers, DTS/SSIS packages, symmetrical keys, private keys, etc., etc.

Have you given some thought to what you're doing to keep these passwords safe? Are you backing them up somewhere? Who else besides you can access them?

Good-Ol’ Post-It Notes Under Your Keyboard

If you have a password-protected Excel sheet for your passwords, I have bad news for you: Excel's level of encryption is good for your grandma's budget spreadsheet, not for a list of enterprise passwords.

I will try to summarize the main point of this best practice in one sentence: You should keep your passwords on an encrypted, access and version-controlled, backed-up, well-known shared location that every DBA on your team is aware of, and maintain copies of this password "database" on your DBA's workstations.

Now I have to break down that statement to you:

- Encrypted: what’s the point of saving your passwords on a file that any Windows admin with enough privileges can read?

- Access controlled: This one is pretty much self-explanatory.

- Version controlled: Passwords change (and I’m really hoping you do change them) and version control would allow you to track what a previous password was if the utility you’ve chosen doesn’t handle that for you.

- Backed-up: You want a safe copy of the password list to be kept offline, preferably in long term storage, with relative ease of restoring.

- Well-known shared location: This is critical for teams: what good is a password list if only one person in the team knows where it is?

I have seen multiple examples of this that work well. They all start with an encrypted database. Certainly you could leverage SQL Server's native encryption solutions like cell encryption for this. I have found such implementations to be impractical, for the most part.

Enter The World Of Utilities

There are a myriad of open source/free software solutions to help you here. One of my favorites is KeePass, which creates encrypted files that can be saved to a network share, Sharepoint, etc. KeePass has UIs for most operating systems, including Windows, MacOS, iOS, Android and Windows Phone.

Other solutions I've used before worth mentioning include PasswordSafe and 1Password, with the latter one being a paid solution – but wildly popular in mobile devices.

There are, of course, even more "enterprise-level" solutions available from 3rd party vendors. The truth is that most of the customers that I work with don't need that level of protection of their digital assets, and something like a KeePass database on Sharepoint suits them very well.

What are you doing to safeguard your passwords? Leave a comment below, and join the discussion!

Cheers,

-Argenis


          Symmetric encryption/decryption routine using AES        
The following is a symmetric encryption/decryption routine using AES in GCM mode. This code operates in the application layer and is meant to receive user-specific and confidential information and encrypt it, after which it is stored in a separate database server. It also is called upon to decrypt encrypted information from the database. The full … Continue reading Symmetric encryption/decryption routine using AES
          Azure Key Vault        
This is how, within your organisation, you can protect the data, especially in a cloud-first, multi-tenant world. The source will provide you with the concepts around encrypting enterprise data, look at what you should encrypt, and cover robust patterns and practices you can follow in your organisation. Enjoy. Data encryption with azure
          Wichovia On Line Banking and Internet Banking        
Perhaps you have decided you want to e-banking is now, you must be established so that you can use the online service. Depending on the type of company you want to use the Internet, there are different ways to start. Register your bricks and mortar bank will be a very simple process. All of this should be calling on banks and called for the registration of online services.

The Bank will send you the necessary instructions by mail. The Bank will immediately inform you on the way to log into your web site online banking, as well as provide a unique user will not change. The Bank will notify you about various aspects of security of Internet banking, and will tell you as some of the requirements of 128-bit encryption on your computer. Banks will be the importance of entering the bank web site is correct, and how to enter your user by using the online service.

Next hinted the bank will be your password and instructions to change it when necessary. So, how to register and start your online banking. Virtual banks are different from the meaning of the process, you must open the online bank accounts, their first. The first thing you should do is choose the right bank through which you will be your personal and corporate business.

You'll find that many factors virtual banks, like any brick and mortar banks. One of the most important consideration is to make sure they are U. S. Corporation Federal Deposit Insurance insured. Of course, you should know that their overdraft fees.

You must be familiar with their own rules and procedures applicable to their actions. What are your rights and obligations? Print this information May be helpful in the case of Internet banking will create a virtual bank.

Some guidelines in mind, virtual bank will choose a username and password. Your online banking services, is now ready to begin. When you open an account, it is necessary to provide banks with some information. The most common problem is that your name, address, your phone number, Social Security number, and your place of employment. You'll need to make some deposits, and then started to run your account. All banking transactions can be completed in an instant, in the settings of your account.
Learn about one of the best online banks Wichovia On Line Banking or to learn about other online banks visit Wichovia On Line Banking - A popular banking website that provides you with inside information on all the major banks.
           CVE-2011-4862: Buffer overflow in libtelnet/encrypt.c        

Un miembro de la lista de CrackSLatinoS a.k.a Boken (@Boken_), ha planteado una manera diferente de colaborar, motivar, aprender y practicar temas relacionados con la ingeniería inversa.

Para ello, propone la resolución de una serie de exploits de diferentes niveles de dificultad, del cual éste writeUp se encarga de documentar el primero de ellos de nivel medio.

El post original publicado en la lista el 11/12/2014 fue:


http://www.cvedetails.com/cve/2011-4862
La idea principal es que todo el que quiera hacer su versión de este exploit y comprender en profundidad el fallo, vaya comentando aquí sus avances, dudas, problemas y demás. Hay tanto exploits como detalles del mismo, pero la cuestión es que cada uno que lo intente y se atasque venga aquí a explicar sus problemas y pueda continuar.
Ni es un concurso, ni hay fecha de entrega. El único objetivo es que todo el que crea que no sabría hacerlo, pero quiera, utilice este post para conseguirlo. A ver si al final de este hilo entre todo lo comentado se pueden montar uno o varios tutes conjuntos.
Boken


Los detalles de esta vulnerabilidad son:
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
Como no podía ser de otra manera, soez y yo nos pusimos a resolverlo con un resultado altamente satisfactorio para nosotros. Este tipo de retos siempre nos dejan muy buen sabor de boca. 

