Bach Seat

60% of Americans sleep with their phones, harboring germs. Cleaning regularly with UV sanitizer or alcohol wipes can help keep your phone and bed germ-free.

Category: Uncategorized | Tags: 2024, Cockroach, Germs, Mobile device

RB | November 10, 2024

Comments Off

Smartphone Sanitizing: A Practical Guide

Securely erase personal data from your old smartphone before recycling. Protect your identity from hackers—easy steps to follow.

Category: Uncategorized | Tags: 2024, Android, Encryption, GOOG, Google, Smartphone

RB | November 3, 2024

Comments Off

Why Soft Skills Matter in Today’s Job Market

Boost your career with essential soft skills like communication, teamwork, and emotional intelligence. Learn why they’re crucial for workplace success.

Category: Uncategorized | Tags: 2024, Business, Job Search, Soft skills

RB | November 20, 2015

Comments Off

Shadiest Neighborhoods on the Web

The Internet is organized into domains. Readers of Bach Seat are familiar with the .net domain since you got here. You are also probably familiar with other web neighborhoods like .com where Facebook and Google live. The folks in charge of the Intertubes have added more neighborhoods or technically Top Level Domains (TLD), and now we have over 1,000 TLDs, many of which have only been around for the past two years.

This rapid growth raises questions about how well those in charge of these new TLD’s secure their neighborhood against malware and other threats. CSO Online explains that just like any city, the Web has neighborhoods where dubious activities often take place: spam, scams, the distribution of potentially unwanted software (PUS), malware, botnets, phishing, and other suspicious activity.

Web security and WAN optimization firm Blue Coat Systems (BCSI) regularly analyzes hundreds of millions of Web requests from more than 15,000 businesses and 75 million users to track “shady activity” on the Web. In September, it released Do Not Enter: Blue Coat Research Maps the Web’s Shadiest Neighborhoods (PDF), with a list of the 10 top-level domains (TLDs) on the Web that are home to shady sites.

Blue Coat recommends that organizations take steps to protect themselves, including blocking traffic to the riskiest TLDs and cautioning users to be careful clicking on any links that contain these TLDs. It further suggests that users who are unsure of a source hover their mouse over a link to help verify that it leads to the address displayed in the text of the link, or “press and hold” links on a mobile device to do the same verification

Blue Coat’s list of TLDs most associated with shady sites is constantly in flux but here is their September list.

.review – The .review TLD is shady mostly due to scam sites, Blue Coat’s Larsen says. “Just looking at the list of domain names, I would say all of the top 15 are scam sites,” he adds, “.review does not seem to be making any effort whatsoever to keep the bad guys out.”

.country – The security firm says the .country TLD appears to have been colonized by scam networks that like to use a game/survey “reward” or “prize” as bait. Blue Coat’s Larsen told CSO there is a strong connection between some of the supporting ad networks on and known PUS networks (adware and spyware). Mr. Larson says, “So if you’d like to block that entire TLD on your Web gateway, I wouldn’t blame you.

.kim – The .kim TLD hosts some legitimate domains, most notably a Korean tech blog and several Turkish sites. According to Blue Coat, the TLD earned its shady online reputation due to the presence of scam networks linked to PUS, malware, and at least one domain that hosts a domain generation algorithm (DGA) used to pump out domain names that can be used with malware according to the blog.

.cricket – Named for the world’s second-most popular sport, the .cricket TLD is another shady neighborhood on the Web. The author notes that while home to some legitimate sites, researcher Larsen points to many instances of search engine poisoning. For instance, StarWarsMovie.cricket pulls lots of random Star Wars items into one place to get traffic — including images clearly lifted from other places.

.science – The .science TLD may be a victim of its own marketing. In trying to raise the TLD’s profile, the registry gave away free .science domains and became one of the shadiest TLD’s on the web. Blue Coat’s Larsen described their downfall in the CSO article. “Generally they tend to run into trouble when they run promotions for bulk registrations for really low prices … If you can register a domain for a buck, generally there will be bad guys there registering domains.” He says the .science domains seem to be largely associated with spam, and scam sites. The shady activity included a sizable network of ebook sites, which led to a download network that’s been associated with PUS activity in the past.
.work – The .work TLD seems to be more about spam and scams than malware, though Larsen’s team did find a few tentative connections to PUS networks. There were some legitimate sites, though Larsen notes that they might be worth blocking as well. Examples include a Turkish porn site.
.party – Mr, Larson told CSO that a number of the sites on the .party TLD may seem legitimate. However, he warns, “There are some yellow flags.” of search engine poisoning. The TLD also hosts a number of MP3 sites — probably piracy or something malicious. There’s also a site that hosts what appears to be a shady tracker.

