CertDoctor

Here’s an email recently sent to a bank with a serious security problem and a lack of concern for their clients. They’ve been made aware of this in the past year or so at least twice and they still choose to ignore it. I find it as a IT security professional disturbing.

(Some components of the email have been removed for privacy and security purposes; These are clearly marked.)

The Dragon Dictate App on the iPhone seems to be a nice fit for those with low vision needs but falls short for those who depend on VoiceOver.

After agreeing to the Privacy and other agreements the App is pretty simple. You launch it it prompts you to tap to start recording. You do so and then simply tap the large red button on the bottom of the screen to stop the recording. It works a little bit and shortly there after you have a transcription of what you said. Using the Zoom feature its pretty easy to preview. Then simply tap the button in the bottom left hand corner and it will prompt you to send this via Email or Text Message. Its simple its fast and elegant for those using the Zoom Feature.

Unfortunately the App hears the VoiceOver or TTS engine and transcribes part of the prompts making the App less than ideal for VoiceOver users. But with a little improvement it could work and be a powerful tool.

For more see link.

http://www.geeky-gadgets.com/dragon-dictate-iphone-app-08-12-09/

After much research I ended up getting an iPhone 3Gs. I was immediately overwhelmed with new features and tools. While the phone has a wonderful TTS (Text-to-Speech) engine it is not always intuitive. Ironically the best guide to use the tool, primarily a tool for those lacking functional sight, is a video on Apple’s website. The Zoom feature is profoundly useful but of coarse it takes a while to get use to it. It all boils down to functionality. If I have to tap the screen 20 times to get to a contact then is it really useful?

Since the iPhone allows me to see my screen or listen to text messages something I haven’t been able to do for ten years I’m grateful for the oppertunity to use such a tool.  So below I plan to walk you through what I’ve learned in the past few days.

Namely Apps are the big thing you need to know about as a Low Vision User and unfortunately there’s not a lot to say. But it could be a problem of “filter” failure. That’s to say with tens of thousands of apps it is possible for the accessibility apps to get lost. And there is really no functional catagory for such apps.

Anyhow I came from a phone that used a T9 keyboard just numbers and function keys. In the old days I just punch the address book button, an then hit the appropriate T9 keys. ( “1″ for example is linked to “ABC” hence with that one key I could get to those names beginning with those letters). There are T9 applications on the iTunes store but I couldn’t seem to find one that had big text although it could be variable. For the the pocket change it costs to buy and app it might be worth just trying it out.

Address book and Zoom. While the Zoom works with the built in Address book i find it time consuming and you can navigate to a specific letter quickly. There is a alphabeta on one side but I find it too troublesome to use. Its a lot of dragging and its hard to explain it takes a lot of time.

Good news is there’s an App called “BigNames”. Its a dollar or two but so far worth it. It blows the address book names up to a manageable size (Probably about 5 names per page). It can work in lanscape and functions the same as the default contacts in skimming the contacts. What’s really great is you can tap and hold and drag (along the right side) to go through every letter to quickly navigate you contacts. Downsides it doesn’t allow you to add/edit contacts and it doesn’t allow you to alter the font size, color, etc. But its something and thank goodness.

I’ll let you know about another great app soon. Thanks for reading.

Brian Krebs’ blog Security Fix has closed it doors but Brian has opened a new blog. See the link below.
http://www.krebsonsecurity.com

Very Interesting Investigative Journalism by Brian Krebs:

LINK
Interesting development in the SSL/ TLS certificate space.
LINK

“Let your plans be dark and as impenetratable as night, and when you move, fall like a thunderbolt.”
-Sun Tzu

QUESTION:
Anyone know about a biometric identification system that can work for all? I read somewhere that Iris detection can’t properly identify certain individuals with eye disorders or who are blind?

ANSWER:
I haven’t researched this but as a rule any biometric security device is dependent on individuals having those parts to measure or scan for unique characteristics. If your disabled or in some way an can’t use that kind of device then I guess that’s an obvious downside but then again the nature of biometrics. I’d just implement a token system for those that couldn’t use a a biometric scanner (such as the one linked below) which is an OTP (One Time Token) system.

PS- A good biometric solution does not violate privacy in any way the unique characters that are scanned are turned into a quantifiable data or code that is run through a hash witch is non-reversible. And the hash is stored not any photo or any thing like that.

By the way I’m a disabled IT Security Professional.
Source(s):
https://store.yubico.com/

QUESTION:
Anyone know what a shared secret is when using a VPN on Mac?

ANSWER:
Not entirely sure. I assume if its like a shared key on a Wifi router. In such a case a shared key or secret is a code or password that is used to generate the symmetric encryption key. The key or secret is shared offline generally although you could share it some other way.
Source(s):
http://en.wikipedia.org/wiki/Shared_secret

QUESTION:
What is the quickest way to move files from one hard disk to another – it tells me it will take 1078 hours to transfer 27GB – sounds wrong. (What to do?)