Ni que decir tiene que tan solo mostramos una pequeña prueba de concepto y que dista mucho de la POC original que en su día hicieron NighterMan y BatchDrake. Sin duda la de ellos es infinitamente más elaborada.

Espero que disfrutéis de esta lectura, tanto como nosotros redactándola. Aquí os dejamos todo lo necesario:
¡Hasta el próximo exploit!



          Olympus Dictation App for iOS        
Olympus Dictation App
Olympus

Olympus's Professional dictation, encryption and delivery system for your Apple iOS Smart Phones!

The New Olympus Dictation for iPhone..

Price: $99.99


          Addonics “Secure NAS” Storage Appliance Series Debuts        

Addonics “Secure NAS” Storage Appliance Series Debuts Combines RAID, NAS, DAS and Encryption in One Enclosure By Addonics Technologies Addonics Technologies (www.addonics.com) today announced the Secure NAS series of storage appliances, which combine the benefits of RAID, Network Attached Storage (NAS), Direct Attached Storage (DAS) and hardware AES 256-bit encryption all in one enclosure. It …

Continue reading »

The post Addonics “Secure NAS” Storage Appliance Series Debuts appeared first on Benchmark Reviews.


          MaxxOne 200mbps 3-Port Powerline Adapter Homeplug (Single Pack)        

Save your time and money by utilizing AC power lines in your home or office for networking. The adapters are compliant with Homeplug specification 1.0 and have a High Speed Transfer rate of up to 500 Mbps.

Installation is simple with the HomePlug’s built-in plug-and-play technology. Plug each adapter in an AC wall socket and connect a patch cable to each bridge. A minimum of 2 adapters are needed and more can be added as the network grows, making this an ideal starter kit.

Features

  • No wires required – Uses existing electrical network
  • Simple set up – Just plug into power socket
  • Reliable and secure – Up to 500 Mbps data rates with AES Encryption
  • Network computer games, run media applications, HD video streaming, VoIP communications
  • 3 ports out to multiple devices at one location

Price: £12.49 Special Price: £8.32
Special Expires On: 30 Sep 2017


          Encrypt it in .NET/Decrypt it on SQL Server?        

A common question on the newsgroups is "how do you encrypt data in a .NET [or other] client application and then decrypt it on SQL Server [or vice versa]?" I actually ran down my list of answers to someone who asked this in the newsgroups a few weeks ago. I won’t get into the details, but the answers all pretty much say the same thing -- theoretically you could make it work (with a lot of assumptions on your part), but it won’t be easy -- and probably not worth the investment of time and energy, to be honest. Now it’s time to change my answer.

 

You see, when this question is brought up the people who ask usually make a specific point to ask about symmetric encryption (AES, Triple DES, etc.). You can’t easily make the “encrypt on client/decrypt on server” scenario work with symmetric encryption because SQL Server doesn’t let you import or export symmetric keys.

 

Asymmetric encryption is an entirely different beast. Someone asked about sending a password to SQL Server securely (not in plain text) for FIPS compliance here.

 

Since passwords are usually pretty short I told the poster asymmetric encryption might solve his problem. Then I decided to prove it. The code below (both T-SQL and .NET) demonstrates. All of the steps should be performed in order. The .NET code at the end needs to be put into a C# Windows Forms or Console project of your own (.NET 2.0 or higher only).

 

1) T-SQL: Create a test database, database master key, and certificate on SQL Server

 

-- Create a test database

CREATE DATABASE Test;

GO

 

-- Switch to the new test database

USE Test;

GO

 

-- Create database master key

CREATE MASTER KEY

ENCRYPTION BY PASSWORD = 'P@$$w0rd';

GO

 

-- Create a test certificate

CREATE CERTIFICATE TestCert

   WITH SUBJECT = 'Test Certificate',

   EXPIRY_DATE = '20151231';

GO

 

-- This statement just tests the new certificate to make sure

-- it's installed correctly

SELECT ENCRYPTBYCERT(CERT_ID(N'TestCert'), 'abcdef')

GO

 

2) T-SQL: Backup the certificate (public key only) to a .cer file in the file system

 

USE Test;

GO

 

-- Backup the certificate to a .CER file; assumes c:\Temp

-- directory exists

BACKUP CERTIFICATE TestCert

TO FILE = 'c:\Temp\TestCert.cer';

GO

 

3) T-SQL: Create a stored procedure that uses the certificate to decrypt a binary string passed into it

 

-- This procedure uses the SQL certificate to decrypt the

-- encrypted password

CREATE PROCEDURE dbo.DecryptPasswordWithSqlCert

      @EncryptedPassword binary(128)

AS

BEGIN

      SELECT CAST

            (

                  DECRYPTBYCERT

                  (

                        CERT_ID('TestCert'),

                        @EncryptedPassword

                  ) AS nvarchar(100)

            ) AS DecryptedPassword;

END;

GO

 

4) .NET: Create an X509Certificate2 object and use the public key to encrypt a string password; Call the stored procedure with the encrypted password and use the SQL Server certificate to decrypt it

 

        // Load the certificate from the file system and create an RSACryptoServiceProvider

        // from the certificate Public Key to encrypt data

        private RSACryptoServiceProvider GetCryptoProvider

        (

            string CertificateFilename

        )

        {

            X509Certificate2 cert = new X509Certificate2(CertificateFilename);

            RSACryptoServiceProvider r = (RSACryptoServiceProvider)cert.PublicKey.Key;

            return r;

        }

 

        // Encrypts string password (Unicode) with the RSACryptoServiceProvider

        private byte[] EncryptPasswordWithFileCert

        (

            RSACryptoServiceProvider Rsa,

            string Password

        )

        {

            // Results of RSA encryption are limited to 128 bytes

            byte[] Bytes = Rsa.Encrypt(Encoding.Unicode.GetBytes(Password), false);

            byte[] Result = new byte[128];

 

            // Need to reverse the order of the encrypted bytes for SQL Server encryption

            for (int i = 127; i >= 0; i--)

