Friday, 30 November 2012

Hacktober - Facebook hacks its employees

Employees for Facebook were put to the test this October on their now yearly 'Hacktober' event. 

So whats 'Hacktober'? It's when Facebook teaches its employees how to detect and prevent cyber attacks. But there's a twist, Facebook doesn't just take them on an IT security course... it hacks them. In other words, its the its the other way performing ethical hacking within the company.

Facebook Hacktober'Hacktober' lasts the entire 31 days of the month, and has a number of simulated security threats. The security threats includes attacks to employee computers to see if they fall victim to the attack and to see who identifies and reports the issue.

Those lucky enough to catch the phishing scam or security threat created by Facebook and report it (it can be to their private emails or throughout the site) receive a prize.

Prizes this year included Facebook-branded shirts, bandannas and stickers.

But if the employee was unlucky enough to fall for the security threat and/or not report it, they would under go further IT security training.

Facebook's Security Director Ryan McGeehan spoke to the publishers at Mashable about their yearly event:

“Webinars don’t exactly fit in well here, so we wanted to do something unique in line with our hacking culture to teach employees about cybersecurity,” 

“We took the theme of October, fear and pranks and created something that is both fun and educational.”

October is now celebrated as a National Cyber Security Awareness month in the US. 

Ryan McGeehan added "“People don’t always lock their doors until they have been robbed,” McGeehan said. “It’s easy for cyber security awareness month to go by like a trip to the dentist, so we wanted to do something with an impact and not have the security team talk down with tips to the rest of the staff.” 

With the increasing numbers of cyber attacks, we are starting to see more and more companies introduce innovative security measures to prevent the chaos seen in other companies like PayPalBharat Sanchar Nigam Limited (BSNL) and thousands of other companies. 

The security threats of 2011 were enough to scare even governments around the world. Because of this, opportunities are popping up everywhere for IT Security Professionals.

Find out the top 5 IT Certifications to go for here: http://www.crisp360.com/news/top-5-it-security-certifications

Thursday, 29 November 2012

WhatsApp Error: Status unavailable

WhatsApp users are seeing a message on all their contacts saying "Error: Status Unavailable".
WhatsApp Error

But don't panic, WhatsApp took to twitter and facebook to state that the WhatsApp error should be resolved "soon-ish..." (See tweet to the right).

Despite this, users are still being bombarded with long messages telling them to string the message along in order to keep using WhatsApp as a free service. It also warns users that if they don't forward the message, their account will be shut down. The Whatsapp status error string message is as follows: 

"Before you read this, go to your contacts and look at everyones status! Should say error: status unavailable. Hello everyone, it seems that all the warnings were real, the use of WhatsApp cost money from summer 2012. If you send this string to 18 different on your list, your icon will be blue and will be free for you. If you do not believe me see tomorrow at 6 pm ending WhatsApp and have to pay to open it, this is by law.This message is to inform all of our users, our servers have recently been very congested, so we are asking your help to solve this problem. We require our active users forwarded this message to each of the people in your contact list to confirm our active users using WhatsApp, if you do not send this message to all your contacts WhatsApp, then your account will remain inactive with the consequence of losing all their contactsMessage from Jim Balsamic (CEO of Whatsapp) we have had an over usage of user names on whatsapp Messenger. We are requesting all users to forward this message to their entire contact list. If you do not forward this message, we will take it as your account is invalid and it will be deleted within the next 48 hours. Please DO NOT ignore this message or whatsapp will no longer recognise your activation. If you wish to re-activate your account after it has been deleted, a charge of 25.00 will be added to your monthly bill. We are also aware of the issue involving the pictures updates not showing. We are working diligently at fixing this problem and it will be up and running as soon as possible. Thank you for your cooperation from the Whatsapp team ”WhatsApp is going to cost us money soon. The only way that it will stay free is if you are a frequent user i.e. you have at least 10 people you are chatting with. To become a frequent user send this message to 10 people who receive it (2 ticks) and your WhatsApp logo should turn Red to indicate a frequent user. Am sorry had no option! And check now the status of every individual contact is showing : Status error"

