Tag Archives: Cisco

MCITP, mcitp certification, MCITP Training, MCSE, MCSE Certification, MCSE Training, MCTS, MCTS Certification, MCTS Training, Microsoft

Microsoft says no more Zunes, it’s all about the phone now

Microsoft will make no more Zune music players, building its future music strategy on applications incorporated in its Windows Phone and Xbox platforms, the company has confirmed.

MCTS Certification, MCITP Certification

Microsoft MCTS Certification, MCITP Certification and over 2000+
Exams with Life Time Access Membership at https:://www.actualkey.com

Rumors circulated in March that Microsoft planned to stop making dedicated music players, but the company ducked the issue then, saying this year’s new Zune devices would be mobile phones running Zune software. It went on to release a trickle of applications for the Zune platform later in the year.

The company has now updated a help page at Zune.net to announce: “We will no longer be producing Zune players.” Instead, the page said: “Going forward, Windows Phone will be the focus of our mobile music and video strategy.”

However, this will make no difference to current Zune users, the company said on the support page: “Your device will continue to work with Zune services just as it does today. And we will continue to honor the warranties of all devices for both current owners and those who buy our very last devices.”

Microsoft launched the first Zune players and Zune Marketplace music store on Nov. 14, 2006, as a challenge to Apple’s iPod player and iTunes music store.

However, Apple moved the goalposts a couple of months later with its Jan. 9, 2007, announcement of the iPhone, a widescreen iPod that could also make phone calls and surf the Web.

It took Microsoft three years to follow suit. When it announced Windows Phone in February 2010, one of the features of the new mobile OS was a Zune music player app. It’s also possible to access Zune music and video via Xbox Live, Microsoft’s online service for its Xbox 360 game console.

Sales of the Zune have consistently trailed far behind those of the iPod. While not a definitive ranking, the list of best-selling MP3 players at Amazon.com is telling: Nine of the 10 best sellers are iPods (Sandisk has a $40 Sansa model in eighth place) and the first Zune device now appears at number 24, preceded by 16 iPod variants.

CCNA, CCNA Certification, ccna exam, Cisco

Certs: Added value or minimum requirement?

I’ve got a Bachelors Degree in Information Systems Management, my Certified Information Security Systems Professional (CISSP) certification, the SANS GIAC Systems and Network Auditor (GSNA) certificate and I used to be a CCNA.   I spent two years getting my B.S. by attending night courses, the CISSP took me 6 months of constant study, the GSNA required a week’s worth of intense instructor lead study, and I spent the better part of a school year taking the official Cisco course work at the local junior college before taking the test.  And with the exception of the CCNA, the time I spent earning my degree and getting my certifications was aimed strictly at filling in a check box on an HR person’s list rather than learning something.  Not to say I didn’t learn something in studying for each, but my goal was fulfilling a job requirement instead of education.

I have mixed feelings about certifications in the IT and security professions; certifications show that someone has the minimum knowledge required to pass a particular test.  It shows they understand their profession well enough to know what certificates are going to be required to get a job in their field.  It shows that the person is dedicated enough to their profession to take and pass these tests.  But what it doesn’t show is real-world knowledge of security.

MCTS Certification, MCITP Certification

Microsoft MCTS Certification, MCITP Certification and over 2000+
Exams with Life Time Access Membership at https:://www.actualkey.com

Obviously I’m not opposed to certifications, since I hold several myself.  But I’ve never liked the fact that many people think certification and skills are the same thing.  The fact that having the right certification can mean a significantly higher level of pay for professionals who otherwise are of the same skill level only further complicates the situation.   It encourages people to accumulate as many different certifications as possible to help bolster their income, something I’m as guilty of as anyone else.

