Skip to content

Degree versus Certifications?

The biggest question in a technical career is whether to get a degree or to become certified.  The answer starts with looking at your motives.  Ask yourself “why do I want a degree?”.

If you aspire to become an IT manager or director, then a degree or Masters will look good on your CV.  If you want to teach, then you’ll need a degree.

If you aspire to become highly paid, then pursuing certifications such as CCNA, CCNP and CCIE offer the best financial return, as you’ll probably earn more than the IT manager.

Step 1 – Do  you want High Pay?

If you want to be highly paid, then get certifications.  Being a contractor pays the highest rates, and for this you’ll need to be certified.

Step 2 – Want a career in Management or Teaching?

If you want to teach, then you’ll need a degree, plus an extra year’s post graduate course in teaching.

If you want to compete in the world of Management, then an MBA or a Masters in Computing will assist you.

Step 3 – Desktop Support

Generalist courses such as A+, Network+ and Security+ will equip you for desktop roles.  You don’t need a degree for these roles – employers would prefer certifications.

Step 4 – Security Research

Research roles normally start at Masters, but most employers will ask for a Phd.  So a degree is only the first step – prepare yourself to gain a doctorate.

 Step 5 – Stay at home parents and  carers

Many mums and dads find themselves as sole carers for children, due to divorce.  Some children are disabled and need a carer.  This provides the ideal opportunity to pursue your degree.  You’ll get a student loan, and if you don’t re enter the workforce, you’ll never repay a penny towards your course fees.

If you have to care for a sick relative, then a student loan will pay you £6,000 a year, plus your £9,000 course fees.  If they have cancer or need a longer period of treatment, then you can be around for them, help with the shopping and housework, and still get your degree – for free.  More importantly, you’ll have 3 years at home to care for them – or drive them to hospital appointments.

The student loans company will not assist you in paying for certifications – so this route is closed to you.  It has to be a university degree for carers – as only the degree is funded.

Step 6 – Want to be self employed?

Employers will hire you based on your ability to do the job.  Therefore, they are keen to hire staff with certifications. A degree may or may not help you get a contract, but certifications will help.

Step 7 – Unemployed and near the age of retirement?

If you’re around 60 years old, and unemployed, then applying for a student loan and getting  your degree is a great way forward.  The UK government wipes out your student loan as soon as you retire.  If you’re close to retirement, it means you can gain full funding, and never repay the debt.  If for health reasons you are unemployed and can’t get a job, being at University means the Benefits agency will leave you alone.  You’ll sign off the dole and won’t face being sanctioned for not signing on or missing an appointment.  It’s an unusual solution, but if you can’t get a job, it may be a viable alternative until you reach retirement.

Step 8 – You want prestige or just prove you can get a degree?

Many of us take a degree, just to prove that we are capable of it.  Many of us carry on and take a Masters degree, just to prove that we can take on the intellectual challenge.  There is a certain status to having a Masters or Phd.  So if you want a certain status in society – then prepare yourself for an extra 1 – 4 years of study.

Step 9 – Gain Certifications whilst at University

It is possible to take some of the cheaper certifications whilst at University.  You’ll have to study over the summer break, but it is doable.  From personal experience, the £150 fee is expensive – but if you pass then you have both a certification and a degree.  You’ll get the job offer – with no hesitation.


Therefore keep asking yourself what outcome you want from the course.  You may want a highly paid job, or want time at home with the children.  Many parents become teachers, as it fits in with their lifestyle – and they get the summer holidays with their children.  Some want the status of being a “doctor”.  Examine your motives, and what you want from the course.  That will help you select the right path, and for many, the degree is not the right choice.

That said, most of us consider University, one of the greatest experiences of our lives.

GCHQ has legal immunity to reverse-engineer Kaspersky antivirus, crypto

Newly-published documents from the Snowden trove show GCHQ asking for and obtaining special permission to infringe on the copyright of software programs that it wished to reverse-engineer for the purpose of compromising them. GCHQ wanted a warrant that would give it indemnity against legal action from the companies owning the software in the unlikely event that they ever found out.

