Bach Seat

60% of Americans sleep with their phones, harboring germs. Cleaning regularly with UV sanitizer or alcohol wipes can help keep your phone and bed germ-free.

Category: Uncategorized | Tags: 2024, Cockroach, Germs, Mobile device

RB | November 10, 2024

Comments Off

Smartphone Sanitizing: A Practical Guide

Securely erase personal data from your old smartphone before recycling. Protect your identity from hackers—easy steps to follow.

Category: Uncategorized | Tags: 2024, Android, Encryption, GOOG, Google, Smartphone

RB | November 3, 2024

Comments Off

Why Soft Skills Matter in Today’s Job Market

Boost your career with essential soft skills like communication, teamwork, and emotional intelligence. Learn why they’re crucial for workplace success.

Category: Uncategorized | Tags: 2024, Business, Job Search, Soft skills

RB | April 23, 2016

Comments Off

Prince‘s musical legacy is uncontested. TMZ summarized his career. Prince became an international superstar in 1982 after his breakthrough album “1999.” He went on to churn out a ton of hits — and racking up 7 Grammy’s in the process. He also performed at the Super Bowl in 2007, in one of the greatest live performances of all time.

Prince sold more than 100 million records during his career … and won the Academy Award for Best Original Song Score for Purple Rain in 1985. He penned hits for other artists like Nothing Compares 2 U for Sinéad O’Connor, the Bangles’ Manic Monday, Chaka Khan’s I Feel For You, and Stevie Nicks’s “Stand Back.”

In addition to his musical legacy, Prince was also an unheralded pioneer in the digital music world according to Twice. The article details five ways Prince helped shape the online music world.

Prince embraced the Internet before most

Prince‘s “Crystal Ball” album, a three-CD set he put out in 1998, was initially only available over the phone and via Internet pre-orders, making it one of the first-ever e-commerce music launches. The author recalls that those who ordered the album online got a fourth disc of previously unreleased acoustic material, “The Truth,” and a fifth disc of instrumental music by his New Power Generation Orchestra.

He helped invent e-commerce.

Prince launched his own NPG Music Club to sell select albums exclusively online according to Twice. He even won a Webby Lifetime Achievement Award in 2006, identifying him as an e-commerce pioneer.

Prince was an early Internet troll

After record label Warner decided to take him on over money and creative control of his music in the early ’90s, Prince took to the Internet to fight back. The author writes that he made a number of appearances with the word “Slave” written on his face. When Warner fought back, informing him it even owned the name Prince, he changed his name to an unpronounceable symbol, forcing the world to ID him as “the Artist Formerly Known as Prince.”

One of the first to give his music away

In 2007, Prince released “Planet Earth” and played an unprecedented 21 nights at the brand new O2 Arena in London. While in London, Princehatched a deal with The Mail to give the album for free to the newspaper’s 2 million readers. The blog points out that Prince neglected to tell record label Columbia of the deal. Columbia’s parent company, Sony, pulled the album’s release in the U.K.

Prince blazed an online path for other artists

Eventually, Prince shut down his NPG Music Club and launched LOtUSFLOW3R, which not only sold his music but tickets to his shows as well, outside the monopolies of the record companies and Ticketmaster. His early attempts to sell online and his fights with the traditional music powers left a big impression on British band Radiohead, then between major label contracts. Instead of settling on a new record label, the band released its album “In Rainbows” exclusively online, and allowed consumers to “pay what you like” for it, garnering a ton of mainstream press.

R.I.P. Prince, superstar musician, and Internet pioneer.

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: Academy Award, ecommerace, Grammys, Music, Prince, Radiohead, Sony, Super Bowl, Warner

RB | April 18, 2016

Comments Off

Schools Face RansomWare Risk

More than 2,000 machines at K12 schools are infected with a backdoor in unpatched versions of JBoss that could be used at any moment to install ransomware such as Samsam. TargetTech defines ransomware as malware designed for data kidnapping, an exploit in which the attacker encrypts the victim’s data and demands payment in Bitcoins for the decryption key.

