Archive for RB

| October 2, 2014
Comments Off on Superman Most Dangerous on Web

Superman Most Dangerous on Web

Superman Most Dangerous on WebSuperheroes are supposed to be our friends but sometimes a plot twist allows their arch-enemies to trick our heroes turn against us. This is also true on the intertubes. Attackers are using our superheroes to infect computers to scam people into visiting compromised sites and downloading dangerous software according to Santa Clara, California-based McAfee.

The security company scoured the web and identified the most dangerous superheroes online. The report, “Most Toxic Superhero 2014” estimates how likely the average user is to come across malware by searching for the name of any given superhero.

McAfee lined up 11 likely suspects. They gathered viable threat evidence from popular search engines like Google (GOOG), Yahoo (YHOO), and Microsoft (MSFT) Bing for spyware, adware, spam, phishing, viruses, and other malware. The company also searched each superhero’s name in conjunction with common phrases like “free torrent download” and “free app,” as seeding fake torrents is a common way for attackers to infect computers.

The most dangerous superheroes online by percent of his search traffic leading to unsafe sites are:

  1. Superman 16.5%
  2. Thor 16.35%
  3. Wonder Woman 15.7% (tied)
  4. Aquaman 15.7% (tied)
  5. X-Man Wolverine 15.1%
  6. Batman 14.2%
  7. Black Widow 13.85%
  8. Captain America  13.5%
  9. Green Lantern 11.25%
  10. Ghost Rider 10.83%

McAfee tells citizen do-gooders to protect themselves by:

  • Beware of clicking on third-party links. You should access content directly from the official websites of content providers.
  • Ensure you use web protection that will let you know of risky sites or links before you visit them. Stick to official news sites for breaking news.
  • Don’t download videos from suspect sites. This should be common sense, but it bears repeating: don’t download anything from a website you don’t trust — especially video. Most news clips you’d want to see can easily be found on official video sites and don’t require you to download anything.
  • “Free downloads” are by far the highest virus-prone search term. Anyone searching for videos or files to download should be careful not to unleash unsafe content such as malware onto their computers.
  • Always use password protection on your phone and other mobile devices. If you don’t and your phone is lost or stolen, anyone who picks up the device could have access to your personal information online.
  • Don’t “log in” or provide other information: If anything asks for your information—credit card, email, home address, Facebook login, or other information—to grant access to an exclusive story, don’t give it out. Such requests are a common tactic for phishing that could lead to identity theft.
  • Search online using an Internet security program in the background. These tools protect users from malicious websites and browser exploits. A complimentary version of McAfee’s SiteAdvisor software can be downloaded at www.siteadvisor.com

rb-

Whether you live in Metropolis or Gotham, do-gooders need not work very hard to avoid these scams. Avoid dark alleys where superhero websites tend to have the same flaws as any other unsafe page. Keep an eye out for typos and files that look suspicious. Run an Internet security program in the background (your antivirus or anti-malware program probably has one built-in). Lastly, check what other commenters say before downloading a torrent.

Related articles
  • Mobile malware: Past and current rends, prevention strategies (cloudentr.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| September 30, 2014
Comments Off on Don’t Drain iPhone 6 Batteries

Don’t Drain iPhone 6 Batteries

Don't Drain iPhone 6 BatteriesIf you are one of the 10 million who just got their brand new waterproof flex-iPhone 6, charged it in the microwave got your network and WiFi connectivity back and updated it again. There is another rumor surrounding the smartphone that was not-right. Many people still believe it’s always best for the life of the iPhone 6 battery to let it drain fully before charging it again.

AppleNo so fastCaroline Moss at Business Insider explains that there was a time when cell-phones and most electronics ran on Nickel-Cadmium batteries. When a device uses a Nickel-Cadmium battery, you’d want to let your feature-phone fully drain before charging it again. Why? Nickel-Cadmium batteries, suffer from what’s known as memory effect.” When they are charged and discharged hundreds of times, they start to lose the ability to charge up to 100%, draining your battery life significantly over time.

In 2006, Lithium-Ion batteries replaced most NiCd batteries. Ms. Moss says these new batteries can be found in all Apple (AAPL) devices and do not suffer from “memory effect” the way NiCd batteries do. Apple says on its website:

Lithium-ion polymer batteries have a high power density, and you can recharge a lithium-ion polymer battery whenever convenient, without requiring a full charge or discharge cycle.