I remember the early days of the Microsoft Certified Systems Engineer and “paper MCSE’s” who had passed all the tests, but could barely remember how to change a password when they got their first job in the real world.  I often hear accusations that the CISSP is heading in the same direction, despite increased efforts by the ISC2 to validate candidates and  verify levels of experience.  But I think both of these miss the real point of certification; they show that someone has spent the time and effort to pass a test, not that they have the skills required to work in the real world.   After all, no one expects a kid fresh out of college to know everything about their chosen career, so why should a certificate be any different?

MCTS, MCTS Certification, MCTS Training, Microsoft

Adobe adding security, privacy goodies to Flash Player 11

Adobe’s new Flash Player 11 will include support for 64-bit exploit migitation and support for SSL socket connections.

MCTS Certification, MCITP Certification

Microsoft MCTS Certification, MCITP Certification and over 2000+
Exams with Life Time Access Membership at https:://www.actualkey.com

Battling to cope with the hacker bullseye on its back, Adobe plans to add new security and privacy features to the next iteration of its ubiquitous Flash Player, including  support for SSL socket connections and the introduction of 64-bit ASLR (Address Space Layout Randomization).

Adobe said the new Flash Player 11, expected in early October, will include the SSL socket connection support to make it easier for developers to protect the data they stream over the Flash Player raw socket connections.

[ Adobe to rush out Flash Player patch to thwart zero-day attacks ]

Flash Player 11 will also include a secure random number generator.follow Ryan Naraine on twitter

Adobe’s Platform Security Strategist Peleus Uhley explains:

Flash Player previously provided a basic, random number generator through Math.random. This was good enough for games and other lighter-weight use cases, but it didn’t meet the complete cryptographic standards for random number generation. The new random number generator API hooks the cryptographic provider of the host device, such as the CryptGenRandom function in Microsoft CAPI on Windows, for generating the random number. The native OS cryptographic providers have better sources of entropy and have been peer reviewed by industry experts.

[ Adobe admits to 80 ‘code changes’ in Flash Player patch ]

The company is also adding 64-bit support in Flash Player 11, a move that Uhley says will bring some security side-benefits.

If you are using a 64-bit browser that supports address space layout randomization (ASLR) in conjunction with the 64-bit version of Flash Player, you will be protected by 64-bit ASLR. Traditional 32-bit ASLR only has a small number of bits available in the memory address for randomizing locations. Memory addresses based on 64-bit registers have a wider range of free bits for randomization, increasing the effectiveness of ASLR.

On the privacy side, Adobe is adding a private browsing mode to allow users to stay incognito while viewing Flash files.   A mobile control panel is also being added to Android devices to easier for users to manage their Flash Player privacy settings on their Android devices.

MCITP, mcitp certification, MCITP Training, MCTS, MCTS Certification, MCTS Training, Microsoft

Microsoft delivers new Internet Explorer 10 test build for Windows 8

Microsoft released a new developer preview of IE 10 this week for Windows 8 testers only. The new platform preview can work as a plug-in-free “Metro-style” app, or a Desktop app that still supports plug-ins.

MCTS Certification, MCITP Certification

Microsoft MCTS Certification, MCITP Certification and over 2000+
Exams with Life Time Access Membership at https:://www.actualkey.com

Microsoft released this week a new test version of its Internet Explorer (IE) 10 browser that is bundled with Windows 8: Platform Preview 3 (PP3).

Like previously released Platform Preview builds, the IE 10 PP3 is aimed at developers, not end user customers.

PP3 is accessible in Windows 8 in two ways: As a “Metro style” application and a  Microsoft Desktop App, i.e., one that is part of the classic/legacy mode of Windows 8. (“Metro style” refers to an app that is designed to take advantage of the new tile user interface and supporting operating-system infrastructure in Windows 8.)

The Metro IE 10 PP3 release does not support any browser plug-ins and extensions — including Adobe Flash and Microsoft Silverlight. But Desktop App IE 10 PP3 does allow plug-ins and extensions.

Windows Chief Steven Sinofsky explained the distinction in a blog post this week. From that post:

“In Windows 8, IE 10 is available as a Metro style app and as a desktop app. The desktop app continues to fully support all plug-ins and extensions. The HTML5 and script engines are identical and you can easily switch between the different frame windows if you’d like.”

