Monthly Archive September 2019

ByMani Prithiviraj

Habit 2: Begin With the End in Mind

Reading Time: 3 minutes

In article one and article two, we reviewed Covey’s 7 Habits of Effective people and the First Habit (Be Proactive). We understood how alignment of actions with natural principles, balance of production and production capacity are important. In this post, we will look at the second habit which is “Begin with the End in Mind”. This is the second habit associated with the self.

            “Begin with the End in Mind” means that we need to understand our destination clearly. This is important since it ensures that we take steps to go in the correct direction. Imagine that we are at Bangalore and we want to go to Roorkee. Unless and until we have the destination (Roorkee) in our mind, we cannot select the correct route map that will take us to Roorkee.

            The second habit is based on the principle that all things are created twice. Once in the mind and once physically. If we take the example of building a home, the builder first creates a blue print of the home. He / She then gets the material, workers and equipment, to physically construct the home making sure that it is built according to the specifications in the blue print.

Covey says that we need to realize that there are two creations and take responsibility for both. Leadership is the first creation and Management is the second creation. Peter Drucker and Warren Bennis explain this very well. They describe Leadership as doing the right thing, and Management as doing things right. Leadership focuses on the top line, whereas management focuses on the bottom line. If we take the example of using a ladder to reach our destination, leadership ensures that the ladder leans against the right wall and management ensures that we are efficient in climbing the ladder and get to the destination safely.

Covey says that the best way to “Begin with the End in Mind” is to develop Mission Statements. To build our mission statement, we need to begin at the centre of our circle of influence. The Centre according to him is the source of our security, guidance, wisdom and power. Security is our sense of worth; Guidance is the source of direction in our lives; Wisdom is our perspective on life and understanding how parts and principles apply and relate to each other; Power is the capacity to act and the strength to accomplish something. If we centre our life on correct principles, we create a solid foundation for our security, guidance, wisdom and power.

Mission statements (personal and professional) involve deep thought, participation of all stakeholders and take time to develop. It involves visualization as well as affirmation. Fulfilling mission statements is an on-going process and involves keeping our goals in mind and making sure that we are aligned with correct principles.

Dr. Charles Garfield has done extensive research on peak performers both in athletics and business. His research showed that most of the world class athletes and peak performers in business are all visualizers. They see, feel and experience it before actually doing what it takes them to succeed in their fields.  Simply stated, they begin with the end in mind.  For example an Indian Victory over West Indies in a one day international at Berbice, in West Indies, gave the inspiration and vision to Kapil Dev, that the Windies were beatable. The rest of course is history when India beat the Windies twice in 1983 in England and lifted the world cup.

Hope you enjoyed this post. In the next post, we will look at the 3rd  habit which is “Put First Things First”.

Reference: 25th Anniversary Edition “The 7 Habits of Highly Effective People” by Stephen R. Covey.

This is the eighth post for #MyFriendAlexa by #Blogchatter. I am taking my blog to the next level with #MyFriendAlexa and #Blogchatter.

ByJayanthi

Popular Information security tools

Reading Time: 2 minutes

Can you imagine peeping into your network and

  • seeing the traffic come in and go
  • see the applications on the net that are trying to access various software on your system,
  • and understand the weaknesses in your system and more?

All this and more can be done by various tools that are available to study the systems. Tools in the Information security domain help us to analyze and understand the network traffic in a deeper way. There are many tools constantly appearing and it is good to keep with the new technologies and changes. 

Here is a brief list of some of the popular Information security tools:

  • Metasploit

        ‘Metasploit’ is a popular pen testing framework primarily designed to hack into systems and test them before the hackers can penetrate them and cause damages. It is available for the Windows, Linux and macOS operating system. It was originally written in Perl and then it was rewritten in Ruby. It is currently owned by Boston based company Rapid7. It has an open source version as well as commercial version.

        ‘Wireshark is a network protocol analyzer and packet sniffer and was formerly known as ‘‘Ethereal’. It is freely available for the Windows, Linux,macOS, FreeBSD, NetBSD operating systems. Wireshark enables you to read and analyze the traffic packets and not alter it in any way.

Here are a few features of Wireshark:

  • “Deep inspection of hundreds of protocols
  • Live capture and offline analysis
  • Standard three-pane packet browser
  • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
  • The most powerful display filters in the industry
  • Rich VoIP analysis”(Source: https://www.wireshark.org)

For more on Wireshark, read more here.

