Discover how mastering email communication can boost business efficiency, avoid common pitfalls, and ensure secure, respectful online interactions.
Turkey Revenge
The turkeys are pissed this Thanksgiving they are seeking revenge.
Germs Infest 60% of Americas Phones
60% of Americans sleep with their phones, harboring germs. Cleaning regularly with UV sanitizer or alcohol wipes can help keep your phone and bed germ-free.
Smartphone Sanitizing: A Practical Guide
Securely erase personal data from your old smartphone before recycling. Protect your identity from hackers—easy steps to follow.
Why Soft Skills Matter in Today’s Job Market
Boost your career with essential soft skills like communication, teamwork, and emotional intelligence. Learn why they’re crucial for workplace success.
Out of This World Ethernet
A while ago I wrote about Ethernet marching on. The IEEE had ratified the IEEE 802.3bp Ethernet standard which addresses how Ethernet operates in harsh environments. Now Ethernet has been installed in the harshest environment where we live, the International Space Station. During an April 2019 Extravehicular Activities (EVA), U.S. astronaut Anne McClain and Canadian astronaut David Saint Jacques upgraded the International Space Station’s communication systems by installing Ethernet cables.
Cabling Install and Maintenance reports that during a six-plus-hour spacewalk the astronauts installed Ethernet cables on the exterior of the space station to upgrade the wireless communication system and to improve its hard-wired communication system.
CBS News says the spacewalker’s connected Ethernet cabling at the forward end of the station’s U.S.’s primary research laboratory for U.S. payloads module (Destiny module) that will extend wireless connectivity for science instruments mounted outside the space station.
NASA Tweeted a video clip of the cable installation during which the narrator explained, “... They’ll be de-mating and mating some cables to provide additional Ethernet to the International Space Station.”
rb-
Pulling more cable to expand wireless coverage – nice to know some things are truly universal. Whether you call it cable pulling, or mating cables, the truck-roll cost to the ISS must be pretty steep. At least NASA installers don’t need ladders.
Related articles
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2019, 802.3bp, Ethernet, IEEE, ISS, NASA, Networking, Rocket science, Space, Wireless
What is the Most Productive Time to Start a Project
Fall is coming. Fall means football, leaf-peeping, cider and winter is coming. The season is also time to start that big project. New data from Redbooth maker of a web-based workplace collaboration tool says that Autumn is the most productive time to start a project. The San Francisco, CA-based firm looked at 1.8 million projects and 28 million tasks over a four-year period and quantified what a lot of us already intuitively know.
Fall is the most productive time to start a project
The data found that the average person gets more work done in the fall than in any other season. The study found that people are:
20% more productive in autumn than in winter- 11% more productive in autumn than in spring
- 7% more productive in autumn than summer
It should not surprise anyone who has lived through a Detroit winter that we are less productive in winter. Snow – cold – no Sun – SADD. It is a bit surprising to me that summer is a more productive season to start a project. We are actually more productive in summer than spring.
October is the most productive month
Redbooth found that October is the most productive month followed by September and November. The least productive time to start a project is in January. People complete 9.5% of tasks in October, while in January they only do 7.2%. The researchers surmised that it could be the holiday rush that pressures people into getting more done or perhaps even adults have that refreshed, back to school feeling in the fall.
Monday is the most productive day
This one is a bit more surprising. Even though don’t like Mondays, Redbooth says we work well on them. Monday is the most productive time to start a project. People reported completing the most tasks at 20.4%. Only 16.7% of tasks are completed on Fridays, making Friday nearly 20% less productive than Monday.
The author speculates that given the relatively low completion levels on the latter days of the week, it’s likely that Monday is the “catch up” day at work. Studies have shown that as many as 81% of workers get the “Sunday Blues” — or an impending feeling of dread over the work week ahead. It’s possible that this dread pushes us to work harder earlier in the week.
