On Monday afternoon, I passed my self-proctored ServiceNow Certification for their System Administrator. Sixty questions later with about 40 minutes left to spare. I want to thank the people who help made this possible. I was in a five week training program under the TechHire/NextGen Professionals program to learn about the ServiceNow platform to be a Certified System Administrator (CSA) and the Certified Implementation Specialist (CIS-ITSM) for IT service management. This has been a difficult time with the Nationwide lock-down and COVID-19 fears, but our class of 17 motivated trainees persevered. We had knowledgeable instructors who were so passionate about ServiceNow. Thank you to our instructors; Tom Sidebottom, and Phil Sharp, and also a huge thank you to Kate Szumowski, and Yadira Ocon for making this program possible.
I have decided to study and work towards the ITIL v4: Foundation as my next goal. Being ITIL v4 certified will be beneficial especially if with ServiceNow. I still want to pursue cyber security, and I hope to find my way there eventually.
Some of the Apple displays at my internship have some glass screen damage as we well as frayed thunderbolt cables. We decided to go ahead and repair them. With a pair of heavy duty screen removal suction cup tools, the front glass pops right off revealing a group of magnets. Its hard of hard to believe that’s all that keeps the screen from falling off.
The thunderbolt cable assembly required some components to be removed or disconnected to release the assembly from the socket. It was a straight forward procedure with the iFixit tool kit. Every once in awhile I ground myself to prevent any static build up.
Once the cable assembly is in place, we reverse the process to get it back together. Every screw is back and accounted for, and the small wires connected.
Prior to replacing the new glass, we connected a Macbook Pro to the LED display and power it up. It looks like everything is working. The last twelve screws are put back, and then we plop the new glass on top aligned to the display. Those are some strong magnets.
We did a few of these today. I never really liked the materials Apple uses for their cables (ie. the nightmarish entanglement of the Apple wired headphones). But overall, it was a great experience to take these displays apart. After we tested them, they were returned to their users.
I have no programming experience except for the Linux scripts we’ve written in class labs. So starting this was a bit scary. I remember trying to learn HTML back in the early 2000’s and I was struggling with creating tables. Here we are about 20 years later. A Reddit user highly suggested using Zed Shaw’s, “Learning Python 3 the Hard Way”, along with a few other sources.
A sub-head reads, “A Very Simple Introduction to the Terrifyingly Beautiful World of Computers and Code”. I really like the way the author addresses what you need to learn. I’ve setup atom text editor on Ubuntu, Kali, Mac OS, and Windows 10. So far it has been a good learning experience following the first sections meanwhile supplementing Codecademy’s Python class.
I want to make sure I understand everything before diving into a new section. A couple of classmates and I are thinking to go ahead and knock-out the LPI Linux Essentials certification. This particular certification does not have a expiration date, so why not? At least we can show that we do know the essentials. I’ve also been making time to do the CySA+ labs. Jason Dion’s labs has Cisco firewall IOS configurations. It is pretty much Network+ all over again with setting up routes, interface configurations, and creating ACLs for internal host. It won’t hurt to be familiar I suppose.
I turned my 17″ 2010 MacbookPro into a Linux Machine
I was able to configure my 17″ MacbookPro to run Kali Linux as its main operating system. The process required creating a bootable USB with the installation file on a 20GB flash stick. I used the disk duplication (dd) on the Mac OS terminal to create it.
Diskutil is a command line tool allowed me to view the partitioning layout of my hard drive. I will need the correct name (/dev/disk0) later on for installation. Installing rEFInd requried me having to reboot the system into recovery mode and running the terminal from there. I ended up having to look up a couple of old guides to complete the installation. Because of the newer versions, some steps were modified. Once reEFInd was installed, another reboot allowed me to select the USB boot disk, and then the Kali Linux installer started up. I decided to completely overwrite the entire disk rather than create a dual OS setup. The process was straight forward. There seems to be an issue with the bluetooth being disabled. I am unable to turn it on thru the GUI interface. It works once I start it up in the terminal using /etc/init.d/bluetooth start but after a reboot, the same issue comes back. I will have to look into it later. I see this is a common issue after googling the problem. Anyways, it works great, another addition to my home lab.