            {

                Result[127 - i] = Bytes[i];

            }

 

            return Result;

        }

 

        // Connects to server/database and executes stored procedure

        // The stored procedure decrypts the encrypted password you pass in

        private string DecryptPasswordWithSqlCert

        (

            string ConnectionString,

            byte[] EncryptedPassword

        )

        {

            string DecryptedPassword = "";

            using (SqlConnection Con = new SqlConnection(ConnectionString))

            {

                Con.Open();

                using (SqlCommand Cmd = new SqlCommand("dbo.DecryptPasswordWithSqlCert", Con))

                {

                    Cmd.CommandType = CommandType.StoredProcedure;

                    // Pass in the encrypted password

                    Cmd.Parameters.Add("@EncryptedPassword", SqlDbType.Binary, 128).Value = EncryptedPassword;

                    // Return the decrypted password as a string

                    DecryptedPassword = (string)Cmd.ExecuteScalar();

                }

            }

            return DecryptedPassword;

        }

 

        // This is my connection string

        private string SqlConnString = "DATA SOURCE=(local);INITIAL CATALOG=Test;INTEGRATED SECURITY=SSPI;";

 

        private void QuickTest

        {

            // Create RSACryptoServiceProvider from .cer file

            RSACryptoServiceProvider Rsa = GetCryptoProvider("C:\\Temp\\TestCert.cer");

           

            // Encrypt the password with the file certificate public key

            byte[] EncryptedPassword = EncryptPasswordWithFileCert(Rsa, "Test*Password123");

 

            // Decrypt the password on the server

            string DecryptedPassword = DecryptPasswordWithSqlCert(SqlConnString, EncryptedPassword);

 

            // Output the decrypted password

            Console.WriteLine(DecryptedPassword);

        }

 

A couple of items worth noting about this code:

 

* SQL Server (and .NET) asymmetric encryption function have a strict limit of 128 bytes that can be returned by the encrypted result. The encryption functions add 11 bytes of padding, so you’re automatically down to 117 bytes of plain text that can be encrypted or 58 Unicode characters. You can work around these limitations by encrypting your data in chunks, but I wouldn’t advise it -- asymmetric encryption is expensive in terms of time and resources.

 

* For some reason SQL Server needs the .NET asymmetric encryption results reversed, byte-for-byte. Not sure of the exact reason for this, but it’s simple enough to handle (as I did in the code) with a for loop on the .NET side.

 

* The BACKUP CERTIFICATE statement in the sample code only exports the certificate Public Key, which is used for encryption. You can also export the Private Key (for decryption) if you wish, but there’s no need in this scenario. You’ll need to look up the syntax of the BACKUP CERTIFICATE statement in BOL if you need to export your certificate’s Private Key.

 

* The .NET X509Certificate2 class is used in the code sample, and it is only supported on .NET 2.0 and higher. The older .NET X509Certificate class won’t do the job because it is lacking some features that this code sample requires.

 

 


          Latest Google Algorithm For SEO        
Are You Looking For Latest Google Algorithm For SEO 2015.Check Out here,The complete Google Algorithm Updates History consolidated by Rank Ranger.Here You can Briefly check out Latest Google Algorithm For SEO,Google Algorithm For SEO,Google Algorithm For SEO 2015-2016
Latest Now Running : Hummingbird

Latest Google Algorithm For SEO


2015 Updates




2014 Updates


Penguin Everflux — December 10, 2014

A Google representative said that Penguin had shifted to continuous updates, moving away from infrequent, major updates. While the exact timeline was unclear, this claim seemed to fit ongoing flux after Penguin 3.0 (including unconfirmed claims of a Penguin 3.1).


Penguin 3.0 — October 17, 2014

More than a year after the previous Penguin update (2.1), Google launched a Penguin refresh. This update appeared to be smaller than expected (<1% of US/English queries affected) and was probably data-only (not a new Penguin algorithm). The timing of the update was unclear, especially internationally, and Google claimed it was spread out over "weeks".




HTTPS/SSL Update — August 6, 2014

After months of speculation, Google announced that they would be giving preference to secure sites, and that adding encryption would provide a "lightweight" rankings boost. They stressed that this boost would start out small, but implied it might increase if the changed proved to be positive.



Payday Loan 3.0 — June 12, 2014

Less than a month after the Payday Loan 2.0 anti-spam update, Google launched another major iteration. Official statements suggested that 2.0 targeted specific sites, while 3.0 targeted spammy queries.




2013 Updates





Hummingbird — August 20, 2013

Announced on September 26th, Google suggested that the "Hummingbird" update rolled out about a month earlier. Our best guess ties it to a MozCast spike on August 20th and many reports of flux from August 20-22. Hummingbird has been compared to Caffeine, and seems to be a core algorithm update that may power changes to semantic search and the Knowledge Graph for months to come.


Unnamed Update — July 26, 2013

MozCast tracked a large Friday spike (105° F), with other sources showing significant activity over the weekend. Google has not confirmed this update.
MozCast Update (Google+)

Knowledge Graph Expansion — July 19, 2013

Seemingly overnight, queries with Knowledge Graph (KG) entries expanded by more than half (+50.4%) across the MozCast data set, with more than a quarter of all searches showing some kind of KG entry.

Panda Recovery — July 18, 2013

Google confirmed a Panda update, but it was unclear whether this was one of the 10-day rolling updates or something new. The implication was that this was algorithmic and may have "softened" some previous Panda penalties.

Multi-Week Update — June 27, 2013

Google's Matt Cutts tweeted a reply suggesting a "multi-week" algorithm update between roughly June 12th and "the week after July 4th". The nature of the update was unclear, but there was massive rankings volatility during that time period, peaking on June 27th (according to MozCast data). It appears that Google may have been testing some changes that were later rolled back.




Domain Crowding — May 21, 2013

Google released an update to control domain crowding/diversity deep in the SERPs (pages 2+). The timing was unclear, but it seemed to roll out just prior to Penguin 2.0 in the US and possibly the same day internationally.



