Techoski

After taking a school exam, how do you measure your score? The professor will do that, usually with a numerical score that (ideally) represents how well you know the material. But what about after you graduate? How do you know you are doing well? If you aren’t completely missing deadlines or producing horrible code, chances are your managers are not breathing down your back. The first year or so into a new job should be extensively monitored for performance, but there won’t always be a professor to grade your work for you. You must take it upon your workmates and yourself to judge how well you are performing, in order to become the best employee you can be.

Here are three things to help you take those first steps toward professional advancement. I am writing this as a guide for myself as well, so if you have anything to add please feel free to comment below.

• Ask for reviews often.
  If you want to improve your work, this will be the most important factor in establishing a metric for your performance. Getting constructive feedback on your work will help fine-tune your ability to recognize common pitfalls in future problems, and will give other team members an idea of how you solve problems. This makes it easier for them to integrate with your work, and helps everyone understand the system better. It is extremely important to have an open mind when receiving criticism; those familiar to academia might consider reviews akin to grading a paper or project in school. You must always be asking yourself, “Is this an appropriate way to solve this problem?” In the software development world code reviews should be performed, wherein other developers within the same team meet with you and go over your code section by section (or even better, line by line!). During this process, it is beneficial to explain your reasoning behind solving each problem the way you did – sometimes you can even catch some logic problems just by reading the code to others! Consider this time a bonding experience with your team. Code reviews don’t have to be formal – any review is better than no review.

• Don’t be afraid to ask for help.
  There is nothing fun about being stuck on a problem for an extended period of time. Sometimes it really feels like a dead-end. You must remember that other people around you have a stake in your work (ultimately), so they will most likely be more than happy to help you! Before you ask for help, make sure you are really stuck. Sometimes all it takes is a bit of staring at your problem to see the solution. If you still can’t solve the problem after self-reviewing your work a couple times, it might be time to ask a senior coworker for input. Take some extra time to figure out exactly what is going on, so you can relay your trouble to others appropriately. If you ask a confusing question, your coworkers won’t be able to help you much at all. It is suprising how fast some problems can be solved simply by getting another pair of eyes to look at them (like code reviews).

• Take your time (within limits).
  There is no need to show off how fast you can perform by zipping though problems left and right. Most of the time someone rushes on a project it leads to messy work quality and can lead to problems that are hard to debug. Take your time on tasks; I am sure your employer will favor quality work over fast work any day of the week (okay, maybe not when rapidly approaching release dates!). Sometimes it can even help to research your problem before you even start on a solution. Has anyone else had this problem before? How did they solve it? What other problems did those people come across while creating a solution? If you can get a clear idea in your head of how to solve your problem, that idea will translate nicely into actual work. I have even had cases where I jump into something and realize that I should have researched more, so it ended up taking more time anyway!
  The caveat to this point is, “within reason”. It should go without saying that you shouldn’t be spending so much time on a problem that it becomes “slacking”. Your employer will be able to tell the difference between being unrealistically slow and taking your time to maintain quality work. If you remain calm and take your time when solving a problem you will be a lot less stressed in the long run, and the deliverables you produce will be of higher quality.

And remember… learn as much as you can! Use these tips to get as much feedback on your work as possible, because that is the best way to develop good habits and produce great work.

With the recent attack on Yahoo Voices servers on Wednesday, which resulted in over 400,000 accounts being compromised, it is important to understand how to assess the integrity of your account. If you have any suspicion that you could be affected by this (and any other) breach, it is time to comb through your accounts and change some passwords. First, some precautions:

You can’t assume the only information the hackers have is the information that was publicized. Just because some hacker group publishes a list of email addresses and still encrypted passwords, it is not wise to assume that is the only information they have on you. Most of the time account information is in the same database, so getting into the servers would grant the hackers access to EVERYTHING stored on that disk. This can include your full name, street address, phone numbers, et cetera. If the database even has payment information on the same database (less likely, but still possible), your credit card information could even be at risk. So the point is you need to consider the possibility that all information that website has on you has been compromised.

Cracked account passwords and emails can be used to get into any services which use those credentials. Think like a hacker would; once you have someone’s email address and password, what would you do with them? The first thing I would try (if I was evil) would be to go to the email provider (Gmail for @gmail.com addresses, Yahoo for @yahoo.com addresses, etc.) and try to log into the account with the cracked credentials. If this situation has you worried because you have the same password to get into your email, I would strongly recommend you change it - preferably to something that no other account uses. If a hacker gets into your email, this is an extremely bad thing, because they can then send password reset emails to themselves and basically control any account you own. They will comb through your deleted emails, search your inbox for “password” or “account info” and probably uncover a ton of goodies to look through. Don’t let this happen – if there is any one account that you should keep most secure, it is your email account.

