Google launches security features while report shows iOS threats outpacing Android

Google has cracked down on security with the launch of Play Protect and other new defense mechanisms while a report has been released which shows iOS malware growth outpacing that of Android.

After the Google Docs phishing attack, the company has been ramping up its security in recent months. This started back in May with the implementation of machine learning to improve the detection of phishing messages – and the company now estimates it can block spam and malicious content with a 99.9 percent accuracy.

The following month, in June, Google added security controls to G Suite which enables admins to block employees from accessing untrustworthy apps. The phishing attack was caused by a bogus app using a Google sign-in, so this feature helps to ensure admins can vet third-party apps.

Earlier this week, Google added a new warning screen for apps from developers which are yet to go through verification. You can still choose to continue, at your own risk, but you’ll be prompted with a warning message and must type “continue” in the field to help ensure the user has read the prompt and hasn’t just clicked ‘ok’ to get rid of the message (against our better judgement, most of us have probably done it at some point!)

"We're committed to fostering a healthy ecosystem for both users and developers," wrote Google's Naveen Agarwal and Wesley Chun in a blog post. "These new notices will inform users automatically if they may be at risk, enabling them to make informed decisions to keep their information safe, and will make it easier to test and develop apps for developers."

Now the company is putting its focus on Android security with the roll-out of Play Protect to all devices running Google Play Services 11 and up. All of the apps downloaded from the Play Store will be scanned to detect anything malicious and will be removed or blocked on the device. Of course, if the user is side-loading apps outside the official store, they still run a higher risk of being hit by a form of malware.

Speaking of, as reported by our sister publication EnterpriseCIO, the growth of malware targeting iOS has tripled and now outpaces Android which remained largely flat over the past couple of quarters. The research was conducted by mobile security company Skycure.

Varun Kohli, Vice President of Marketing at Skycure, said, "iOS is used on one of the more popular devices and that is where hackers are focusing and that is where the money is. A more affluent community tends to use the iPhone."

iOS still has some way to go before it has the same level of risk as Android, but it’s good to see Google being more proactive about the security issue on its platform. Hopefully, the rapidly growing threat to iOS will ensure Apple doesn’t become complacent.

Do you think Google is doing enough in terms of security? Share your thoughts in the comments.

Top 5 programming languages for DevOps

Python

Python has become an all-purpose language in infrastructure. It has been used to build cloud infrastructures projects such as OpenStack, and even supports web applications through frameworks such as Django. Python is an approachable language with a wide range of uses.

Codecademy: I started learning Python at Codecademy. The Codecademy Python program provides a great introduction.

Safari Books Online training: From there, I moved on to Jessica McKellar's excellent Introduction to Python course on Safari Books Online. The Safari service is expensive, but there are often membership sales that can give you as much as 50% off. SafariBooks also has O'Reilly conference videos, including talks and labs. The talks provide an opportunity to find interesting niches in each language.

Online conference videos: Search online and you'll find interesting talks at various developer conferences about how to use languages in ways you may not have otherwise considered. PyCon conference videos, for example, are available on YouTube.

Ruby

Ruby is used in a number of infrastructure projects. ManageIQ, for example, is a Ruby on Rails app. At my job at Red Hat, I often joke with customers that with ManageIQ (and CloudForms), users are only 10 lines of Ruby code away from doing anything.

Codecademy: As with Python, I picked up my Ruby knowledge primarily from Codecademy.

Documentation: The other resource that helped me understand Ruby in more practical terms (i.e., for my job) is Peter McCowan's book Mastering CloudForms Automation(available as a free PDF). Working with CloudForms building state machines and advanced automation workflows helped shape my understanding of the constructs inside Ruby.

Podcasts: I also listen to the Ruby on Rails Podcast, and Ruby Rogues.

JavaScript

The ecosystem of JavaScript frameworks and projects continues to grow at an astounding pace. From client-side JavaScript to server-side frameworks, huge swathes of the Internet run on JavaScript.

