Month: April 2014

rooting android

Kingo Android ROOT

Con root podemos tener acceso a aplicaciones que de otra manera no podríamos ejecutar y realizar cosas como crear copias de seguridad de ciertas partes del sistema, cambiar la frecuencia de la CPU para que vaya más rápido ó lento dependiendo si queremos rendimiento o ahorrar batería, hacer capturas de pantalla, usar de ciertos programas de PC, usar nuestro teléfono como router Wi-Fi, pero considero que lo más importante es la posibilidad de instalar ROMs costumizadas.
aki el archivo root: http://www.mediafire.com/?0o3qxdphs4m…

“como hacer root en cualquier android”
“como hacer root”
“hacer root facil y rapido”
“como hacer root a samsung galaxy s3”
“como hacer root facil”
“hacer root con z4root”
“hacer root con”
“descargar z4root”
“como hackear android”

flops in Matlab

Somebody asked how one may count the number of floating point operations in a MATLAB program.
Prior to version 6, one used to be able to do this with the command flops, but this command is no longer available with the newer versions of MATLAB.
flops is a relic from the LINPACK days of MATLAB (LINPACK has since been replaced by LAPACK). With the use of LAPACK in MATLAB, it will be more approrpiate to use tic andtoc to count elapsed CPU time instead (cf. tic,toc).
If you're interested to know why flops is obsolete, you may wish to read the exchanges in NA digest regarding flops.
Nevertheless, if you feel that you really do need a command to count floating point operations in MATLAB, what you can do is to install Tom Minka's Lightspeed MATLAB toolbox and use the flops counting operations therein.


@cise.ufl.edu>

@cise.ufl.edu>
To count flops, we need to first know what they are.  What is a flop?

LAPACK is not the only place where the question "what is a flop?" is
relevant. Sparse matrix codes are another.  Multifrontal and supernodal
factorization algorithms store L and U (and intermediate submatrices, for
the multifrontal method) as a set of dense submatrices.  It's more
efficient that way, since the dense BLAS can be used within the dense
submatrices.  It is often better explicitly store some of the numerical
zeros, so that one ends up with fewer frontal matrices or supernodes.

So what happens when I compute zero times zero plus zero?  Is that a flop
(or two flops)?  I computed it, so one could argue that it counts.  But it
was useless, so one could argue that it shouldn't count.  Computing it
allowed me to use more BLAS-3, so I get a faster algorithm that happens to
do some useless flops.  How do I compare the "mflop rate" of two
algorithms that make different decisions on what flops to perform and
which of those to include in the "flop count"?

A somewhat better measure would be to compare the two algorithms based an
external count.  For example, the "true" flop counts for sparse LU
factorization can be computed in Matlab from the pattern of L and U as:

        [L,U,P] = lu (A) ;
        Lnz = full (sum (spones (L))) - 1 ;    % off diagonal nz in cols of L
        Unz = full (sum (spones (U')))' - 1 ;  % off diagonal nz in rows of U
        flops = 2*Lnz*Unz + sum (Lnz) ;

The same can be done on the LU factors found by any other factorization
code. This does count a few spurious flops, namely the computation a_ij +
l_ik*u_kj is always counted as two flops, even if a_ij is initially zero.

However, even with this "better" measure, the algorithm that does more
flops can be much faster.  You're better off picking the algorithm with
the smallest memory space requirements (which is not always the smallest
nnz (L+U)) and/or fastest run time.

So my vote is to either leave out the the flop count, or at most return a
reasonable agreed-upon estimate (like the "true flop count" for LU, above)
that is somewhat independent of algorithmic details.  Matrix multiply, for
example, should report 2*n^3, as Cleve states in his Winter 2000
newsletter, even though "better" methods with fewer flops (Strassen's
method) are available.