2012 Updates

Panda #23 — December 21, 2012

Right before the Christmas holiday, Google rolled out another Panda update. They officially called it a "refresh", impacting 1.3% of English queries. This was a slightly higher impact than Pandas #21 and #22.






August/September 65-Pack — October 4, 2012

Google published their monthly (bi-monthly?) list of search highlights. The 65 updates for August and September included 7-result SERPs, Knowledge Graph expansion, updates to how "page quality" is calculated, and changes to how local results are determined.



Panda 3.9.2 (#19) — September 18, 2012

Google rolled out another Panda refresh, which appears to have been data-only. Ranking flux was moderate but not on par with a large-scale algorithm update.


Bid Farewell to Another Year


So, here we are ticking away the last few days of yet another year. Boy, time sure goes by fast, as i am sure you will agree. Just as time goes fast, so do hackers who are out to steal your identity.

Even though some of you may think that identity theft could never happen to, just wait...it will. On the other hand, for those of you how believe in “a pound of prevention is better than cure” can adopt these New Year’s Resolutions.

A Small Amount of Prevention


First, make a valiant effort to keep your passwords secure. If you don’t you may wind up in the pack of those folks who accounts get hacked in the coming year.

The most commonly hacked accounts are those with dictionary term or common name passwords. Yeah, I know blah, blah,blah. Over and over again we keep hearing that we need to use stronger passwords and it is so true.

According to a recent study by CBTNuggets, the top 10 common words found in passwords of hacked accounts were:

  • Love
  • Star
  • Girl
  • Angel
  • Rock
  • Miss
  • Hell
  • Mike
  • John



The study also states that passwords with elements of account usernames and first names such as Lisa, Amy, Mark and Scott were also high on the list of hackers.

Don’t Become One of Them


If you don't want to become part to next year's possibly 500 million account hack, try using a random password generator to create a strong password. There are several generators on the Internet that allow you to customize the elements of a random password.



Okay, Okay… I can tell that many of you are scowling at me right now...


Yes, I know...random passwords are harder to remember, but think about this, the easier you make your password, the easier it is for the hackers to get to your personal information.

For example, if you keep using easy passwords and you tell all of your friends on social media that you just got lucky and won &10,000 from a lottery ticket and that social media post was public and not private...you just told the whole world!

And that whole world includes criminals that are monitoring social posts just like that and now they have your name and maybe your brother's name and the race is on…

It only takes 2 or 3 small pieces of information to be able to find other pieces of your identity and then WHAM! -- all of a sudden you can’t buy that fancy new car...motorcycle...pay for that long awaited vacation to the Caribbean because a thief opened credit accounts in your name and now your credit rating is in the toilet...YES IT CAN HAPPEN that fast.


A Password Solution


There are many companies that offer password storage and encryption services for free or a very nominal fee. Here are links to a few for you to check out.




          Tweaking4All more secure with SSL …        

Outfits like Google, Let’s Encrypt, cPanel and Comodo are pushing for a more secure Internet. Obviously there is nothing wrong with that, and I commend them (and others) for pushing and supporting for this. In this case we are talking about adding a so called SSL certificate to websites, allowing encryption, which can be identified by the url starting with […]

This post Tweaking4All more secure with SSL … is from Tweaking4All.com.


          Best Operating System For Pentest        
http://1.bp.blogspot.com/-aLGNZ9gBRJ0/UrKoC_vujkI/AAAAAAAAAKw/nb-Lxr8Zk7s/s1600/NodeZero_7.png 

 Sudah lama gak ngepot akhirnya gua ingin nyempatkan diri untuk ngepost.. dan saya ingin katakan selamat datang di blog IrfanSyahP..

kali ini saya akan memberikan sedikit OS yang cocok untuk pentest.. langsung aja 

1. Kali Linux 
Klai Linux
 
Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. Mati Aharoni and Devon Kearns of Offensive Security developed it by rewriting BackTrack, their previous forensics Linux distribution.
For Download Kali Linux click HERE!
 
2. BackTrack 5 R3
BackTrack 5 R3
 BackTrack provides users with easy access to a comprehensive and large collection of security-related tools ranging from port scanners to Security Audit. Support for Live CD and Live USB functionality allows users to boot BackTrack directly from portable media without requiring installation, though permanent installation to hard disk and network is also an option.
For Download BackTrack 5 R3 click HERE!
3. NodeZero.
 
Node Zero
It is said the necessity is the mother of all invention, and NodeZero Linux is no different. There team is built of testers and developers, who have come to the census that live systems do not offer what they need in their security audits. Penetration Testing distributions tend to have historically utilized the “Live” system concept of linux, which really means that they try not to make any permanent effects to a system. Ergo all changes are gone after reboot, and run from media such as discs and USB’s drives. However all that this maybe very handy for occasional testing, its usefulness can be depleted when your testing regularly. Its there believe that “Live System’s” just don’t scale well in a robust testing environment.
All though NodeZero Linux can be used as a “Live System” for occasional testing, its real strength comes from the understanding that a tester requires a strong and efficient system. This is achieved in our belief by working at a distribution that is a permanent installation, that benefits from a strong selection of tools, integrated with a stable linux environment.
For Download NodeZero  click HERE!
 
4. BackBox Linux
BackBox Linux
It includes some of the most used security and analysis Linux tools, aiming to a wide spread of goals, ranging from web application analysis to network analysis, from stress tests to sniffing, including also vulnerability assessment, computer forensic analysis and exploitation.
The power of this distribution is given by its Launchpad repository core constantly updated to the last stable version of the most known and used ethical hacking tools. The integration and development of new tools inside the distribution follows the commencement of open source community and particularly the Debian Free Software Guidelines criteria.
For Download BackBox click HERE!
 
5. Blackbuntu.
BlackBuntu
Blackbuntu is distribution for penetration testing which was specially designed for security training students and practitioners of information security. Blackbuntu is penetration testing distribution with GNOME Desktop Environment. It's currently being built using the Ubuntu 10.10 and work on reference Back|Track.
For Download BlackBuntu Click Here!
 