.gq – The .gq TLD is the country code for Equatorial Guinea which Blue Coat’s Larson notes is in many ways a lifetime achievement award winner. He says, “If we look at all of the .gq sites … nearly 99 percent are shady”. Most of the abuse of .gq noted by Blue Coat has been in the form of search engine poisoning and many cookie-cutter “shady video” sites associated with PUS. It also features some “shocking video” spam/scam sites that spread via social media and a smattering of malware, phishing, and porn sites.

.link – The .link TLD is rife with porn content delivery networks and piracy sites, neither of which is counted as “shady” by Blue Coat. There are apparently a handful of legit sites in .link but beyond these legitimate domains are a host of survey scam sites. “Historically, it’s been a place for spammers to live,” Larsen says.

Of course, there are well-run TLD’s. The best according to Blue Coat are:

rb-

These TLD’s are why companies like BluseCoat, Websense, and OpenDNS are in business. (OK- Websense and OpenDNS are no longer stand-alone companies anymore. Websense was gobbled by defense contractor Raytheon and then spit out as ForcePoint and OpenDNS has been assimilated into Cisco (CSCO).

You can use these tools to just block almost anybody from going to these shady parts of the web for the reasons explained above.

Google Choose .XYZ Over .Com for Alphabet. Is .Com Irrelevant? (makeuseof.com)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2015, BCSI, Blue Coat Systems, Cisco, Cricket, CSCO, DNS, Domain name, Malware, Phishing, Raytheon, Security, SPAM, TLD, Top-level domain, WebSense

RB | November 17, 2015

Comments Off

Sun Setting on Cat 5e

The sun is setting on the Cat 5e cabling standard. The long-standing standard defined how most commercial spaces around the world were cabled for nearly 20 years. Starting in 2017 Cat 5e will be considered obsolete for new installations following a decision by the ISO/IEC cabling standards body.

In a recent blog post at CommScope (COMM), the ISO cabling standards body JTC1/SC25 WG3 working group agreed to raise the minimum horizontal cabling requirement. The new standard is stated in ISO/IEC 11801-2. Office space requirements change from Class D (Category 5e) to Class E (Category 6). It includes a recommendation for Class EA (Category 6A). Cat 6A will enable a smooth migration to 2.5, 5, and ultimately 10 gigabits per second (Gbps). In the drafts of 11801-5 (data centers) and 11801-6 (distributed services), the minimum requirement is already Class EA cabling.

Ethernet and IP communications everywhere

The original ISO/IEC 11801 standard enabled the explosive growth and mass deployment of Ethernet and IP communications everywhere. In its first edition, the author says the standard defined Class D balanced cabling based on Category 5 copper components. This standard offered an upgrade path from 10 to 100 megabits per second (Mbps) up to 100 meters. At that time, some experts and industry observers argued that 100 Mbps (100BASE-T) to the desk was overkill for the typical office user.

Today, 100BASE-T technology is in a rapid market decline. 100BASE-T is being replaced with 1000BASE-T (1 Gbps) according to the article. 1000BASE-T is commonplace for desktop and laptop PCs. It also benefits a wide range of other devices such as phones, cameras, and wireless access points (WAPs).

The 11801 standard now includes more cabling classes that were introduced to enable support of up to 10 Gbps. The new classes include Class E (Category 6), Class F (Category 7). Even more recently, Class EA (Category 6A) and Class FA (Category 7A).

Technology trends

According to the CommScope blog, a number of technology trends made ISO choose to upgrade the minimum recommendation for horizontal cabling in offices. Some of the trends recognized by the committee that are driving the adoption of speeds beyond one gigabit on the horizontal cabling include:

The rapid growth of BYOD is driving infrastructure upgrades to accommodate IEEE 802.11ac. As I have covered before, new IEEE specifications are being developed to accommodate 802.11ac wireless. 2.5GBASE-T is targeted at installed Class D cabling and 5GBASE-T is targeted at installed Class E cabling. It is expected that a sizable percentage of the installed base will be able to support the faster speeds, however, some installed Class D and Class E systems may require some mitigation steps.