Tim Davis
University of Florida
davis@cise.ufl.edu@cise.ufl.edu>

Ubuntu root

Con un enfoque paternalista Ubuntu de entrada no da acceso a la cuenta de  root, sino que los comandos privilegiados se deben ejecutar usando sudo Referencias http://tombuntu.com/index.php/2008/05/23/install-virtualbox-additions-for-an-ubuntu-804…

Con un enfoque paternalista Ubuntu de entrada no da acceso a la cuenta de  root, sino que los comandos privilegiados se deben ejecutar usando sudo Referencias http://tombuntu.com/index.php/2008/05/23/install-virtualbox-additions-for-an-ubuntu-804-guest/ http://www.cyberciti.biz/faq/ubuntu-linux-root-password-default-password/ http://ubuntu-tutorials.com/2007/10/13/

ISO/IEC 27001

ISO/IEC 27001, part of the growing ISO/IEC 27000 family of standards, is an information security management system (ISMS) standard published in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its full name is ISO/IEC 27001:2005 – Information technology – Security techniques – Information security management systems – Requirements.

ISO/IEC 27001 formally specifies a management system that is intended to bring information security under explicit management control. Being a formal specification means that it mandates specific requirements. Organizations that claim to have adopted ISO/IEC 27001 can therefore be formally audited and certified compliant with the standard (more below).

Most organizations have a number of information security controls. However, without an information security management system (ISMS), controls tend to be somewhat disorganized and disjointed, having been implemented often as point solutions to specific situations or simply as a matter of convention. Security controls in operation typically address certain aspects of IT or data security specifically; leaving non-IT information assets (such as paperwork and proprietary knowledge) less protected on the whole. Moreover business continuity planning and physical security may be managed quite independently of IT or information security while Human Resources practices may make little reference to the need to define and assign information security roles and responsibilities throughout the organization.

ISO/IEC 27001 requires that management:

  • Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities, and impacts;
  • Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and
  • Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis.

The key benefits of 27001 are:

  • It can act as the extension of the current quality system to include security
  • It provides an opportunity to identify and manage risks to key information and systems assets
  • Provides confidence and assurance to trading partners and clients; acts as a marketing tool
  • Allows an independent review and assurance to you on information security practices

A company may want to adopt ISO 27001 for the following reasons:

  • It is suitable for protecting critical and sensitive information
  • It provides a holistic, risked-based approach to secure information and compliance
  • Demonstrates credibility, trust, satisfaction and confidence with stakeholders, partners, citizens and customers
  • Demonstrates security status according to internationally accepted criteria
  • Creates a market differentiation due to prestige, image and external goodwill
  • If a company is certified once, it is accepted globally.

While other sets of information security controls may potentially be used within an ISO/IEC 27001 ISMS as well as, or even instead of, ISO/IEC 27002 (the Code of Practice for Information Security Management), these two standards are normally used together in practice. Annex A to ISO/IEC 27001 succinctly lists the information security controls from ISO/IEC 27002, while ISO/IEC 27002 provides additional information and implementation advice on the controls. The domains covered by ISO 27002 include

Organizations that implement a suite of information security controls in accordance with ISO/IEC 27002 are simultaneously likely to meet many of the requirements of ISO/IEC 27001, but may lack some of the overarching management system elements. The converse is also true, in other words, an ISO/IEC 27001 compliance certificate provides assurance that the management system for information security is in place, but says little about the absolute state of information security within the organization. Technical security controls such as antivirus and firewalls are not normally audited in ISO/IEC 27001 certification audits: the organization is essentially presumed to have adopted all necessary information security controls since the overall ISMS is in place and is deemed adequate by satisfying the requirements of ISO/IEC 27001. Furthermore, management determines the scope of the ISMS for certification purposes and may limit it to, say, a single business unit or location. The ISO/IEC 27001 certificate does not necessarily mean the remainder of the organization, outside the scoped area, has an adequate approach to information security management.

Other standards in the ISO/IEC 27000 family of standards provide additional guidance on certain aspects of designing, implementing and operating an ISMS, for example on information security risk management (ISO/IEC 27005).