JBoss Ransomware has typically been spread through drive-by downloads or spam emails with malicious attachments. One of the latest victims of Samsam was MedStar Health, a not-for-profit organization that runs 10 hospitals in the Washington, D.C., area.

PCWorld reports that the Cisco (CSCO) Talos threat-intelligence organization, announced that roughly 3.2 million machines worldwide are at risk. The article says that many of those already infected run Follett’s Destiny library-management software, used by K12 schools worldwide. According to Cisco, Follett responded quickly to the vulnerability,” Follett identified the issue and immediately took actions to address and close the vulnerability”.

In a presser, Follett offers patches for systems running version 9.0 to 13.5 of its software and says it will help remove any backdoors. The author states that Follett technical support staff will reach out to customers found to have suspicious files on their systems. Follett even offers SNORT detection rules on the presser page.

Snort is a highly regarded open-source, freeware network monitoring tool that detects attack methods, including denial of service, buffer overflow, CGI attacks, stealth port scans, and SMB probes. When suspicious behavior is detected, Snort sends a real-time alert to Syslog, a separate ‘alerts’ file, or to a pop-up window.

JBoss the vulnerable underlying system is described as an open-source Red Hat product that serves as an application server written in Java that can host business components developed in Java. Essentially, JBOSS is an open source implementation of J2EE that relies on the Enterprise JavaBeans specification for functionality.

PCWorld reports that compromised JBoss servers typically contain more than one Web shell. Talos advises that it is important to check the contents of a server’s jobs status page. “This implies that many of these systems have been compromised several times by different actors,” the company said.

Web shells are scripts that indicate an attacker has already compromised a server and can remotely control it. The list of those associated with this exploit is listed in Talos’s blog post.

Companies that find a Web shell installed should begin by removing external access to the server, Talos said in the article. The security firm recommends quick action.

Ideally, you would also re-image the system and install updated versions of the software … If for some reason you are unable to rebuild completely, the next best option would be to restore from a backup prior to the compromise and then upgrade the server to a non-vulnerable version before returning it to production.

rb-

I have worked with a number of customers on their library automation projects. The cost of these systems is as usual in the data. There is a great deal of time and effort that goes into creating the proper MARC records, especially for books that are out of print and kiddie books. If these files get locked up by ransomware, the system is useless and expensive to replace.

K12 schools are notoriously cheap, but the advice is the same as always,

Keep your software UP TO DATE
Use a real virus scanner on your servers and administrative stations
Back-Up – Back-Up – Back-Up – With a good backup, you can just blow the machine away, re-install and restore the data. and be back in business.

What Came First, Bitcoin or Ransomware? (newsbtc.com)

Category: Uncategorized | Tags: 2016, Bitcoin, Cisco, CSCO, Follett, Java, JBoss, K12, Library, Malware, Open Source, Ransomware, Red Hat, Security, SNORT, Talos

RB | April 16, 2016

Comments Off

Hey Lobbying Tech Spender

-Update 04-26-2016- As if to prove my point, Democratic Presidential candidate Bernie Sanders just named Verizon one of America’s Top Ten Tax Avoiders. VZ has a corporate tax rate of -2% for the last 6 years according to the post. Verizon has the #4 lobbying spender.

Just in time for the U.S. tax deadline, the Business Insider has a report which details the amount of money the tech titans spent on ~~bribing~~ lobbying the politicians in DC. Thanks to one of the small bits of transparency in the gooberment, the U.S. House of Representatives requires companies to file government lobbying records. You can search their disclosures here at the Office of the Clerk of the House. (rb- Use this while you can, it’s likely to be shut down at any time by politicians with things to hide.)

The most aggressive tech spender on lobbying in 2015 was Amazon (AMZN) according to research by Consumer Watchdog. The company spent $9.07 million (a company record) on lobbying in 2015, an incredible 91.4% surge from its 2014 spend dedicated to influencing federal regulations last year according to BI.

