An independent IT consultant helps companies determine their computer needs by researching hardware and software options, developing plans, and assisting with implementation and support. The document outlines how the consultant got into the field by taking programming classes in high school and college, building computers and networks, and continuing to learn, leading people to ask for help. Education includes college degrees but also apprenticeships and certifications, as learning never stops in the IT field. Other related careers mentioned are in hardware, programming, networking, training, and security.
Welcome to the Internet of Customers.
It's an Internet of Customers, and we need to reassess how we connect with our customers in a whole new way. Everyone and everything is connected.
You see, some companies pivot to their shareholders. Some companies pivot to their competitors. Some companies pivot to their partners. But at salesforce.com, we pivot to our customers, and we have one message to our customers: Pivot to your customers.
Your customers have the answers. There's never been a more important time to listen and interact and engage with your customers. That is what the new world is about. That is what we are doing here when we talk about the third wave of computing it’s not an Internet of Things, it’s an Internet of Customers.
This financial services client was spending over $1 million per year using 22 advertising agencies for direct marketing projects. The agencies' work was slow, inconsistent, and costly. Aquent evaluated the client's processes and recommended a hybrid model using 1-2 agencies for concepts and Aquent contractors for execution. This reduced costs 50-75% and the number of agencies from 22 to 2, saving over $1 million in the first year and $2.5 million by the end of the second year. The client gained control over their brand and faster, higher quality project delivery.
Green buildings are designed to minimize environmental impact and reduce consumption of resources. They use sustainable materials and renewable energy sources to lessen energy usage and protect the environment. Green building techniques include efficient insulation, windows oriented for passive solar heating and cooling, and shading. Following a design process that confirms environmental criteria and develops solutions can help engineers effectively integrate sustainable systems and refine designs to document green materials and systems.
A computer consultant helps companies determine their computer needs by researching hardware and software options, developing a plan, and helping to implement the solutions. The author got into the field after attending college and continuing education through certifications and apprenticeships. Special education through ongoing learning has also helped in their career as a computer consultant.
The document discusses the benefits of enterprise video, including increased learning, improved absorption rates, and enhanced content retention and persuasiveness. It notes that video increases the impact of communications more than audio alone. The primary drivers of enterprise video are reducing travel costs, improving collaboration and productivity. Challenges to adoption have decreased with newer technologies. Use cases include executive communications, training, knowledge sharing, and marketing. Building a video culture requires creating a task force, understanding the technology, starting small, and promoting consumerization.
Ankur Bali has over 7.5 years of experience working as an Associate Consultant for Tata Consultancy Services. He has experience working in agile methodologies like Scrum and has strong skills in application business analysis, manual testing, project management, SQL, and various software tools and databases. He is currently working as a business analyst for Citi Bank on a new enterprise master data management product.
This document discusses common security issues for Android apps and provides recommendations to address them. It identifies issues such as overprivileged apps, information exposure through sent data, intent spoofing, unauthorized intent receipt, insufficient entropy, and use of hardcoded cryptographic keys. The document recommends techniques like using permissions and explicit intents to prevent spoofing, validating untrusted inputs, and parametrized queries to prevent SQL injection. It also cautions against sending sensitive data in sticky broadcasts.
An independent IT consultant helps companies determine their computer needs by researching hardware and software options, developing plans, and assisting with implementation and support. The document outlines how the consultant got into the field by taking programming classes in high school and college, building computers and networks, and continuing to learn, leading people to ask for help. Education includes college degrees but also apprenticeships and certifications, as learning never stops in the IT field. Other related careers mentioned are in hardware, programming, networking, training, and security.
Welcome to the Internet of Customers.
It's an Internet of Customers, and we need to reassess how we connect with our customers in a whole new way. Everyone and everything is connected.
You see, some companies pivot to their shareholders. Some companies pivot to their competitors. Some companies pivot to their partners. But at salesforce.com, we pivot to our customers, and we have one message to our customers: Pivot to your customers.
Your customers have the answers. There's never been a more important time to listen and interact and engage with your customers. That is what the new world is about. That is what we are doing here when we talk about the third wave of computing it’s not an Internet of Things, it’s an Internet of Customers.