11 AM is the most productive time
We work best just before Lunch. Productivity peaks at 11 AM with 9.7% of tasks completed. After that, the effects of food set in, and a slump tends to occur after 1 PM. After 1 PM, productivity never quite returns to its peak, due to the “post-lunch dip.”
rb-
So the data says you should start your most critical projects on a Monday at 11 AM in October.
Related articles
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Project Management |
Tags: 2019, Monday, October, Project management, Redbooth, Scheduling, WBS
$2.9M Per Minute Lost to Cybercriminals
Updated 10/27/2019 – On October 22, 2019, the FBI issued a warning about cybercriminals running e-skimming attacks, also known as Magecart attacks. These attacks have been happening since 2016, but have intensified during 2018 and 2019. These attacks started out by exploiting vulnerabilities in open-source e-shopping platforms. However, over the past two years, attackers evolved their attack methodology, and any online store is now susceptible to attacks, regardless if it runs on top of an open-source platform or a cloud-hosted service.
—
Cybercriminals cost the global economy $2.9 million every minute of 2018. This shocking statistic comes from RiskIQ‘s latest Evil Minute report. RiskIQ specializes in online attack surface management, providing threat discovery, intelligence, and mitigation. The San Francisco, CA-based firm figured that a total of $1.5 trillion was lost to cyber-criminals in 2018. Some of the more ominous info-bits they presented include:
$25 per minute, the cost to top companies due to security breaches.- $17,700: lost from phishing attacks per minute
- $22,184: the projected by-the-minute cost of global ransomware events in 2019
Other statistics include:
- 8,100: identifier records compromised every minute
- 2.4: phish traversing the internet per minute
- 0.32: blacklisted apps by-the-minute
- 0.21: Magecart attacks detected every minute
Lou Manousos, CEO of RiskIQ said in the presser, “As the scale of the internet continues to proliferate, so does the threat landscape.”
Magecart hacks
The report specifically calls out attacks that target e-commerce. They focus on the Magecart hacks. Magecart hacks have increased by 20% in the last year. By some estimates, the Magecart supply chain attacks have resulted in the theft of more credit card information than more infamous breaches at Home Depot and Target. According to reports, Magecart was behind the 2018 cyber-attacks on British Airways and Ticketmaster which together compromised the info of over 425,000 of the firm’s customers.
Magecart attack is a credit card skimmer that intercepts card numbers and information when a payment card is swiped at the point of sale. Unlike gas card or ATM skimmers, there is almost no way for a consumer to determine that Magecart skimming is about to take place. There is no physical manifestation of Magecart and it is not always easy to catch, because it takes advantage of universal code and other applications not typically related to payments.
Magecart is a consortium of at least six different hacking groups that target flaws in online shopping cart systems. The attackers like Magento to steal customer payment card information. Magento, an open-source e-commerce platform written in open-source PHP. At least initially attackers exploited a PHP Object Injection flaw (CVE-2016-4010) in the popular online shopping cart.
In order to run this compromise, the Magecart attacker substitutes a piece of Javascript code, either by altering the Magento source code or by redirecting the shopping cart using an injection to a website that hosts the malware to steal the credit card and user information.
RiskIQ CEO Manousos warns;
Without greater awareness and an increased effort to implement necessary security controls, there will be more attacks using an ever-expanding range of technologies and strategies.
rb-
Firms that fall victim to attacks don’t just lose card info. They also lose time and productivity. Restoring hacked data and systems takes time and resources. The damage to a company’s reputation can cost it new and existing customers. Then there are the legal penalties from PCI, HIPAA, and the courts that come with mishandling customer information.
Like I keep saying – time to go back to the cash economy.
Related articles
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Are You Middle Class This Labor Day
It is Labor Day in the U.S. Organized labor created the U.S. middle class. Now the middle class is being squeezed out of existence. Considerable reports that the Pew Research Center has concluded that 52% of Americans qualify as middle class. 29% in lower-income households and 19% in upper-income households.