The legal justification for this permission is dubious. As the new report in The Intercept explains: “GCHQ obtained its warrant under section 5 of the 1994 Intelligence Services Act [ISA], which covers interference with property and ‘wireless telegraphy’ by the Security Service (MI5), Secret Intelligence Service (MI6) and GCHQ.” Significantly, Section 5 of the ISA does not mention interference in abstractions like copyright, but in 2005 the intelligence services commissioner approved the activity anyway.

The Intercept story provides details of the software that GCHQ wanted to compromise: online bulletin board systems, commercial encryption software, and anti-virus programs. It needed to prevent the last of these from revealing the presence of other GCHQ malware that was used for spying: “Personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ’s CNE [computer network exploitation] capability and SRE [software reverse engineering] is essential in order to be able to exploit such software and to prevent detection of our activities.”

Another company mentioned is Cisco. Reverse-engineering the software in its routers allowed GCHQ “not only to access ‘almost any user of the internet’ inside the entire country of Pakistan—but also ‘to re-route selective traffic across international links toward GCHQ’s passive collection systems’,” The Intercept says.

The other key revelation in the latest batch of documents is how GCHQ “cozied up to staff in the Foreign and Commonwealth Office, or FCO, to get warrants approved,” which suggests that the organisation is perilously close to subverting UK government departments. When asked about these new claims, GCHQ “refused to comment on the record about any of these matters, instead providing its boilerplate response about how it complies with the law.”

An increasing number of formal challenges to GCHQ’s activities have shown that isn’t true. Indeed, just today the Investigatory Powers Tribunal ruled that GCHQ’s covert surveillance of two international human rights groups was illegal—making the standard claim that GCHQ “complies with the law” increasingly ridiculous.

How to hack Active Directory on a Windows Domain Controller – NTDS.dit

Using the same underlying technique (Volume Shadow Service), there is an in-built command (Windows 2008 and later) that does a backup of the crucial NTDS.dit file, and the SYSTEM file (containing the key required to extract the password hashes), without the need to use VB Script, third-party tools or injecting into running processes.

All you need is a command prompt running with administrator privileges, and the following commands:

ntdsutil: activate instance ntds
ntdsutil: ifm
ifm: create full c:\pentest
ifm: quit
ntdsutil: quit

Copy/move the created folder from the target DC to your machine, and you have all necessary files to conduct an offline password audit of the domain.

If you’re running Windows, there is a new tool on the block – named ntds_decode.exe (referenced here –, which seems to work fine in our lab, without requiring a number of rather convoluted steps to achieve our goal. Unfortunately source code isn’t available at this moment in time, so take normal precautions before running.


hack active directory

The SYSTEM registry hive and Active Directory database are from a domain controller.
These files are obviously locked so you need to backup using the Volume Shadow Copy Service.

The output format is similar to pwdump and only runs on Windows at the moment.
LM and NTLM hashes are extracted from active user accounts only.

ntds_decode mounts the SYSTEM file so Administrator access is required on the computer you run it on.

Google takes steps to crack down on revenge porn – BBC

This article answers the anti privacy reply “if you’ve done nothing wrong, you’ve nothing to fear”. 

Victims of revenge porn will be able to put in requests to Google to take down content from search results.

The images will still exist but won’t come up on a list when people look for them.

In a blog post the company’s Vice President Amit Singhal said it will apply to “nude or sexually explicit images”.

Victims of revenge porn will be able to put in requests to Google to take down content from search results.

The images will still exist but won’t come up on a list when people look for them.

In a blog post the company’s Vice President Amit Singhal said it will apply to “nude or sexually explicit images”.

Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331”

For Ars, three crackers have at 16,000+ hashed passcodes—with 90 percent success.