This financial services client was spending over $1 million per year using 22 advertising agencies for direct marketing projects. The agencies' work was slow, inconsistent, and costly. Aquent evaluated the client's processes and recommended a hybrid model using 1-2 agencies for concepts and Aquent contractors for execution. This reduced costs 50-75% and the number of agencies from 22 to 2, saving over $1 million in the first year and $2.5 million by the end of the second year. The client gained control over their brand and faster, higher quality project delivery.
Green buildings are designed to minimize environmental impact and reduce consumption of resources. They use sustainable materials and renewable energy sources to lessen energy usage and protect the environment. Green building techniques include efficient insulation, windows oriented for passive solar heating and cooling, and shading. Following a design process that confirms environmental criteria and develops solutions can help engineers effectively integrate sustainable systems and refine designs to document green materials and systems.
A computer consultant helps companies determine their computer needs by researching hardware and software options, developing a plan, and helping to implement the solutions. The author got into the field after attending college and continuing education through certifications and apprenticeships. Special education through ongoing learning has also helped in their career as a computer consultant.
The document discusses the benefits of enterprise video, including increased learning, improved absorption rates, and enhanced content retention and persuasiveness. It notes that video increases the impact of communications more than audio alone. The primary drivers of enterprise video are reducing travel costs, improving collaboration and productivity. Challenges to adoption have decreased with newer technologies. Use cases include executive communications, training, knowledge sharing, and marketing. Building a video culture requires creating a task force, understanding the technology, starting small, and promoting consumerization.
Ankur Bali has over 7.5 years of experience working as an Associate Consultant for Tata Consultancy Services. He has experience working in agile methodologies like Scrum and has strong skills in application business analysis, manual testing, project management, SQL, and various software tools and databases. He is currently working as a business analyst for Citi Bank on a new enterprise master data management product.
This document discusses common security issues for Android apps and provides recommendations to address them. It identifies issues such as overprivileged apps, information exposure through sent data, intent spoofing, unauthorized intent receipt, insufficient entropy, and use of hardcoded cryptographic keys. The document recommends techniques like using permissions and explicit intents to prevent spoofing, validating untrusted inputs, and parametrized queries to prevent SQL injection. It also cautions against sending sensitive data in sticky broadcasts.
Social Media and Democracy in Latin AmericaRachel Johnson
Social media use is widespread in Latin America, with 88% of the population using social media platforms. The average age of social media users in Latin America is younger at 38 compared to 48 worldwide. Top social media sites in Latin America include Facebook with 91 million users and Twitter with 34 million users. In some countries, social media is being used for civic and political engagement. For example, in Venezuela the hashtag #VotoJoven was used to encourage young voter turnout, and in Brazil the #Occupario movement organized online and offline protests around education funding. Overall, social media allows new connections between online and offline activity and can provide new tactics for civic participation, though impacts may take time to be fully realized.
Embracing Employee Generated Video for Knowledge SharingRodan van Orden
Gartner has defined Enterprise "YouTube" as an emerging market. What are some of the business drivers for enabling employee generated video and video sharing?
The document provides information about an online education company called eBIZ.com that offers computer literacy courses and testing. It details the courses offered in areas like operating systems, programming languages, databases, and more. It also outlines a multi-level marketing business model where individuals can earn income by recruiting others to purchase the computer courses. Participants are encouraged to build 'orbits' of 50 sales each to progress through payment cycles that increase in value as more orbits are completed. The goal presented is to achieve high levels of duplication and thousands of sales per year to generate substantial income.
Vår avhengighet av systemer som styres av programvare øker raskere enn vår evne til å sikre systemene. En løsning er å bygge inn sikkerhet som en del av programvareutviklingen. Det er utfordrende å måle programvaresikkerhet, men modenhet på programvaresikkerhetsarbeidet kan måles med BSIMM-rammeverket.
Hvordan foregår et faktisk angrep og hvordan kan det stoppes. Det finnes ingen “silver-bullet” som fikser alt av sikkerhet på en klient og det er derfor viktig å tenke på flere lag av sikkerhet. Oddvar og Olav vil ta på seg rollene som angriper og forsvarer i dette engasjerende foredraget om sikkerhet praksis.
Ved å installere en app på din smarttelefon slipper du en fremmed ganske så nært inn på deg. Hvem er denne fremmede og hvilke opplysninger henter han ut? Det er stor konkurranse i markedet for mobilapplikasjoner. Ikke bare skal appen være interessant og funksjonell. Det begynner å bli en økende bevissthet om at appene samtidig må være trygge å bruke. Hvordan kan du utvikle apper som ivaretar sikkerheten og personvernet samtidig som de er spennende og funksjonelle?