6. Samurai Web Testing Framework.
Samurai Web Testing Framework
 The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
For Download Samurai Web Testing Framework Click Here!
 
7. Knoppix STD.
Knoppix STD
Knoppix STD (Security Tools Distribution) is a Live CD Linux distribution based on Knoppix that focused on computer security tools. It included GPL licensed tools in the following categories: authentication, password cracking, encryption, forensics, firewalls, honeypots, intrusion detection system, network utilities, penetration, packet sniffers, assemblers, vulnerability assessment and wireless networking. Knoppix STD version 0.1 was published January 24, 2004, on Knoppix 3.2. Thereafter, the project stagnated, lacking updated drivers and packages. A release date for version 0.2 has not yet been announced. A list of tools is available on the official website.
 For Download Knoppix STD Click Here!
 
8. Pentoo.
Pentoo
Pentoo is a Live CD and Live USB designed for penetration testing and security assessment. Based on Gentoo Linux, Pentoo is provided both as 32 and 64 bit installable livecd. Pentoo is also available as an overlay for an existing Gentoo installation. It features packet injection patched wifi drivers, GPGPU cracking software, and lots of tools for penetration testing and security assessment. The Pentoo kernel includes grsecurity and PAX hardening and extra patches - with binaries compiled from a hardened toolchain with the latest nightly versions of some tools available.
For Download Pentoo Click Here!
 
9. WEAKERTH4N.
Weakerth4n
Weakerth4n is a penetration testing distribution which is built from Debian Squeeze.For the desktop environment it uses Fluxbox.This operating system is ideal for WiFi hacking as it contains plenty of Wireless tools.
For Download WEAKERTH4N Click Here!
 
 
 
10. Matriux Krypton.
Matriux Krypton
 The Matriux is a phenomenon that was waiting to happen. It is a fully featured security distribution based on Debian consisting of a powerful bunch of more than 300 open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more. It is a distribution designed for security enthusiasts and professionals, although it can be used normally as your default desktop system. 
For Download Matriux Krypton Click Here! 
 
11. DEFT. 
 Deft is Ubuntu customization with a collection of computer forensic programs and documents created by thousands of individuals, teams and companies. Each of these works might come under a different licence. There Licence Policy describe the process that we follow in determining which software we will ship and by default on the deft install CD.
For Download DEFT Click Here!
 
12. CAINE
CAINE
CAINE represents fully the spirit of the Open Source philosophy, because the project is completely open, everyone could take the legacy of the previous developer or project manager. The distro is open source, the Windows side (Wintaylor) is open source and, the last but not the least, the distro is installable, so giving the opportunity to rebuild it in a new brand version, so giving a long life to this projec
For Download CAINE Click Here!
 
13. Bugtraq
Bugtraq is an electronic mailing list dedicated to issues about computer security. On-topic issues are new discussions about vulnerabilities, vendor security-related announcements, methods of exploitation, and how to fix them. It is a high-volume mailing list, and almost all new vulnerabilities are discussed there.
For Download Bugtraq Click Here!
enjoy!!!

          Cameron bans encryption        

...
          Peace Revolution episode 070: How the Mind is Harnessed to Create Human Resources        
itunes pic

 

 

Click here to download this episode, or use the download link at the bottom of the notes for this episode.

Notes, References, and Links for further study:

Tragedy and Hope dot com

Invitation to the Tragedy and Hope online community (link expires monthly)

Log in page for the Tragedy and Hope online community

Peace Revolution primary site (2009-2012)*

Peace Revolution backup stream (2006-2012)*

Includes the 9/11 Synchronicity Podcast (predecessor to Peace Revolution)

*These 2 podcasts and lectures amount to 400+ hours of commercial-free educational content, which formulate a comprehensive and conscious curriculum.

The Ultimate History Lesson dot com (the film, notes, references, transcript, etc.)

IMDB Page for The Ultimate History Lesson

Facebook Page for The Ultimate History Lesson

Twitter feed for Tragedy and Hope

The Ultimate History Lesson Official Playlist (on YouTube)

UHL Research Bonus Pack and Gatto Fundraiser Pack(fundraiser for media partners and JTG)

Partner Coupon Codes (MUST BE IN ALL CAPS):

GNOSTICMEDIA

CORBETTREPORT

MEDIAMONARCHY

REDICERADIO

SCHOOLSUCKS

MERIAHELLER

FREEDOMSPHOENIX

Reference Map to Episode 070:

(1m-4m) Despotism vs. Aaron Dykes (Infowars Nightly News clip) by R.G.

(4m-6m) U.S. Army Kills Kids by Abby Martin (RT)

(6m-9m) Robert F. Kennedy did not agree Oswald lone assassin (ABC News)

(9m-13m) U.S. Government Found Guilty of Murdering Martin Luther King by Lee Camp

(13m-19m) U.S. Court: Martin Luther King Killed by the Authorities by Barrie Zwicker

(19m-28m) Richard’s introductory monologue

(28m-2h50m) Debate: Larken Rose (Anarchy) vs. Tom Willcutts (Authority) History… So It Doesn’t Repeat

(2h50-5h25m) Briefing: Kevin Cole (Classical Trivium vs. Trivium Method) History… So It Doesn’t Repeat

(5h25m-6h50m) “Behaviorism in Disguise” School Sucks Podcast #150

Hist ory... So It Doesn't Repeat (Official YouTube Series Playlist)History So It Doesn't Repeat Timecodes, notes, links, and references are posted just below the HD video:

Notes, Links, & References for "The Trivium Method vs. The Classical Trivium" (recorded February 17, 2013)