In March, readers followed along as Nate Anderson, Ars deputy editor and a self-admitted newbie to password cracking, downloaded a list of more than 16,000 cryptographically hashed passcodes. Within a few hours, he deciphered almost half of them. The moral of the story: if a reporter with zero training in the ancient art of password cracking can achieve such results, imagine what more seasoned attackers can do.


**Bruteforce is feasible against short passwords (around 8 characters).

Imagine no more. We asked three cracking experts to attack the same list Anderson targeted and recount the results in all their color and technical detail Iron Chef style. The results, to say the least, were eye opening because they show how quickly even long passwords with letters, numbers, and symbols can be discovered.

The list contained 16,449 passwords converted into hashes using the MD5 cryptographic hash function. Security-conscious websites never store passwords in plaintext. Instead, they work only with these so-called one-way hashes, which are incapable of being mathematically converted back into the letters, numbers, and symbols originally chosen by the user. In the event of a security breach that exposes the password data, an attacker still must painstakingly guess the plaintext for each hash—for instance, they must guess that “5f4dcc3b5aa765d61d8327deb882cf99″ and “7c6a180b36896a0a8c02787eeafb0e4c” are the MD5 hashes for “password” and “password1″ respectively. (For more details on password hashing, see the earlier Ars feature “Why passwords have never been weaker—and crackers have never been stronger.”)

While Anderson’s 47-percent success rate is impressive, it’s miniscule when compared to what real crackers can do, as Anderson himself made clear. To prove the point, we gave them the same list and watched over their shoulders as they tore it to shreds. To put it mildly, they didn’t disappoint. Even the least successful cracker of our trio—who used the least amount of hardware, devoted only one hour, used a tiny word list, and conducted an interview throughout the process—was able to decipher 62 percent of the passwords. Our top cracker snagged 90 percent of them.

The Ars password team included a developer of cracking software, a security consultant, and an anonymous cracker. The most thorough of the three cracks was carried out by Jeremi Gosney, a password expert with Stricture Consulting Group. Using a commodity computer with a single AMD Radeon 7970 graphics card, it took him 20 hours to crack 14,734 of the hashes, a 90-percent success rate. Jens Steube, the lead developer behind oclHashcat-plus, achieved impressive results as well. (oclHashcat-plus is the freely available password-cracking software both Anderson and all crackers in this article used.) Steube unscrambled 13,486 hashes (82 percent) in a little more than one hour, using a slightly more powerful machine that contained two AMD Radeon 6990 graphics cards. A third cracker who goes by the moniker radix deciphered 62 percent of the hashes using a computer with a single 7970 card—also in about one hour. And he probably would have cracked more had he not been peppered with questions throughout the exercise.

**Note the use of Graphics card – always crack using a Graphics card – not your CPU.

The list of “plains,” as many crackers refer to deciphered hashes, contains the usual list of commonly used passcodes that are found in virtually every breach involving consumer websites. “123456,” “1234567,” and “password” are there, as is “letmein,” “Destiny21,” and “pizzapizza.” Passwords of this ilk are hopelessly weak. Despite the additional tweaking, “p@$$word,” “123456789j,” “letmein1!,” and “LETMEin3″ are equally awful. But sprinkled among the overused and easily cracked passcodes in the leaked list are some that many readers might assume are relatively secure. “:LOL1313le” is in there, as are “Coneyisland9/,” “momof3g8kids,” “1368555av,” “n3xtb1gth1ng,” “qeadzcwrsfxv1331,” “m27bufford,” “J21.redskin,” “Garrett1993*,” and “Oscar+emmy2.”

A screenshot showing a small sampling of cracked passwords.

As big as the word lists that all three crackers in this article wielded—close to 1 billion strong in the case of Gosney and Steube—none of them contained “Coneyisland9/,” “momof3g8kids,” or the more than 10,000 other plains that were revealed with just a few hours of effort. So how did they do it? The short answer boils down to two variables: the website’s unfortunate and irresponsible use of MD5 and the use of non-randomized passwords by the account holders.

