June 9th, 2010
Here’s an email recently sent to a bank with a serious security problem and a lack of concern for their clients. They’ve been made aware of this in the past year or so at least twice and they still choose to ignore it. I find it as a IT security professional disturbing.
(Some components of the email have been removed for privacy and security purposes; These are clearly marked.)
“Dear Internet Fraud Division,
Why do you not digitally sign your Main login page at BBT.com with a Digital Certificate via SSL/TLS? In short why don’t you follow your own
security guidelines (see quote below). Having such a certificate from a company such as Verisign serves primarily one interest; authenticating yourself to your users. It is also the foremost way in which to PREVENT Phishing. And in our day with
DNS poisoning it also provides significant aid. You already possess a EV Class 3 Verisign Certificate and sign the page you get in case you
mistype your password; Why not sign the main login page. (In fact the
sole reason EV certificates were created was to make it easier to authenticate yourself to your clients visually.) Notice the authorities comments below.
“If you initiate a transaction and want to provide your personal or financial information through an organization’s website, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”).”
Source-Federal Trade Commission’s “On Guard Online” Program
http://www.onguardonline.gov/topics/phishing.aspx
“Only enter personal information on a secure Web site…When entering personal data at a Web site, look for a “locked padlock” in the browser or “https” at the beginning of the Web site address to make sure the site is secure. “
Source- Better Business Bureau
http://www.bbbonline.org/idTheft/phishingScams.asp
“The term “https” should precede any web address (or URL) where you enter personal information. The “s” stands for secure. If you don’t see “https,” you’re not in a secure web session, and you should not enter data.”
Source- PayPal an eBay Company
https://www.paypal.com/cgi-bin/webscr?cmd=xpt/cps/securitycenter/general/RecognizePhishing-outside
“Look for ‘https://‘ and a lock icon in the address bar before entering any private information.”
Source- University of Georgia “Office of Information Security”
https://infosec.uga.edu/sate/phishing.php
NOTICE WHAT YOUR OWN SITE SAYS
“You can tell your online session with BB&T is secure through the following:
* An unbroken key or a locked padlock icon will appear at the bottom of your browser screen.
* The website address at the top of your browser screen will change from “http” to “https”. “
Source- Yourself
http://www.bbt.com/about/privacyandsecurity/onlinesecurity.html
As a IT Security Professional I understand that there are always weakness and methods of exploitation; but each layer of security helps our clients and adds to security. Please resolve this issue… Its just not a poor choice on your part… its probably liable.
Sincerely a Disappointed Customer,
<Name Removed for Privacy>
PS- All the following banks do what you don’t…
https://www.bankofamerica.com
https://www.suntrust.com
https://www.wachovia.com/
https://online.citibank.com “
Posted in Uncategorized | No Comments »
April 1st, 2010
(Update: Correction 4/1/10 3:50 EST)
After using the iPhone for several months as a low-vision user I’ve found it a pleasing experience. As an IT professional I of coarse find the closed nature of the device a bit frustrating but the accessibility really sells me on it. The iPad in many ways is the same OS with the same accessibility features. (According to the documentation.) The Zoom feature and VoiceOver are on the device which I’ve found pretty functional. As a IT Pro an as a low-vision user though when it comes to a desktop adhoc replacement like the iPad I’m wondering about the customizable nature of the device. But on a desktop or laptop I’m using hotkeys and other features but the iPad being a touch device really kind of changes my typical habits. What really makes the iPad more than the iPod Touch is that the Apple suite for documents is included and the ibook application.
How this makes its self compelling is the cost to those with accessibility needs. For $500 bucks or so you get the hardware, OS, OS Accessibility tools, and software suite (iWorks) [Correction-Actually the whole suite cost about $30 or each program runs about $9.99]. Now try and do that with a Microsoft Windows system. The hardware with OS will run you anywhere from $250-500. Then you have to buy something like ZoomText for around $395. And if you needed a VoiceOver text-to-speech like software then you’d probably need to buy Jaws™ there’s a couple hundred dollars more. We haven’t even mentioned the cost of buying Microsoft Office. So to have the same abilities with the same accessibility you’d have to spend probably over a thousand dollars.
I’d imagine the iPad will disappoint you as a desktop replacement. However, if you needed a portable laptop-like device the iPad has some real cost advantages. Hopefully I’ll get a chance to play with one at some point to give some more in-depth information of the accessibility features.