  1. 1m “The Great Chain of Being and the Organic Unity of the Polis” by Kevin Cole (Winter 2013)
  2. 2m “The Trivium Method” by Jan Irvin and Gene Odening @ Gnostic Media dot com
  3. 3m “The Trivium Method of Critical Thinking and Creative Problem Solving” vs. the innate method of learning, and comparing it to how the Classical Trivium (as a method of institutionalizing individuals) has historically been used prior to the 21st century.
  4. 4m History of the Classical Trivium is the history of the Great Chain of Being, useful in shaping cultures. The Great Chain of Being is defined in classical terms.
  5. 5m The concept of “balanced” government and civil society itself, The Ominous Continuity of the “education” system we know as schooling
  6. 6m The changing of terms as a means of gaining power over unwitting minds
  7. 7m The Occulting of Knowledge to create Power
  8. 8m Legacy of 2,500 years of the Noble Lie being used to create Power
  9. 9m Romantic Nationalism & Germany vs. Limited Government System, continued definition of the Great Chain of Being (3 estates)
  10. 10m Caste System, Divine Right of Kings, and the Classical Trivium; specifically the artificial scarcity of the “7” liberal arts
  11. 11m Enkyklios Paideia and the Caste System, Arnold Toynbee “it allows each empire to be immortal”
  12. 12m Great Chain of Being and the Classical Trivium in context of Organic Unity
  13. 13m United Nations Charter provisions, Positive and Negative Rights, staying knowledgeable about the first principles and jury nullification, Thomas Jefferson and First Principles
    1. Article 29: 1. Everyone has duties to the community in which alone the free and full development of his personality is possible. 2. In the exercise of his rights and freedoms, everyone shall be subject only to such limitations as are determined by law solely for the purpose of securing due recognition and respect for the rights and freedoms of others and of meeting the just requirements of morality, public order and the general welfare in a democratic society.
    2. Article 30: Nothing in this Declaration may be interpreted as implying for any State, group or person any right to engage in any activity or to perform any act aimed at the destruction of any of the rights and freedoms set forth herein.
  14. 14m Logical foundation of Negative Rights, Irrational foundation of Positive Rights
  15. 15m Definition of Organic Unity
  16. 16m Scott Buchannan quote on the Classical Trivium to create Organic Unity, Cardinal and Ordinal structures of the story (Buchannan was a Rhodes Scholar)
  17. 17m Definitions: The Auctors, The Polis, The Polity, Episcopal, hierarchical structures of authorities, Anglicanism (Church of England)
  18. 18m Comparison and Contrast the Trivium Method vs. the Classical Trivium, 7 Liberal Arts, Plato, Aristotle, educational philosophy and Isocrates,
  19. 19m The “general education” of the inscribed circle of the Enkyklios Paideia, foreshadowing Fichte and Hegel of the Prussian Education System
    1. encyclopedia (n.) 1530s, "course of instruction," from Modern Latin encyclopaedia (c.1500), literally "training in a circle," i.e. the "circle" of arts and sciences, the essentials of a liberal education; from enkyklios "circular," and paideia “education”.
    2. According to some accounts such as the American Heritage Dictionary copyists of Latin manuscripts took this phrase to be a single Greek word, enkuklopaedia.
  20. 20m plunder v. production and human livestock, classical Trivium as a system of creating production to be plundered… farming plunder
  21. 21m Latin education and the Divine Right of Kings, organic unity and feudalism, legitimizing the great chain of being (methods of authority), using the battlefield and education to subjugate individuals for lack of Knowledge.
  22. 22m Legitimizing the storyteller as the authority of the day, group-think, authority to control human resources. Any citizen can become an individual through learning habits of self-reliance
  23. 23m “Authorities” (educators, sophists) define the “Grammar” of the Classical Trivium, thus making the “Logic” a belief, not an understanding. No knowledge is necessary for belief, in fact belief is often what fills the void created when Knowledge is absent.
  24. 24m Unified systems of knowledge, cybernetics and the ship of state (Plato), first principles and common ground (Logic) necessary for linguistic communication. The use of these ideologies to create state systems.
  25. 25m Richard Haklyut and Queen Elizabeth, propagating organic unity as “natural”, even though it depends on people ruling over others. Scott Buchannan papers from Harvard University, “Poetry and Mathematics” (foreshadowing role of Rhodes Scholars)
    1. Richard Hakluyt (c. 1552 or 1553 – 23 November 1616) was an English writer. He is known for promoting the settlement of North America by the English through his works, notably Divers Voyages Touching the Discoverie of America (1582) and The Principal Navigations, Voiages, Traffiques and Discoueries of the English Nation (1589–1600).
  26. 26m Dorothy Sayers and removing the myths to get to the facts of her claims, Reinhold Niebuhr, Royal Institute of International Affairs, Milner Rhodes Roundtable Group, secularizing values to continue organic unity
  27. 27m Dorothy Sayers quotes in favor of British Empire building and Cecil Rhodes / Milner Roundtable Group and Organic Unity
  28. 28m Origins of the systems which create and facilitate organic unity, cybernetics, using the knowledge of self-learning to dissect the history and identify the contradictions of our public educations
  29. 29m Gnostic Media interview with Gene Odening, how the human being learns, removing the dogma from the process of learning for one’s self
  30. 30m Asking substantial questions and using a method to find valid answers consistently vs. the Classical Trivium (prescribed “Grammar”, mandated “Logic”, rhetoric which reinforces servitude)
  31. 31m Isocrates and literacy as a form of slavery (i.e. sophism) until the reader learns how to identify reality and remove unreality (i.e. logic).
  32. 32m closed systems of learning to maintain the city-states, aristocracy, and ruling class to manage the polity (public); educating the kings, adopting education systems to gain power over the polity, dichotomy of control, creating knowledge gaps to create “power”.
