Home Blog Page 11

Apple sells 10 million iPhone 6 and iPhone 6 Pluses

0

Happy Sunday from Software Expand! In this week’s edition of Feedback Loop, we talk about the future of Windows Phone, whether it makes sense to build media centers discuss the preferences for metal vs. plastic on smartphones. All that and more past the break the proof of concept.

Just because you can do something, should you? Samsung thinks so. Its second experimentally screened phone taps into its hardware R&D and production clout to offer something not many other companies can make.

WHAT DO YOU WANT FROM WINDOWS PHONE?

The same high-resolution (2,560 – 1,600) screen — we’re certain a mere 1080p “Plus” curved display.

And so, following the Galaxy Round, here’s the Galaxy Edge. If you take the basic shape and concept, it’s the spitting image of the curved-screen Youm prototype spied at CES a little less than two years ago.

Now, though, it’s a for-real smartphone you can buy. I’ve been testing it out in Japan, where it launched instead of the Note 4, although both the Note 4 and the Note Edge will eventually be available in the US. Fortunately.

Galaxy Note Edge is how much it resembles the Note 4

The ability to shrink the likes of Chrome and Google Maps to a popup window and layer it on top of other apps is also useful; I’d love to see something similar on the iPhone 6 Plus.

Despite the unusual, curved screen, it still packs all of the good things that made the Note 4 such a strong choice. But bragging rights aside, is there enough of an argument for a curved screen? Should you just get the Note 4 anyway?

METAL VS. PLASTIC PHONE BODIES?

Galaxy Note 4 because the setup is identical here. Yes running on Android 4.4 KitKat.

The exploration of space stands as one of humanity’s greatest achievements. While history has hailed the men and women who reached the cosmos, and those who helped them get there, much of the infrastructure that sent them skyward lies forgotten and dilapidated.

Galaxy Note 4 running Android 4.4 KitKat.

And how does Apple’s biggest phone compare to the Note Edge? Well, both remain unwieldy to grip, and the Note Edge is wider. However, the edged screen nuzzles into my hand better and those software tweaks mentioned above give it the advantage. However, just like the stylus, there’s a while before you get the knack of all the little provisions Samsung’s made to ease users into this screen size.

Roland Miller has spent nearly half his life chronicling these landmarks before they are lost forever long been obsessed with space as a child, he dreamed of being an astronaut.

HARDWARE

Its curves are subjective and divisive; my friends and colleagues have offered up reactions ranging from outright bemusement to adoration. The screen looks great, with the punchy contrast and sharpness that’s been a Samsung flagship mainstay for years. We’ll get back to that edge, but it’s the headline part of a 5.6-inch Quad-HD+ display.

This means a little chunk of extra screen makes the phone just less than 4mm wider, and around 2mm shorter, than the Note 4.

ONE-HANDED USE

Both come with software tricks like shrinkable keyboards as well as a new, tiny floating menu that can be stuck to the outer edge of the screen. This duplicates the capacitive button row, which could be a solution of sorts for lefties.

I can even make this secondary menu transparent, allowing me to maintain all that screen space. The ability to shrink the likes of Chrome and Google Maps to a popup window and layer it on top of other apps is also useful I’d love to see something similar on the iPhone 6 Plus.

SOFTWARE

If you’re looking to learn more about the stylus’ uses, I’d advise a quick read of Brad’s Galaxy Note 4 review, because the setup is identical here. Yes, there are TouchWiz bits running on Android 4.4 KitKat, but Samsung continues to clear away unnecessary bloat and options.

It’s still a work in progress, though, and I feel the settings menus are particularly obtuse compared to other Android phones — and especially iOS. It takes some getting used to.

The Galaxy Note Edge grabs your attention. Its curves are subjective and divisive; my friends and colleagues have offered up reactions ranging from outright bemusement to adoration.

But let’s focus on what’s different here: that edge. There are two display modes you can flit between: a slender, unassuming bar that can display a customized message and a more substantial column that attempts to offer extra functionality, notifications or context-dependent menus for certain apps, like the camera.

The front-facing camera is also a top-end sensor compared to the competition, 3.7 megapixels with an f/1.9 lens.

While I’m not a huge selfie taker, you’ll have to ask our Senior Selfie Editor, but I do take a whole lot of photos with my smartphone, so I was interested to see how Samsung’s newest smartphone camera handled.

The same high-resolution 2,560 – 1,600 screen we’re certain 1080p “Plus” curved display.

When it’s expanded, the UI is a basic row of icons, which you can navigate with a little swipe. This may look a little unusual, but swishing through the various mini-screens is immensely satisfying.

And how does Apple’s biggest phone compare to the Note Edge? Well, both remain unwieldy to grip, and the Note Edge is wider. However, the edged screen nuzzles into my hand better and those software tweaks mentioned above give it the advantage.