The Metro version of IE 10, because it doesn’t support plug-ins and extensions, “improves battery life as well as security, reliability, and privacy for consumers,” according to the blog post.

Microsoft is advising Windows 8 customers who need to access consumer sites and line of business applications that require legacy ActiveX controls to use IE 10 in the Desktop App to get to these sites.

Microsoft did not update this week the IE 10 test build that works on Windows 7 and Windows Vista. That version of IE 10 is still at the PP2 milestone. Microsoft officials said that a PP3 update for Vista and Windows 7 users would be released “at a future date.”

The PP3 version IE10 includes support for CSS Text Shadow, CSS 3D Transforms, CSS3 Transitions and Animations, CSS3 Gradient, SVG Filter Effects, HTML5 Forms and more. It also supports better offline application support via local storage with IndexedDB and the HTML5 Application Cache, as well as Web Sockets, HTML5 History, Async scripts, HTML5 File APIs, HTML5 Drag-drop, HTML5 Sandboxing, Web workers, ES5 Strict mode support.

Microsoft also updated its IE Test Drive site, as of this week, to be “touch-friendly,” and added some new multi-touchable demos like Particle Acceleration, Lasso Birds, and Touch Effects.

MCITP, mcitp certification, MCITP Training, MCSE, MCSE Certification, MCSE Training, MCTS, MCTS Certification, MCTS Training, Microsoft, Uncategorized

Defcon: The security penetration testing quagmire

How corporate security flaws are handled raises lots of questions

LAS VEGAS — The relationship between CISOs and security penetration testers is anything but clear-cut and raises ethical issues for both parties, a Defcon crowd heard from a former CISO.

Whether penetration testers should come in looking for the place where they can spectacularly break into the network or instead assess it clinically and point out potential vulnerabilities is the big decision CISOs have to make, says a CISO-turned penetration tester identified only as Shrdlu.

SELF TESTING: Metasploit 4.0 sets the stage for mass penetration testing

And the choice is the CISO’s, she says, because the CISO is paying the bills. “It’s not about your satisfaction,” she told a crowd that included many penetration testers.

She says that often penetration tests are mandated by regulations, and the network must pass in order to comply. In that case, she prefers a light touch by the tester, telling her informally about technical security shortcomings but not including them in the formal report that goes to the compliance auditor. “Tell me verbally what’s wrong and don’t write it down,” she says.

For example, if the help desk prompts users that they can’t login because they’ve gotten their username wrong, that’s a violation. But, she says, doing so saves a lot of help desk and employee time and is a good risk-business tradeoff. She doesn’t consider the practice a major breach of good practice.

“There are things I do on purpose and are not high-impact,” she says.

That drew protests from audience members, one of whom said it was unethical not to include security problems he finds and is possibly illegal because it is essentially lying to compliance auditors. “It sounds like avoiding regulatory scrutiny,” he said.

“That’s very fair,” Shrdlu responded. But she says most compliance regulations are vague enough that reports can be vague as well, indicating an unspecified problem without detailing it. She says penetration testers can prepare two reports, one for her use and a second for the auditor.

She says these dual reports are useful for public organizations where the reports may become public record. The vague one that doesn’t detail specific problems can be the public version and the detailed one can be called a working document and so avoid public scrutiny.

Another audience member said her approach could cause problems for penetration testers if a problem found but not mentioned is exploited. The tester would have no documentation that he’d done his job properly. Again, she fell back on the dual report, where the vague reference to the problem would provide cover for the penetration tester.

She says she’s found frustration with penetration testers who haven’t worked in corporate security and had to shore up problems testers have found. Often the problems present less of a risk to the organization than the time it would take to fix them is worth, she says. “I’m impatient with penetration testers that have never been on the fixing side,” she says. They need to be more aware of the big impact and the business impact of remedies. “There are things that just plain aren’t going to be fixed.”