Friday 31 October 2014

Giving blood...

A dear friend of mine is amazing!  Why?  Have a read of her story...

Her husband was knocked off his bike in London and suffered a major brain injury.  During his operations Jake required a lot of blood.  Since finding this out, I decided to give blood and try to be a regular donor.

Here's my fourth donation, with my fifth one planned for February.  It's always easy to make an excuse not to do it, but re-reading Charlie's blog not only inspires me with what human spirit and strength truly is, but it also reminds me that a small act on my part can save a life.

Do something amazing and find out if you can give blood:

Sunday 26 October 2014

FutureLearn: Begin Programming: Build your first mobile game (Week 1)

A friend posted a link on Facebook about an online training course to an Introduction to Forensic Science.  Sounds like great fun ,if you're a CSI fan, like I am, but I delved a little deeper to see what other courses were available.

All the courses are free and seem to be run by reputable universities.  The courses are structured to be carried out over a few weeks, requiring a few hours that week.  I chose the "Begin Programming: Build your first mobile game" as my first course.  It runs for 7 weeks, requiring around 3 hours per week depending on your level of experience.  I haven't programmed since I was in university, so thought it may be fun to see what programming is like 20 years on!!

There is a need to register on the site, but nothing too horrific!  This course was already underway, but as it was only week 1, there was still time to catch up before week 2's content was released.

The first week required the installation covered off a number of elements, including:

  • An introduction to programming
  • How to use the FutureLearn website
  • Software requirements for the course
  • How to download & install the JDK
  • How to download & install the Android SDK
  • How to download the game framework for the course
  • Setting up the IDE
  • Setting up the game and running it
  • Understanding the Android folder system
  • Setting up the game on an Android device
I ran through the above, and it took around three hours.  I had a couple of glitches, as the original course didn't allow for the release of Android 5.0 Lollypop in mind, and so there were some changes required for the Android SDK.  It took me a couple of goes to get it right.  Although a little frustrating, it was not the fault of the course, when Google update software!  That said, the content so far has been great and certainly at right pace for someone who is not a programmer.

Saturday 4 October 2014

Social Engineering - The Art of Deception

After a friend read my blog post about securing your virtual identity, he recommended that I read the book "The Art of Deception: Controlling the Human Element of Security" by Kevin Mitnick, which can be purchased from Amazon.

The book is structured with stories and anecdotes about how people have fallen for social engineering, and what lessons can be learnt from these situations.  Having worked in an IT security environment for nearly a decade, I am aware of vendor and technical solutions to tackle issues that IT environments without security measures.

Growing up I watched a number of films, including the likes of Wargames, Hackers, The Net and Swordfish.  They may not be great films, but they gave a romantic view of hacking.  I was interested in this realm of IT when I first started my career nearly two decades ago, but I'd say I was a failed script kiddie.  I didn't understand the systems well enough to penetrate the security measures, and struggled to get the tools to work correctly.  

I'd hear the stories of social engineering conquests and I'm in awe of the confidence and arrogance to manipulate people to test an organisations security!  Reading this book shows how easy it is to manipulate people and how easy it is to have them carry out tasks in isolation that seem so insignificant, but when couple with a number of tasks, you have all the pieces of a jigsaw to manipulate a company!

The book was incredibly easy to read and even though I'm not a big reader, I finished it in less than two days.  It's real page turner, and even though it was written nearly 12 years ago it is still very relevant.  If you just read the book about what you shouldn't do, anyone with IT security awareness will tell you they have been told this already.  Taking the story of the manipulation and how to con worked and why is eye opening.

The book ends on how to create a security awareness program, including how to train staff.  Following all the advice will not mean you are secure, but it will certainly help and have people think about who is requesting the action.  All the technology in the world will not secure you and your organisation, but stopping the people from being the weak link will certainly help.