I had been studying for the CySA+ certification exam since October 2019. Along with studying at home, I had also been taking the CySA+ class at the San Diego Continuing Education North City Campus. On Friday, January 17th, I took the exam and used almost the entire 165 minutes. A third of the exam was looking at logs, and to be honest, I haven’t had a lot of experience with it. I scored a 675. A minimum score of 750 is passing. The exam was very different from the practice exams. I shouldn’t be surprised as the Security+ exam was very different as well. But seriously, it was very different from the reading materials. It felt like everything I learned wasn’t on the exam. The exam really does go much deeper than the reading materials. I felt defeated for a few days and really wanted to reschedule the exam. I will likely fail again. I need to do something about my lack of experience. I think I found a place online that has labs that I can follow. For now, I will keep reviewing so I don’t forget, until then I need to look for ways to improve my knowledge of reading logs. No one in my class seems to be taking the exam anytime soon, which is unfortunate. I would really like to discuss to people about their experiences. This is my fourth certification, and I will not stop! I had a few days to think about things and you know what—failure is part of learning. So lets just keep moving forward.
SSCP for 2020
My plan was to complete CySA+ and dive into SSCP. I’d like to eventually go for the CISSP. But it is pointless right now because you need five years experience to get the credentials.
2. Warmed up the iOpener for 30 seconds in the microwave and applied it behind the phone’s right long side for 2 minutes. Adhesive was difficult, warmed up the iOpening a total of 5 times before being able to insert a pick.
3. Loosened up the adhesive and used picked to clear adhesive, lifted the back lit carefully.
4. Removed the 12 3.5mm Phillips
5. Removed upper antenna
6. Removed wireless charging coil (the coil itself is attached to a plastic material)
7. Lift to remove loudspeaker
8. Disconnect the battery (I will replace the OEM battery with a new battery upon reassembling)
9. Disconnect the display cable
10. Disconnect the power button cable
11. Disconnect red and white antenna connectors
12. Disconnect home button connector
13. Disconnect front-facing sensory array cables
14. Disconnect volume button cable
14. Carefully removed the motherboard slowly, located the daughterboard ribbon cable from the underside of the motherboard and disconnected it
15. Applied iOpener on the front side and begin process to remove the front display panel. The front panel was tricky, be patient with cutting thru. Watch the front right side for the display cable and the bottom right side for the home button cable. Remember to push the picks upwards toward the display as I accidentally cut thru the foil backing on the display. It seems okay as it will be replaced.
16. Removed the display assembly.
17. Removed the adhesive from the frame, note it is necessary to remove all traces of the adhesive. Also any glass fragments.
18. Clean the adhesion areas with isopropyl alcohol (recommended to wipe in one direction only)
19. Placed the adhesive strips near the phone to see where they will go.
20. Applied the adhesive strips to capacitative buttons, fingerprint sensor and the u shape body adhesive
21. Once pieces are aligned, the plastic liner is removed leaving the expose screen facing adhesive
22. The new display panel is carefully aligned and inserted with the display cable placed thru the slot
23. I used my textbooks to put some weight on top of the screen for about an hour to allow the adhesive to bond
24. At this point, I can begin to reassemble the back panel of the phone by reversing steps 14 to step 4.
25. The back panel adhesive replacement was straight forward. Did not require having to replace the adhesive on the rear bezel, battery, or fingerprint sensor. Adhesive was replaced for the back cover support by laying the film on the back of the phone first, then placing the back cover on the phone to adhere correctly on the back cover.