Zoom on iPad
Posted in Accessible Tech | No Comments »
March 22nd, 2010
-Updated-
I’ve been mentioning Apps connected to the iPhone and features. I was recently questioned at a conference in Roanoke, Virginia, and was questioned about the iPhone. Most folks were wondering where I found out about this device. Here’s an email I wrote an engineer in the industry who wanted to know some more info.
—————
So_An_So,
Here’s that data you wanted.
Main Apple Page about iPhone Accessibility
http://www.apple.com/accessibility/iphone/vision.html
Zoom Application Page (Bear in mind there’s over 100,00 apps on the iTunes store and at least 20 Magnifier apps some are free some are maybe $1.99 or something)
http://www.objectgraph.com/apps/Magnifier-Free.html
There’s other Apps for magnification that I’m sure are better on the store (like I said that take photos I used one for a while). If you needed to take a look at some of them you could use an iPhone app search-engine site (I have one listed below) or you could just install iTunes (free) and browse the online store. Just type in magnify or magnifier and then narrow your category down to Applications or Apps in the pane that shows up in the left hand side of the window.
http://iphoneapplicationlist.com
Other applications I’ve used on the iPhone that I’ve found helpful are a BigNames a Contact manager that I use to dial friends (Link below). And DragonDictate App which transcribes your voice so you can text it or email a message to someone. Of coarse the keyboard on screen can be used with the TTS VoiceOver feature of the phone, there’s a cool vidoe showing you how to do this (See Link below)
BigNames App
http://iphoneapplicationlist.com/app/bignames-large-text-contact/id305591358/
Dragon Dictate App
http://iphoneapplicationlist.com/app/dragon-dictation/id341446764/
Video on How to Use TTS VoiceOver feature with you Keyboard
http://www.apple.com/iphone/iphone-3gs/accessibility.html#video
Hope that helps So_An_So. Don’t forget the iPhone has an iPod built in or MP3 player , a voice memo feature, and Voice Control features. And of coarse it has GPS which I’ve never used with the maps much to see if it could work well for the non-sighted. Bear in mind that the iPod touch can do almost all the same stuff but for the time being doesn’t have a camera but rumor is it will soon. The Apple iPad also has the same built in accessibility features as the iPhone and can run the same apps, however it too doesn’t have a camera yet. There is also a Kindle app where you can buy digital books off Amazon but I’ve never tried it with the TTS VoiceOver on the Phone. Hope that helps let me know if you go any questions and I’ll try an help if I got the answer.
-David Ward
—————-
In this email I mentioned the acronym TTS which stands for “Text-to-Speech”.
If you have any questions ask me at the following URL.
http://www.mahalo.com/member/dward
Posted in Accessible Tech | No Comments »
March 5th, 2010
The Dragon Dictate App on the iPhone seems to be a nice fit for those with low vision needs but falls short for those who depend on VoiceOver.
After agreeing to the Privacy and other agreements the App is pretty simple. You launch it it prompts you to tap to start recording. You do so and then simply tap the large red button on the bottom of the screen to stop the recording. It works a little bit and shortly there after you have a transcription of what you said. Using the Zoom feature its pretty easy to preview. Then simply tap the button in the bottom left hand corner and it will prompt you to send this via Email or Text Message. Its simple its fast and elegant for those using the Zoom Feature.
Unfortunately the App hears the VoiceOver or TTS engine and transcribes part of the prompts making the App less than ideal for VoiceOver users. But with a little improvement it could work and be a powerful tool.
For more see link.
http://www.geeky-gadgets.com/dragon-dictate-iphone-app-08-12-09/
Posted in Uncategorized | 1 Comment »
February 7th, 2010
I mentioned in my last post an app I used for my address book called “BigNames”. As a low vision user such an app is invaluable.
I say so because sometimes using the Zoom or VoiceOver gets in the way when your trying to move fast… Put it simply all the kinks aren’t worked out yet. But you can do about anything one way or another. Here’s a few examples of what I mean by kinks.
Zoom-
1. When your phone is locked and you receive a call its a total pain to answer. Cause you have to slowly drag the magnification window to the slider to unlock. The work around that should exist is this; Apple or and App via SDK should allow you to answer the phone with the push of a button. Or Zoom could auto-move to the slider or if the button feature was enabled it could go automatically to the Caller ID section of the screen.
