![]() |
>> ข่าวสาร
"โค้ดดิ้ง"ภาษาที่ 3 ความฝัน ศธ.เด็กยุคดิจิทัล
โครงการ CodingThailand.Org
แพลตฟอร์มการเรียนรู้ด้านวิทยาการคอมพิวเตอร์ผ่านช่องทางออนไลน์ระดับประเทศ ภายใต้โครงการ Coding Thailand ที่ กระทรวงดิจิทัลเพื่อเศรษฐกิจและสังคม โดยสำนักงานส่งเสริมเศรษฐกิจดิจิทัล Depa มุ่งพัฒนาให้ CodingThailand.org เป็น ชุมชนแห่งการเรียนรู้ออนไลน์ ที่เปิดกว้างให้เรียนรู้ได้ทุกที่ ทุกเวลา ด้วยสื่อการเรียนรู้ที่ผสานความบันเทิง ให้เยาวชนเรียนรู้อย่างเพลิดเพลิน ฝึกกระบวนการคิด ที่สอดแทรกความรู้เชิงการเขียนโปรแกรม อีกทั้งยังเป็นสื่อการสอนที่ครู อาจารย์ และ สถานศึกษา สามารถนำไปใช้ในการให้ความรู้แก่นักเรียนในทุกระดับ ![]() |
คนทำงานไอที นอกจากเก่ง Coding แล้ว ต้องมีทักษะอะไรเพิ่ม?
จากการเก็บข้อมูลสถิติของแรงงานและตลาดแรงงานใน กลุ่มสายไอทีหรือเทคโนโลยี ในช่วงปี 2560 ที่ผ่านมาของ แมนพาวเวอร์กรุ๊ป ได้สรุปผลสำรวจพบว่า ตลาดมีความต้องการสูงและมีแนวโน้มเพิ่มมากขึ้นอย่างต่อเนื่อง อัตรารายได้สูง หากแรงงานสามารถทำงานได้ตามมาตรฐานที่หน่วยงานหรือองค์กรต้องการ ![]() นอกจากนั้นแล้ว ในฝั่งของผู้ประกอบการหรือองค์กร แนะเพิ่มว่าบุคลากรในสายงานนี้ จำเป็นต้องมีทักษะในการสื่อสารให้ผู้อื่นเข้าใจได้ แม้เป็นภาษาหรือศัพท์ทางเทคนิค ต้องรู้จักอ่อนน้อม มีความอดทน เพราะเก่งงานอย่างเดียวอาจไม่พอ ต้องมี Service Mind พร้อมสนับสนุนการทำงานของฝ่ายต่างๆ ในองค์กร หากยึดถือ ปฏิบัติและปรับตัวได้ ![]() https://www.admissionpremium.com/it/news/4073 |
คำทับศัพท์ด้านไอที ที่หลายคนมักเขียนผิด
การใช้ภาษาไทยให้ถูกต้อง ไม่ว่าจะเป็นการพูดหรือการเขียน เป็นทักษะพื้นฐานที่น้องๆ และคนไทยเราควรให้ความสำคัญมากๆ โดยเฉพาะในยุคนี้ เพราะมันเป็นการแสดงให้เห็นถึงความเข้าใจ ความใส่ใจ และที่สำคัญยังเป็นการสร้างภาพลักษณ์ให้เราดูดีและน่าเชื่อถือผ่านสื่อต่างๆ ด้วย ![]() และแม้ว่าดูเหมือนจะเป็นเรื่องง่าย แต่การเขียนภาษาไทย โดยเฉพาะคำทับศัพท์ภาษาอังกฤษในหมวดเทคโนโลยีที่มีการบัญญัติศัพท์ใหม่ๆ ตลอด ก็เป็นเรื่องที่สร้างความสับสนและเข้าใจผิดให้เราได้ง่ายๆ บทความนี้เราจึงรวบรวม คำทับศัพท์ภาษาอังกฤษในหมวดไอที มาให้น้องๆ และทุกๆ คนได้อ่านและแชร์เก็บไว้ใช้ให้เกิดประโยชน์กันจ้าาา |
How to Be Safe on the Internet
The internet is a staple in many people's everyday lives. It is a great place full of wonderful information, but it is also full of many dangers. The price of banking, shopping, and interacting online might be your personal information. To stay safe on the internet, use the following strategies. ![]() 1 Choose strong passwords. Passwords are like the key to your accounts - only the person with the key can access them. When choosing a password, you want to make sure you choose one that is unique, strong, and not easily guessed by strangers or those close to you. Choose a password that uses letters, numbers, lowercase, uppercase, and characters.[1]
2 Be mindful when installing programs or agreeing to terms. When you sign up for newsletters, install programs, or agree to anything, read the fine print. If you do not want to receive junk mail or get put on a telemarketer list, look for a small box near the bottom of the page that asks if you want to receive information and offers from other companies. The best sites will have a statement listed that they will not sell your name to other companies (though they may still send you e-mails themselves).