Life in the fast lane

“These are terrible passwords,” radix, who declined to give his real name, told Ars just a few minutes into run one of his hour-long cracking session. “There’s probably not a complexity requirement for them. The hashing alone being MD5 tells me that they really don’t care about their passwords too much, so it’s probably some pre-generated site.”

Like SHA1, SHA3, and most other algorithms, MD5 was designed to convert plaintext into hashes, also known as “message digests,” quickly and with a minimal amount of computation. That works in the favor of crackers. Armed with a single graphics processor, they can cycle through more than eight billion password combinations each second when attacking “fast” hashes. By contrast, algorithms specifically designed to protect passwords require significantly more time and computation. For instance, the SHA512crypt function included by default in Mac OS X and most Unix-based operating systems passes text through 5,000 hashing iterations. This hurdle would limit the same one-GPU cracking system to slightly less than 2,000 guesses per second. Examples of other similarly “slow” hashing algorithms include bcrypt, scrypt, and PBKDF2.

The other variable was the account holders’ decision to use memorable words. The characteristics that made “momof3g8kids” and “Oscar+emmy2″ easy to remember are precisely the things that allowed them to be cracked. Their basic components—”mom,” “kids,” “oscar,” “emmy,” and numbers—are a core part of even basic password-cracking lists. The increasing power of hardware and specialized software makes it trivial for crackers to combine these ingredients in literally billions of slightly different permutations. Unless the user takes great care, passwords that are easy to remember are sitting ducks in the hands of crackers.

What’s more, like the other two crackers profiled in this article, radix didn’t know where the password list was taken from, eliminating one of the key techniques crackers use when deciphering leaked hashes. “If I knew the site, I would go there and find out what the requirements are,” he said. The information would have allowed radix to craft custom rule sets targeted at the specific hashes he was trying to crack.

Researchers uncover “self-sustaining” botnets of poorly secured routers

Large numbers of home and small-office routers are under the control of hackers who are using them to overwhelm websites with more junk traffic than they can handle, security researchers said Tuesday. The devices are so poorly secured that they have given rise to self-perpetuating botnets commandeered by multiple attackers.

The distributed denial-of-service attacks have been underway since at least December and show no signs of letting up, researchers from DDoS-protection firm Incapsula said. Over the past four months, Incapsula has recorded attacks from 40,269 IP addresses belonging to 1,600 ISPs around the world. All of the compromised routers observed were able to be remotely administered, and almost all of those accounts continued to use vendor-provided login credentials. Incapsula found that the devices were infected by a variety of malware titles, including MrBlack, Dofloo, and Mayday. The ease of compromising the routers makes them free for the taking, all but ensuring an unending series of follow-on attacks. The researchers wrote:

Given how easy it is to hijack these devices, we expect to see them being exploited by additional perpetrators. Even as we conducted our research, the Incapsula security team documented numerous new malware types being added—each compounding the threat posed by the existence of these botnet devices.

Self-sustaining Botnets

Our analysis reveals that miscreants are using their botnet resources to scan for additional misconfigured routers to add to their “flock.” They do so by executing shell scripts, searching for devices having open SSH ports which can be accessed using default credentials.

This script identifies remotely accessible routers so they can be hijacked and made part of a botnet.

Facilitating the infiltration, all of these under-secured routers are clustered in the IP neighborhoods of specific ISPs, that provide them in bulk to end-users. For perpetrators, this is like shooting fish in a barrel, which makes each of the scans that much more effective. Using this botnet also enables perpetrators to execute distributed scans, improving their chances against commonplace blacklisting, rate-limiting and reputation-based defense mechanisms.

The proliferation of poorly designed routers and inexperienced Internet users are the two most crucial ingredients fueling the self-perpetuating botnets. Manufacturers design their routers to be easily connected by giving each one the same administrator username and password and in some cases making the devices open to remote administration by default rather than allowing remote administration only when a user turns it on. The manufacturers frequently include no documentation warning users to change the default credentials, and even when those warnings are included, many end users don’t heed the advice.