       ‘Nessus’ is a vulnerability scanner available from Tenable, Inc. It is available for the Windows, Linux and macOS platforms. It is primarily used to detect and identify vulnerabilities and stay ahead of the hackers. It has been trusted by more than 27,000 organizations and is one of the most widely used vulnerability scanners.

On an average, when a new vulnerability is disclosed, a new plugin is released within 24 hours of its disclosure. There have been more than 100 zero day vulnerabilities discovered in the past 3 years by means of the Nessus scanner. For more on the Nessus scanner, visit this link.

         Aircrack is a tool that is used to assess Wi-Fi security. It consists of a tool for detector, packet sniffer, cracker and analysis tools.

        Since weak passwords are still the easiest way to hack into a system, ‘John the Ripper’ is a tool to detect just that. This tool detects weak passwords and is available as a free and Open source version as well as a commercial version. It is available for Windows, macOS, DOS, Unix, BeOS and OpenVMS.  For more information on John the Ripper, visit this link.

We have seen a just a brief list of the different tools in the Information security domain. Stay tuned for more technical posts!

This is the seventh post for #MyFriendAlexa by @Blogchatter.  I am taking my blog to the next level with #MyFriendAlexa and #Blogchatter.

ByJayanthi

iOS 13 privacy

Reading Time: 3 minutes

With Apple releasing the new iPhone 11 and its 13th major release of its mobile operating system, ‘iOS 13 on September 19, 2019’, it is the privacy features of iOS 13 that stole my glance! (as usual) Some general features of the iOS 13 are:

  1. The update is applicable only to models of  iPhone 6S and above
  2. There is a new optimized battery charging
  3. Apps are expected to be launched faster
  4. The ‘Do not disturb while driving’ feature detects if you are using public transport and does not turn ‘on’
  5. Unknown callers will be sent straight to voicemail
  6. Enhanced privacy features

Data gathering:

Like it or not, data is always being gathered about you in the background of all devices and social media forums. All social media giants do this and either we are victims of it unknowingly or knowingly. How do we control the apps and social media giants from snooping on our personal data, our pictures etc? Code the operating system appropriately…and that is exactly what Apple has done!

Giving access to our private data knowingly is one thing – but gathering it without our knowledge is totally another thing! 

As I was testing the new iOS 13 OS from a security standpoint, I was amazed by the intricate way in which privacy has been built into every application in the iPhone device. Be it ‘Contacts’, ‘Calendars’, ‘Photos’, ‘Bluetooth’, ‘Files and Folders’ – privacy can be tuned to everything and makes sure every application asks your explicit permission before accessing the private data on your mobile devices. 

  • Camera: There is an explicit disclaimer stating that the pictures and videos that are taken will have other details like where and when they were taken. 
  • Contacts: The following picture shows applications that have requested access to your contacts 

       

 

The following picture shows what happens when ‘Whatsapp’ is not given access to ‘My Contacts’:

  • Photos: The picture below shows the permissions which have been given to certain application to access the photos on a device

       

      

  • Files and Folders: Applications that have requested to the files and folders appear here
  • Bluetooth: Applications that have requested access to Bluetooth is listed here

     

       The above picture shows an ‘Alert’ when an application like ‘Amazon Alexa’ is trying to access ‘Bluetooth’.

It is nice to see a tech giant using the power of programming and coding in a positive way. It is also nice to see that the whole data gathering process in Apple is much more transparent than other social media giants and we are able to determine whether we would like to share our pictures, location “All the time”, “Once” or “Never”

Maybe, the overall message in the Apple services says it all “Apple services are designed to protect your information and enable you to choose what you share”

With privacy and security being woven to every application of the iOS 13, it is a sure winner!! Maybe the other tech giants will soon follow suit!!

This is the sixth post for #MyFriendAlexa by @Blogchatter. I am taking my blog to the next level with #MyFriendAlexa and #Blogchatter.

ByJayanthi

Certifications vs Degree

Reading Time: 2 minutes

‘Certifications’? Ask this to any computer professional – and their eyes will surely glow… 🙂 ‘certifications’ are available in every computer field – as an example, we have the Oracle Java certifications(OCJP, OCJWCD), PMP certifications, data center certification(CCNA, CCNP), computer hardware certifications(A+, Server+), cloud certifications(AWS, CCNA) and the Information security certifications like CISSP, CCSP, CEH(which I am most interested in… 🙂 ) and more…- in fact, you can hardly meet a software professional in the computer field who is not certified!!