The researchers found that today, roughly half of American households fall into the middle class, over time the middle class has been shrinking. In 1971, 61% of adults lived in middle-class households. During this time both upper and lower-income segments of the population have been growing at the expense of the middle class. Plus, the upper class has seen bigger income gains, widening the income gap.
Pew found that the highest concentrations of middle-class Americans reside in the Midwest and Northeast. Sheboygan, WI has the largest percentage of middle-class adults in the U.S., others are:
- Sheboygan, WI – 65.2%
- Elkhart-Goshen, IN – 64.4%
- East Stroudsburg, PA – 63.7%
- Ogden-Clearfield, UT – 63.1%
The areas with the highest concentration of upper-class households should not surprise anyone.
- San Jose-Sunnyvale-Santa Clara, CA – 31.6%
- Washington-Arlington-Alexandria, DC-VA-MD-WV – 30.6%
- San Francisco-Oakland-Hayward, CA – 30.4%
- Bridgeport-Stamford-Norwalk, CT – 30.2%
The national average middle-class household income is $78,442 according to the Pew data. The Michigan middle-class benchmark is just over $79,000 and is placed in the middle at the 27th place nationally, between New Mexico and Maine. The Michigan middle-class household earns on average $600 more than the national average.
As for metro regions, the highest income to be middle class in the U.S. belongs to:
- Iowa City, IA $90,158
- Auburn-Opelika, AL $87,363
- Monroe, MI $87,330
- Washington-Arlington-Alexandria, DC-VA-MD-WV $86,645
Being middle class requires the least income in:
- El Centro, CA $69,338
- Merced, CA $71,319
- Lewiston-Auburn, ME $71,612
- Coeur d’Alene, ID $71,726
The Pew data says that in order to be middle class in Michigan the major metro-areas a household needs to have the following incomes.
Muskegon, MI $76,699- Saginaw, MI $77,731
- Lansing-East Lansing, MI $79,522
- Detroit-Warren-Dearborn, MI $80,159
- Grand Rapids-Wyoming, MI $80,166
- Niles-Benton Harbor, MI $80,302
- Ann Arbor, MI $80,907
- Kalamazoo-Portage, MI $81,003
- Jackson, MI $81,710
- Monroe, MI $87,330
In the table below, you’ll find the median incomes for each U.S. state for a three-person middle-class household, adjusted for the cost of living in the states. The amounts vary because Pew adjusts the data to reflect the cost of living around the country. Keep in mind the this is based on 2016 income, but since inflation has been modest in recent years the exact number probably won’t have changed much.
How much income it takes to be middle class
| Rank | State | Income |
|---|---|---|
| 1 | District of Columbia | $88,579 |
| 2 | Rhode Island | $84,413 |
| 3 | Maryland | $84,372 |
| 4 | Alaska | $84,015 |
| 5 | Massachusetts | $83,923 |
| 6 | North Dakota | $83,494 |
| 7 | Connecticut | $82,747 |
| 8 | Minnesota | $82,173 |
| 9 | New Jersey | $81,950 |
| 10 | South Dakota | $81,334 |
| 11 | Virginia | $81,309 |
| 12 | Colorado | $81,234 |
| 13 | Iowa | $81,167 |
| 14 | Wisconsin | $81,053 |
| 15 | Illinois | $81,010 |
| 16 | New Hampshire | $80,656 |
| 17 | Washington | $80,615 |
| 18 | Wyoming | $80,217 |
| 19 | Hawaii | $80,168 |
| 20 | Ohio | $80,033 |
| 21 | Delaware | $79,959 |
| 22 | Pennsylvania | $79,717 |
| 23 | Nebraska | $79,549 |
| 24 | Kentucky | $79,216 |
| 25 | Missouri | $79,189 |
| 26 | Maine | $79,060 |
| 27 | Michigan | $79,042 |
| 28 | New Mexico | $79,012 |
| 29 | Kansas | $78,971 |
| 30 | Georgia | $78,961 |
| 31 | Vermont | $78,877 |
| 32 | Texas | $78,866 |
| 33 | Montana | $78,854 |
| 34 | Alabama | $78,624 |
| 35 | North Carolina | $78,624 |
| 36 | Oregon | $78,550 |
| 37 | Nevada | $78,461 |
| 38 | New York | $78,412 |
| 39 | South Carolina | $78,016 |
| 40 | Indiana | $77,941 |
| 41 | California | $77,806 |
| 42 | Oklahoma | $77,658 |
| 43 | Utah | $77,575 |
| 44 | Tennessee | $77,495 |
| 45 | Louisiana | $77,351 |
| 46 | Arizona | $76,860 |
