Friday, March 28, 2014

Strong Passwords

I was talking to a co-worker the other day about strong passwords.  It was a big focus on my pervious talk at SoftwareGR and I wanted to get his thoughts on the issue.  He recommended YubiKey by Yubico.  It's a small hardware stick that plugs into your usb.  After you type your typical password, such as 'qwerty', you push the button on the stick and it inserts a series of characters assigned to that chip.  So your password will now look like:  'qwertyE&5%J9*3~!aFfT'.  You can then rely on your memorable weak password and the strength of the YubiKey to create a strong password.  It looked very simple and extremely secure.  I am going to get this chip and try it out for myself.
Posted by at No comments:

Wednesday, March 26, 2014

Treasure Hunt


So I mentioned to a few people last night about a hidden treasure.  This treasures whereabouts is hidden in a series of encrypted documents. 
 
I've encoded a message below that describes what this treasure is and how to find out more about it.  As I discussed last night in my talk, Frequency Analysis is an aid used in cracking classic ciphers.  Below is a message created using a classic cipher.  See if you can crack it.
 
FTQ NQMXQ OUBTQDE OAZEUEFE AR FTDQQ QZOAPQP YQEEMSQE. AZQ AR FTQ OUBTQDE EBQOURUQE FTQ XAOMFUAZ AR M NGDUQP FDQMEGDQ AR SAXP MZP EUXHQD QEFUYMFQP FA NQ IADFT YADQ FTMZ FTUDFK YUXXUAZ PAXXMDE. FTQ AFTQD FIA OAPQE MXXQSQPXK PQEODUNQ FTQ OAZFQZFE AR FTQ FDQMEGDQ, MZP M XUEF AR ZMYQE AR FTQ FDQMEGDQE' AIZQDE MZP FTQUD ZQJF AR WUZ ITA IQDQ FA DQOQUHQ FTQ FDQMEGDQ UZ OMEQ AR MOOUPQZF. FTQ OAPQ PQEODUNUZS FTQ OAZFQZFE AR FTQ FDQMEGDQ IME PQOAPQP GEUZS FTQ PQOXMDMFUAZ AR UZPQBQZPQZOQ. FTUE IME MOOAYBXUETQP NK OAZEQOGFUHQXK ZGYNQDUZS FTQ IADPE UZ FTQ PQOXMDMFUAZ AR UZPQBQZPQZOQ. QMOT ZGYNQD UZ FTQ OAPQ IME FTQZ DQBXMOQP NK FTQ RUDEF XQFFQD AR FTQ OADDQEBAZPUZS ZGYNQDQP IADP UZ FTQ PQOXMDMFUAZ AR UZPQBQZPQZOQ.  FTQ NQMXQ OUBTQD OMZ NQ RAGZP AZ FTQ IQN.  FTQ ZMYQ AR FTQ YMZ ITA TUP FTQ FDQMEGDQ UE FTAYME VQRRQDEAZ NQMXQ.  FTQDQ UE OGDDQZFXK ZA WZAIZ EAXGFUAZ FA FTQ AFTQD FIA OUBTQDE. 
Posted by at No comments:

SoftwareGR

Awesome talk last night.  Thank you to all who attended.  Here are some of the resources I recommended last night:

  • QBQ - The Question Behind the Question    By:  John G. Miller
    • This book is about personal accountability
  • Who Moved My Cheese     By:  Spencer Johnson
    • This book is about change!  Change in the workplace and your life
As a bonus, I'd like to also recommend this book:

  • The Go-Getter      By:  Peter B. Kyne
    • This book is also a quick read with a powerful message.  It's about not quitting and going the extra mile.
The book that the stories were from last night is a really good read.  It's as follows:

  • The Code Book:  The Science of Secrecy from Ancient Egypt to Quantum Cryptography   by Simon Singh

Again, thanks to all who attended last night.
Posted by at No comments:

Wednesday, March 19, 2014

A new way to validate email

Gone are the days of ugly, gaudy RegEx email validation.  Here is an example of a nice clean way to validate email with AngularJS:


@using (Html.BeginForm(null, null, FormMethod.Get, new { name = "recoverForm" }))
 {
       <fieldset>
              <div class="editor-label">
                     Email Address
              </div>

              <div class="input-group" ng-class="{'has-error': IsValid(recoverForm.email.$error)}">
                     <span class="input-group-addon">&#64;</span>
                     <input type="email" ng-model="email" name="email" class="form-control" placeholder="Enter Email Address" maxlength="255" required />
              </div>
              <br /><br />
              <p>
                     <a href="javascript:void(0);" class="btn btn-primary" ng-click="RecoverPassword()">Recover Password</a>
              </p>
       </fieldset>

 }

 <script>
 ....

 $scope.IsValid = function (input) {
        if (input.required) {
            return true;
        }

        if (input.email) {
            return true;
        }
        return false;
    }

 ....
 </script>



Posted by at No comments:

Tuesday, March 18, 2014

The Go-Getter

I just read a very good book yesterday.  It was less than 100 pages, so I blew right through it in a couple hours.  Definitely worth reading.  I found myself laughing out loud in the doctors office over some of the issues this poor guy was having.  He was searching for a blue vase and the deck was stacked against him.  An excellent book to have on anyone's bookshelf.  I got it for $0.99 on the Nook.  Best dollar I ever spent.  Sorry McDonalds. :)
Posted by at No comments:

Monday, March 17, 2014

Proof of Concept

Last week a fellow developer and I presented a Proof of Concept to a client on a program they wanted developed.  At the start of the meeting, I reiterated the purpose of this demonstration.  The proof of concept was to flush out anything we missed... and questions we might of forgot to ask. 

After the demonstration was over, we actually did come out with some good insight.  But that's not always how it happens.  Often times, non-technical people get caught up in the flash { not Flash } of the product instead of looking at the details.  Questions that need answering but don't are:
  1. Are we capturing the right information? 
  2. Is this the report you want your customers to see? 
  3. Can you think of any other graphs you'd like to have on this page that I haven't included.
  4. What levels of users will be accessing this site?  Admins, guests, etc.
  5. What kind of security does this site need?  SSL Cert.?  Should data be encrypted?
These questions help the developer get a better understanding of what the project needs to do and how it needs to function.  Don't settle for a pat on the back and a good job.  It's not a good job.  It's throw-away code that you shouldn't have spent much time on.  Your client should look beyond the UI and get into the guts of it.  If this project is not a true agile project, then this may be your last real insight you get from the client before you go down those scenic rabbit holes we all as programmers love.  Before your journey, make sure your suitcase is packed with lots of customer insight!
Posted by at No comments:

Monday, March 10, 2014

Privacy

Seth Godin wrote a nice blog about Privacy.  Check it out...

http://sethgodin.typepad.com/seths_blog/2014/03/who-cares-about-privacy.html
Posted by at No comments:

Federal Government reports on Cyber Security

The Federal Government released a report on Cybersecurity and Critical Infrastructure.  Interesting stuff.  Check it out when you have a second...

http://hsgac.senate.gov/download/the-federal-governments-track-record-on-cybersecurity-and-critical-infrastructure

Posted by at No comments:

Thursday, March 6, 2014

Bitcoins

Very interesting concept.  Apparently it's very popular, though I don't know much about it.  I'll talk on it a little in my upcoming talk, but only to the extent of incidents where bitcoins have been hacked.
 
If you too are new to bitcoins, read all about them here.
Posted by at No comments:

Upcoming talk

I'm getting excited for my upcoming talk on the 25th of this month, March.  It seems that there is a plethora of information out there for me to talk on.  Each day I see new stories about security breaches, data stolen, and lives lost.  Reaffirms to me just how important this talk is.

I also have a few surprises in mind for the audience of the talk.  Stay tuned to find out more! 
Posted by at No comments:
Subscribe to: Posts (Atom)