The result is the kind of self-sustaining botnets Incapsula is reporting. Compromised routers are by no means new. They’ve been observed for years and have been observed affecting as many as 300,000 devices at a time. Multiple manufacturers have been known to be vulnerable, including Linksys, Asus, D-Link, Micronet, Tenda, and TP-Link. Incapsula has contacted specific router makers and ISPs identified in the current attacks.

Incapsula found some highly circumstantial evidence correlating the router botnets to the so-called Lizard Squad, a DDoS group that in the past has used compromised routers to attack Sony’s PlayStation and Microsoft’s Xbox networks. In all, the botnet comprises routers in 109 countries, with Thailand, Brazil, and the US being the top three most-affected nations.

Hacking Drug Pumps – Schneier

When you connect hospital drug pumps to the Internet, they’re hackable — only surprising people who aren’t paying attention.

Rios says when he first told Hospira a year ago that hackers could update the firmware on its pumps, the company “didn’t believe it could be done.” Hospira insisted there was “separation” between the communications module and the circuit board that would make this impossible. Rios says technically there is physical separation between the two. But the serial cable provides a bridge to jump from one to the other.

An attacker wouldn’t need physical access to the pump because the communication modules are connected to hospital networks, which are in turn connected to the Internet.

“From an architecture standpoint, it looks like these two modules are separated,” he says. “But when you open the device up, you can see they’re actually connected with a serial cable, and they”re connected in a way that you can actually change the core software on the pump.”

An attacker wouldn’t need physical access to the pump. The communication modules are connected to hospital networks, which are in turn connected to the Internet. “You can talk to that communication module over the network or over a wireless network,” Rios warns.

Hospira knows this, he says, because this is how it delivers firmware updates to its pumps. Yet despite this, he says, the company insists that “the separation makes it so you can’t hurt someone. So we’re going to develop a proof-of-concept that proves that’s not true.”

One of the biggest conceptual problems we have is that something is believed secure until demonstrated otherwise. We need to reverse that: everything should be believed insecure until demonstrated otherwise.


Following on from this article, several addicts will be signing up for coding night classes.

I won’t be surprised if this doubles the number of programmers overnight.  :)

Watch Out Google, Duck Duck Go Handles 3 Billion Searches Per Year And it doesn’t track user information.

Gabriel Weinberg said Duck Duck Go is handling approximately 3 billion searches per year and said the company is “already pretty mainstream.” In fact, it’s one of just a handful of default search engines available on iOS 8 for Apple’s iPhones.

Weinberg said it’s a “myth that you have to track people to make money in search” and said the company’s making the bulk of its profits from keyword advertising.

“Google tracks you on all these other sites because they run huge advertising networks and other properties, like Gmail and photos. That’s why ads follow you around the Internet,” he said.

Weinberg also said Duck Duck Go differs greatly from Incognito mode on Google Chrome.

“This is another big myth that people have. Incognito mode is only for your computer and not around the Internet,” he said. “When you’re in Incognito mode, Google is still tracking you, your ISP still knows where you’re going, all the sites you visit can still track you — including advertisers.”

While brand awareness is still lacking, the company has grown significantly since news surfaced about the National Security Agency tracking metadata on Americans’ Internet and phone usage.

“We’ve grown 600 percent since the surveillance revelations started two years ago,” said Weinberg.

Belgian privacy watchdog sues Facebook

Belgium’s national privacy watchdog is taking US internet company Facebook to court, arguing that the way the social network website tracks the behaviour of both members and non-members is illegal under Belgian and European law.

“Facebook’s behaviour is unacceptable”, Willem Debeuckelaere, president of Belgium’s Commission for the protection of privacy, said.

It is the first time a national privacy watchdog in Europe sues Facebook for not complying to privacy law.