| 47 | Idaho | $76,849 |
| 48 | Mississippi | $76,666 |
| 49 | West Virginia | $76,629 |
| 50 | Arkansas | $76,569 |
| 51 | Florida | $75,414 |
Related Posts
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Are Your VPNs – Virtual Pwnd Networks
Updated October 21, 2019 – The U.S. and U.K. spy agencies have issued separate cybersecurity advisories on 10/21/2019 urging users to patch and mitigate the VPN holes discussed below. The NSA advisory (PDF) warns that “multiple nation-states advanced persistent threat (APT) actors have weaponized” the flaws. The U.K.’s National Cyber Security Centre (NCSC) advisory is here.
—
Updated September 29, 2019 – SafeBreach Labs discovered a vulnerability in Forcepoint’s VPN client software. The flaw will give attackers unfettered access to its users’ Windows computers.
In its article detailing the bug, Forcepoint explained The flaw enables an attacker to insert their own executable which will run with administrative privileges, giving the attackers administrative access to the system. Forcepoint gave the bug a CVE number of 2019-6145 and a base severity score of 6.7. According to a Forcepoint knowledge base article, the flaw is patched in version 6.6.1 of the Forcepoint VPN Client for Windows.
—
Updated September 10, 2019 – ZDNet is reporting that the Chinese state-sponsored hacker group APT5 is targeting enterprise VPN servers from Fortinet and Pulse Secure since the security flaws discussed below became public knowledge last month. FireEye reports (PDF) that APT5 has been active since 2007 and has targeted multiple industries.
APT5 was reportedly one of the first to start scanning the internet and then later attempt to exploit vulnerabilities in the Fortinet and Pulse Secure VPN servers. The attackers sought to steal files storing password information or VPN session data from the affected products. These files would have allowed attackers to take over vulnerable devices.
—
Everybody loves their virtual private networks. SSL VPNs provide a convenient way for business users to connect to corporate networks while out of the office. A recent study by FlexJobs found 30% of workers have left a job because it did not offer flexible work options like remote work. Further, the report said, that 80% of staff would be more loyal to their employers if they had flexible work options and 52% of workers have tried to negotiate flexible work arrangements with their employer.
Hackers love VPNs too
Last month VPNpro found that the majority of VPN services have close ties to China. CSO Online points out that if you are running a VPN that is developed and owned in China, then there is a serious chance that your information is not as private as you think. Every technology company that operates within China, including ISPs, are required to comply with any Chinese governmental request for data. That includes your data. The Chinese government has a long and well-documented history of hacking, favoring, and helping local businesses at the expense of foreign companies.
VPNpro also found that some Chinese firms own different VPNs split among different subsidiaries. For example, the Chinese company Innovative Connecting owns three separate businesses that produce VPN apps: Autumn Breeze 2018, Lemon Cove, and All Connected. In total, Innovative Connecting produces 10 seemingly unconnected VPN products, the study shows.
China is not the only concern
VPNpro also found that seven of the top VPN services are owned by Gaditek, based in Pakistan. This means the Pakistani government can legally access any data without a warrant and data can also be freely handed over to foreign institutions, according to VPNpro.
VPNpro identified a further four companies: Super VPN & Free Proxy, Giga Studios, Sarah Hawken, and Fifa VPN, which together own 10 VPN services – where the parent company, and therefore the company of origin, is completely hidden.