FreeCodeCamp: JavaScript is a language I am continuing to learn, mainly through FreeCodeCamp. FreeCodeCamp has an excellent free program that provides real-world examples and pushes students beyond the typical type-these-words-and-run-wheeeeee experience. As you progress through the program, you receive less prescriptive guidance and instead are given tasks to complete. The lessons I've learned the most completely in my journey have been from this "start in the deep end" style of teaching. I can't recommend it highly enough.

Podcasts: I also listen to JavaScript-focused podcasts, such as JavaScript Jabber and FiveJS.

Go

The Go language was introduced in 2009, and has made quite a splash in the market since its introduction. The designers of the language were focused on making a statically typed language that is human readable, but that also performs well at scale.

golang.org: I've only started my time with Go, beginning with the tour at golang.org.

Google Developers channel on YouTube: I've also started watching videos on the Google Developers channel, including Go for Pythonistas, Get Started with Go, and Go Programming.

Safari Books Online training: I'm focusing more on Go in 2017, as it underpins a number of important web technologies, such as Docker, Kubernetes, and etcd. The learning path at Safari Books Online is another great resource, including Master Google's Go.

C

C is a language I have tried to learn several times. Each time I approached C, I didn't have any particular goal in mind. I wanted to learn the language because so much of the code in the world is written in C, and many of the constructs in the language are reused in other languages. When I joined Red Hat, however, I quickly learned an adage that's been in the FOSS community for a very long time: The best documentation is the code. As I have sought to understand projects such as KVM, libvirt, and QEMU, I realized that I need to learn C to understand what's happening at a fundamental level.

Learn C the Hard Way: To learn C, I've picked up Learn C the Hard Way, which has proven to be a unique approach to the language. I like the author's writing style and the no-nonsense approach to coding exercises. You can read the book online for free, or buy book to also get the code examples and movie files.

6 Best Hacking Books You Must Read to be a Hacker

Hacking: The Art of Exploitation, 2nd Edition

This hacking book is a must read for beginners. This book focuses on many common obstacles people face during beginning of the ethical hacking job. This book can help beginners do their job more efficiently.

This is one of the best books which will take you through the technicalities of areas like programming, shell code and exploitation. Regardless of whether you are a beginner or have very little hacking knowledge, this book will help you understand the complexities of the digital security tasks.

This excellent and well written book will make you learn all the clever stuff of getting access to a system. All in all, the best book to buy.

The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series)

The best thing about this book is that it covers all the basics of penetration testing and hacking, without assuming that the reader has any prior hacking knowledge. It provides a step-by-step journey of penetration testing, moving from Information Gathering to Scanning, Exploitation and finally, Report Writing.

Instead of dealing with individual concepts in-depth, this book will provide you with a wholesome picture of hacking.

Metasploit: The Penetration Tester's Guide

This book deals with Penetration Testing by making use of the open source Metasploit Framework testing. It is suitable for readers who have no prior knowledge of Metasploit. The tutorial-like style of the book makes you learn things by doing them. 

The ending of the book provides you with an actual penetration test’s simulated version so as to provide you with a realistic experience.

BackTrack 5 Wireless Penetration Testing Beginner's Guide

Right from the beginning, this book gives you what you need, without wasting time in unnecessary justifications. Instead of explaining only theoretical concepts, the book consists of finely tuned and crystal clear tutorials. It provides a good mix of basics and high level knowledge and works cohesively with the reader.

CEH Certified Ethical Hacker All-in-One Exam Guide

This is undoubtedly one of the most well written books of all times. It provides crisp and clear writing with relevant examples along with a humorous touch to enliven the dry and mundane subject. The contents of the book are well organized in a neither too chatty nor too dry manner. However, you require some basic networking background to derive full benefits from this book.

CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide

This certification book is easy to read, straightforward and explains some of the complex topics in an excellent manner. All you need to do in order to pass the test is to read the book and do the practice exercises. 

In addition to this, the “remember this sections” and the content headers highlight all the key topics that one must pay attention to. So, if you wish to straightaway get down to the study material without wasting time on esoteric gibberish, this is the book for you.