Although it can get irritating, just try to ignore them and remain clam. WhatsApp does not intend to charge its users for using its services. Some users have come up with funny spoofs of the WhatsApp Error status string messages. One Facebook user posted:


WARNING!! As of tomorrow - Whatsapp will automatically start dragging the Earth into the moon. To change this option, go to Settings > Planetary Settings > Trajectory then UNCLICK the box that says 'Apocalypse.' and resend this message to 10 people. If you click on favourites you'll see "Error: status unavailable", that somehow proves it will happen, its definitely not just an error from Whatsapp...

Another wrote:

"Please dip you mobiles in water to get back your old status."

This isn't the first time the application has been in the media for the wrong reasons, 'WhatsApp Error: Status unavailable' follows on from the security issues identified in the application in Mid September following an exposé by Heise Security

The popular security site found that WhatsApp can be easily hacked using freely available tools. Adding that anyone using the application on a public Wi-Fi network risks having their data stolen and even used to send and receive messages. 

"Once hacked, there is no way to restore account security – attackers will be able to continue to use the hacked account at their discretion."

Monday, 26 November 2012

Linux - the most in demand talent in 2012


The Linux Jobs Report revealed, that out of the 2,300 surveyed, eight in ten said that hiring a Linux talent is a priority in 2012. Over 50% of the firms had also said that they planned on increasing the number of people who are Linux skilled.

Linux CertificationThe majority of the companies were looking for professionals skilled in Linux, with three to five years’ experience.

A massive 67% revealed that they’re looking for Linux Developers, while 55% are looking for Linux system administrators.

The average salary rise in the industry was only 2%, but Linux professionals “saw a five per cent increase, in their pay” according to the report. This shows the edge they have over others in the industry.

But despite being in demand, companies still face a challenge. Linux professionals are in the few and finding one is very hard.

“85 per cent say finding Linux talent is somewhat to very difficult, making Linux professionals some of the most sought after talent in 2012.”

There are two main certifications in Linux: Linux+ Powered by LPI Level 1 and LPI Level 2.

The LPI Level 1 course provides the basic hardware, software, and networking skills needed to function in an entry-level Linux role. The course covers all the major Linux distributions (Red Hat, Caldera, SuSE, Debian, TurboLinux, Slackware, etc.).

The LPI level 2 certification program is designed for IT professionals who administer a small to medium-sized site. It provides the necessary knowledge to plan, implement, maintain, secure and troubleshoot a small mixed (MS, Linux) network. Including a LAN server (samba), internet gateway (firewall, proxy, mail, news), or internet server (webserver, FTP server).

Friday, 23 November 2012

Hacktavists hit PayPal with £3.5m attack


Anonymous has launched an attack on PayPal after it announced the decision to block payments to Wikileaks.

The online transaction company was attacked by four member of the Anonymous group. The members called it 'Operation Payback'.

Anonymous DDoS Hack PayPal
The prosecutor, Mr Patel said they used distributed denial of service, or DDoS, which flooded the targets computers with massive amounts of online requests. If you visited the sites under attack by the anonymous group, you'd be directed to a page with the message 'You've tried to bite the Anonymous hand. You angered the hive and now you are being stung'.

The four members are currently facing trial which is expected to last two weeks. 22 year old Christopher Weatherhead aka 'nerdo' is in the small group of cabal leaders in Anonymous. He pleaded not guilty to conspiring to impair the operation of computers between 1 August 2010 and 22 January 2011.

He also carried out attacks to MasterCard, Visa, Ministry of Sound, the British Recorded Music Industry and the International Federation of the Phonographic Industry who also opposed internet piracy.

Ashley Rhodes, 27, Peter Gibson, 24, and an 18 year old who cannot be named for legal reasons have already pleaded guilty to the charge, all from the UK.