If that is not scary enough – There are new reports that attackers are now targeting the devices used to attach VPNs to the network. Help Net Security reports that attackers are exploiting known flaws in Pulse Connect Secure SSL VPN and Fortigate SSL VPN installations.
Flaws VPN installations
These attacks could allow attackers to steal passwords and gain full, remote access to an organization’s networks. Attackers have been targeting two vulnerabilities:
- CVE-2019-11510, an arbitrary file reading vulnerability in Pulse Connect Secure
- CVE-2018-13379, a path traversal flaw in the FortiOS SSL VPN web portal.
Researchers Meh Chang and Orange Tsai at Taipei City, Taiwan-based consultancy Devcore reported the flaws to Fortinet on Dec. 11, 2018, and to Pulse Secure on March 22, 2019.
In an August 9, 2019 blog post the Devcore researchers recapped their Black Hat 2019 demonstration. Tsai told TechCrunch in an email, “The SSL VPN is the most convenient way to connect to corporate networks … it’s also the shortest path to compromise their intranet.”
Pulse Secure VPNs
Privately held California-based Pulse Secure released an update on April 24, 2019, to address these flaws and urged customers to upgrade all affected products “as soon as possible.” The vendor warned that aside from patching, no workaround would protect systems, “Multiple vulnerabilities were discovered and have been resolved in Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS).”
Cyber threat intelligence firm Bad Packets has warned about activity aimed at vulnerable Pulse Connect Secure endpoints. So far they have found nearly 15,000 Pulse Secure VPN endpoints vulnerable to CVE-2019-11510 across all sectors of the U.S. This includes:
- U.S. military networks,
- Hospitals,
- Electric utilities,
- Financial institutions, and
- Fortune 500 companies.
Fortinet VPNs
Fortinet (FTNT) released a security advisory on May 24, 2019, to address these flaws and urged customers to update their firmware to safeguard themselves. In a blog post, the Devcore researchers wrote about the flaws they’d found in Fortinet devices, “In the login page, we found a special parameter called magic. Once the parameter meets a hardcoded string, we can modify any user’s password.”
Independent British security researcher Kevin Beaumont told BankInfoSecurity he was tracking attacks against Fortigate servers. Beaumont reported seeing “the Fortigate SSL VPN backdoor being used in the wild” against one of his honeypots.
ZDNet claims the number of vulnerable FortiGate VPNs is believed to be in the hundreds of thousands, although we don’t have an exact stat about the number of unpatched systems that are still vulnerable to attacks.
rb-
This isn’t the first time that serious flaws have been found and patched in enterprise-grade networking gear. In 2016 researchers found a vulnerability in Fortinet’s FortiGate OS – that functioned as an SSH backdoor and researchers found an authentication bypass flaw in Juniper Networks (JNPR) ScreenOS firmware.
In April 2019, U.S. Homeland Security issued a warning about vulnerabilities in many major corporate VPN applications. The VPN apps from — Cisco (CSCO), Palo Alto Networks (PANW), Pulse Secure, and F5 Networks (FFIV)— improperly store authentication tokens and session cookies on a user’s computer.
Obviously, there is no time to waste: firms should update their vulnerable Pulse Connect Secure SSL VPN and Fortigate SSL VPN installations as soon as possible.
Security researcher Kevin Beaumont told BankInfoSecurity:
Lots of companies have the basics around patching Windows and Linux down, as they have vulnerability management platforms and agents … Those don’t extend to FortiOS and Pulse Secure. So they just don’t patch as they never see [vulnerabilities].
Maybe firms should get their VPN devices on a regular update schedule before they become Virtual Pwnd Networks.
Related Posts
- Fortinet Advances to #2 in Firewall, UTM and VPN Revenue According to Leading Analyst Firm (GlobeNewswire )
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2019, China, F5 Networks, Fortinet, FTNT, Juniper Networks, Palo Alto Networks, Patching, Pulse Secure, Security, VPN