ANSWER:
If that’s the Microsoft copy tool built into windows then yes its probably wrong. I use TeraCopy for big copy routines especially since Windows is known for skipping files or hitting a road block and not telling you what caused the problem or where to resume. TeraCopy was recommended on the TWIT podcast network by Windows Weekly. Links below and I beleve you can find the file on CNET downloads as well.

With this said if your trying to copy a drive that you boot off as a whole that won’t work. Some of the files for Windows are active. You’d have to boot of something else like your second drive and start the copy routine from there.

Fastest Option: Drive imaging is the fastest option or drive cloning. This for what you stipulated would take 20-45 minutes. (Norton Ghost can image not sure about cloning)
Source(s):
http://www.codesector.com/teracopy.php
http://www.winsupersite.com/paul/podcast.asp

Unless I get a lot of comments or Red Bulls I’m probably not going to update the Network+ Notes at this time and instead focus on presenting my notes and insights on the CTT+ exam first. I could however probably be talked into releasing my old Network+ notes. Thanks for the feed back and below is a sample of my old notes.

Sample of Notes: (Outline Components come from the Original Outline from CompTIA)

I.1.3 Associate IPX, IP, and NetBEUI with their functions.
IPX- (Internetworking Packet Exchange) Is part of the SPX/IPX protocol suite designed by Novell. It is a routable and connectionless oriented protocol. This protocol operates at the Networking layer of the OSI model and is responsible for addressing for nodes using SPX/IPX suite. IPX addressing is always dynamic and can not be manually configured because the address is partly composed based on the NIC’s (Network Interface Card) MAC (Media Access Control) number, the network number, and the socket number. When conflicts arise due to MAC address duplication on the network the network card will need to have its MAC address reconfigured. Contact the manufacture.
IP- (Internet Protocol) is part of the TCP/IP suite. This to is a connectionless oriented protocol.

I.1.4 Define the following terms and explain how each relates to fault tolerance or high availability:
• Mirroring
Mirroring- is duplication of a drive namely from one to another. This allows for one drive to fail and for the other mirrored drive to take over. Keep in mind mirroring only uses one disk controller so if the controller burns out you have a problem. First supported by RAID(Redundant Ray of Independent Disks) 1. (RAID will be explained shortly.)
• Duplexing
Duplexing- Simply put it is mirroring with a second disk controller. So that not only do you have fault tolerance on your drives but also for your controllers. Supported first by RAID level 1.
• Striping
Striping- This process only improves performance by itself. Striping allows for a volume of data to be spread out across multiple drives in by breaking it. Until striping a volume across multiple drives meant that each drive had to be filled up in order. So only one set of Read/write heads was active at one time, but with striping all read/write heads are active which improves overall speed. This striping only helps with fault tolerance when used with parity. RAID level 2 first supported data striping with a drive dedicated to parity information. (A brief explanation of
• Volumes
Volumes- Is a defined section of disk space. This can include a portion of a disk, the entire disk, or multiple disks. These are then given logical names for your convience such as (C,D.E drives and etc.).
• Tape backup
Tape backup- Oldest and most common form of removable backup media. Pros- simple to use, inexpensive, and high capacity. The following is a list of common types of tapes used and there storage capacity.
QIC 100MB+
DOS Cartridges for DAT drives 1GB+
DLT 35GB+
AIT 25GB,50GB
Types of backups are as follows with an explanation.
*Full- Simply backups up all data on a drive(s) specified. Note: takes the longest period of time to backup or restore. If multiple tapes are going to be needed an autoloader(such as a DAT autoloader) that loads to tapes after each is filled could be useful. Verse, having someone come by the station every few hours and see if a new tape is needed.
*Differential- This is used in conjunction with a full backup. A differential backup simply backups all files that have modified since the last full backup. The archive bit is utilized by the NOS to indicate the appropriate files to be backed up. During a full backup all files have their archive bit cleared.
*Incremental- This is used in conjunction with a full backup. A incremental backup backups all files that have changed since the preceeding full backup or incremental backup. Thus it backups all files that have changed then it clears those files archive bit.
***Usually all three methods are used together but they can be.
For simplicity here is what your would do if you needed to restore a server. Left to right indicates which to to restore first.
/Full Restore while using (full & incremental backups)
Full + All Incrementals up to the date of crash = Full Restore
/Full Restore while using (full & differential backups)
Full + Most recent Differential = Full Restore
/Full Restore while using (full, differential, & incremental backups)
Full + All incrementals + differential if it was the most recent backup = Full Restore

——-
“Computers are useless. They can only give you answers.”
-Pablo Picasso

This exam has changed since I took it but I plan on incorporating the new objectives into my FREE training. Here’s the basics.

This certification is for IT Professionals who want to specialize in networking technologies. It basically certifies you as a network technician and a entry level network admin. You’ll learn cabling, protocols, server layouts, security implementations, and much more. Check out more about the cert.

http://www.comptia.org/certifications/listed/network.aspx