26. Back cover perimeter adhesive goes around the outer rim of the back cover
27. Remove the film from the adhesives
28. Last check to make sure the phone works before putting back cover on. Powers on, touch display works, camera is good, we are good to go
29. The phone is now ready to become whole again, align the back cover to the back of the phone and press down.
30. Allowing the adhesive to set for an hour (weighted with books)
31. Lastly, since we replaced the battery, we need it to be calibrated. It is currently at 50% power. We will let it drop below 10%, before fully charging it to 100%.
32. The last owner still has data on the phone, so we will perform a factory reset.
Notes: Total time to complete: about 7 hours
About 2 hours of it was letting the adhesive set. An extended amount of time was used when heating the phone to get the adhesive to soften enough to insert the picks.
The the home button seem to have a bracket missing that I saw in the iFixit tutorial. Possibly due to the device being from Asia.
Tape was used to attempt to keep the glass from breaking further. For future repairs, apply a glass cover would be prefect for this.
Wearing protective eyewear while removing the glass would be a great idea.
Oh… the dreaded password. How many of us are guilty of reusing the same passwords? Often times for many months, or years ranging over multiple accounts. So what’s the big deal?
Recently, the mobile gaming giant Zynga, and the Hilton family of hotels both had a major data breach. Millions of user accounts were affected. I personally have an unused account with Zynga from the days I used to play “Draw Something”. With my information sitting out there, it wouldn’t be tough for attackers to crack the password hashes. Once my password is discovered, attackers can attempt to login various other accounts with the same password. This is why we don’t want to reuse the same passwords for multiple accounts. Companies adopt these annoying password policies to prevent these types of incidents. As password requirements are getting more complicated, it is becoming a burden for administrators to reset people’s passwords at the office. Or what about all those password resets we’ve done just to login, and move on with our day.
There is not much we can do about data breaches, but there are things in our control to help minimize impact. Being aware of these practices help make passwords easier to manage.
Password requirements—yes, we’ve heard this many times
Make passwords unique with special characters like !@#$%^&*(), numbers, and a mix of upper and lowercase characters.
Avoid doing these
Avoid using words that can identify you, such as your name, your title, someone you know, birthdays, anniversaries, or your favorite hobbies, colors, etc—you get the point. Also avoid any keywords that you maybe using from your social media profiles. Social engineering is a real thing and we’ll cover that in a future post. Avoiding dictionary words would be a good practice as well. Some of these include: football, Superman, iloveyou, princess, 123456, password, abc123, welcome, admin
Strong password essentials
Most times you will only be required to use 6 to 9 characters, however increasing it to 10-12 will be even more difficult to crack. Mix your passwords with character substitutions. For example, you can use zero instead of 0, or ever better, use & to represent 0.
Using illogical phrases will help you remember passwords. For example, “thankyoubadminton” can be “badmintoncheesecat”. Combine that with substitutions, and you might consider using “b@dmint&nchee$eCat”.
Let’s add another layer using acronyms, we can shorten part of it as a single letter. But this will shorten the character length, so be sure to make it longer. “b@dmint&nchee$eCat” could be “Bb@dmint&nchee$eC”. I would remember this has bigbadmintoncheesecats. Substituting characters, illogical phrases, and using acronyms all help in making passwords harder to crack at the same time, keeps it simple enough we can remember them.
Use simple variations for other accounts. It might seem complicated, but with a bit of practice, you can improve your passwords.
Use password managers
Using password managers can help provide complicated 20+ character passwords for each and every secure website. You just have to remember one password for the manager and the password manager will handle the rest. I personally use LastPass to manage all my passwords. I login on my phone, workstation and my personal laptop and I can remember all passwords for each device. Many of these are subscription based for a reasonable amount. A couple other managers include: Zoho Vault, Dashlane, Password Boss, and Bitwarden.
Hopefully this will help in creating complex passwords that you won’t forget too easily. This practice is perfect for the office. If you work in an environment with sensitive data, its very likely you’ll see password policies like these in place. For the home use, extending these practices will help keep your personal accounts in a better posture.
In the future, we’ll cover multi-factor authentication as a tool to help ensure no one else is accessing your data.