Degrees:

Having said this, many colleges also offer degrees in the Computer field such as Bachelors degree in Computer Science and Engineering(for India), Masters degree in Computer Science and Engineering and many other degrees directly or indirectly related to the Computer field. All these degrees require 4 years(Masters programs will take lesser number of years) of hard work and good grades to pass with a good GPA or marks. 

So, which is more respected – degrees or certifications in the computer industry?

As you step into the employment phase of life, initially, educational qualifications will definitely pave the way for a good and plum job in the desired industry and domain. But after a period of time, as technology rolls and changes all in its path – though our core values from the degree are strong and firm, we need additional skills to move up the career ladder. This is where certifications step in. 

Every certification tests you on different skills apart from your work experience. In fact, mid and high level positions in an organization might demand certifications to validate you and make sure that you are still in sync with the industry. You will have to spend at least 3-4 months  studying for these certification exams and the exams will not be easy by any means. After you are certified, most of these certifications might have to be renewed every few years. In fact, I have high respect for professionals who put a series of certifications behind their name!! 🙂

Conclusion:

I am sure any organization will be happy with a candidate who has an amazing degree plus all the relevant certifications but I think certifications definitely steal the thunder from a higher degree in the mid and high level employment space!! 🙂

This is the fifth post for #MyFriendAlexa by @Blogchatter. I am taking my blog to the next level with #MyFriendAlexa and #Blogchatter.

 

ByMani Prithiviraj

Habit 1: Be Proactive

Reading Time: 3 minutes

 In the previous article, we reviewed Covey’s 7 Habits of Effective people. We understood  how alignment of actions with natural principles, balance of production and production capacity are important. In this post, we will look at the first habit which is “Be Proactive”. This is one of the habits associated with the self.

            Covey writes that a unique human endowment is “Self Awareness”. This is something that other life forms in the world do not possess. Some examples of Self Awareness are: self evaluation, learning from our experiences and learning from experiences of others. We have the ability not only to be trained, but also choose a training that suits us or even create a training.

            The term ‘proactivity’ is used a lot by modern organizations as a buzz word. While it refers mainly to taking the initiative, Covey explains that it goes well beyond that. According to him, proactivity also means that we are responsible for our lives and that our behavior is a function of our decisions and not conditions. We do not blame circumstances or others for problems that we face.

            I work in the area of customer support and one of the areas we focus on is proactive support. What is it that is different in proactive support? A few differentiators are:

  • In addition to resolving issues customers come to us for, we reach out to customers to see how they are doing and see if they need any help via phone, emails or visits.
  • Whenever a new release of a software is out, we explain new features that can be beneficial to the customers (rather than wait for the customers to ask us).
  • We offer to review existing processes to see if they can be improved to enhance productivity.

We see that the proactive support model give us a much higher probability of improving customer satisfaction, increasing their success and  encourage our customers to give us more business. It also improves the quality of our products, since we use feedback from the field and pass it on to the developers who work on enhancing the product.

We are all subject to Stimuli from the outside. Covey says that between Stimuli and Response, we have the ability to choose. A proactive person thinks and chooses an appropriate response to the stimulus he or she receives.  For example, one of our customers might come to us with a very harsh criticism. Now while the criticism might lack professionalism, the basis for the criticism may be justified. A proactive approach to the situation is to carefully analyze the problem in hand and focus on getting a solution for the problem.

During India’s Independence Struggle, Mahatma Gandhi remarked that “They cannot take away our self-respect if we do not give it to them”. The reason our feelings get hurt is not because of what happens to us, but our response to what happens to us.

As human beings we have several concerns in life. Concerns can be grouped into two areas as described by Covey. The inner circle in the figure below refers to things that are under our control. The outer circle describes things that are not directly within our control (e.g. the Weather, global economy)

 

Proactive people are focused mainly on the circle of influence. This approach helps in slowly expanding our circle of influence. On the other hand reactive people are more focused on the circle of concern.

Some of Covey’s suggestions for expanding our circle of influence are:

  • Being a better listener
  • Being a better spouse or family member
  • Being a better student and employee
  • Being a better manager.
  • Being a better teacher.

It is not that we completely ignore the circle of concern. We still need to think about it, but not let it be the major part of focus. We always have the choice of choosing an action. However, the outcome of our action is always aligned with natural principles. For example, we may choose not to wear our seat belt while travelling. However, if the vehicle comes to a sudden and  un-expected stop, we may get thrown, since that is a natural consequence the laws of physics.