BatteryApple does recommend, however, that you should let the device go through at least one charge cycle each month to help keep the electrons moving (as opposed to a NiCd battery which needs to go through a full charge cycle every few days). Letting the device drain from 100% to fully shutting off at 0% helps to maintain the life of the battery.

Robin Lim at The Android Guy wrote that the typical modern lithium-ion battery you find in a mobile device should last for 500 charge and discharge cycles depending. Five hundred cycles should be enough to get you through two years.

Five hundred cycles is more than it sounds. A battery cycle means a full charge and discharge. So if you charge your battery before it is empty, it will not count as a full cycle. Ms. Kim claims that if you usually charge battery when it gets to 30%, it should be good for over 700 charges.

BatteryThe battery does naturally degrade over time. While the battery is designed to last 500 cycles, it does not mean that the battery will maintain a 100% charge throughout the 500 cycles. It also does not mean that after 500 cycles, the battery will die. After 500 charge and discharge cycles, your battery would be at about 70% of its original battery life. Your phone will still report that it is 100% fully charged, but it will really be at about only 70%. Basically, your battery deteriorates about 30%, gradually, over the 500 charge and discharge cycles according to the article.

Ms.Lim offers tips to maintain LI-on batteries.

Lithum Ion battery

  1. Avoid letting the battery drain below 20-30%. Partial discharges are actually better for your battery. The old rule that you had to fully discharge your battery, does not apply to the Lithium-Ion and Lithium-Polymer used in smartphones today. Battery University tests have shown one full discharge your battery once results in more wear and tear than charging it twice when it hits 30%.
  2. Recharge often. Given that recharging at higher levels of remaining battery life results in less wear and tear, it makes sense to recharge frequently.
  3. Partial charge is okay. Plugging in the battery for your new iPhone 6 for even half an hour will keep your remaining battery level higher at the end of the day.
  4. Calibrate once every month or two. The Android Guy says continuous partial discharges create a condition called digital memory. Your smartphone does not really measure battery life, but really just estimates the remaining charge. Partial discharges decrease the accuracy of the device’s battery gauge. So once every month, or every other month, let the battery discharge to the cut-off point and then recharge. Once fully charged, leave it plug to the wall charging for another two hours. The power gauge will be re-calibrated.
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| September 25, 2014
Comments Off on Internet of Things Full of Holes

Internet of Things Full of Holes

Internet of Things Full of HolesThe Internet of Things, is big and heading towards huge. The Internet of Things (IoT) is a system where unique identifiers are assigned to objects, animals, or people. These “Things” then transfer data over a network without requiring human-to-human or human-to-computer interaction. Whatis.com says IoT evolved from the convergence of wireless technologies, micro-electromechanical systems (MEMS), and the Internet.

Business Insider believes that the IoT will be the biggest thing since sliced bread. They claim there are 1.9 billion IoT devices today, and 9 billion by 2018, which roughly equal to the number of smartphones, smart TVs, tablets, wearable computers, and PCs combined. Gartner (IT) predicts that there will be 26 billion IoT devices by 2020. Based on a recent article in InfoSecurity Magazine is a very scary thing.

BI Global IOT Installed Devie projectionsThe InfoSecurity article says HP (HPQ) found 70% of the most common IoT devices have security vulnerabilities. HP used its Fortify On Demand testing service to uncover security flaws. HP detected flaws in IoT devices like TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales, and garage door openers as well as their cloud and mobile app elements according to the new study.

HP tested IoT devicesHP then tested them with manual and automated tools and assessed their security rating according to the vendor neutral OWASP Internet of Things Top 10 list of vulnerability areas. The author concludes that the results raised significant concerns about user privacy and the potential for attackers to exploit the devices and their cloud and app elements. Some of the results are:

  • A total of 250 security concerns were uncovered across all tested devices, which boils down to 25 on average per device,
  • 90% of devices collected at least one piece of personal information via the device, the cloud, or its mobile application,
  • 80% of devices studied allowed weak passwords like 1234 opening the door for WiFi-sniffing hackers,
  • 80% raised privacy concerns about the sheer amount of personal data being collected,
  • 70% of the devices analyzed failed to use encryption for communicating with the Internet and local network,
  • 60% had cross-site scripting or other flaws in their web interface vulnerable to a range of issues such as the Heartbleed SSL vulnerability, persistent XSS (cross-site scripting), poor session management and weak default credentials,
  • 60% didn’t use encryption when downloading software updates.