Although, hacking may sound like an interesting area of study, when it comes to the application of the various concepts of penetration testing, it is easier said than done. In addition to having an educational background in the field of computer science, the hackers must have an affinity to learning and acquiring new skills on an ongoing basis. Also, the ethical hackers must possess out-of-the box thinking so that they are able to come with maximum number of possible ways of designing and securing a computer system.

The 9 Best Programming Books to Read Right Now if You Want to Distinguish Yourself

1. Coders at Work: Reflections on the Craft of Programming

If you’re curious about life as a programmer than Coders at Work is the book for you. It’s packed with interesting interviews from 15 accomplished programmers and computer scientists including Joshua Bloch, Peter Norvig, Donald Knuth, Ken Thomson, and Jamie Zawinski. The author, Peter Seibel (a programmer turned writer), got interviewees to open up about the famous projects that they worked on and the inspiring stories behind them. Coders at Work gives a peek into what makes some of the greatest programmers tick and how they think. Definitely a must read!

2. Code Complete: A Practical Handbook of Software Construction

Steve McConnell’s Code Complete is considered to be the encyclopedia of practical coding and a must-read for any professional programmer. And, it’s easy to understand why – it’s a massive piece of literature at 900-pages, but each chapter is packed with suggestions and techniques to improve everyday programming and construct code that is readable and easier to manage. McConnell has a knack for presenting his material in a story format that makes the book easy to read and even entertaining. No matter what level you’re at, Code Compete will undoubtedly change the way you think about and write code.

3. The Mythical Man Month

The premise of this book is built on the fact that computers change, but people don’t. The Mythical Man Month is a programming classic that discusses the human elements of software engineering. Even though the book was written 30 years ago (first published in 1975) it’s stood the test of time. Why? Because building things, including software, has been as much about people as much as hit has been about materials or technology. If you’re aspiring to become a project manager, this book will help you understand things that can go wrong in software development and will give you practical advice or working with, organizing and managing teams.

4. Don’t Make Me Think, Revisited: A Common Sense Approach to Web Usability

If you’re going to read a book on usability make it this one! Don’t Make Me Think is a great resource for any web developer who want to create websites, mobile sites or mobile apps that are much easier to use. The book is loaded with helpful information that’s presented in a clear and concise way that could be understood by both technical and non-technical audiences alike.

5. The Pragmatic Programmer: From Journeyman to Master

6. Clean Code: A Handbook of Agile Software Craftsmanship

Poorly written code can bring a project to its knees, which is why developing great code is so important! In Clean Code, “Uncle Bob” Martin shares tips and examples on how to create better code. The book dives into the principles and best practices of writing clean code, and also presents increasingly challenging case studies presented that challenges readers to think about what’s right with the code, and what’s wrong with it. While examples in Clean Code are given in Java, but is applicable to nearly all programming languages.

7. Programming Pearls

This is a classic book for newbies that teaches the basics of solving problems. If you work through the problems on your own (without looking ahead) you’ll learn a lot and be a much stronger programmer with a deeper understanding of algorithms and algorithm design.

8. Cracking the Coding Interview: 150 Programming Questions and Solutions

This is one of the go-to books for programming interviews if you’re looking to land a gig at a top company such as Amazon, Apple, Facebook, Google or Microsoft. As the title suggests, the book contains 150 programming questions that you might encounter at interviews, and then breaks down how to solve them. The remainder of the book focuses on non-coding aspects of the interview process such as interview prep, resume prep, behavioral prep, etc. Definitely one of the best programming interview books out there. Another good prep book is Introduction to Algorithms , which is considered to be the “bible of algorithms.”  

9. Soft Skills: The Software Developer’s Life Manual

For most software developers, coding is the fun part. The hard parts involve dealing with clients, peers, and managers, staying productive, achieving financial security and so on. This book covers everything-else-apart-from-coding ranging from career, to personal branding, blogging, learning, teaching, finances, and even fitness and relationships.

Bonus Book: Zero Bugs and Program Faster

The author of Zero Bugs spent two years researching every bug avoidance technique she could find. This book contains the best of them! It includes useful tips and techniques, and presents information in an easy-to-digest way and brought to life with stories and metaphors that make it a really enjoyable (and memorable) read.