According to Covey, the heart of the circle of influence is our ability to make and keep commitments and promises.  The commitments we make to ourselves and others and our ability to keep them is the clearest manifestation of our proactivity.

Hope you enjoyed this post. In the next post, we will look at the 2nd habit which is “Begin with the End in mind”.

Reference: 25th Anniversary Edition “The 7 Habits of Highly Effective People” by Stephen R. Covey.

This is the fourth post for #MyFriendAlexa by @Blogchatter. I am taking my blog to the next level with #MyFriendAlexa and #Blogchatter.

ByJayanthi

ATM hacking

Reading Time: 2 minutes

Cars can be hacked, phones can be hacked, all smart devices can be hacked – so why not ATM machines? Scary isn’t it? This news from the ‘Economic times’ stole my glance and I had to blog about it right away! 

Hacking and the procedure to do it required a bit of expertise in the days gone by, but that is no longer the case in today’s world. Data breaches cost millions of dollars in losses and ATM hacks are also estimated to cost around $3.5 million dollars in losses between late 2017 and early 2018 in the US (Source: https://www.cnbc.com/2019/08/01/atm-hack-attacks-caught-on-video.html)

In today’s world, we do not  need thorough hacking and certified professionals to hack ATM machines to steal your credit/debit card information. It can be done by simple tools such as ATM malware cards and ATM hacking tutorials which are easily available in the “dark web” for as low as 100$. And how much time does it take to do it? Just 15 minutes!!

Sounds easy for a hacker, isn’t it?

It is…in fact… in a physical attack, if a device is implanted behind the ATM machine, the machine will give out cash without proper authentication to unauthorized individuals!! (yikes!!)

Since most ATM machines use the same software, attacking one machine will ensure that similar machines can be attacked in a similar manner. Most ATM hacks are performed on machines that run the Windows XP operating system.

How to protect yourself:

After the shocking news of how common and easy it is do ATM hacking, the next question comes about how to protect yourself from it:

  1. It is always wise to use ATMs at well lit locations and those locations that see more footfall
  2. Be aware of ATM skimmers(these are the ones that steal your credit/debit numbers and your PIN) that are attached to the ATM machines and make sure that you are able to use the card smoothly(if not – there is a probability that a skimmer is attached)
  3. Keep track of your bank balance constantly
  4. If you can – try and withdraw money from the bank itself(or try using “Cash back” option in the US and other Western countries)

ATM hacking and other attacks are always on the rise. It is imperative for us as customers to keep ahead of the curve and adopt safety practices!!

References:

  1. https://www.moneycontrol.com/news/trends/ready-made-tools-to-hack-atms-now-trending-on-dark-web-4421901.html
  2. https://www.cnbc.com/2019/08/01/atm-hack-attacks-caught-on-video.html
  3. https://www.marketwatch.com/story/how-to-protect-yourself-against-atm-hackers-2017-04-04

This is the third post for #MyFriendAlexa. I am taking my blog to the next level with #MyFriendAlexa and #Blogchatter.

ByMani Prithiviraj

7 Habits of Highly Effective People

Reading Time: 2 minutes

The 7 habits of highly effective people is a compilation by Stephen Covey of age old natural principles. Examples of natural principles are fairness, integrity, dignity, service, patience, quality and excellence.  According to Covey, anyone who consciously aligns their goals (personal or professional)  to these natural principles is bound to be very successful in life (Mahatma Gandhi is an excellent example of a successful person since he was aligned with natural principles) 

If a farmer wants a good yield at the end of the year, he needs to take appropriate steps throughout the year (e.g. Prepare the land, plant the seed, irrigate the plants, remove the weeds and finally harvest) If a farmer skips any of the steps or tries to compress the process, he is not likely to be successful in getting a good harvest. Similarly, Covey says that in life one has to align goals (personal and professional) to be in line with natural principles to be successful.

Covey defines a ‘Habit’ as an intersection of knowledge, skill and desire. Knowledge refers to theory or the “what to”. Skill refers to the “How to” and Desire refers to “Want to”. In order to make something a habit, we need to have the knowledge, know how to execute and also have the desire to execute.