Mr Patel stated "It is the prosecution case that Christopher Weatherhead, the defendant, is a cyber-attacker and that he, and others like him, waged a sophisticated and orchestrated campaign of online attacks that paralysed a series of targeted computer systems belonging to companies to which they took issue with, for whatever reason, and those attacks caused unprecedented harm".

He said PayPal also had to pay for more software and hardware to defend against similar attacks in the future and he said the total cost to the firm was estimated at £3.5m.

You too can learn how to perform DDoS attacks and help companies like PayPal defend themselves against it. Become a Certified Ethical Hacker (CEH) and earn on average £42,750 in the UK (ITjobswatch.co.uk). As a CEH, job opportunities are endless, you can work for private companies, or even the government. With the likes of PayPal, Government sites around the world, Sony and Nintendo’s security being compromised, more and more companies are taking their security very seriously.


Thursday, 22 November 2012

How to become a Microsoft Certified Professional


By 


As you probably know, Microsoft has changed its certification program. This can be quite confusing so we hope this blog gives you the answers and advice you need in order to know which exam to take next. Choosing the right exam now, will help you get your next certifications faster.

Where to start your certification path?

Microsoft Certification pathMicrosoft has made their certification paths into a pyramid:
As you can see, it has been divided into three parts. You start from Associate, then Expert and finally to Master.

The first level; Associate, has three certification paths. It has the old MCTS, the MCSA 2008 and the latest MCSA 2012. 

Before we continue, it's important to note that you should check the Microsoft site to see if there have been any changes to the requirements, and to see whether exams are still available. Exams usually expires when mainstream support for the product ends.



The MCSA 2008 (Microsoft Certified Solutions Associate) looks at configuring and supporting an Active Directory environment using Windows Server 2008. To gain this cert, you’ll need to pass the following three exams:
70-640 - Active Directory
70-642 - Network Infrastructure
70-646 - Server Administrator

If you already have an MCSA 2008, you are able to update your cert to the new MCSA 2012 in just four days by sitting the 70-417 exam which is available until the 31st of July 2014. This is twice as fast as taking the full MCSA 2012 course and saves the need to start again from the beginning.


MCSA logoMicrosoft Certified Solutions Associate 2012 is aimed at supporting Windows Server 2012 and SQL Server. Like MCSA 2008, you will need to complete three exams in order to gain the certification.

For MCSA Windows Server 2012, you’ll need:
70-410 - Installing and Configuring Windows Server 2012
70-411 - Administering Windows Server 2012
70-412 - Configuring Advanced Windows Server 2012 Services

For MCSA SQL Server, you’ll need:
70-461 - Installing and Configuring Windows Server 2012
70-462 - Administering Windows Server 2012
70-463 - Configuring Advanced Windows Server 2012 Services


MCSE logoThis certification is a level up on the pyramid; this is now in the expert level. It retired a long time ago, and some of you might remember it. But it has been brought back… kind of. It used to be called Microsoft Certified Systems Engineer, but is now called Microsoft Certified Solutions Expert, just like what happened to the MCITP and MCSA. Microsoft Certified Solutions Expert looks at solutions based on the current technology at the time. In order for someone to keep an MCSE certification, they will need to recertify as new technology it released.

There are four certification paths for MCSE:

In order to get these certifications, you’ll need to pass the following exams:

70-415 – Implementing a Desktop Infrastructure
70-416 – Implementing Desktop Application Environments

70-413 – Designing and Implementing a Server Infrastructure
70-414 – Implementing an Advanced Server Infrastructure

70-246 – Configuring and Deploying a Private Cloud with System Center 2012
70-247 – Monitoring and Operating a Private Cloud with System Center 2012

70-461 – Querying Microsoft SQL Server 2012
70-462 – Administering a Microsoft SQL Server 2012 Database
70-463 – Implementing Data Warehouses with Microsoft SQL Server 2012

Not including SQL, the other three certs have one thing in common; they require the MCSA Windows Server 2012 certification. If you wish to follow the MCSE SQL Server path, you’ll first need the MCSA SQL Server certification.

