March 26, 2013 2:12 PM
Posted by: Michael Tidmarsh
Book excerpt,
Security“This chapter is an excerpt from the 4th edition of ‘Hacking For Dummies’ by Kevin Beaver, published by John Wiley & Sons, January 2013, ISBN 978-1118380932. For more info please visit http://www.dummies.com/store/product/Hacking-For-Dummies-4th-Edition.productCd-1118380932.html“
Chapter 7: Passwords
Password hacking is one of the easiest and most common ways attackers obtain unauthorized network, computer, or application access. You often hear about it in the headlines, and study after study such as the Verizon Data Breach Investigations Report reaffirms that weak passwords are at the root of many security problems. I have trouble wrapping my head around the fact that I’m still talking about (and suffering from) weak passwords, but it’s a reality — and, as an information security testing professional, you can certainly do your part to minimize the risks.
Although strong passwords — ideally, longer and stronger passphrases that are difficult to crack (or guess) — are easy to create and maintain, network administrators and users often neglect this. Therefore, passwords are one of the weakest links in the information security chain. Passwords rely on secrecy. After a password is compromised, its original owner isn’t the only person who can access the system with it. That’s when accountability goes out the window and bad things start happening.
External attackers and malicious insiders have many ways to obtain passwords. They can glean passwords simply by asking for them or by looking over the shoulders of users (shoulder surfing) while they type their passwords. Hackers can also obtain passwords from local computers by using password-cracking software. To obtain passwords from across a network, attackers can use remote cracking utilities, keyloggers, or network analyzers.
This chapter demonstrates how easily the bad guys can gather password information from your network and computer systems. I outline common password vulnerabilities and describe countermeasures to help prevent these vulnerabilities from being exploited on your systems. If you perform the tests and implement the countermeasures outlined in this chapter, you’ll be well on your way to securing your systems’ passwords. Continued »
March 5, 2013 7:26 PM
Posted by: Michael Tidmarsh
Book excerpt,
Database,
Database administration“This chapter is an excerpt from the 2nd Ed. of ‘Database Administration: The Complete Guide to DBA Practices and Procedures’ by Craig Mullins, published by Pearson/Addison-Wesley Professional, Oct. 2012, ISBN 9780321822949 Copyright 2013 Craig S. Mullins. For more info please visit: http://www.informit.com/store/database-administration-the-complete-guide-to-dba-practices-9780321822949“
Creating the Database Environment
One of the primary tasks associated with the job of DBA is the process of choosing and installing a DBMS. Unfortunately, many business executives and IT professionals without database management background assume that once the DBMS is installed, the bulk of the work is done. The truth is, choosing and installing the DBMS is hardly the most difficult part of a DBA’s job. Establishing a usable database environment requires a great deal of skill, knowledge, and consideration. This chapter will outline the principles involved in establishing a usable database environment.
Defining the Organization’s DBMS Strategy
The process of choosing a suitable DBMS for enterprise database management is not as difficult as it used to be. The number of major DBMS vendors has dwindled due to industry consolidation and domination of the sector by a few very large players.
Continued »
February 11, 2013 5:27 PM
Posted by: Michael Tidmarsh
Book excerpt,
DevOps,
LinuxThis excerpt is from the book, ‘DevOps Troubleshooting: Linux Server Best Practices’, authored by Kyle Rankin, published by Pearson/Addison-Wesley Professional, Nov 2012, ISBN 0321832043, Copyright 2013 Pearson Education, Inc. For more info please visit: http://www.informit.com/title/0321832043
Want the whole thing? We’re giving away a free copy.
Is the Server Down? Tracking Down the Source of Network Problems
Most servers are attached to some sort of network and generally use the network to provide some sort of service. Many different problems can creep up on a network, so network troubleshooting skills become crucial for anyone responsible for servers or services on those servers. Linux provides a large set of network troubleshooting tools, and this chapter discusses a few common network problems along with how to use some of the tools available for Linux to track down the root cause.
Network troubleshooting skills are invaluable for every member of a DevOps team. It’s almost a given that software will communicate over the network in some way, and in many applications, network connectivity is absolutely vital for the software to function. When there is a problem with the network, everyone from the sysadmin, to the QA team, to the entire development staff will probably take notice. Whether your networking department is a separate group or not, when your entire DevOps team works together on diagnosing networking problems, you will get a better overall view of the problem. Your development team will give you the deep knowledge of how your software operates on the network; your QA team will explain how the application behaves under unusual circumstances and provide you with a backlog of networking bug history; and your sysadmin will provide you with an overall perspective of how networked applications work under Linux. Together you will be able to diagnose networking problems much faster than any team can individually.
Continued »
January 28, 2013 4:05 PM
Posted by: Michael Tidmarsh
Book excerpt,
JavaScriptThis excerpt is from the book, ‘Effective JavaScript: 68 Specific Ways to Harness the Power of JavaScript’ by David Herman, published by Pearson/Addison-Wesley Professional, ISBN 0321812182, Nov 2012, Copyright 2013 Pearson Education, Inc. For more info please visit www.informit.com/scripting
Accustoming Yourself to JavaScript
JavaScript was designed to feel familiar. With syntax reminiscent of Java and constructs common to many scripting languages (such as functions, arrays, dictionaries, and regular expressions), JavaScript seems like a quick learn to anyone with a little programming experience. And for novice programmers, it’s possible to get started writing programs with relatively little training thanks to the small number of core concepts in the language.
As approachable as JavaScript is, mastering the language takes more time, and requires a deeper understanding of its semantics, its idiosyncrasies, and its most effective idioms. Each chapter of this book covers a different thematic area of effective JavaScript. This first chapter begins with some of the most fundamental topics.
Item 1:
Know Which JavaScript You Are Using
Like most successful technologies, JavaScript has evolved over time. Originally marketed as a complement to Java for programming interactive web pages, JavaScript eventually supplanted Java as the web’s dominant programming language. JavaScript’s popularity led to its formalization in 1997 as an international standard, known officially as ECMAScript. Today there are many competing implementations of JavaScript providing conformance to various versions of the ECMA-Script standard.
The third edition of the ECMAScript standard (commonly referred to as ES3), which was finalized in 1999, continues to be the most widely adopted version of Java-Script. The next major advancement to the standard was Edition 5, or ES5, which was released in 2009. ES5 introduced a number of new features as well as standardizing some widely supported but previously unspecified features. Because ES5 support is not yet ubiquitous, I will point out throughout this book whenever a particular Item or piece of advice is specific to ES5.
In addition to multiple editions of the standard, there are a number of nonstandard features that are supported by some JavaScript implementations but not others. For example, many JavaScript engines support a const keyword for defining variables, yet the ECMAScript standard does not provide any definition for the syntax or behavior of const. Moreover, the behavior of const differs from implementation to implementation. In some cases, const variables are prevented from being updated:
Continued »
