Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Fahad Zamal

Pages: [1] 2 3 ... 8

Image Processing Computer Networks / WAN Technologies: Important Points of Interest

« on: November 15, 2018, 12:59:33 AM »

The term dial-up originated with individuals and organizations that utilize the telephone voice network for data transmission. This connection method has been used for over 30 years. In the early growth of the Internet, the only common access method for the public was through an Internet service provider (ISP). Using a modem connected to any typical analog phone line, users "dialed up" the ISP via the telephone network and were connected through the ISP to the Internet.

In the really early years, the access rate provided by dial-up was limited to .1 to .3 kbps (300 baud), but it quickly evolved to reach speeds of 9,600–14,400 bps by the time Internet access started being available to the public (early 1990s). Modern modems support line rates up to approximately 56 kbps, with additional speeds available using different forms of compression.

Dial-up isn't just for Internet access; many organizations still use dial-up as a form of backup connection into remote sites. If a primary connection to a site fails, the dial-up line can be used to connect to the remote equipment for access and troubleshooting.

Source: https://www.informit.com/articles/article.aspx?p=2459346

Image Processing Computer Networks / Re: Dynamic Local Ternary Pattern for Face Recognition and Verification

« on: November 15, 2018, 12:58:30 AM »

Good one. Need more research on it.

Image Processing Computer Networks / Designing and Deploying Cisco Unified IM and Presence

« on: November 15, 2018, 12:57:58 AM »

CUCM offers very limited native presence functionality on IP phones. Although a Cisco Unified Communications IM&P server is not required in this simple example, only these native presence features of the CUCM are available:

CUCM speed-dial presence: CUCM administratively supports the ability for a speed dial to have presence capabilities via a BLF speed dial. BLF speed dials work as both a speed dial and a presence indicator.
CUCM call history presence: CUCM administratively supports presence capabilities for call lists and directories on the phone.
CUCM presence policy: CUCM provides the capability to set policy for users who request presence status.

Source: https://www.informit.com/articles/article.aspx?p=2471644

Software Project Management / Re: OSCRUM: A Modified Scrum for Open Source Software Development

« on: November 15, 2018, 12:54:03 AM »

Good one. need some research on it.

Software Project Management / Re: 10 Icebergs That Will Sink Your Project

« on: November 15, 2018, 12:53:15 AM »

Good one. Please share this to your student.

Software Project Management / Re: Comparison of IS and SP Development Processes

« on: November 15, 2018, 12:52:45 AM »

learn something from the article. Thanks.

Internet of Things / Spray-on antennas will revolutionize the Internet of Things

« on: November 15, 2018, 12:50:36 AM »

In what could be a giant leap for Internet of Things (IoT) form factors, scientists say they have invented a spray-on antenna. And the bug-spray-like application will outperform traditional metal antennas, they claim.

If it indeed does outperform traditional antennas, the clear, ink-like radiators will transform physical mediums used in constructing networks. Flexible substrates, windows, or data center walls even could be made into antennas, which would then drastically alter the data-collecting landscape.

Source: https://www.networkworld.com/article/3309449/internet-of-things/spray-on-antennas-will-revolutionize-the-internet-of-things.html?utm_campaign=IoT%2BWeekly%2BNews&utm_medium=web&utm_source=IoT_Weekly_News_126

Internet of Things / Crytocurrency Mining Soars 459% from 2017 to 2018

« on: November 15, 2018, 12:48:49 AM »

he Cyber Threat Alliance (CTA) recently released a new report, The Illicit Crytopcurrency Mining Threat, in which the group found that crypto-mining has increased 459% from 2017 through 2018. The most recent quarters show that the trend continues to grow rapidly with no indication of slowing down.

“As the values of various cryptocurrencies increase and their use becomes more prevalent, malicious cyber actors are using computers, web browsers, internet-of-things (IoT) devices, mobile devices, and network infrastructure to steal their processing power to mine cryptocurrencies,” the report stated.

While mining for cryptocurrency is a drain on resources that will result in higher electric bills, it also increases the workload that could result in either decreased productivity of business operations that use computing power or even physical damage to the IT infrastructure.

According to the CTA, though, of greater concern is if illicit cryptocurrency mining is happening within an organization, it is a strong indication that there are flaws in the overall cybersecurity posture.

Source: https://www.infosecurity-magazine.com/news/crytocurrency-mining-soars-459/

Internet of Things / UK Launches “World First” IoT Code of Practice

« on: November 15, 2018, 12:47:23 AM »

The UK government claims to be leading the way with a newly released Code of Practice (CoP) designed to drive security-by-design in the manufacture of IoT products.

Developed in partnership with the National Cyber Security Centre (NCSC), the ICO and others, the "world first" CoP aims to improve baseline security in the sector and ensure smart devices that process personal data are aligned with the GDPR.

It’s focused initially on the consumer space.

HP and Centrica Hive are the first two IoT-makers to sign up, and the government hopes its mapping document will make it easier for others to follow.