MCSM (Microsoft Certified Solutions Master)

The next level is Master. This is the hardest level to achieve. Professionals at this level have an MCSMMicrosoft Certified Solutions Master. In order to get this certification, you’ll need to complete the relevant certification for that area. But even when that is complete, you’ll need to submit an application to Microsoft for them to approve it. It must show that you have relevant experience and expertise to be awarded this certification. It’s not easy…

The below certifications are the older Microsoft certs which almost all have expiry dates.



This was most common starting point on the Microsoft certification path. Most of the current MCTS exams are due to expire soon. Depending on the certification, you will need to take one to three exams in order to pass. Currently there are 20 different technologies, and it has been said that no new MCTS certifications will be released.


The MCITP certification is what the MCSE is now; the expert level. It is aimed at IT professionals who are responsible for administering the network at a server level. But, currently almost all MCITP certifications except Exchange, Sharepoint and Lync have expiry dates of July 31 2013. It has 15 different certifications. In order to get one of these certifications, you’ll need to pass anywhere from two to five exams. If you have any of the certifications below, you will be able to upgrade them to the new MSCA Server 2012 by taking the 70-417 exam. This is the same exam needed to upgrade your MCSA 2008 to MCSA 2012.

MCITP: Virtualization Administrator
MCITP: Enterprise Desktop Administrator
MCITP: Lync Server Administrator
MCITP: Sharepoint Administrator
MCITP: Enterprise Messaging Administrator

It is important to try and move to the Associate level MCSA 2012 certification as it is the most up to date Microsoft certification and will provide a foundation for your IT career with a stepping stone to the next level: Expert.

Good luck on your chosen certification path.

About the Author:
Julian writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Julian is the companies Digital Marketer.

Wednesday, 21 November 2012

WE ARE LEGION – an inside look into Anonymous

For a few years now, filmmaker Brian Knappenberger had been working on ‘We Are Legion’ – a documentary based around the infamous hacktavist group Anonymous.

Anonymous originated in 2003 on the imageboard 4chan. Since then they have gained a massive wave of support and have taken part in several large scale attacks on what they deem ‘wrong’.

“The hacker ethics has a passion for truth, it wants what’s real to be out there” - WE ARE LEGION

The movie has been released and is finally available to all through the film’s official Web site as a DRM-free download. It is not fully understood why the movie was given out for free, but it does fit in with what Anonymous believe.



“Anonymous was kind of like the big strong buff kid who had low self-esteem, and then all of a sudden punched someone in the face and was like ‘wholly s**t I’m really strong’” - WE ARE LEGION

You can download the full movie here: http://wearelegionthedocumentary.com/see-the-film/

One of the more recent stories Anonymous was involved in was with Amanda Todd. The 15-year-old committed suicide after struggling with depression and being bullied.

When Amanda was in the 7th grade, she flashed a camera while one of her friends was taping. A man somehow got the photo of her topless and leaked it on the web, and even to her school facebook page. Before she committed suicide she posted a video on Youtube of her talking about how she cried every night out of desperation.

Anonymous tracked down a man they feel is responsible for her death (the person who anonymously leaked the photo online). The bullying was most likely the main reason for Todd’s death, but the real villain in the eyes of Anonymous was the man who took and leaked the photo.

“We generally don’t like to deal with police first hand but were compelled to put our skills to good use protecting kids. Ironically we have some good people in Vancouver who brought this to our admin’s attention. It’s a very sad story that affects all of us.” - Anonymous

Learn all the techniques used by Anonymous and get paid for performing these attacks - legally. The average salary of a Certified Ethical Hacker in the UK is £42,750 according to ITjobswatch.co.uk. 

Learn more about becoming an ethical hacker here: http://www.firebrandtraining.co.uk/courses/ec_council/ceh/hacking.asp