I moderne web og mobile applikasjoner forventer brukerne å ha samme kontroll og oversikt som i tradisjonelle desktopapplikasjoner. Det skaper noen nye utfordringer for oss utviklere når front-end kjøres på en annen enhet en back-end som igjen typisk kjøres på en annen server en eksisterende kjernesystemer.
I denne sesjonen viser Joar Øyen hvordan slike utfordringer er løst i en moderne web applikasjon fra Lindbak Retail Systems. Du får vite mer om Service Bus for Windows Server, Signal R og Windows Azure Notification Hubs og hvordan disse produktene er satt sammen for å holde brukere oppdatert i en asynkron verden.
PANDA | Cloud Systems Management Presentasjon [Norsk]Jermund Ottermo
Den beste programvaren for administrasjon av bedrifters IT-infrastruktur er RMM (Remote Management Module).
Perfekt for driftspartnere/forhandlere som enten blir outsourcet til å ivareta klinters vedlikehold av IT-miljø samt gir teknisk støtte, eller ønsker rådgive og tilby løsninger til bedrifter for intern drift.
Her kan dette arbeidet gjøres oversiktlig og brukervennlig på tvers av plattformer, kunder og sites direkte fra skyen med noen klikk.
RMM er også svaret for konsulenter som vil tjene penger på det som blir igjen på bakken etterhvert som tjenester svever opp i skyen. Ypperlig for bl.a. klienthåndtering.
Social Media and Democracy in Latin AmericaRachel Johnson
Social media use is widespread in Latin America, with 88% of the population using social media platforms. The average age of social media users in Latin America is younger at 38 compared to 48 worldwide. Top social media sites in Latin America include Facebook with 91 million users and Twitter with 34 million users. In some countries, social media is being used for civic and political engagement. For example, in Venezuela the hashtag #VotoJoven was used to encourage young voter turnout, and in Brazil the #Occupario movement organized online and offline protests around education funding. Overall, social media allows new connections between online and offline activity and can provide new tactics for civic participation, though impacts may take time to be fully realized.
Embracing Employee Generated Video for Knowledge SharingRodan van Orden
Gartner has defined Enterprise "YouTube" as an emerging market. What are some of the business drivers for enabling employee generated video and video sharing?
The document provides information about an online education company called eBIZ.com that offers computer literacy courses and testing. It details the courses offered in areas like operating systems, programming languages, databases, and more. It also outlines a multi-level marketing business model where individuals can earn income by recruiting others to purchase the computer courses. Participants are encouraged to build 'orbits' of 50 sales each to progress through payment cycles that increase in value as more orbits are completed. The goal presented is to achieve high levels of duplication and thousands of sales per year to generate substantial income.
Vår avhengighet av systemer som styres av programvare øker raskere enn vår evne til å sikre systemene. En løsning er å bygge inn sikkerhet som en del av programvareutviklingen. Det er utfordrende å måle programvaresikkerhet, men modenhet på programvaresikkerhetsarbeidet kan måles med BSIMM-rammeverket.
Hvordan foregår et faktisk angrep og hvordan kan det stoppes. Det finnes ingen “silver-bullet” som fikser alt av sikkerhet på en klient og det er derfor viktig å tenke på flere lag av sikkerhet. Oddvar og Olav vil ta på seg rollene som angriper og forsvarer i dette engasjerende foredraget om sikkerhet praksis.
Ved å installere en app på din smarttelefon slipper du en fremmed ganske så nært inn på deg. Hvem er denne fremmede og hvilke opplysninger henter han ut? Det er stor konkurranse i markedet for mobilapplikasjoner. Ikke bare skal appen være interessant og funksjonell. Det begynner å bli en økende bevissthet om at appene samtidig må være trygge å bruke. Hvordan kan du utvikle apper som ivaretar sikkerheten og personvernet samtidig som de er spennende og funksjonelle?
I moderne web og mobile applikasjoner forventer brukerne å ha samme kontroll og oversikt som i tradisjonelle desktopapplikasjoner. Det skaper noen nye utfordringer for oss utviklere når front-end kjøres på en annen enhet en back-end som igjen typisk kjøres på en annen server en eksisterende kjernesystemer.