  33. 33m focus on significant and substantial, discard the arbitrary, dismiss the irrational. Sayers’ biases and the basis of Christian Homeschooling in America.
  34. 34m Sayers’ system as the “closest to the perfection of Plato’s Republic” – Freemasonry
  35. 35m Christian Homeschooling and predefined grammar, infecting the logic by not asking preliminary questions to identify that which exists, reality from unreality (Sayers’ seeds of irrationality)
  36. 36m History of Ideas in relation to the Trivium Method contrasted to the Classical Trivium and the history of creating organic unity
  37. 37m The Classical Trivium, Freemasonry as a feedback mechanism for creating organic unity through empire, “Builders of Empire: Freemasons and British Imperialism (1717-1927)” by Jessica Harland Jacobs
  38. 38m “Origins of Freemasonry” by Thomas Paine,
  39. 39m Johann Joachim Christoph “J.C.” Bode, Nicholas Bonneville, Philo’s Reply to Questions Concerning His Association with the Illuminati by Jeva Singh-Anand, Illuminati Manifesto of World Revolution (1792) translated by Marco de Luchetti,
  40. 40m King Elfwad, Charlemagne, and the origins of the word “Trivium” by Alcuin of York
  41. 41m Ancient Greece, systems of preserving itself against surrounding piranha states
  42. 42m Enkyklios Paideia created by Isocrates preserves organic unity until Thomas Jefferson recognizes what it is, and what it does
  43. 43m Scott Buchanan and Stringfellow Barr (Rhodes Scholars) and Freemasonry, origins of “Classical Trivium” revival veiling the Enkyklios Paideia
  44. 44m filling in between Isocrates and the Freemasons, Jesuits and the Ratio Studiorum, which was rejected by John Adams and Thomas Jefferson, Ratio Studiorum as continuation of organic unity under godhead of theology.
  45. 45m Thomas Jefferson (post-revolution) goes to William and Mary and has the Classical Trivium removed from the curriculum, breaking the mechanism of British perpetuation of their organic unity
  46. 46m Thomas Jefferson addressing the Educational Perennialists of his day, accepting the theory before inspection, condemnation prior to observation, “putting your logic before your grammar” as Jan Irvin says
  47. 47m Education as a tool of creating culture, its how the state reproduces itself, “reality” filtered through he prescribed rhetoric of the state,
  48. 48m Ignatius Loyola, Alumbrados, the Spiritual Exercises of Ignatius Loyola as the origins of the esoteric organic unity progressed by the Jesuits, various flavors of organic unity (various empires through time), sacrifice of the individual to the state
  49. 49m Bavarian Illuminati, Thomas Paine, Nicholas Bonneville, and connections to the origins of America, May 1, 1776, Adam Weishaupt (1911 Encyclopedia Britannica entry for Illumati), Baron Adolph ‘Philo’ Knigge as Weishaupt’s #2 in the Bavarian Illuminati
  50. 50m Bavarian Illuminati as intellectual group fighting against organic unity and divine right of kings in Europe. “Philo’s Reply to Questions Concerning His Association with the Illuminati” Reply by Jeva Singh Anand reveals the personal conversations between Adam Weishaupt and Baron von Knigge prior to Knigge’s resignation from the Bavarian Illuminati and the promotion of revolutionary publisher J.C. Bode.
  51. 51m Thomas Paine’s references to Samuel Prichard’s “Freemasonry is based on the foundation of the Liberal Arts” quote, Illuminati as a system trying to do away with the state, Isidore of Seville and the creation of civil polity by limited education
  52. 52m Bavarian Illuminati vs. Religion and the State, Freemasonry as the genitalia of the state and the injection of organic unity throughout indigenous populations, Illuminati plans to use for the state to reproduce itself via taking over Freemasonry.
  53. 53m the Strict Observance Lodge of Freemasonry in Bavaria, Degree Systems above traditional York Rite degrees, transcending nationhood. Reinhard Koselleck’s “Critique and Crises : Enlightenment and the Pathogenesis of Modern Society” (published by M.I.T.) on Freemasonry and creating organic unity
  54. 54m Original members of the Illuminati influencing American education, The Ultimate History Lesson with John Taylor Gatto
  55. 55m Juxtaposing internet lore vs. actual artifacts and evidence of the Bavarian Illuminati, similar to Jesuits in seeing value of controlling education, 1610 Wood Manuscript (The Hiram Key by Lomas and Knight)
  56. 56m Individual Liberty based on that which exists vs. irrational illusions of Authority, Bonneville, Jefferson, and the unknown history of Bavarian Illuminati influence in America’s origins.
  57. 57m Social Circle Freemasonic Lodge, papers published by J.C. Bode of the Bavarian Illuminati, promoted after Knigge’s resignation, connections to Prussian education.
  58. 58m Johann Fichte’s references to Johann Pestalozzi’s organic unity method of schooling and creation of the Prussian education system, giving birth to Romantic Nationalism as opposed to the Jeffersonian ideas of nationhood.
  59. 59m Milton Peterson’s works on Thomas Jefferson, rejection of classical forms of the Trivium as being connected to the Great Chain of Being, i.e. a caste society subjugating individuals to illusory authority
  60. 1h1m ideas of creating a balanced government based on first principles subject to existence, not dogma; derivative proofs of non-aggression undermined by changes in education system which Jefferson feared, J.J. Rousseau, John Locke, The Meaning of Meaning, particularity and universiality, from Charlemagne through to the 21st Century.
  61. 1h5m Jefferson displacing the Classical Trivium at the University of Virginia, Jefferson laments genocide of indigenous languages and loss of etymology.
  62. 1h6m encryption of language enables selective power transfer
  63. 1h8m how to preserve the first principles which inspired the Constitution
  64. 1h10m Ben Franklin’s education in the liberal arts and secret societies
  65. 1h11m parallels of Isocrates and Freemasonic organic unity, “Builders of Empire” as blueprint for how Freemasonry assumes authority throughout the world
  66. 1h14m philosophic corruptions of reality, claims of authority break down under scrutiny and defined terms, taboo to discuss because you might perceive the ruse of organic unity
  67. 1h15m Thomas Jefferson displaces classical Trivium as being tied to the Great Chain of Being
