Month: January 2014

I am hacked, so what ?

Often I hear people say they don’t really bother with security on their computers or smartphones. Very often those people use arguments as “I don’t have important information” or “I know what I do, I don’t need protection”.

Now, what truly bothers me is the fact that people don’t look beyond their own interest. They don’t know that once one of your accounts is hacked, your friends are vulnerable for cyber crimes too. Since the uprising of social networks, a certain hack is widely used and has always been the most exploited, it’s called social engineering.

Proof of concept : Imagine your Facebook account gets hacked. The attacker controls your login and can use your entire account. At this point, if you got no personal information on your account because you’re just using it to browse Facebook, you’re lucky. But the chances of that being true is, well let’s face it, very small. Everybody that has a Facebook account puts certain private information online, for (hopefully if you used the correct settings) all of your friends to see.

The cracker has now enough information to take over your identity, combined with other information coming from search engines. He monitors your Facebook account and sees your friend updating his status “Excited, just bought a new laptop online”. Chances are the attacker will sent your friend an e-mail, impersonating the staff of PayPal or some creditcard company. A lot of people are fooled to give up their CC info by this method called ‘phishing’. In particular your friend is vulnerable as he as just bought something online, so for him it’s easy to assume something went wrong with his payment, and hence answers the mail.

The attacker goes on and sends something to your friend. ‘Hi man, check out this photo from you, took it last night at the party.’ Chances are your friend is now infected with a trojan horse or a keylogger.

Hope the bigger picture becomes clear, once an account of yours gets compromised, you don’t only risk your own identity and safety but also the ones you’re connected to. As the attacker has now the ability to use your trusted reputation to perform his attacks.

Some tips :

– Never, ever, ever, …. , surf to unencrypted sites when using a public AP. Always use the https:// prefix when supported. This gives some protection against sniffing your passwords.
– Never, ever, ever, …. , give up CC info in mails. Company’s will never ask you that. The same holds for login credentials.
– Never, ever, ever, …. , follow a link without checking the URL. A link like http://fcebook.com is probably a trap.
– Always use a firewall. Experience crackers can circumvent this, but at least you’re protected against script kiddies.
– Always use anti-virus in the unfortunate event you’re bound to use a Windows system ( :p ).

Maybe a more technical post is coming in the future that explains how crackers can circumvent your firewalls and anti-virus systems.

Cheers,

H4

Advertisements

Why I didn’t get the Internship at Facebook

So last Friday I had a big opportunity to get an internship at Facebook. Made it to the final round and had to do one last technical interview.
Those are not the most fun to do, but hey I took a shot. It was pretty clear that the data structures I learned about in my first bachelor year needed some dusting.

I had my first exam Friday morning and was stressed to the max, afterwards I tried to prepare for the interview by doing some exercises from “Cracking the Coding Interview”. Excellent book, I would really recommend it. In the evening at 21.16 an American landline number showed up on my cell screen. Jup, there it was.

Interview started rather chill and the engineer (awesome guy btw) at the other end of the line asked about: what drives me for becoming a software engineer, and what I considered were the less fun parts of being a software engineer (CLASS DIAGRAMS !). We continued on to the technical part, oh boy stress was building up.

So the question was :

Consider a professor that wants to check two paper assignments from two different students on cheating. Design a function hasCheated(String s1, String s2, int N) that returns true if the two papers, represented by the strings, have a common content of at least length N.

I think I went into a limbo. The first 5 minutes I had it visualized what I wanted to do, but it felt like I forgot how to code. The engineer calmed me down and said to just start with a naive approach. So I started and came up with an O(n^3) approach, worst algorithm I had ever written. But now I started to feel confident again, and I improved the code to an average linear complexity. The engineer then told me to imagine that the String.contains() and String.substring() do not exist in Java and you only have an array of characters. Implement these functions and reflect again on your complexity.

After 30 minutes of coding we stopped and he asked if I had questions for him, about his work,life,..

Hell yeah ! How often do you get a chance to speak with a Facebook engineer. So I asked him how they handle the massive scaling issues at Facebook (he is on the memcache-team) and how a typical day at the office looks like. After that my time was up, was on the phone for about 50 minutes. Pretty exhausted and glad the day ended.

And about half an hour ago I got a message that my technical skills we’re not quite of the level they expect from their interns. But the engineer stated that he would certainly recommend to re-apply next year as I finish my masters degree then. (I can go straight to the last round, jeej !) I don’t feel I could have done more, maybe on a day where I didn’t had an exam and I had to only stress about the interview, the conditions could be better. As I look back now, I could implement this without a problem and choose better data structures than the ones I used during the talk. But things went how they went, and I’m already glad I had this huge experience !

Prior to Facebook, I already had an awesome offer in Switzerland which is more security related than I would be doing at Facebook. So I’ll spend my summer in Switzerland, which is also very cool, especially doing an internship that contains all aspects of my (cyber) passions : Android and Security !

Cheers,

H4

Why dreams are worth chasing in 2014.

Exams exams exams, yet writing a blog post is ideal for taking a break from the books. What follows is maybe something people did not expect to read from me, as it is a rather personal blog post.

Last couple of weeks a lot changed and a lot is happening in my life. Some things are changing for the good, others I wished I saw changing differently. But what became apparent is the fact we should build our own happiness.

Sure, you could wish somebody a happy 2014. But in the end what are you really wishing him ? You’re wishing the person that he can do stuff which makes him feel happy. For me the ideal way to make me feel happy is to work and try to achieve dreams. You make your own opportunities for achieving your dreams, don’t wait and think “Wish I could do that” or “In order to achieve my dreams, X has to happen”. Yeah you’ll fail one time, two times, maybe even a hundred. But in the end isn’t that better than not trying at all ?

For me, one thing is sure. Coming week is one big step towards a personal dream and I’ll take every chance, I worked hard for it and sacrificed at lot of things/moments for it. Yes, the chances are not really in my favor, but hell at least I can say I tried.

Work on dreams, and make yourself happy. Nobody else will do it for you. Now back to my books !

Cheers,

H4