The ISO 27001 adopts the process model “Plan-Do-Check-Act” (PDCA) which is applied to the structure of all the processes in ISMS.

BS 7799 was a standard originally published by BSI Group[1] in 1995. It was written by the United Kingdom Government’s Department of Trade and Industry (DTI), and consisted of several parts.

The first part, containing the best practices for information security management, was revised in 1998; after a lengthy discussion in the worldwide standards bodies, it was eventually adopted by ISO as ISO/IEC 17799, “Information Technology – Code of practice for information security management.” in 2000. ISO/IEC 17799 was then revised in June 2005 and finally incorporated in the ISO 27000 series of standards as ISO/IEC 27002 in July 2007.

The second part of BS7799 was first published by BSI in 1999, known as BS 7799 Part 2, titled “Information Security Management Systems – Specification with guidance for use.” BS 7799-2 focused on how to implement an Information security management system (ISMS), referring to the information security management structure and controls identified in BS 7799-2. This later became ISO/IEC 27001. The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (PDCA) cycle (Deming cycle), aligning it with quality standards such as ISO 9000. BS 7799 Part 2 was adopted by ISO as ISO/IEC 27001 in November 2005.

BS 7799 Part 3 was published in 2005, covering risk analysis and management. It aligns with ISO/IEC 27001.

Plan (establishing the ISMS)
Establish the policy, the ISMS objectives, processes and procedures related to risk management and the improvement of information security to provide results in line with the global policies and objectives of the organization.
Do (implementing and workings of the ISMS)
Implement and exploit the ISMS policy, controls, processes and procedures.
Check (monitoring and review of the ISMS)
Assess and, if applicable, measure the performances of the processes against the policy, objectives and practical experience and report results to management for review.
Act (update and improvement of the ISMS)
Undertake corrective and preventive actions, on the basis of the results of the ISMS internal audit and management review, or other relevant information to continually improve the said system.
An ISMS may be certified compliant with ISO/IEC 27001 by a number of Accredited Registrars worldwide. Certification against any of the recognized national variants of ISO/IEC 27001 (e.g. JIS Q 27001, the Japanese version) by an accredited certification body is functionally equivalent to certification against ISO/IEC 27001 itself.In some countries, the bodies that verify conformity of management systems to specified standards are called “certification bodies”, while in others they are commonly referred to as “registration bodies”, “assessment and registration bodies”, “certification/ registration bodies”, and sometimes “registrars”.The ISO/IEC 27001 certification,[2] like other ISO management system certifications, usually involves a three-stage external audit process:

  • Stage 1 is a preliminary, informal review of the ISMS, for example checking the existence and completeness of key documentation such as the organization’s information security policy, Statement of Applicability (SoA) and Risk Treatment Plan (RTP). This stage serves to familiarize the auditors with the organization and vice versa.
  • Stage 2 is a more detailed and formal compliance audit, independently testing the ISMS against the requirements specified in ISO/IEC 27001. The auditors will seek evidence to confirm that the management system has been properly designed and implemented, and is in fact in operation (for example by confirming that a security committee or similar management body meets regularly to oversee the ISMS). Certification audits are usually conducted by ISO/IEC 27001 Lead Auditors. Passing this stage results in the ISMS being certified compliant with ISO/IEC 27001.
  • Stage 3 involves follow-up reviews or audits to confirm that the organization remains in compliance with the standard. Certification maintenance requires periodic re-assessment audits to confirm that the ISMS continues to operate as specified and intended. These should happen at least annually but (by agreement with management) are often conducted more frequently, particularly while the ISMS is still maturing.