I denne sesjonen viser Joar Øyen hvordan slike utfordringer er løst i en moderne web applikasjon fra Lindbak Retail Systems. Du får vite mer om Service Bus for Windows Server, Signal R og Windows Azure Notification Hubs og hvordan disse produktene er satt sammen for å holde brukere oppdatert i en asynkron verden.
PANDA | Cloud Systems Management Presentasjon [Norsk]Jermund Ottermo
Den beste programvaren for administrasjon av bedrifters IT-infrastruktur er RMM (Remote Management Module).
Perfekt for driftspartnere/forhandlere som enten blir outsourcet til å ivareta klinters vedlikehold av IT-miljø samt gir teknisk støtte, eller ønsker rådgive og tilby løsninger til bedrifter for intern drift.
Her kan dette arbeidet gjøres oversiktlig og brukervennlig på tvers av plattformer, kunder og sites direkte fra skyen med noen klikk.
RMM er også svaret for konsulenter som vil tjene penger på det som blir igjen på bakken etterhvert som tjenester svever opp i skyen. Ypperlig for bl.a. klienthåndtering.
Fra frokostseminar hos Creuna om mobilitet og mobile løsninger. Hvordan finner du ut hva du bør lage, hvordan du lager det og hva du bør tenke på i produksjonsprosessen som produkteier eller tjenesteleverandør
Cloud computing er pr. definisjon nettverksbasert databehandling. Eller sagt på en annen måte; skytjenester blir bare så bra som nettverket de bygger på. I denne sesjonen skal vi ta deg meg på en reise gjennom nettverk i Azure-plattformen; en så fullstendig A-Z (det finnes ingen Azure-tjenester som begynner på Æ, Ø eller Å) reise som […]
6. Baksiden av medaljen
Overprivileged applications
Information exposure through sent data
Intent spoofing
% of applications
Use of hardcoded chryptographic keys
Unauthorized intent receipt
Insufficient entropy
0 10 20 30 40 50 60 70
8. Arkitektur
■ Linux 2.6.x (Android 3.x), Linux 3.0.x (Android 4.0)
■ Dalvik VM – optimalisert for begrensete
ressurser
■ Sikkerhetsmodell: UID's, filrettigheter og
tillatelser
9. Nøkkelkonsepter
Activity View
■ Presenterer skjerminnhold ■ Et enkelt grensesnitt element
■ Kan vise Views, menyer, varsler og ■ Håndterer brukerhendelser og tegner
notifikasjoner komponenten på skjermen
■ Må ha minst én Activity ■ Kan lage egne eller bruke eksisterende
Intent Service
■ Linker to aktiviteter eller to applikasjoner ■ En applikasjon som kan kjøre i bakgrunnen
■ Muliggjør sending av meldinger og data ■ Deklareres i manifest filen
mellom to entiteter
■ Gir tilgang til OS tjenester som kamera,
browser mm
10. Nøkkelkonsepter 2
Broadcast receivers Content Providers
■ Lytter og reagerer på broadcast meldinger ■ Tilgjengeliggjør data fra en applikasjon til
andre
■ Henter data fra filsystem, SQLite, mm.
Android Manifest fil
<manifest ...>
<application>
<activity android:name=“.MyActivity”>...</activity>
<receiver android:name=“.MyReceiver”>...</receiver>
</application>
<uses-sdk android:minSdkVersion=“16” />
<uses-feature android:name=“android.hardware.CAMERA”/>
<uses-permission android:name=“android.permission.INTERNET” />
<uses-permission android:name=“android.permission.CAMERA” />
<permission android:name=“com.emc.NewPermission” />
</manifest>
11.
12. Intent spoofing
■ Komponent med svake rettigheter
■ Ondsinnet app sender en I nt som resulterer i
nte
datainjeksjon eller endret tilstand
<receiver android:name=”one.special.recevier”>
<intent-filter>
<action android:name=”one.intent.action” />
</intent-filter
</receiver>
16. SQL og Query String Injection
■ Delete, execSQL, rawQuery, update....
■ Query String Injection: Sub-klasse av SQL
Injection
■ Tillater en ondsinnet app å se uautorisert data
■ Kan ikke endre data
■ Hvordan?