2. Zoom doesn’t work with the keyboard. Period… If they made the Zoom go into a kind of VoiceOver double tap mode while a keyboard is active it could work but as it is its unusable.
-VoiceOver
1. You have to double tap to answer. (a Pain) A simple button answer via a mechanical key would be great. Plus I don’t need to hear it audibly announce it unlocked it distracting when I’m trying to listen. I understand the need for it still to talk to me like if I need to push the mute button.. But really couldn’t we use a mechanical button for some of these options. I don’t know its all in all pretty good in this arena.
2. WebApps break. I don’t know why but with the Google Voice Web App I can’t select certain buttons and I have no audible notification except like a rejection sound. I can understand if the page isn’t tagged right but why can’t I tap it… I mean I can see good enough to tap it but with VoiceOver I can’t even activate the button. Without VoiceOver with Zoom it works!! Go figure.
Anyhow I’m researching apps that mod sounds and help with texting or making things bigger. If you got any ideas let me know. Next time I hope to discuss some of my findings.
Posted in Accessible Tech | No Comments »
January 22nd, 2010
After much research I ended up getting an iPhone 3Gs. I was immediately overwhelmed with new features and tools. While the phone has a wonderful TTS (Text-to-Speech) engine it is not always intuitive. Ironically the best guide to use the tool, primarily a tool for those lacking functional sight, is a video on Apple’s website. The Zoom feature is profoundly useful but of coarse it takes a while to get use to it. It all boils down to functionality. If I have to tap the screen 20 times to get to a contact then is it really useful?
Since the iPhone allows me to see my screen or listen to text messages something I haven’t been able to do for ten years I’m grateful for the oppertunity to use such a tool. So below I plan to walk you through what I’ve learned in the past few days.
Namely Apps are the big thing you need to know about as a Low Vision User and unfortunately there’s not a lot to say. But it could be a problem of “filter” failure. That’s to say with tens of thousands of apps it is possible for the accessibility apps to get lost. And there is really no functional catagory for such apps.
Anyhow I came from a phone that used a T9 keyboard just numbers and function keys. In the old days I just punch the address book button, an then hit the appropriate T9 keys. ( “1″ for example is linked to “ABC” hence with that one key I could get to those names beginning with those letters). There are T9 applications on the iTunes store but I couldn’t seem to find one that had big text although it could be variable. For the the pocket change it costs to buy and app it might be worth just trying it out.
Address book and Zoom. While the Zoom works with the built in Address book i find it time consuming and you can navigate to a specific letter quickly. There is a alphabeta on one side but I find it too troublesome to use. Its a lot of dragging and its hard to explain it takes a lot of time.
Good news is there’s an App called “BigNames”. Its a dollar or two but so far worth it. It blows the address book names up to a manageable size (Probably about 5 names per page). It can work in lanscape and functions the same as the default contacts in skimming the contacts. What’s really great is you can tap and hold and drag (along the right side) to go through every letter to quickly navigate you contacts. Downsides it doesn’t allow you to add/edit contacts and it doesn’t allow you to alter the font size, color, etc. But its something and thank goodness.
I’ll let you know about another great app soon. Thanks for reading.
Posted in Uncategorized | No Comments »
January 2nd, 2010
While Google’s Android 1.6 introduced a new accessibility feature that helps those that are totally Blind it lacks some of the accessibility functionality of the iPhone. The TTS (Text-to-Speech) features of the Android are compelling yet isolate low-vision users who can still use and prefer to use visual tools. The iPhone implements a Magnifier utility which is limited in functionality but is simply a feature that Android has yet to implement. If anyone has heard however of a project or app that is working to resolve this feature please fell free to contact me or post to this blog. (See Links below)
http://googleblog.blogspot.com/2009/10/more-accessibility-features-in-android.html
http://www.apple.com/accessibility/iphone/vision.html
Posted in Accessible Tech | No Comments »
January 1st, 2010
Brian Krebs’ blog Security Fix has closed it doors but Brian has opened a new blog. See the link below.
http://www.krebsonsecurity.com
Posted in Uncategorized | No Comments »
September 11th, 2009
1.0 Network Technologies
1.1 Explain the function of common networking
protocols
• TCP (Transmission Control Protocol)- Part of the TCP/IP suite which is a protocol suite used for the internet. This protocol can be used in other networks as well. This particular part of the suite is connection oriented where two systems perform a three-way handshaking session and establish and open dialog with other. This is the underlying protocol for webpage requests via HTTP and even secure HTTPS. Many other protocols utilize this part of the TCP/IP suite. The Transport Layer-(Layer 4 of OSI Model)-Lowest level that has user services to layers above.
