math skills

IF THERESA'S DAUGHTER IS MY DAUGHTER'S MOTHER, WHAT AM I TO THERESA?

Only 3% of American population can solve this!

this is mind boggling!!! this is such a SIMPLE question!!!!! Yesterday I was calling help desk online and they could do a very simple math calculation... It said: every 2 units is worth 1 hour... but it didn't say how many CEUs that is. And the help desk was telling me that if I put 10 units I will get 10 CEUs and then that units and CEUs are the same thing, ... SHE HAD NO CLUE ABOUT MATH. NONE> ZERO. NADA> NOTHING. Amazing.

Teaching hacking through my blog

I posted a lot of posts about how to hack. PLEASE DO NOT ABUSE IT!!!!!

The posts are from materials in my classes. I can explain too well so this COULD help train some hackers but again - some students might  end up as  hackers anyways :)

Why women bail out of engineering

I need to figure out WHAT TO DO. I could be just another burned out woman in engineering. There are NO women of my age still in technology. Everyone bails out...

Hm at this point... I need job recommendations.
It is overwhelming because I am not sure what I am doing!!!! I spent a whole day today and $150 to get recertified in computer security, thinking that it could be useful bc I could find work doing that. BUT it's not my goal and I might be just wasting money and time.

In any case, this exercise was useful because I went through all my teaching materials that I made - I WROTE A LOT OF STUFF!!!! and it's very good
I am an expert in computer networks.
I am an expert in writing. I LOVE to write.
So... that's a way to make some dollars somewhere...

The best thing would be to do some writing and teaching 1/2 time and then massage 1/2 time. I was happiest doing that. Then I can show up in the classroom and not be bothered if kids are not wanting to learn. Life is too beautiful! And I don't care if my massage clients are sniveling and not doing their hwk. Life is too beautiful!!!!
Well in the recent years I became too cold to be a massage therapist. I used to be soooo pampering bc I WAS a massage therapist and then I went to teach college and GOT EATEN ALIVE. when you teach college, STUDENTS EAT YOU ALIVE bc they ABUSE anything kind and giving. But then your massage clients get ticket off that you are too distant and authoritative.

I love having fun, pampering people, and teaching them, and that just doesn't go in academia.

I do well only in environments where I am the boss and I don't have to defend myself against some manipulative weasels trying to get their way; environments where peeps cooperate.
I need to strike a balance on all levels. 1/2 teaching/writing/technical, 1/2 massage, and everyone happy.
Let's see how I can make THAT happen...

Security certifictions

WHERE CAN STUDENTS LEARN SECURITY? 

Students always ask me about various certifications in the IT world. And for a good reason, because industry pays $12 per hour to employees without certifications, and $25 per hour to employees with certifications. Also, even for simple “experimentation” it is good to have some basic certification.

In the security field, the most basic certification is CompTIA Security+ certification. This certification is the de-facto expected certification of a new person in IT. http://certification.comptia.org/getCertified/certifications/security.aspx

CompTIA Security+ at a glance:

·         The basic security certification

·         Required by most entry-level security jobs

·         Requires retesting every 3 years, OR taking qualifying continuing education credits.

More experienced IT professionals will pursue CISSP certification. https://www.isc2.org  It is considered a high achievement and is expected for all higher-level jobs.  CSSP requires 5 years of industrial experience and a sponsor who is also CISSP certified, so it is not available to beginners. However, CISSP does have Associate version of the certification which is a “beginners” version of CSSP and will eventually count towards CISSP.

For people who do not plan to be security professionals but would like to learn a little bit “and have fun” and perhaps apply for less formal and less rigorous jobs than a typical IT professional would, there are many choices.

There are many certifications, such as Certified Ethical Hacker (CEH) by the International Council of Electronic Commerce Consultants (EC-Council). http://eccouncil.org 

CEH does not have a great reputation in the industry, however, it is a great start for an interested student. Requires  knowing:

·         ethics and legal issues

·         footprinting

·         scanning

·         enumeration

·         system hacking

·         Trojan programs and backdoors

·         sniffers

·         denial of service

·         social engineering

·         session hijacking

·         hacking web servers

·         web application vulnerabilities

·         web-based password cracking techniques

·         SQL injection

·         hacking wireless networks

·         viruses and worms

·         hacking novell

·         hacking Linux

·         intrusion detection systems, firewalls, honeypots

·         buffer overflows

·         cryptography

Students LOVE the idea of hacking but they forget that it has many consequences. For example, most students have electronic accounts, such as email, and have signed that they will not be using any school computers for hacking purposes. Being caught can expel you from school…. Also, there are state and federal laws. Federal laws exist for hacking into government and financial institutions. Hacking into government sites can carry serious monetary and jail penalties.