3 Do not give out personal details to strangers. Don't give your full name, address, or phone number to anyone online that you don't trust or know. This is especially important in chat rooms, when negotiating jobs or deals, or making plans through meet-up sites.
4 Don't fall prey to phishing scams. Phishing e-mails are messages that appear to be from legitimate companies, such as your bank or stores where you've shopped, that provide links to fake websites and ask for personal information.[5]
5 Keep your eyes peeled for online scams. Online scams crop up everywhere.Online scams crop up everywhere. These scams can pop up in e-mails, tweets, Facebook posts, and many other places. Don't click on links that don't look like a real address or contains a lot of letters and characters that look like gibberish.
6 Limit the information you share on social media. Facebook, Twitter, Google+, Instagram, LinkedIn, and other social media sites are part of most people's every day lives. On Facebook, people post their maiden names, their parents' names, their birthdays, the birthdays of their children, their hometowns, their home address, their home and cell phone numbers, along with myriad other personal information. This information gives anyone with a computer just about every essential piece of information about you.[9] Limit what you share online to protect your identity and privacy.[10]
7 Have multiple e-mail accounts. It's best to have three accounts. Multiple e-mails help you separate different aspects of your life, gives you official and non-official addresses, and can help you cut down on spam and privacy issues.
|
Top 5 social media scams to avoid (CNN)
Scammers have been worming their way into giant social media networks to trick people into giving over their personal and financial information.Over the past year, the number of phishing attempts on social media networks like Facebook(FB, Tech30), Twitter (TWTR, Tech30), Instagram and LinkedIn (LNKD, Tech30) has exploded 150%, experts at security firm Proofpoint (PFPT) say. That's because fraudsters can use social media to target hundreds of thousands of people at once, but also blend in with the crowd. They mimic users and their activities, and they take advantage of the way people use social media to deal with business problems. Here are five of the most cleverly cloaked scams on social media right now, according to Proofpoint: 1. Fake customer service accounts on Twitter Online criminals set up fake customer service accounts to phish for bank login and password information and other sensitive data. These imposter accounts look very similar to that of real businesses, but are often one character off -- or they include an extra underscore or other keyboard character. When someone tweets at their bank or example, scam artists will intercept the conversation, and reply to that message with what seems like an authentic answer. ![]() 2. Fake comments on popular posts A popular news story or social media post might generate a lot of comments. Fraudsters like to take advantage of that large audience by adding their own comments with links to other buzzy headlines that lead to credit card phishing scams. ![]() 3. Fake live-stream videos As more media companies start streaming their shows and movies online, scammers are jumping on the bandwagon. They do things like comment on the Facebook page of a sports team with a link that leads people to believe they can watch a free live stream of a game. But the links lead to a fake website that asks for personal information in order to start the video, which very often doesn't exist. ![]() 4. Fake online discounts Fake online discounts work similarly to fake customer service accounts. Schemers will set up social media accounts that look like legit businesses, then pretend to offer a real promotion. In reality, they want to trick people into giving up their personal information. ![]() 5. Fake online surveys and contests These tactics have been around for years and are designed to get answers to personal questions that fraudsters can mine and sell later. But criminals embed them into social media posts that often look legit because there's a normal looking profile picture and link, thanks to URL shorteners. ![]() |
Surprise Ransomware Installed via TeamViewer and Executes from Memory