The basis for the case is research requested by the privacy commission and published in March, which noted that Facebook tracks user behaviour on non-Facebook websites by default until they opt-out, instead of after seeking permission.

“As emphasised by the [European data protection body] Article 29 Working Party, an opt-out mechanism “is not an adequate mechanism to obtain average users informed consent”, particularly with regard to behavioural advertising. This means that Facebook’s current opt-out approach does not satisfy the requirements for legally valid consent”, the researchers concluded.

It also noted that Facebook tracks the behaviour of people who are not members of Facebook, which also violates the EU’s e-Privacy directive.

“Even people who explicitly state that they do not want to be tracked, are tracked anyway”, Debeuckelaere told Belgian newspaper De Morgen, which broke the story on Monday (15 June).

Last month, the Belgian privacy commission presented its findings and recommendations to Facebook, whose European office is registered in Ireland.

“They answered that they do not accept Belgian law or the authority of the Belgian privacy commission, and that it is all a misunderstanding”, said Debeuckelaere.


Yay!  For European Data Protection!


MoD sought sensitive children’s data for possible recruitment drive

The UK Ministry of Defense (MoD) has been blocked from accessing highly sensitive data on school students, including how rich their parents are and their academic record, which they sought to better inform them of military career opportunities.

The MoD made a request to the National Pupil Database (NPD) last year, according to the magazine Schools Week.

A spokesman for the MoD insisted to Schools Week that the request was an “error” made by someone “outside the Army’s recruitment branch.” (In an office outside I expect).

However, Forces Watch, a campaign group that scrutinizes recruitment in the military, said the fact that the request had been denied showed “how inappropriate the MoD’s use of the data was.”

The information the MoD was trying to get hold of is not easy to access; it is labeled Tier 1 and includes school children’s most personal details.

As well as ethnicity and address, the database includes descriptions of pupils’ academic records and special educational needs, as well as how often they were absent from school and if they receive free school meals, an indication of how wealthy their parents are.

Applying to the NPD for such information is a complex and time consuming process. An applicant must answer 20 security questions and enter encryption details into their computer. For Tier 1 data, applicants must say exactly why they need this information and why they are unable to use less sensitive information.

A final decision on whether information will be released is made by senior Department of Education (DfE) staff on the Data Management Advisory Panel.

The news that the MoD had made a request surfaced after all NPD requests were released under transparency laws. Since 2012, only 9 out 460 requests have been refused.

“We only disclose information from the NPD for the purpose of conducting research and analysis that will promote the education or well-being of children in England,” A DfE spokesperson said.

While the MoD said that the request was an “error,” the release from the NPD listed the reason for their request. (A likely story… how probable is it, that you’d go through 20 questions and enter encryption codes IN ERROR).

[The request was] “To determine if we can use targeted messaging to better inform young people of the career opportunities open to them in the Army (Regular and Reserve) so that their decisions about seeking a full or part time job are better informed,” according to the transparency release.

However an MoD spokesperson insisted that the request was not in line with army’s recruitment policy.

“We can confirm that a request was made in error to the DfE for access to elements of the NPD by an individual who worked outside the Army’s recruitment branch. This is not in line with Army policy and the request has been halted,” they said.

However, Owen Everett from Forces Watch said that the army is struggling to recruit new soldiers.

“That the MoD have now attempted to obtain this vast database of school students’ personal data in an attempt to improve Army recruitment, at a time when Army recruitment continues to be struggling, and when the armed forces policy of recruiting 16 and 17 year-olds is shortly to be challenged in a judicial review, is no coincidence,” he said.


The School records of minors would be particularly sensitive data.  The MOD has attempted to hijack sensitive data for their own profiling purposes.   The children who have been victims of domestic or sexual abuse, should not have such information disclosed to the MOD.

At least the MOD were publicly humiliated over this.  So all’s well that ends well.


Get every new post delivered to your Inbox.

Join 194 other followers