  68. 1h16m Legacy of Alcuin of York, creating a duality in Christianity, “othering” of the natural world, Basil Bernstein’s work on the classical Trivium, Noah Webster, John Adams, Thomas Paine, Emerson and Thoreau, Rousseau’s social contract, liberal arts as chains of garland flung over reality, Bavarian Illuminati
  69. 1h17m Epistemological cartoons instead of getting into the details and artifacts, Techne (Technology) as a Craft to propel Culture (see: Freemasonry), Thomas Paine quote on education and knowledge of language vs. knowledge of things, Syntax and Statecraft in history
  70. 1h18m Destutt De Tracy “Elements of Ideology”, science of ideas from Condillac’s Statue of Man, solidifying a science of ideas to map out human resource control
  71. 1h19m Destutt De Tracy: how to define and identify in order to think clearly and progress to understanding
  72. 1h20m Prussian Nationalism, Hegel and the obsolescence of the Divine Right of Kings and “Authority” in general, discovering that life is not how we were taught it is as a result of the Prussian education system changing America away from natural rights liberalism
  73. 1h21m systems of natural rights and state education are not compatible
  74. 1h22m unitary education by congress is in direct contradiction to the founding principles of America, collectivism, pre-amble missing from Constitution, ambiguity therefore included unnecessarily
  75. 1h24m Classical Trivium imparting language without defense against unreality, thus creates a system of control
  76. 1h25m without defense against unreality, society becomes skewed and actions in conflict with needs of survival, as a result of Enkyklios Paideia introduced into England by the Venetian Black Noblity
  77. 1h26m Webster Tarpley’s 1981 article on the Venetian Black Nobility, how to fill in the blanks when history has been purposely omitted, creating cognitive dissonance
  78. 1h28m Wilhelm Wundt and the “Clockwork Orange” mentality of treating people as mechanical toys, to be manipulated; and how asking questions is the key to circumventing Wundtian control systems
  79. 1h30m Frederick the Great and the Gymnasium of Prussian Education, Obama’s recent references to the value of Prussian industrial training
  80. 1h31m John Taylor Gatto’s “Underground History of American Education” referring to Prussian indoctrination methods being used in America, Prussian principles displace American first princples imparted in Constitution
  81. 1h32m Prussian education creates a strong nationalistic fervor, at behest of “national” interest, parallels between Nazi Germany and America today via the Prussian education system
  82. 1h33m Frederick the Great, Freemasonry, Education, and Illuminati connections; going after our youngest through compulsory schooling, creation of schooling in America by secret societies
  83. 1h34m Frederick the Great May 1, 1786 creating constitutions of Freemasonry, similar degrees to draw people into the Illuminati plan by imitating Freemasonry
  84. 1h35m Reworking masonic texts to re-present the ideas to foment revolution, Amis Reunis, Lodge of the Nine Sisters, and the Social Circle, French Revolution, Congress of Wilhelmsbad, Baron Knigge and the attempts to recruit powerful figures into their stable of talent. Hegel, Herter, Mozart, Goethe, Zeitgiest (spirit of the age)
  85. 1h36m origin myth of the Nine Muses / Nine Sisters lodge of Freemasonry in France
  86. 1h37m Rev. George Washington Snyder letter to George Washington, Oct 24, 1798 regarding the Bavarian Illuminati, spores dispersed into America, Anti-Freemasonic Party to drive Freemasons from power
  87. 1h38m Cecil Rhodes and fellow Freemasons creating British organic unity via a Secret Society based on the methods of the Jesuits (Ratio Studiorum)
  88. 1h39m Ben Franklin and the Lodge of the Nine Sisters, representing the Nine Muses (9 liberal arts) as set down by Martianus Capella, Destutt De Tracy, Voltaire members of the lodge, Jefferson’s rejection of their first principles, Positive vs. Negative origins of Government
  89. 1h40m Napoleon rejected the first principles as Jefferson did, Destutt De Tracy deposed from his educational system, Grammar, Logic, & Ideology (instead of rhetoric)
  90. 1h41m Jefferson’s own contradictions (not perfect) but noted the success of America dependent on independence from British linguistic controls
  91. 1h42m Cecil Rhodes and the Jesuits, organic unity common to plans of monopoly, power, and empire, tracing back to the Indian (of India) monitorial schools (pedagogical control of group by authority at the front of the room), another brick in the wall as the craft of masonry
    1. Cecil John Rhodes PC, DCL (5 July 1853 – 26 March 1902) was an English-born South African businessman, mining magnate, and politician. He was the founder of the diamond company De Beers, and an ardent believer in British colonialism, he was the founder of the state of Rhodesia, which was named after him. He set up the provisions of the Rhodes Scholarship, which is funded by his estate. Rhodes and his legacy are memorialized in the 1966 textbook “Tragedy and Hope: A History of the World in Our Time” by Dr. Carroll Quigley, professor at Georgetown’s School of Foreign Service.
  92. 1h43m Cecil Rhodes goal to change American Constitution to bring America back under control of Britain by rings-within-rings, using Rhodes Scholars to create organic unity.
  93. 1h43m Cecil Rhodes plans grow roots in America, proliferating Anglo-Saxon Nationalism (everyone else was a “barbarian”)
  94. 1h44m Equal rights only for “civilized” men (positive rights) vs. natural rights inherent to all human beings
  95. 1h45m Cecil Rhodes Last Will and Testament, seeking to decontextualize the history and create amnesia in the American polity
  96. 1h46m Cecil Rhodes’ band of merry men, bring in Prussian ideals via Rhodes Scholars, creating a spacial-temporal consciousness shift
  97. 1h47m Carroll Quigley’s books addressing Rhodes and organic unity (Evolution of Civilizations, Tragedy and Hope: A History of the World in Our Time, The Anglo-American Establishment), Porter Sargent’s books on the same topic
  98. 1h48m Clarence Streit’sUnion Now” plan to merge America with Britain, Andrew Carnegie’s “Triumph of Democracy”, Linus Pauling’s “Union Now” speech, Harris Wolford of the SDS (Students for