Recently a member posted in the forums about a new ransomware that was appending the .surprise extension to encrypted files. When I received the sample, I learned that what I had was an loader that executed a heavily modifiedEDA2 ransomware variant from memory. That was interesting enough, but soon reports started coming in that the those who were infected were being done so via TeamViewer connections. The first ransomware installed via TeamViewer?As more reports started to come in from Surprise victims, a disturbing trend was discovered. All of the victim's had TeamViewer installed and logs showed that someone connected to their machine using TeamViewer and uploaded the Surprise.exe files to their desktop. ![]() As more logs were posted, it could be seen that there were two TeamViewer IDs that were used by the attackers to upload the ransomware to the computer and execute it. These IDs were 479441239 and 479440875. Once it was discovered that TeamViewer was involved, I immediately reached out to TeamViewer support to try and get someone who was part of their security team to either call me or email me so we could discuss this attack.Talking to one of the security team members, I was told that the associated IDs have already been disabled so that they could no longer be used on TeamViewer. I was also told, that it appears that the connections made by the ransomware developer were using the credentials of the victim. TeamViewer felt that some of these accounts may have been included in account dumps, where their credentials were retrieved by the ransomware devs. On checking various databases, I did find that more than half of the victims were listed on thehttps://haveibeenpwned.com/ site. At this point, the Surprise ransomware appeared to have gone dark, so we are unable to investigate this further. Executing from memory to bypass behavior detectionAnother interesting characteristic that we saw in the Surprise Ransomware is that the executable itself does not contain any of the encryption functions or other behavior associated with ransomware programs. Instead it contained another executable that transformed into an encrypted BASE64 encoded string. At runtime this string is decrypted, loaded into memory, and then executed directly from there. This method is being used to not only try to bypass AV signature definitions, but also behavior detection. Behavior detection is becoming the best way to detect and stop ransomware as signature detections have become easily bypassed. By trying to offload the encryption functions, typically targeted by behavior analysis, into an file executed from memory, they are hoping it would not be detected. Thankfully, this is not the case. Below is some partial source code showing how they are using this technique: ![]() So far this has not helped, as the malicious behavior will still be detected when the ransomware is launched from memory. The Surprise Ransomware Encryption ProcessAs already explained, this ransomware is distributed via TeamViewer connections to the victim's computer, which the ransomware developer will use to upload a file called Surprise.exe to the victim's desktop. Once this file is launched, it will decrypt a encrypted BASE64 encoded executable into memory and launch this executable from there. Once launched, the ransomware will attempt to connect to its Command & Control server where it will send the victim's computer name and username and retrieve a public encryption key. This key will then be used to encrypt a generated AES encryption key, which is then sent back to the Command & Control server. The ransomware will now begin to scan the all fixed disks on the computer for files that contain a particular file extension. When it finds a matching file, it will encrypt it with the AES encryption key and append the.surprise extension to it. The targeted file extensions are:
When encrypting files it will skip any files that contain the $ symbol or contain the c:\windows and c:\program strings in the filename. When the ransomware finishes encrypting the computer, it will create 3 files on the desktop. These files and their contents are:
The ransom note for this ransomware states:
Unfortunately, at this time there is no way to decrypt the files encrypted by this infection for free. Update 1 (4/3/16):TeamViewer has issued a statement regarding this ransomware. This statement includes what they have discovered and tips on properly securing a TeamViewer account. Update 2 (4/4/16):MalwareHunterTeam has discovered that the Surprise Ransomware is still being actively distributed. It also appears from the source code of the malware, that the ransomware developer has been reading my articles and posts about them. Notice that the hostname for the Command & Control servers is named after my forum alias, Grinler. ![]()
Files associated with the Surprise Ransomware
|
The planet hunter searching for another Earth