Just because your password hash was leaked, it does NOT mean your password was cracked. All modern databases store your plaintext password in “hash” form, or a highly mathematical function that is extremely hard to reverse. If your password was “dog”, the hacker will not see the plaintext, but will instead see “06d80eb0c50b49a509b49f2424e8c805″, which is the MD5 hash for “dog”. If you have an extremely secure password (tips discussed in a bit) you might not need to worry that the hashes have been published. If the hackers cannot crack the hash then your password is still valid and not compromised. However, it is good practice to assume your password was cracked and change it anyway

Choose secure passwords! Honestly this should be the first paragraph. There is no excuse for not having secure passwords on your accounts. There are a variety of methods hackers can use to crack your credentials - bruteforce attempts involve enumerating all possibilities of your password for every length. Dictionary attacks use a method of comparing your hash with the hash of all words found in a dictionary file; and these are no ordinary dictionaries… they contain many combinations of words and numbers, character sequences that are commonly used as passwords. Mask attacks use the password policy to their advantage by simplifying the bruteforce attack. If the length of your password has to be from 6 to 8 characters, and contain at least one number, that information can be used to make the bruteforce method return valid passwords.

So why can’t the hackers just crack every password then? Well theoretically I guess they could, but one major downfall of the hacker is time. If it takes too long to perform some task (as a hacker), he/she might just give up after awhile. Thankfully there are ways to protect yourself from both dictionary and bruteforce methods of authentication cracking…

• Bruteforcing involves trying every possible combination of letters, numbers, symbols. Depending on the size of the character set, this can take a LONG time. To understand just how long it takes to bruteforce some passwords, lets take an example password: “dpkj” – Four characters, lower-alpha character set (26 possibilities for each character). My desktop has two NVIDIA 9800 graphics cards (moderately old) and can crack around 300,000,000 passwords a second using a GPU bruteforcer.
  To enumerate all lengths up to the password length (a,b,…,z,aa,ab,ac…,zzzz), it would require 26^4 comparisons, or around 450,000. Since my GPUs can compare 300M hashes a second, it would take my computer about .0015 seconds to crack that password. Obviously not secure. Let’s try another… “qweqweqweqwe” would take 26^12 comparisons and around 3,680 DAYS to crack on my modest computer. As you can gather, length is extremely important in bruteforce protection. Ensuring your password is at least 8 characters will protect you from most non-determined hackers (those that aren’t after you specifically). You can also increase the time it takes to crack by introducing a larger character set. Although it isn’t as effective as long passwords, adding a $ symbol or a capital letter and some numbers to your password will make it harder to crack.

• Dictionary attacks are effective depending on the dictionary used. (Here is a useful list of free dictionaries available for download!) These dictionaries can contain over 23 million passwords to compare. If your password is “apple123″, there is probably a line in most english dictionaries that match it. As you can most likely gather, length is of less importance here, and the best way to protect yourself from dictionary attacks is to not use any dictionary words. Now, this can make your password hard to memorize, so opting for a middle ground is a good start. Using “leetspeak” can be a good idea, although most modern dictionaries account for “4pp13″ instead of “apple”, or “h4110w0r1d” instead of “helloworld”, so be creative! Adding random symbols is a great way to combat dictionaries because it isn’t as likely to match those symbols with lines in the dictionary file.

Now, I am not saying you will 100% be protected if you follow these, but many large breaches like the Yahoo breach mentioned above or the LinkedIn breach that happened in August/June of this year are bulk attacks on the database itself, not targeted attacks on your own account. So we can hope that the hackers that performed the breach will not bother spending days upon days trying to crack all of the passwords gathered.

 The bottom line: Stay calm, and properly assess the integrity of your online accounts!

Stay safe!

Just a test!

Pellentesque vel diam id eros cursus scelerisque venenatis eget erat. Duis rhoncus, metus ullamcorper faucibus luctus, nunc neque interdum ligula, vitae cursus mauris quam nec turpis. Donec porttitor odio id massa volutpat in suscipit leo accumsan. Praesent ut justo ultrices arcu luctus accumsan. In posuere aliquam nunc, a pellentesque lectus congue sit amet. Proin nec sapien est. Mauris dui enim, hendrerit in consequat et, faucibus vel mi. Praesent condimentum metus odio, nec adipiscing odio. Pellentesque in elit quis risus sodales pulvinar. Vestibulum a sem id nisi egestas gravida. Curabitur et tellus ante.

• Fusce
• Sed
• Proin

In justo dui, sagittis a semper nec, eleifend non magna. Proin pulvinar suscipit mauris. Nulla et sapien sit amet orci semper lobortis. Morbi ornare, tellus ac tincidunt consectetur, neque nisl porttitor mauris, et dignissim metus augue at augue. Fusce ac vulputate sem:

Fusce sed suscipit enim. Curabitur diam felis, tincidunt at vulputate at, dignissim porta neque. Ut id eros nunc, id tempor nisl. Suspendisse nec neque sapien. Fusce risus mi, molestie vitae bibendum a, pellentesque sed libero.

Pellentesque tempus lacus vitae nisi ultricies tincidunt ut sed dui. Phasellus viverra viverra erat ut iaculis. Aenean eget risus justo. Praesent lacus ipsum, consectetur a porttitor at, accumsan a mauris. Donec sollicitudin nisi vel tellus convallis consequat. In id suscipit ipsum. Integer laoreet consequat purus, ac rutrum nulla interdum eu. Sed dictum diam vitae ante laoreet sed hendrerit magna volutpat. Aenean blandit rhoncus volutpat. Nullam luctus leo a erat rutrum malesuada. Nunc ullamcorper, tellus nec pellentesque vehicula, diam orci egestas purus, at hendrerit dolor massa at odio. Mauris consectetur aliquet ornare. Pellentesque dolor lorem, tincidunt ut dignissim et, consectetur eget enim.