Asset Management

The asset management domain deals with analyzing and attaining the necessary level of protection of organizational assets. The typical objectives of the asset management domain is to identify and create an inventory of all assets, establish an ownership on all assets identified, establish a set of rules for the acceptable use of assets, establish a framework for classification of assets, establish an asset labeling and handling guideline. Asset management, broadly defined, refers to any system that monitors and maintains things of value to an entity or group. It may apply to both tangible assets such as buildings and to intangible concepts such as intellectual property and goodwill.

An asset is anything that has value to the organization. Assets can include infrastructure (e.g. buildings, store houses, towers etc.), physical assets ( computer equipment, communications, utility equipment, heavy machinery), software assets ( applications, software code, development tools, operational software etc.), information (database information, legal documentation, manuals, policies & procedures, organizational documents etc.), services ( transport, air conditioning, communications, utilities etc.), people (management, skills, experience etc.) and imperceptible (reputation, image etc.).

Asset management is a systematic process of operating, maintaining, upgrading, and disposing of assets cost-effectively. Organizations need to identify all assets and create and maintain security controls around them. For each asset a designated owner needs to be made responsible for implementation of appropriate security controls. When creating an asset management policy the organization needs to define the scope of the policy (which parts of the organization are covered under the policy), responsibility (who is ultimately responsible for the policy), compliance (is compliance mandatory or not, what are the guidelines to follow), wavier criteria (on what basis can someone ask for a waiver) and effective date (from when to when is the policy applicable).

  • Typical policy statements for Asset Management include:
  * All assets shall be clearly identified, documented and regularly updated in an asset register
  * All assets of shall have designated owners and custodians listed in the asset register
  * All assets will have the respective CIA (Confidentiality, Integrity and Availability) rating established in the asset register
  * All employees shall use company assets according to the acceptable use of assets procedures
  * All assets shall be classified according the asset classification guideline of the company

Asset management comprises of all the activities associated with ongoing management and tracking of assets some of which are as follows: asset discovery (physical & logical), create & maintain conclusive software library, create & maintain conclusive hardware stock, configuration management, physical asset tracking, software license management, request & approval process, procurement management, contract management, assessment on ISO 27001 and PCI controls, supplier/ vendor management, re-deployment & movement, retire & disposal Management, compliance to laws if applicable etc.

Asset Register

The asset register documents the assets of the company or scope in question. Typically all business functions are required to maintain an asset register of their business units. The asset register is required to contain, at a minimum, the following information about the assets: the asset identifier, the asset name, the type and location of assets; the name of the function and process that uses this asset, the asset owner, custodian and user and the CIA (Confidentiality, Integrity, Availability) ratings of the asset. Organizations can choose to additional information into the asset register as necessary for example for IT assets can have IP address as part of them etc.

For all asset registers, a primary person responsible for the asset register needs to be identified. Typically the business unit head or director is the owner of the asset register and recognized functional heads identified are asset custodians. The asset owner is accountable for the comprehensive protection of assets owned by him/her. The asset owner may delegate the responsibility of applying the relevant controls for the maintenance of the assets to an individual/ function referred to as the ‘asset custodian’. It is the responsibility of the asset custodian to implement appropriate security controls that are required for the protection of information assets. It is the responsibility of all employees and third party staff to maintain the confidentiality, integrity and availability of the assets that they use.

Asset Classification

Assets need to be classified in order to provide an appropriate level of protection for a certain category of assets. Information assets need to be classified in terms of its value, requirements and criticality to the business operations of the company. Typical company classification guidelines follow restrictive principles. Some of the common classifications criteria which are used by companies are given below:

RESTRICTED: The restricted level of asset information pertains to highly sensitive information to the company; which when disclosed would cause substantial damage to the reputation and competitive position of the company in the market. Its unauthorized disclosure could adversely impact its business, its shareholders, its business partners and/ or its customers, leading to legal and financial repercussions and adverse public opinion. Examples of restricted information are details of major acquisitions, divestments and mergers, business and competition strategy, sensitive customer, competitor, partner or contractor assessments, intellectual property information, law enforcement and government related information.