(CNN)"I want to find another Earth. That's what I'm living for." MIT astrophysicist Sara Seager has been looking at planets beyond our solar system, known as exoplanets, for almost 20 years. When the first ones were discovered in the 1990s, many questioned the finding and didn't think it was real. But since then, with better technology, we have observed more than 6,000 of them, most of which are giant balls of gas. Today, the list grows every week. With so many planets now coming out of hiding, the race is on to identify one that resembles Earth: a rocky world with liquid water just like ours, and suitable to host life. Seager believes she knows how to make that discovery. It's not easy to see exoplanets as you can't just look at them through a telescope. This is due to the blinding light coming from their host stars, which can be very different in size and features compared to our sun. The process is often described as trying to spot a firefly circling a lighthouse, from thousands of miles away. The first ones were discovered indirectly, in 1995, by just looking at stars to see if they would wobble slightly, responding to the pull of another object's gravity At this time, Seager was a graduate student atHarvard searching for a topic for her Ph.D. and she was intrigued by the newborn field of faraway planets. "Since the planets were discovered indirectly, most people didn't believe that the discoveries were real. They'd say to me 'Why are you doing this? These aren't planets!'," says Seager. The contrarians weren't entirely wrong: the wobble can be caused by other factors such as another star and several planet discoveries have been retracted over time for this reason. But then a different technique was found to make their hunt easier, called transit. This is when a planet moves in front of its host star and causes the star's light to dim slightly. "One of the planets from the wobble technique showed transit: it went in front of the star at exactly the time it was predicted to and that was basically incontrovertible," says Seager. Exoplanets were real. |
Hackers wanted to break into The Pentagon. (BBC)
![]() No you're not misreading that: in the first ever programme of its kind the US government has launched the initiative to test the strength of its cyber defences. Google, Facebook, Microsoft and Yahoo already use so-called "bug bounties" to find and report security problems. If hackers discover any major flaws they could get paid. ![]() The "Hack the Pentagon" scheme has begun and lasts until 12 May. The application page says: "If you have information related to security vulnerabilities in the online services listed in scope below, we want to hear from you." One senior official speaking to Reuters claimed that thousands of participants were expected to join the initiative. The Pentagon already uses its own internal security experts to test its networks, but it is hoped that opening up to vetted outsiders will help spot and remove more weaknesses. ![]() Security researchers have repeatedly called on the US government to take inspiration from major technology firms and introduce a bug bounty programme. Facebook has reportedly paid out more than $3m (more than £2.1m) since its programme was launched in 2011. If the Pentagon does introduce financial rewards, it would be the first government-funded initiative of its kind in the world. Participants must be US citizens and will have to register and submit to a background check before they are turned loose on the computer system. Find us on Instagram at BBCNewsbeat and follow us on Snapchat, search forbbc_newsbeat |
Google Grants For Computer Science Education
Google is offering new grants in the hope of improving completion rates for computer science degrees. The new Google CS Engagement Awards are open to faculty or staff at accredited colleges and universities in the United States, and are designed to support people teaching introductory computer science courses. The aim is to help them retain students to the completion of their course. Announcing the new grant on both the Google Education and Google Research blogs, Leslie Yeh Johnson, who is responsible for University Relations says that while there has been an unprecedented increase in enrollment in Computer Science undergraduate programs over the past six years, the number of students who go on to complete undergraduate degrees has not increased in the same ratio. The problem is particularly acute among women and under-represented minorities, according to the 2013 Taulbee Survey. Johnson says that while students may begin a CS degree program, retaining students after their first year remains an issue, with one of the strongest factors in the retention of students in undergraduate CS degrees being early exposure to engaging courses and course material. The idea is that if students are given assignments that are meaningful and relevant, or classroom activities that encourage student-to-student interaction, the student stays interested and is more likely to complete their undergraduate CS degree. In the hope of improving the percentage of students completing their degree, Google has come up with the CS Engagement Small Grants Program. This is designed to support educators teaching introductory computer science courses in the United States. Google will give unrestricted gifts of $5,000 to the selected applicants’ universities, towards the execution of engaging CS1 or CS2 courses in the 2014-2015 school year. If you’re teaching CS1 and CS2 courses at the post-secondary level, you need to apply for the grant before November 15, 2014. The details are available in the program's Call for Proposals. |