■ Data fra en uklarert kilde
■ Dynamisk konstruerte SQLite spørringer
19. Unauthorized Intent Receipt
■ Gitt en offentlig I nt som ikke krever spesielle
nte
tillatelser hos komponenten som mottar
meldingen
■ Fanges opp av en ondsinnet app
■ Kan lekke sensitive data og/eller endre
programflyt
Intent intent = new Intent();
intent.setAction(“a.special.action”);
startActivity(intent);
20. Unauthorized Intent Receipt
Intent fixedIntent = new Intent();
fixedIntent.setClassName(“pkg.name”,“pkg.name.DestinationName”);
or
Intent fixedIntent2 = new Intent();
fixedIntent2.setAction(“a.special.action”);
sendBroadcast(“fixedIntent2, “a.special.permission”);
21.
22. Persistent Messages:
Sticky broadcasts
■ Kan ikke sette krav til tillatelser på mottaker
■ Tilgjengelig for alle(!)
■ Kompromittere sensitiv program data
■ Lever videre etter at den har blitt sent
■ Kan fjernes av alle som har BROADCAST_STICKY
tillatelse
23. Persistent Messages:
Sticky broadcasts
■ Bruk vanlige kringkasting som er beskyttet av
mottakers tillatelser
■ Undersøk data som blir sent i kringkastings
meldinger
24.
25. Insecure Storage
■ Innhold på SD-kort er tilgjengelig for alle
■ Blir ikke fjernet når app'en blir fjernet
■ Kan gi tilgang til passord, lokasjoner, SMS,
epost, etc
26. Insecure Storage
■ Bruk applikasjonens SQLite database
■ Bruk enhetens interne datalager
■ Bruk Context.MODE_PRIVATE
27.
28. Insecure Communication
■ Ikke send sensitiv data over HTTP
■ Om mulig, bruk HTTPS, hvis du bruker
WebViews
■ Bør undersøkes og behandles som hvilken som
helst web applikasjon
29. Insecure Communication
■ Google Calendar og Contacts (fikset i v2.3.4)
■ Twitter app
■ Facebook app
■ Fake GSM tower, IMSI Catcher
30.
31. Overprivileged Applications
■ “Minst privilegium” prinsippet
■ Sårbarheter kan gi en angriper tilgang
■ Application Collusion Attack
■ Brukere godtar unødvendige tillatelser
32. Trusselbilde
M bile is the ne w p la tfo rm . M bile is a ve ry intim a te
o o
p la tfo rm . I whe re the a tta c ke rs a re g o ing to g o . " [Sc hne ie r]
t's
Bilde:http://www.mobi2tab.com
33. Trusselbilde
■ Q1: 3, 063
■ Q2: 5, 033
■ Q3: 51, 447
■ Kun 0,5 fra Play Store. 55,2 prosent
faktisk ondsinnet!
34. Trusselbilde
Bilde: F-Secure, Mobile Threat Report
36. Hva skjer fremover?
■ Android v4.2
■ (Opt-in) Skanning av applikasjoner i sanntid
■ Valideres mot eksisterende Google Play app's
og APK-filer tilgjengelig på nettet
■ Ny installasjons-skjerm med tydeligere
informasjon
37. SE Linux
■ Mandatory Access Control vs Discretionary Access Control
■ Ingen root bruker
■ Sikkerhets policy definert av en administrator
Bilde: Centos.org
38. VPN
■ Always-On VPN
■ Hindrer data fra plutselig å bli sent i klartekst
Bilde: How Stuff Works
39. Premium SMS
■ Premium SMS tjenester belaster brukerens mobilabonnement
■ Varsling ved bruk av premium tjenester
Bilde: http://k0il-inside.blogspot.no
40. Pro tips!
■ Google Play
■ Rating og tilbakemeldinger
■ Kontroller tillatelser
■ Rooting
41. Takk for meg!
thomas.methlie@capgemini.com / thomas.methlie@gmail.com
no.linkedin.com/in/thomasmethlie
tsmethlie
42. Kilder
■ Seven ways to hang yourself with Google Android. Y. O'Neil and E. Chin
■ Veracode State of Software Security v04
■ http://android-developers.blogspot.com
■ http://nakedsecurity.sophos.com/2011/05/17/security-hole-android-smartphones
■ Developing secure mobile applications for android. Jesse Burns, iSEC Partners
■ F-Secure: Mobile Threat Report Q3 2012
■ Application Collusion Attack on the Permission-Based Security Model and its Implications for Modern
Smartphone Systems (ftp://ftp.inf.ethz.ch/doc/tech-reports/7xx/724.pdf)