2.5G & 5G Ethernet In The Wiring Closet (networkcomputing.com)

Category: Uncategorized | Tags: 2.5GBASE-T, 2015, 5GBASE-T, 802.11ac, 802.11n, Cat 5e, Cat 6, Cat 6A, Cat 7, COMM, CommScope, Ethernet, IEEE, Internet Protocol, ISO, Networking, POE, Standards, Structured cabling, WLAN

RB | November 11, 2015

Comments Off

A New Cure for Passwords

Regular readers of Bach Seat know that passwords suck. The better a password is, the harder it is to remember. So most people just end up choosing passwords they think are safe, but are pretty bad (rb- I have covered crappy passwords many times). University of Southern California researchers Marjan Ghazvininejad and Kevin Knight, have come up with a new solution that they believe solves the crappy password problem.

The USC researchers’ paper “How to Memorize a Random 60-Bit String” (PDF) presents a unique solution for creating passwords that are hard to crack and relatively easy to remember: randomly generated poems.

The researchers believe that the most secure and memorable method for creating a strong password is a short rhyming poem of random words. The Washington Post explains that, even if you pick a fairly uncommon word, like “Troubadour,” and replace some of the letters with other symbols, this combination might only take a computer seconds, minutes, or hours to guess.

The idea of a short rhyming poem of random words as a password might seem a little odd, but they’re actually very, very secure according to USC’s Knight. At current speeds, he estimates that cracking these rhyming poems of random words passwords would take around 5 million years. By which point, we probably won’t be using Facebook anymore.

As part of their research, the USC team created their poems by assigning every word in a 327,868-word dictionary a distinct code. The article explains they then use a computer program to generate a very long random number, like
110111000111100100100010100010101100001100010000010010100100, and break that number up into pieces, and then translate those pieces into two short phrases of four or five words. The computer program they use ensures that the two lines end in words that rhyme and that the phrase is in iambic tetrameter, like so:

A techno salmon Benedict
performing under derelict

or:

The baby understand curtailed
a wooden synagogue prevailed

or:

The Oracle email update
equipment pinning demonstrate

rb-

While seemingly nonsensical quips like

Whereas Chanel control McQueen
accusing glamour magazine

don’t make a lot of sense to 21st-century humans, we should be able to recall 7 or 8 words to better protect our personal information. The oral record is how most information passed from human to human for generations before Guttenberg. Someone told you something and you remembered it. There are a number of oral traditions that have lasted in one form or another into the 21st century.

One big problem with the rhyming poem of random words idea is the webserver operating systems. There are a number of web servers out there that cannot take passwords longer than 12 characters. Hey, webmasters wake up – Update your operating systems.

The researchers have set up an online generator for these poem/password, which you can try here or you can enter your e-mail here, and their program will send you a poetic password.

What If the E! Network Covered Engineering? (insidehighered.com)

Category: Uncategorized | Tags: 2015, Passwords, Poetry, Security, Shakespeare, USC

RB | October 30, 2015

Comments Off

Tech Titans Dodge Taxes

A recent report by the Center for Tax Justice (CTJ) on the use of tax havens in 2014, identified the 500 largest American companies hold more than $2.1 trillion in accumulated profits overseas to avoid U.S. taxes. The report found that one-quarter of that amount (549.7 billion) is hoarded abroad by ten tech companies alone, as the chart from Statista illustrates.

Among the tech titans hoarding cash, Apple (AAPL) has parked the largest amount of cash outside the United States. The article notes that the iPhone maker has stashed a whopping $181 billion overseas. That is almost twice as much as second-ranked Microsoft (MSFT) ($108.3b) and roughly three times the total of IBM (IBM), which ranks third in the tech-list with foreign cash holdings of $61.4 billion. Cisco (CSCO), ranked fourth, stands out with as many as 59 tax haven subsidiaries.

The top twenty tech firms in the order of the amount of money hoarded overseas in 2014 to cheat the taxman in 2014:

Apple
Microsoft
IBM
Cisco
Google (GOOG) $47,400 millions
HP (HPQ) $42,900 millions
Oracle (ORCL) $38,000 millions
Qualcomm (QCOM) $25,700 millions
Intel (INTC) $23,300 millions
EMC (EMC) $11,800 millions
Western Digital (WDC) $9,400 millions
Xerox (XRX) $8,500 millions
Ebay (EBAY) $7,900 millions
Cognizant Technology (CTSH) $6,121 millions
Agilent Technologies (A) $5,700 millions
Micron Technology (MU) $4,910 millions
Broadcom (BRCM) $4,850 millions
Symantec (SYMC) $3,600 millions
Computer Sciences (CSC) $2,552
Amazon (AMZN) $2,500 millions

Statista notes that the study found the number of tax haven subsidiaries is not directly connected to the amount of taxes dodged by a company. On the contrary, some companies now report fewer subsidiaries in tax haven countries than they did in 2008 while reporting significant increases in the amount of cash they hold abroad.