Also has the following responsibilities.
-Error free data transfer. Breaks up and reassembles
data in large packets for transmission purposes. Packet
composition dependant on protocol.
-Sequencing for upper layers occurs here
-Flow control for the protocol in use
-ACK(Acknowledgement) of transfer or receipt of data
-For Additional Info.
• FTP (File Transfer Protocol)- An
ancient file transfer protocol, as the name implies this allows the transfer of
Binary and ASCII character files (more about format types).
FTP operates on a client-server model in which a client authenticates itself to
the server in order to download or upload files. While this protocol is
incredibly fast and often used on the internet it has tremendous security
problems since there is no encryption model to protect the login credentials or
session. Hence for those who desire privacy and protection of data and data
transmission SFTP (SSH FTP), FTPS (FTP SSL), and/or FTP via a VPN style tunnel are often used. FTP can often be run via most Operating Systems via a command line utility or the browser.
• UDP (User Datagram Protocol)- Component of the TCP/IP suite. Utilizes IP
packets to send datagrams without any prior handshaking or prior established
communication. UDP focuses on less overhead and speed of the packet
being sent. Hence UDP packets can be duplicated, out of order, or lost all
together. They are stateless and if integrity needs to be maintained it must be
at a higher level or application. UDP can multicast. (Note: For More Info.)
Services that use UDP include DNS, VoIP, SNMP, DHCP, and
RIP.
• TCP/IP suite (Transmission Control
Protocol / Internet Protocol) This suite of protocols are the backbone of
internet communication. It supports session communications via TCP and
stateless multicasting capable services and protocols via UDP. Services and
Protocols that operate over the TCP/IP suite include but are not limited to:
DNS, SMTP, POP, VoIP, HTTP, HTTPS, FTP, SSH, and
Telnet.
• DHCP (Dynamic Host Configuration Protocol)- A protocol designed to assign configuration information to a client. A UDP datagram is sent via the client to the DHCP; this is a network wide broadcast (255.255.255.255) since the client doesn’t know the DHCP servers address. The server responds by using the clients MAC address. (Note: More
info)
• TFTP (Trivial File Transfer Protocol)- Was orginially designed as a
light version of FTP. It uses UDP instead of TCP; which FTP uses. Does not
support directory listing features nor does it support a
authentication mechanism. It simply allows read and write access.
• DNS (Domain Name System)- A system by
which UDP is used to query a server based directory of domain names to find a matching IP or IP pool such that the client’s application (ie-
browser) can create an association of the domain to the IP address. (example: yahoo.com = 143.134.343.3) This is necessary
because domains are not functionally routing addresses but IPs
are. The DNS system as a whole is a rather complex hierarchical
naming system. This system as a whole would take pages to write; for the time being remember it is a functional system but as has been recently discerned it is old and its methodology predates a comprehensive security approach to internet
communication. For this reason there are proposals such as DNSSEC.
Posted in Free Tech Education | No Comments »
September 7th, 2009
The Network+ examinations have changed a little since I took it. So we’ll take it one step at a time. The current exam is based on the 2009 Objectives. These objectives are listed below from the CompTIA outline. My commentary is in bold. If you have questions as the coarse proceeds please contact me. Not sure what’s the best way to do that yet but I can be contacted on www.mahalo.com or through the Responses you post. As of yet I haven’t received a single contribution but feel free to buy me a Red Bull. Or on Mahalo I can be payed for my answers to questions so that may be a useful resource.
CompTIA Network+ (2009 Edition)
Domain % of Examination
1.0 Network Technologies 20%
This includes Protocols; and Wireless communication
2.0 Network Media and Topologies 20%
This includes Physical Topologies and logical ones; So wires, connectors, broadband technologies.
3.0 Network Devices 17%
Hardware routers, servers, etc.
4.0 Network Management 20%
OSI Model, Networking diagrams, QoS, packet-sniffing, etc. All sorts of fun stuff.
5.0 Network Tools 12%
Software tools, port scanners, cable testers, etc.
6.0 Network Security 11%
The really cool stuff. IDS, VPN, Firewalls, etc.
Total 100%
Let’s rock a roll.
Posted in Free Tech Education | No Comments »