However, just like the stylus, there’s a while before you get the knack of all the little provisions Samsung’s made to ease users into this screen size.

The screen is marginally smaller than the Note 4, despite the cranked-up pixel count. Like the Note 4, text pops a little more, and pictures you take with the 16MP camera are obviously better replicated on the Note Edge’s screen.

All told, it’s an excellent camera. The image stabilizing works well on all the neon lights that pepper Tokyo, while even people were neatly captured. There’s some noise, but it compares favorably against older Galaxy phones. Daylight meant effortless captures and some really nice shots, if I say so myself.

Focus was swift, and auto white balance seemed to gauge scenes perfectly. If you have a proclivity for HDR, rest assured the Edge does an excellent job there.

The shades are still a little overdone, but you can choose from a few custom color palettes if you’re not a fan of high-contrast menus and photos.

Pentesting as a monthly SOP

0

While you would probably need to be in a large organization to have monthly internal red team/blue team exercises, all companies could benefit from running monthly vulnerability scans and phishing test emails, AD auditing, and other limited internal pentesting types of activities on a monthly basis.

 

You would need to get approvals but you could start with the tools mentioned above. Monthly vulnerability scans can show you how up to date your patching is on clients and servers. Once you identify certain problems you can begin by engaging the systems team to perform the patching and follow that up with a remediation scan.

 

This is done to verify or sign off on the completing of the patching-if the remediation scans shows those systems were fully patched then you are all set-until next month when the process begins again. It’s important to do all of this as quickly as possible as you don’t want to be running your remediation scans into the next month. For patching you could use WSUS, SCCM, Solarwinds or Manage Engine. For the vulnerability scans some top solutions are Nessus, Qualys, and Nexpose.

 

Phishing test emails are a way to ensure compliance as many Standards and regulators require this but also as a way to social engineer and train your own users on best security practices. You can run reports on repeat offenders. It’s important obviously after the solution is vetted and purchased that the security team develop an SOP and have it approved by management before deploying the system.

 

The SOP should deal with how to respond to employees that have failed the phishing test, should you contact the supervisor after the 1st attempt the 3rd attempt? Should the user be emailed that they need to retake the training videos on security awareness? Should you require as a precaution and to train the users on best practice that they be forced to reset their password on their AD Account? These things need to be clarified BEFORE you start your phishing test campaigns. Some good vendors here are Wombat and Knowebe4.

 

AD Auditing is very useful as a monthly internal pentesting process. Most corporate networks are client/server based and access to resources are granted by Active Directory Services on a Domain Controller. Testing Active Directory for weakness can give you a good idea of how easy you can or cannot get breached. Either way you will get a better understanding of your environment and hence be in a much better position to defend it.

 

Some things you can check for are weak admin passwords or passwords set never to expire, the lack of account lockouts especially on admin or privileged accounts also can be troubling as it sets you up for the potential success of a brute force attack against it, especially if they are using rainbow tables and the password is weak to begin with. Pen Testing your own AD is a very useful exercise. You can use a tool named HYENA but there are others.

 

Network access should be controlled and tested-first of all do you have any open ports so that anyone can just plug in a laptop with an ethernet cable and have internet in your offices? This should be avoided at all costs. If you have conference rooms or guest offices/guest areas/reception areas there should be a network segmented guest vlan that has zero access to the internal domain. By using a laptop and ethernet cable you can easily test for this.

 

Testing for rouge wireless networks is also useful. While enterprise grade solutions can be quite expensive you can install Netspot on a laptop and walk around the building when you’re bored on a Friday-IF you are in a small to midsized environment. Otherwise you will need to purchase an enterprise grade product.

 

There is a good chance that if you are in a building with other companies renting space nearby that you will pick up some of their networks. Also, Wireless printers and cell phones will invariably pop up so you need to make sure to filter these out when you analyse the Wireless Networks. You will want to have the network team provide you with the make and model number, serial number and SSID of your WAP’s in order to validate that the networks detected are legitimate.

 

You can also run DumpSec  which is  a windows based tool that can connect to a windows system remotely and obtain user account info and share permissions.

 

A simple email from the CISO/ISO/CIO/CTO/IT Director will suffice if you are a member of the internal security team but you will want to plan this out carefully and notify other teams like systems and networks in case there are any issues.

 

Unless you work for a very large organization you won’t have the budget or headcount to have monthly internal red team/blue team exercises. All companies could benefit from running monthly internal pentesting types of activities by the security team.

 

Have fun and enjoy Ethical Hacking!

Top Story

HOT NEWS

Robots helped inspire deep learning might become

Happy Sunday from Software Expand! In this week's edition of Feedback Loop, we talk about the future of Windows Phone, whether it makes sense...