The study offers two possible explanations for this occurrence: First of all, some companies may choose not to report all of their subsidiaries because the SEC’s penalties for failing to do so are pretty lax and secondly companies could simply consolidate more income in fewer offshore subsidiaries, often in structures dubbed “Double Irish”.

This chart shows how much money U.S. tech companies hold in offshore subsidiaries to avoid U.S. taxes.

You will find more statistics at Statista

The CTJ claims U.S.-based multinational corporations are allowed to play by a different set of rules than small and domestic businesses or individuals when it comes to the tax code. Rather than paying their fair share, many multinational corporations like Apple, Cisco, Google, and Intel use accounting tricks to pretend for tax purposes that a substantial part of their profits are generated in offshore tax havens, countries with minimal or no taxes where a company’s presence may be as little as a mailbox. Multinational corporations’ use of tax havens allows them to avoid an estimated $90 billion in federal income taxes each year.

Congress, by failing to take action to end to this tax avoidance, forces ordinary Americans to make up the difference. Every dollar in taxes that corporations avoid by using tax havens must be balanced by higher taxes on individuals, cuts to public investments and public services, or increased federal debt.

The CTJ recommends the following steps to stop the abuse of offshore tax havens by the tech titans and restore fairness to the US tax system and reduce pressure on America’s budget deficit and improve the functioning of markets.

End incentives to shift profits and jobs offshore. The most comprehensive solution to ending tax haven abuse would be to stop permitting U.S. multinational corporations to indefinitely defer paying U.S. taxes on profits they attribute to their foreign subsidiaries. Ending “deferral” could raise nearly $900 billion over ten years, according to the report.

Reject the Creation of New Loopholes. Reject a “territorial” tax system. The CTJ estimates that switching to a territorial tax system could add almost $300 billion to the deficit over ten years.

Close the most egregious offshore loopholes. Policymakers can take some basic common-sense steps to curtail some of the most obvious and brazen ways that some companies abuse offshore tax-havens. Close the inversion loophole by treating an entity that results from a U.S.-foreign merger as an American corporation if the majority (as opposed to 80 percent) of voting stock is held by shareholders of the former American corporation. These companies should be treated as U.S. companies if they are managed and controlled in the U.S. and have significant business activities in the U.S.

Stop companies from shifting intellectual property (e.g. patents, trademarks, licenses) to shell companies in tax haven countries and then paying inflated fees to use them. This common practice allows companies to legally book profits that were earned in the U.S. to the tax haven subsidiary owning the patent. Limited reforms proposed by President Obama could save taxpayers $21.3 billion over ten years.

Stop companies from deducting interest expenses paid to their own offshore affiliates, which put off paying taxes on that income. This reform would save $51.4 billion over ten years, according to the CTJ.

Increase transparency. Require full and honest reporting to expose tax haven abuses. Multinational corporations should report their profits on a country-by-country basis so they can’t mislead each nation about the share of their income that was taxed in the other countries.

Michigan-based companies dodging the taxman in 2014 have hoarded almost $55 Billion according to the CTJ. With just a 1% tax on the withheld income, we could probably get the roads fixed. On the list ranked by millions held off-shore by Michigan based firms according to the CTJ are:

Dow Chemical $18,037 millions
General Motors $7,100 millions
Stryker $5,878 millions
Whirlpool $4,900 millions
Ford $4,300 millions
Autoliv $4,000 millions
TRW Automotive $3,400 millions
BorgWarner $2,700 millions
Kellogg $2,200 millions
Lear $1,200 millions
Penske $711 millions
Visteon $245 millions
Kelley Services $111 millions
Conway $32 millions
Masco $12 millions

China President Xi Jinping meets with Big Tech execs (money.cnn.com)

Category: Uncategorized | Tags: 2015, AAPL, Apple, Center for Tax Justice, Cisco, CSCO, IBM, Microsoft, MSFT, Policy, Politics, Security and Exchange Commission, Tax

RB | October 27, 2015

Comments Off

Online Security in Era of Connected Cars

Karl-Thomas Neumann, CEO of General Motors‘ (GM) European Opel brand announced that GM would launch OnStar telematics service in vehicles sold in Europe in late 2015. The Opel CEO declared the new technology, “transforms the car into a true part of the Internet of things.” The Detroit Bureau says it raises some of the same concerns consumers face on the Internet, including how to protect their privacy in highly connected cars.