CONFIDENTIAL: This category refers to asset information that relates to individuals or is otherwise restricted only to authorized users, but if disclosed outside the company would not harm the organization, its customers, or its partners. This classification applies to any sensitive business information which is intended for use within the company. Examples of confidential information include customer information, negotiating positions, marketing strategy, personnel information, internal company memos and presentations.

INTERNAL This classification refers to asset information that is potentially available to all personnel within the company, but is not public. This can also include information that is restricted to a group or project within the company, but is not designated as “Private” or “Restricted.” Examples of internal information include product design information, system documentation, company employee details, company organizational charts, minutes of department meetings.

PUBLIC This classification refers to asset information that has been published or obtainable from a published source, e.g. the Internet. Example of public information include published marketing material, company public statements or announcements, published company performance information, published job vacancies.

Asset Labeling

All important and critical assets to the company shall be labeled physically / electronically as per the information labeling and handling procedures of the company. The asset owners are required to ensure that their assets are appropriately labeled (marked) for ease of identification. This may exclude information classified as ‘public’. For each classification level, the handling procedures should include the assets introduction; secure processing, storage; transmission and destruction. Classification level must be indicted wherever possible for all forms of physical / electronic information that are sensitive in nature. For example: subject of email stamped with “Confidential” etc.

Por empezar fuerte el curso hoy quiero compartir un enlace de gran interes para los dedicados al mundillo de la gestión de la seguridad entorno a la norma ISO 27001.

Dentro de mis protocolos de seguimiento de las normas 27001, 27002 y las publicaciones o comentarios entorno a ella utilizando las alertas de Google, hoy quiero compartir un par de enlaces que proporciona en un documento PDF una traducción no ofical al castellano de las normas ISO 27001 e ISO 27002.

Aunque los enlaces no aparecen refereciados en ninguna página principal de esta Web, Google la enlaza al buscar sobre controles de la ISO 27002.

Dado que puede ser de interés para el público hispanohablante disponer de una versión en nuestro idioma, comparto la url que Google proporciona por si es del interés de todos.
Ambos documentos aclaran que su uso es autorizado sólo para fines didácticos, objetivo que comparte también este blog.
Las urls donde se encuentran son:

hidden files in Windows

How to hide and show the hidden files in Windows

1. Open Folder options on your Windows PC (Folder option in Windows 8 is present on the view tab of Ribbon UI).
2. Navigate to “View” tab on Folder Option.
3. Scroll down the horizontal scroll bar on the “Advanced setting” of the view tab till you get the option “Hidden files and folder“.
4. You will get two check boxes under “Hidde Files and folder” as

  1. Don’t show hidden files, folder or drives
  2. Show hidden files, folder and drives

5. Just select “Don’t show hidden files, folder or drives” to hide the hidden files and folder and select “Show hidden files, folder and drives” to show those hidden files and folder.
6. Now “Apply” all the changes and click on “OK“.
That is it.

Read more: http://windows.mercenie.com/windows-xp/how-to-make-and-hideshow-hidden-files-folder-in-windows-8-7-and-xp/#ixzz2yub38qZG
Follow us: @mercenie on Twitter | mercenie on Facebook

Open Folder option

What is Folder Option in Windows 8

Folder options contains the settings for the files and folder functions and how the items and which items will be displayed on your Windows 8 PC. It also contains a customize setting for the “search” option. It contains the overall view setting and functions of all files and folder.We can Open “Folder Options” in two way.
1. From Control Panel
2. From Ribbon UI in Explorer Window.

Open Folder option from Control Panel

1. Open “Control Panel“.
2. Click on “Appearance and Personalization“.
3. Now click on “Folder Options” on the open Window.
4. “Folder Options” window for folder and search option will be open. That is it.

Read more: http://windows.mercenie.com/windows-8/location-for-folder-option/#ixzz2yuaBneyM
Follow us: @mercenie on Twitter | mercenie on Facebook