Amazon lobbied Washington about

Unmanned aerial vehicles – likely in support of their drone delivery plans,
Surface transportation, likely related to its recent efforts to take more control of its fulfillment process,
Cloud computing, which likely helps them grab a $600 million contract to host the CIA cloud,
Copyright reform, and music licensing (probably relating to its Prime music service),
High-skilled immigration – corporate America’s H1-B’s plan to cut the buying power of their own customers.
Patent reform,
Corporate tax reform and the taxation of remote sales,
Net neutrality,
Cyber-security regulation,
Postal reform, and
Online wine sales.

Despite Amazon’s aggressive lobbying, Google (GOOG) topped the list of tech companies for the second year in a row. Google spent $16.6 million in 2015 vs $16.83 million in 2014. The biggest spending tech firms spent over $122M lobbying Washington politicians.

How the tech titans spent their money

Google: $16.6 million in 2015 vs $16.83M in 2014.
Comcast (CMCSA): $15.63 million vs $16.8M in 2014
AT&T (T): $14.86 million, up from $14.56M in 2014
Verizon (VZ): $11.43 million, up 1.9% from $11.22M in 2014.
Facebook (FB): $9.85 million from $9.34M in 2014, a company record.
Amazon (AMZB): $9.07 million up 91.4% from 2014 .
Microsoft (MSFT): $8.49 million vs $8.33M in 2014.
Time Warner Cable (TWC): $6.8 million in 2015, down 13.2% from 2014.
T-Mobile (TMUS) $6.14 million, up 1.7% from 2014.
Apple (AAPL): $4.48 million in 2015 compared to $4.11M in 2014.
IBM (IBM): $4.63 million, a 6.5% decrease from $4.9M in 2014.
Intel (INTC): $4.55 million in 2015, up 19.7% from $3.80M in 2014.
Oracle (ORCL): $4.46 million in 2015, down 23.5% from $5.83M in 2014.
Cisco (CSCO): $2.69 million compared to $2.35M in 2014.
Yahoo (YHOO): $2.84 million in 2015 vs $2.94M in 2014.

BI reminds us that these may seem like big numbers, they’re a tiny part of these companies’ overall expenditures — in the third quarter of 2015, Google spent $3.47 billion on traffic acquisition costs (such as the price of its deal to stay the default search on Apple’s iPhone), and another $6.93 billion on other operating expenses.

rb-

I haven’t written about the tech’s industry lobbying efforts since 2010. Many of the names have remained the same, ATT, Verizon, Google, IBM, Yahoo, and Intel have been ~~bribing~~ lobbying the gooberment for a very long time.

However, just 5 years ago, Apple and Facebook were barely in the lobbying racket. In 2015, they both ranked at the top in lobbying spending.

Category: Uncategorized | Tags: 2016, AAPL, Apple, Cisco, CSCO, Drone, Facebook, FB, GOOG, Google, IBM, INTC, Intel, Lobbying, Net neutrality, Politics, Verizion, VZ

RB | April 7, 2016

Comments Off

9 Emails You Should Never Open

The increasing pace of life coupled with mobile computing which bombards us with emails and messages, from more sources, and across more devices than ever before has created what Proofpoint calls a generation of trigger-happy clickers.

Trigger-happy clickers are falling more and more for fake emails from cybercriminals. These fake emails are so convincing and compelling that they fool 10% of recipients into clicking on the malicious link according to the article. To put that into context a legitimate marketing department typically expects <2% click rate on their advertising campaigns.

So, despite the best efforts of security professionals, too many people are still falling prey to email scams at home and work. Whether it’s a get-rich-quick scheme or a sophisticated spearphishing attack, here are some emails to steer clear of:

1. The government scam

These emails look as if they come from government agencies, such as the IRS, FBI, or CIA. If these TLA’s want to get a hold of you, it won’t be through email.

2. The “long-lost friend”

This scammer tries to make you think you know them, but it might also be a contact of yours that was hacked.

3. The billing issue

These emails typically come in the form of legitimate-looking communications. If you catch one of these, log into your member account on the website or call the call center.

4. The expiration date

A company claims your account is about to expire, and you must sign in to keep your data. Again, sign in directly to the member website instead of clicking a link in the email.

5. You’re infected

A message claims you’re infected with a virus. Simple fix: Just run your antivirus and check. In a recent twist, scammers claiming to be computer techs associated with well-known companies like Microsoft. They say that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need.