Mike Armistead, VP & General Manager, HP Fortify, explained that IoT opens avenues for attackers.

IoT opens avenues for the attackers.While the Internet of Things will connect and unify countless objects and systems, it also presents a significant challenge in fending off the adversary given the expanded attack surface … With the continued adoption of connected devices, it is more important than ever to build security into these products from the beginning to disrupt the adversary and avoid exposing consumers to serious threats.

HP urged device manufacturers to eliminate the “lower hanging fruit” of common vulnerabilities. They recommend manufacturers, “Implement security … so that security is automatically baked in to your product … Updates to your product’s software are extremely important.”

Antti Tikkanen, director of security response at F-Secure, told InfoSecurity said the problems HP uncovered in this report were just the tip of the iceberg for IoT security risks.

One problem that I see is that while people may be used to taking care of the security of their computers, they are used to having their toaster ‘just work’ and would not think of making sure the software is up-to-date and the firewall is configured correctly … At the same time, the criminals will definitely find ways to monetize the vulnerabilities. Your television may be mining for Bitcoins sooner than you think, and ransomware in your home automation system sounds surprisingly efficient for the bad guys.

rb-

I covered the threats that IoT or “smart” devices presented back in 2012. I don’t know where HP (or the rest of the security community) has been.

The current generation of “smart” devices does not seem to have any security. Most likely the manufacturer did not consider basic security or worse calculated it was better to ignore the secure design in their rush to gain market share.

It is also annoying that HP did not reveal the details on the products they tested.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , ,
| September 23, 2014
Comments Off on Super-Sized Storage Saves Tape

Super-Sized Storage Saves Tape

Super-Sized Storage Save TapeThe LTO Program Technology Provider Companies (TPCs) recently announced the extension of the LTO tape product to generations 9 and 10. SearchStorage says that Linear Tape-Open (LTO) is an open-format tape storage technology. LTO was developed by Hewlett-Packard (HPQ), International Business Machines (IBM), and Certance. (Quantum (QMCO) acquired Centance in 2004). The term “open-format” means that users have access to multiple sources of storage media products that will be compatible and save tape backups from being replaced.

LTO Tape Backups

SearchStorage reports that the LTO tape vendors plan to grow the technology to super-size. LTO-9 will offer up to 25 TB of native capacity and LTO-10 will offer 48 TB. Transfer rates will increase over earlier generations. LTO-9 and LTO-10 will offer transfer rates of 708 MBps and 1,100 MBps, respectively make tape backups faster.

LTO Roadmap

The new generations will allow your to keep your existing tape backups. The new LTO will include read-and-write backwards compatibility with tapes from the previous generation. It also has read compatibility from the previous two generations. The new generations will also continue to support LTFS, WORM functionality and encryption.

LTO GenerationProduct shippedStorage capacity (TB)*Transfer Rate (MBps)*Compatible withNotes
LTO-12000.120LTO-1
LTO-22003.240LTO-1
LTO-32005.480LTO-2 & 1
LTO-42007.8120LTO-3 & 2
LTO-520101.5140
LTO-4 & 3
LTO-620122.5160LTO-5 & 4Current Standard
LTO-72015?6.4315LTO-6 & 5Development
LTO-82017?12.8472LTO-7 & 6Development
LTO-9TBD26708LTO-8 & 7Development
LTO-10TBD481100LTO-9 & 8Development

Another super sized storage option

In case you are not a LTO user, FierceCIO reports that Sony (SNE) has developed super-sized storage tape. The Sony magnetic tape cassette capable of storing 185TB of data by optimizing its nano-technology process.

Tape messSony optimized its “sputter deposition” technology to create a soft magnetic layer, allowing it to shrink magnetic particles,  on the storage layer to an average size of 7.7nm, and increasing density according to the article. This allows the Japanese firm’s forthcoming cassettes will be able to store 74 times more data than conventional tape media or the equivalent of 3,700 Blu-ray discs.

The creation of a 185TB cassette will no doubt be welcomed by large enterprises as they try not to be overwhelmed by the explosion in big data. Various studies estimate that in the next decade the amount of data stored will increase by 50 times. IDC predicts in 2020, over 40 trillion gigabytes of data will be stored around the globe.

rb-

Not so fast, these developments are not the holy grail of backup’s.