Regulation is also being developed to improve the security of consumer-grade IoT products, according to the government.

The move can be seen as a response to the risks posed to individuals and businesses from unsecured consumer IoT devices, as exploited most famously by the Mirai botnet attacks of 2016.

It also comes as the British Standards Institution (BSI) readies a new kitemark scheme for consumers and businesses to help them better identify products they can trust to be reliable and secure.

The CoP received a cautious welcome from security experts, but many argued it doesn’t go far enough.

“A code of practice is a step in the right direction, but more needs to be done. The industry should follow best practices and self-regulate, before regulators put a static, cumbersome device security framework in place,” argued John Sheehy, VP of strategy at IOActive.

Source: https://www.infosecurity-magazine.com/news/uk-launches-world-first-iot-code/

Internet of Things / Bots Targeting SSH Servers and Brute-Forcing Entry

« on: November 15, 2018, 12:46:39 AM »

Botnets have been growing more prevalent, and SophosLabs has discovered a new family of denial-of-service (DoS) bots used in distributed denial-of-service (DDoS) attacks. The family, dubbed Chalubo, has been used in attacks targeting internet-facing SSH servers on Linux-based systems, according to SophosLabs.

Using the ChaCha stream cipher, the attackers encrypt the bot and its Lua script, which researchers said is an indication of a Linux malware evolution. The anti-analysis techniques are principles more commonly used to thwart detection in Windows malware, though Chalubo does incorporate code from both the Xor DDoS and other Mirai malware families.

The Chalubo family attacked a SophosLabs honeypot on September 6, 2018, at which time researchers noted the bot attempting to brute-force login credentials against an SSH server. After gaining what they believed was access, the attackers issued a series of commands that revealed the bot’s complexity, dropping malicious components with a layered approach in an encryption not typical for Linux malware.

Source: https://www.infosecurity-magazine.com/news/bots-targeting-ssh-bruteforcing/

Internet of Things / What is the Standard for IoT Security?

« on: November 15, 2018, 12:45:39 AM »

The number of IoT products for consumers is growing rapidly. You can use them to adjust your heating or lighting, control access to your home, monitor your baby and keep an eye on your dog when you’re out.

At the moment, buying an IoT product is a bit like getting a tattoo: you want to get one because they’re cool and all your friends have them, but what quality standards are there for the ink used and the artistic level of the artist? In the same way, there are no standards for IoT security – and whatever the superficial attractions of IoT devices, this means there is nothing to reassure you that you won’t get more than you bargained for.

That’s not to say every device out there is a risk, but consumers need to know what they are welcoming into their homes, and understand that any insecure embedded device they connect to the internet is a potential target for attacks. These could range from spying on them and their family, as highlighted in a recent Panorama program, to inserting malware or stealing their data, or even using their equipment to power a DDoS attack.

There are also cases of random accidents due to inadequate backend software. At the moment manufacturers don’t need to provide any guarantees of the safety of their equipment beyond electrical compliance.

The good news is that steps are being taken to regulate this market. In March 2018 the UK government announced a draft code of practice for IoT products in its Secure by Design report, although this remains a work in progress. In June the EU announced that it was creating a cybersecurity certification framework designed to help ensure compliance with specified cybersecurity requirements. However, there is no date for when this will be implemented, and there are caveats.

Certification will be optional unless specified as a legal requirement under an EU law or Member State law, so it may not even apply to products developed or sold in the UK, and for the basic level of certification, manufacturers or service providers will be able to carry out the conformity assessment themselves.

In my view, responsibility needs to fall firmly on manufacturers of IoT products. They need to ensure the safety of the equipment they sell, just as car manufacturers should ensure that their cars are safe. After all, manufacturers are the people who benefit from the IoT, for example when a car tells them (as well as you) that it needs a service.

Source: https://www.infosecurity-magazine.com/opinions/standard-iot-security/

Internet of Things / Cranes Exposed to Possible Cyber-Sabotage—What We Can Learn

« on: November 15, 2018, 12:44:41 AM »

On October 23, 2018 ICS—CERT announced a vulnerability in Telecrane’s F25 Series remote controls, which are used for cranes. They found that anyone with a low skill level could listen in on the remote control’s communications in an attempt to “view commands, replay commands, control the device, or stop the device from running.”

In essence, a hacker could learn the commands that controlled the crane, play them back, and control the crane themselves.

The F25 Series have a wide variety of applications that range from the assembly floor to back-mounted vehicle cranes and more. While these remote controls are extremely versatile, their exposure to hacking also means that hackers have a target rich environment.

There are plenty of nightmare scenarios in which a hacker could use this exploit to deal havoc on the factory floor or in the streets in an attempt to disrupt a city or conduct corporate sabotage.

Fortunately, no reports of hacking have been reported thus far and Telecrane has already released a firmware update to combat this weakness.

Source: https://www.infosecurity-magazine.com/blogs/nations-cranes-exposed-sabotage/