Scammers have been peddling bogus security software for years. They set up fake websites, offer free “security” scans, and send alarming messages to try to convince you that your computer is infected with malware. Then, they try to sell you software to fix the problem. At best, the software is worthless or available elsewhere for free. At worst, it could be malware — software designed to give criminals access to your computer and your personal information.

But wait it gets worse – If you paid for their “tech support” you could later get a call about a refund. The refund scam works like this: Several months after the purchase, someone might call to ask if you were happy with the service. When you say you weren’t, the scammer offers a refund.

Or the caller may say that the company is going out of business and providing refunds for “warranties” and other services.

The scammers eventually ask for a bank or credit card account number. Or they ask you to create a Western Union account. They might even ask for remote access to your computer to help you fill out the necessary forms. But instead of putting money in your account, the scammers withdraw money from your account.

6. You’ve won

Claims you won a contest you never entered. You’re not that lucky; delete it. It’s illegal to play a foreign lottery. Any letter or email from a lottery or sweepstakes that ask you to pay taxes, fees, shipping, or insurance to claim your prize is a scam.

Some scammers ask you to send the money through a wire transfer. That’s because wire transfers are efficient: your money is transferred and available for pick up very quickly. Once it’s transferred, it’s gone. Others ask you to send a check or pay for your supposed winnings with a credit card. The reason: they use your bank account numbers to withdraw funds without your approval, or your credit card numbers to run up charges.

7. The bank notification

An email claiming some type of deposit or withdrawal. Give the bank a call to be safe.

8. Playing the victim

These emails make you out to be the bad guy and claim you hurt them in some way. Ignore.

9. The security check

A very common phishing scam where a company just wants you to “verify your account.” Companies almost never ask you to do this via email.

What To Do Instead of Clicking Links

In the case of your bank or other institution, just go to the website yourself and log in. Type in the address manually in the browser or click your bookmark. That way you can see if there’s something that needs taken care of without the risk of ending up on a phishing site.

In the case of your friend’s email, chances are that they copied/pasted the link into the message. That means you can see the full address. You can just copy/paste the address into the browser yourself without clicking anything. Of course, before doing that make sure you recognize the website and that it’s not misspelled.

Proofpoint’s bottom line is that unless you explicitly know and trust it, avoid it. That’s all there is to it. Make this a habit and you can avoid one of the biggest mistakes in internet safety.

HCSO warns of jury duty scam (wishtv.com)

Category: Uncategorized | Tags: 2016, Bitcoin, CIA, Confidence trick, email, FBI, Fraud, Identity Theft, IRS, Lottery, Malware, PII, Proofpoint, Ransomware, Scam, Security, Social Security number, SPAM, Tech Support, Western Union, Wire transfer

RB | April 2, 2016

Comments Off

9 Techs That Could Replace Your Passwords

Followers of the Bach Seat know that passwords suck. I have covered alternatives to the password as far back as 2010 and here and here. Now the Business Insider lists nine crazy alternatives to passwords. The article describes efforts around the globe to develop new gadgets and technology that can save you from the headache of memorizing (and inevitably forgetting) passwords.

The article calls out several ways to replace passwords to authenticate a user. Users can be authenticated based on a physical trait or biometrics. Biometrics is the measurement and statistical analysis of people’s physical and behavioral characteristics. Biometrics can offer one of the independent credentials required for multifactor authentication (MFA). MFA combines two or more independent credentials. What the user knows (password). What the user has (security token) and what the user is (biometric verification).

How to replace passwords

Selfies – This might be the password of choice for the Facebook (FB) generation. Companies like Amazon (AMZN) and Mastercard (MA) are already considering selfies. The technology would ask users to snap pictures of their faces on a smartphone before making a transaction. Mastercard’s technology would need a user to blink before their face is scanned. This is a safeguard to prevent hackers from simply placing a picture of someone else in front of the camera.