Even though a growing number of consumers have embraced the idea of having mobile access to smartphone apps, built-in Wi-Fi, and the safety and security promised by systems like OnStar issues loom that consumers, manufacturers, and regulators need to address. At the 2014 Consumer Electronics Show, Jim Farley, then the top marketing executive at Ford Motor Company (F), told an audience that the automaker “know(s) everyone who breaks the law, we know when you’re doing it,” thanks to the data collected by its OnBoard Sync technology system.

Despite a quick backtrack by Mr. Farley, the article says he was being truthful. The fact is, the onboard black boxes in most cars are now equipped with two-way capabilities. Privacy has become “a big issue,” according to Jon Allen, a principal with consulting firm Booz Allen Hamilton who focuses on security issues. Precisely what makes such technology so compelling is why it is also so worrisome. Mr. Allen told The Detroit Bureau,

Connected products provide customization and convenience because of the data they track. Part of the great opportunity to improve the customer experience is producing a vehicle that ‘learns’ your habits and preferences. But that information must be protected.

The EU takes privacy seriously and these types of tracking technology have drawn the attention of regulators in Europe and to a lesser extent, in the U.S. The article describes a measure of just how strongly Europeans feel about the issue that came during Opel chief Neumann’s news conference. Unlike the U.S. version of OnStar, the European system will include a “Privacy” button to let a user “choose whether they want to provide location information or not.”

That choice would only be over-ridden after a crash severe enough to trigger OnStar’s emergency call system, CEO Neumann explained. It’s designed to call rescue crews in the event of an accident severe enough passengers might be disabled.

There have been experiments with marketing that could target motorists much as Google today can toss ads at a web viewer based on information revealed by hidden “cookies.” Imagine, they suggest, being able to send a McDonald’s ad and virtual coupon to a car driving near one of its restaurants around lunchtime.

While some drivers might embrace that possibility, others are appalled. The Detroit Bureau reports the potential to reveal more detailed personal information, as well as allowing a vehicle to be tracked, is raising flags on both sides of the Atlantic.

In the U.S., an auto industry alliance recently agreed on an approach called “Privacy Principles for Vehicle Technologies and Services.” (rb- Which I covered here) Meanwhile, both the U.S. Federal Trade Commission and the National Highway Traffic Safety Administration are exploring the issues – though in some cases, they are actually encouraging greater access, noted analyst Allen.

The issue is further complicated by the threat of cyber-criminals exploiting vulnerabilities in-vehicle communications systems.

rb-

I first covered this threat in 2011 here and here. And the theoretical became real in 2015 when researchers demonstrated they could use online systems to take over a Jeep Grand Cherokee.

The threat to personal freedom and privacy in your car has accelerated as Apple (AAPL) and Google (GOOG) join Microsoft (MSFT) in the battle to rule the car. Apple’s automotive ambition does not stop at CarPlay, they are also focused on developing an iCar. Google’s Autonomous Cars ambitions are well known, but their efforts to take over the car cockpit are also taking off with Android Auto.

The government is contributing to the connected car conundrum. The Feds are abetting the Autos by trying to prevent security researchers from doing testing and reverse engineering that could improve security and safety for all of us according to Naked Security.

Category: Cars | Tags: 2015, 4G, 5G, AAPL, Android, Apple, Bluetooth, DMCA, F, Ford, FTC, GM, GOOG, Google, IOT, Microsoft, MSFT, NTSC, Opel, Privacy

« Older Entries Recent Entries »

Featured Posts

Master Email for Business Efficiency

Turkey Revenge

Germs Infest 60% of Americas Phones

Smartphone Sanitizing: A Practical Guide

Why Soft Skills Matter in Today’s Job Market

Shadiest Neighborhoods on the Web

Related articles

Sun Setting on Cat 5e

Ethernet and IP communications everywhere

Technology trends

Related articles

A New Cure for Passwords

Related articles

Tech Titans Dodge Taxes

Related articles

Online Security in Era of Connected Cars

Meta