LibraryI know of several organizations that have dragged their fiscal feet and are still running LTO-1 or LTO-2.  They have limited their own upgrade path. Right there in the LTO.org spec’s it says that LTO only allows for support of the previous two generations of cartridges on LTO Tape Drives.

FierceCIO speculates that after cost, Sony’s biggest challenge with a 185TB tape will be making it sufficiently fast in terms of its read and write performance, and the possible need for non-conventional peripheral interconnects so that data backups can be completed within increasingly decreasing backup windows.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , ,
| September 18, 2014
Comments Off on 10 Policies to Minimize BYOD Risk

10 Policies to Minimize BYOD Risk

Mandatory Authorization ProcessThe challenge for employers offering BYOD, according to schnaderworks, a labor and employment blog from Schnader Harrison Segal & Lewis LLP, is finding the right cost/benefit balance for their businesses. In developing an effectivebring your own device” (BYOD) policy, employers must first identify which employees will be eligible for the program according to the blog.

Onc10 Policies to Minimize BYOD Riske the basic parameters are set, the lawyers stress a written policy is essential to set up ground rules and permit enforcement to protect the company’s data and other interests. They suggest the following steps are key to establishing an effective BYOD policy:

1. Establish a Mandatory Authorization Process:  The lawyers say this should be completed before an employee can use company data and systems on a personal mobile device.

Require Password Protection2. Require Password Protection:  Each authorized device should have the same password protection as an employer-issued device.  According to the article, such protections include limiting the number of password entry attempts, setting the device to time out after a period of inactivity, and requiring new passwords at regular intervals.

3. Clarify Data Ownership:  A BYOD policy should specifically address who owns the data stored on the authorized device. It should be clear that company data belongs to the employer and that all company data will be remotely wiped from the device if the employee violates the BYOD policy, terminates employment, or switches to a new device. The policy should also alert employees that it is their responsibility to backup any personal data stored on the authorized device states the article.

Spell Out Procedures In Case of Loss4. Control the Use of Risky Applications and Third Party Storage:  Schnader Harrison Segal & Lewis recommends employers may want to ban the use of applications that present known data security risks, such as the use of “jailbroken” or “rooted” devices and cloud storage.

5. Limit Employee Privacy Expectations The BYOD policy should clearly disclose the extent to which the employer will have access to an employee’s personal data stored on an authorized device and state whether such personal data is stored on the company’s backup systems. The article recommends minimizing the co-mingling of company and personal data. Employers may want to install software that permits the “segmenting” of authorized devices.  However, no matter what measures the company takes to preserve employee privacy, the policy must emphasize that the company does not guarantee employee privacy if an employee opts in to the BYOD program.

Control the Use of Risky Applications6. Address Any Business-Specific Privacy Issues:  Certain businesses are subject to legal requirements about the storage of private personal information (such as social security numbers, drivers’ license numbers, and credit and debit card numbers, etc.) which may need to be addressed in a BYOD policy.  The blog points out that HIPAA requires native encryption on any device that holds data subject to the act. An employer may need to put in place processes prohibiting or limiting remote access for certain categories of sensitive data.

7. Consider Wage and Hour Issues:  Permitting employees to use an authorized device for work purposes outside of the employee’s regular work hours may trigger wage and hour claims. The lawyers suggest the BYOD policy should set forth the employer’s expectations about after-hours use  (such as a requirement that non-exempt employees must refrain from checking or responding to work emails, voice mail, and texts after hours) (rb- Yeah).

BYOD policy8. Ensure Compliance with Company Confidentiality Policies.  The author says a BYOD policy should reiterate that an employee using an authorized device must comply with all company policies on confidentiality and the “acceptable use” of company information.

9. Spell Out Procedures In Case of Loss or Theft:  The employer should set up a specific protocol to be followed in the event an authorized device is lost or stolen. The blog says the process should include the prompt reporting of a lost or stolen device and the remote wiping of the device.

Insure Compliance with Company Confidentiality Policies10. Document Employee Consent:  Finally the law firm, in good lawyer form, suggests the employer should get an employee’s written consent to all terms and conditions of the BYOD policy.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
« Older Entries   Recent Entries »