Edible pills – Swallowing pills might be one of the few things more annoying than memorizing passwords. But some researchers think it’s the future. After mixing with stomach acids the pill would emit a unique, low power signal that connects with your PC. Google (GOOG) VP of Advanced Technology and Projects Regina Dugan described such a system a few years ago. According to Ms. Dugan, a person could safely ingest 30 pills every day for the rest of their lives.

Your gait – Going for a stroll might not sound like the most convenient way to log on to your computer. But the way you walk has some unique traits that could serve as a means of authentication. A wearable device, like a bracelet or anklet, could record your physical activity and use that information as a password the next time you need to log on. One study reportedly analyzed the foot pressure patterns and achieved a 99.6 percent accuracy rate. rb- I covered the now-defunct Alohar Mobile attempt to turn how you stroll into a password here.

Your ear cavity – Has anyone ever told you your ear canal is one of a kind? NEC does. They are developing special earbuds, that bounce a sound into your ear’s cavity. They then use the reverberations as a signature to identify you. NEC hopes to have these available within a few years. Another study was able to achieve a 99.6% accuracy rate identifying individuals by analyzing how light reflects off the curves of the ears. rb- Back in 2014 I covered the Descartes Biometrics app that used the shape of your ear as a password.

Your backside – The shape and contours of your posterior are special. So special that some researchers in Japan have explored whether a seat mat could be used to identify you. The experimental mat is packed with special sensors that measure pressure distribution. The mat could be integrated into cars, to prevent unauthorized sitters from driving off with the vehicle.

Tattoos – Google’s Regina Dugan showed off a sticker-like wearable tattoo on her arm a few years ago that she said could be used to unlock a phone or computer. The tattoo, which was only an experimental prototype, was made of flexible circuits and sensors, and could be worn for up to a week, she explained. No word on whether you can get the password tattoo in the design of a fire-breathing dragon.

Your Jewelry – Wearable gadgets like the Fitbit and Apple Watch can already track your sleep and the steps you take. The next step is to track the pattern of your pulse or heart rate, as the Nymi band does, and use that information to identify you. rb- I covered the Nymi earlier and we have seen that the iWatch and other wearables are not secure so how can they log you?

Your voice – Nothing is easier than saying a few words, and even the best impersonator can’t perfectly mimic another person’s voice. That’s why one big bank in Britain recently set up technology to identify customers on the phone or online by the sound of their voice. And yes, the system will still work if you have a cold.

Implants – This one is only for hardcore security geeks. Believe it or not, some people have already experimented with embedding a small RFID chip under their skin. The chip emits a radio signal that can theoretically be used to do everything from unlocking the door to an office and starting a car, to logging on to email.

rb-

The biggest problem with biometrics is getting people to use them. How many do you know would be willing to swallow a pill to log in to each of their websites? It is a voluntary decision to swallow pills to log in to Facebook, Instagram, or Google. What if your employer requires you to swallow pills to enter the building, login to Windows, your email, ERP, CRM, HR. What are the implications for privacy? Healthcare? Plumbing?

I wrote about the problems of adapting an eye-based biometric system back in 2012.

The end-user will be the fundamental roadblock to any eye-based biometrics. Traditionally, anything related to eye recognition has received strong resistance, because it is just human nature to be squeamish about having our eyes scanned.

MasterCard’s ‘selfie pay’ is coming to Canada (thestar.com)

Category: Uncategorized | Tags: 2016, AAPL, Amazon, AMZN, Apple, Biometrics, GOOG, Google, MASTERCARD, MFA, Passwords, Security, Selfie, Wearable

« Older Entries Recent Entries »

Featured Posts

Master Email for Business Efficiency

Turkey Revenge

Germs Infest 60% of Americas Phones

Smartphone Sanitizing: A Practical Guide

Why Soft Skills Matter in Today’s Job Market

Prince – Internet Pioneer

Prince embraced the Internet before most

He helped invent e-commerce.

Prince was an early Internet troll

One of the first to give his music away

Prince blazed an online path for other artists

Schools Face RansomWare Risk

Related articles

Hey Lobbying Tech Spender

How the tech titans spent their money

9 Techs That Could Replace Your Passwords

How to replace passwords

Related articles

Meta