The 7 Habits are:

  1. Be Proactive
  2. Begin with the end in mind
  3. Put first things first
  4. Think Win-Win
  5. Seek first to Understand then to be Understood
  6. Synergize
  7. Sharpen the Saw

       The first three habits are focused on the self (inside) and the next three are focused on the outside (inter-personal relations). The last habit is the habit of rejuvenation or constant learning.

         Why are these habits of effectiveness? They are habits of effectiveness since they are all based on the natural principal of balancing production and the capability of production. Let us look at an organization with employees. Employees are capable of producing work which is beneficial to the organization. However employees also need to be cared for and nurtured,  in order to be able to produce work. If they over-worked and over-loaded by the management, then they lose the ability to produce results for the organization. A delicate balance between production and production capability is required according to Covey (similar to Aesop’s Fable story of the goose that laid the golden eggs).

          I was first introduced to Covey by my then reporting Manager Nathan Mac Donald in the year 2012. I can say for sure that ever since I started reading Covey’s book and making an attempt to follow them, I have seen small incremental improvements. My wish is that I had started when I was in school and college. However, I do believe that it is not late for anyone to start following the 7 habits of highly effective people. In my following posts, I will spend time discussing each of the seven habits.

Reference: 25th Anniversary Edition “The 7 Habits of Highly Effective People” by Stephen R. Covey.

This is the second post for #MyFriendAlexa. I am taking my blog to the next level with #MyFriendAlexa and #Blogchatter.

 

ByJayanthi

AI and Cyber security

Reading Time: 3 minutes

“Artificial intelligence” or “AI” is a word that has been generously splashed all over and is omnipresent in our lives today and yet most of us are hardly aware of it. From Siri to Alexa to spam filters to smart searches, AI is powering our lives and simplifying it wherever we go.  

What is AI and how does AI work?

In simple terms, AI is a part of Computer Science that tries to simulate human intelligence in machines. Machine learning is a sub-topic of AI and is used along with AI or independently. 

Considering ‘gmail’ as an example, have you ever wondered how regular unwanted email gets pushed into the  “Spam” folders? One way “spam” can be detected is by making use of AI. By carefully studying hundreds and thousands of messages, the machine learns that the messages with certain “keywords” fall into “Spam”.  In our example here, the machine is trained to be “artificially intelligent” to detect “spam”.

This type of learning is close to our learning process as well. The more we read, understand and comprehend – the more decisions we can take. 

We can also see AI and ML(machine learning) powering the job sector with bots speaking to job seekers and helping them get an appropriate  job.

Cyber security:

“Cyber security” is a branch of study which is used to secure personal and business assets through various means and possibilities (like firewalls, VPNs, anti-virus definitions and more) It also involves studying different types of attacks and preventing them in addition to in-depth topics like phishing, ransomware, pen testing, vulnerability assessment and more.

This is a minimal list of cyber security duties –

The cyber security analyst is expected to read a lot of network data in traffic packets and understand the patterns and anomalies in them. This will enable them to detect threats early and sound the alarm for organizations to prevent breaches. Cyber security engineers also work to detect viruses by comparing new files against a signature list of virus definitions.  

So, what happens when “cyber security” makes use of AI?

There are many ways where AI helps cyber security:

  1. Human beings get weary and tired of doing network analysis for a prolonged period of time. Detecting threats and tuning applications is a tedious job, and prone to errors as fatigue sets in. “Alert fatigue” is real and human beings get exhausted looking for patterns and anomalies in the network. This is where AI steps in to enable the user to detect threats more easily. Machines never tire and the power of “artificial intelligence”  and “machine learning” is harnessed by using algorithms that detect “keyword matching, statistics monitoring, anomaly detection”(Source: https://resources.infosecinstitute.com/ai-in-cybersecurity/#gref)
  2. AI systems are also trained to detect malware in software rather than only human beings doing it. 
  3. Making the users click on malicious links in an email is the simplest form of hacking. Innocent users click on poisonous links that lead them to part with their precious data. These phishing emails can also be detected by using AI by employing appropriate algorithms.
  4. The power of artificial intelligence can also be harnessed when responding to security incidents. Human intelligence and artificial machine intelligence can work together to speed up detection and response times to security incidents.

These are some ways that cyber security engineers can make use of AI. But it has be remembered that AI can be used by hackers and other miscreants for their own benefit too. It is up to cyber security professionals to keep ahead of the game and thwart them with appropriate techniques.

This is my first post for #MyFriendAlexa. I am taking my blog to the next level with #MyFriendAlexa and #Blogchatter.