Hacking wireless

WIRELESS NETWORKS

Wireless links are pretty fascinating because lately there are so many wireless choices. IEEE802.16m offers speed of 1Gbps for stationary and 100Mbps for mobile devices.

Wireless is not encrypted by default.

Since it travels through the air, it is super easy to intercept it: Wireless Wireshark, aircrack, AirSnort, Auditor Security Collection, weplab, WEPCrack and many other (free) programs

To the rescue: Wireless Intrusion Detection System (WIDS).

Tradeoff is speed vs security. Most wireless has relatively weak security that is really fast, and change keys frequently. 

WEP (Wired Equivalent Privacy) protocol was Added to IEEE 802.11 in 1999, hacked in 2001. It uses 64- or 128- or 256-bit RC4 encryption. Issues:

·         AP and all its clients share the same key … !

·         strength of the algorithm is linearly proportional to the key length

WEP is very Insecure (i.e. useless); FBI cracked it in 3 minutes

WEP can be brute-force broken in 1-2 hrs.

WPA (Wi-FI Protected Access) Protocol  Replaced WEP in 2003. It implements most of IEEE802.11i. WPA uses data encryption. It uses TKIP (Temporal Key Integrity Protocol), and TKIP provides 128-bit per-packet key mixing with re-keying, and MIC

WPA Enterprise provides RADIUS based authentication using TKIP IEEE 802.1x/ EAP.

WPA Personal uses a pre-shared Shared Key (PSK) with 8 to 63 character passphrase. Good/long passwords (still) cannot be easily broken?

WPA2 replaced WPA. WPA2 is specified in 802.11i amendment to IEEE 802.11 in 2004.

WPA2 = WPA + mandatory AES–CCMP

Advanced Encryption Standard (AES) is a symmetric block cipher, key length is 128bits, block size  is 128bits. Counter-Mode/CBC-MAC Protocol (CCMP) – provides additional protection plus MIC

Just like WPA, WPA2 supports EAP authentication using RADIUS servers and preshared key (PSK)

WPA2 requires installing new hardware: either AES-WRAP (an early version of 802.11i) or the newer and better AES-CCMP. Those hardware standards are not compatible.

WPA2 also comes in personal and enterprise version, just like WPA.

Unlike WPA, WPA2 is still considered secure. Although there are talks about WPA3, it has not come out yet.

Here are some wireless terms and overview:

http://en.wikipedia.org/wiki/Comparison_of_wireless_data_standards

https://www.cites.illinois.edu/wireless/speed.html

• Downlink is the throughput from the base station to the user handset or computer.
• Uplink is the throughput from the user handset or computer to the base station.
• Range is the maximum range possible to receive data at 25% of the typical rate.

So what can you hack into? Here are some wireless networks:

Wireless link:              Frequency:                 Speed:             Range:

WiFi (IEEE 802.11 b)    2.4-2.485GHz              ≤ 11Mbps                    LAN

                                    this frequency collides with cell phones and microwave owens

IEEE 802.11 a              5.1-5.8 GHz                 ≤ 54Mbps

IEEE 802.11 g              2.4-2.485 GHz             “     “          “

IEEE 802.11 n, i

Bluetooth (IEEE 802.15.1)       2.4GHz                         ≤ 24Mbps                    max 100m

WiMax (IEEE 802.16)              2-66 GHz                                 ≤ 30Mbps                    Long Haul

                                                                                                                                                                                                            (≤ 30 miles)

Mobile WiMax (IEEE 802.16e-2005)  20MHz 128Mpbs downlink, 56Mbps uplink. Called “4G” by Sprint Nextel.

IEEE802.16m                                                   1Gbps for stationary

                                                                        100Mbps for mobile

Cellular phone network (GSM, COMA)         

4G                                                                    ≥ 1 Gbps when stationary

                                                                        ≥ 100 Mbps when mobile      

3G                                                                    ≥ 2 Mbps when stationary

                                                                        ≥ 284 Kbps in a moving vehicle

Satellites

http://www.intelsat.com/resources/satellite-basics/

Various Uses of Satellite Communications:

Traditional Telecommunications

Cellular

Television Signals

Marine Communications

Spacebourne Land Mobile

Satellite Messaging for Commercial Jets

Global Positioning Services

http://computer.howstuffworks.com/question606.htm