Discover how mastering email communication can boost business efficiency, avoid common pitfalls, and ensure secure, respectful online interactions.
Turkey Revenge
The turkeys are pissed this Thanksgiving they are seeking revenge.
Germs Infest 60% of Americas Phones
60% of Americans sleep with their phones, harboring germs. Cleaning regularly with UV sanitizer or alcohol wipes can help keep your phone and bed germ-free.
Smartphone Sanitizing: A Practical Guide
Securely erase personal data from your old smartphone before recycling. Protect your identity from hackers—easy steps to follow.
Why Soft Skills Matter in Today’s Job Market
Boost your career with essential soft skills like communication, teamwork, and emotional intelligence. Learn why they’re crucial for workplace success.
Online Dangerous Celebrities 2015
It that time of year again! McAfee Intel Security has named the most dangerous celebrities on the Intertubes. And I have no idea who Electronic Dance Music (EDM) DJ Armin van Buuren is. Despite that, he is Intel’s most dangerous web celeb. To regain my street creds – I have been gone to DEMF –YO PEACE OUT. The EDM DJ replaces talk show host Jimmy Kimmel as Intel Security’s most dangerous celebrity to search for online.
For the ninth year in a row, The Intel Security Most Dangerous Celebrities™ study revealed that searches for certain musicians and comedians tend to expose Internet searchers to more possible viruses and malware.
The presser from Intel (INTC) Security warns that cybercriminals are always looking for ways to take advantage of consumer interest around popular culture events including award shows, TV shows, and movie premieres, album releases, celebrity breakups, and more. They capitalize on this interest by enticing unsuspecting consumers to sites laden with malware, which enables them to steal passwords and personal information.
Stacey Conner, online safety expert at Intel Security says that trying to download or listen to free music can be especially risky.
Celebrity names combined with the terms ‘free MP4, ‘HD downloads,’ or ‘torrent’ are some of the most searched terms on the Web … When consumers search for music that is not made available through legitimate channels, they put both their digital lives and devices at risk.
Top 10 risky celebrities
The top 10 celebrities from the 9th annual Intel Security Most Dangerous Celebrities™ study with the highest risk percentages are:
- Armin van Buuren
- Luke Bryan
- Usher
- Britney Spears
- Jay Z
- Katy Perry
- Amy Schumer
- Betty White
- Lorde
- Nina Dobrev
Musicians are 7 of the top 10 riskiest online celebrities (and good click-bait). Other risky artists in the top 20 are:
Justin Bieber (No. 11),
Rihanna (No. 12),
Jennifer Lopez and Kenny Chesney (tied at No. 13),
Selena Gomez (No. 14),
Zendaya (No. 15),
Kanye West (No. 16),
Afrojack and Miley Cyrus (tied at No. 19), and
Nick Jonas (No. 20).
Other celebrities who round out the 20
riskiest online celebrities.
Antonio Banderas (No. 14),
Nicole Kidman (No. 15),
Zac Efron (No. 17),
Natalie Portman (No. 18),
Paul Wesley (No. 18)
Sandra Bullock (No. 19),
Jennifer Lawrence (No. 20),
Riskiest celebrities around the world
- In the UK, model and TV personality Kelly Brook is Intel Security’s most dangerous celebrity on the internet this year.
- Nicole Kidman is Australia’s most
#RiskyCeleb - Donnie Yen is the most dangerous celebrity to search for online in Singapore in 2015.
- Actress Nina Dobrev is Canada’s most dangerous cyber celeb
- Star striker Zlatan Ibrahimovic is the world’s most dangerous Swedish online celebrity.
Better Protect Yourself
While doing your star-struck surfing, Intel Security offers some suggestions on How You Can Better Protect Yourself:
Beware of clicking on third-party links. You should access content directly from the official websites of content providers. For example, visit reputable site ComedyCentral.com to find Amy Schumer’s latest episodes.- Use web protection that will tell you of risky sites or links before you visit them and it’s too late. Stick to official news sites for breaking news.
- Only download videos from well-known, legitimate sites. Most news clips you’d want to see can easily be found on official video sites and don’t require you to download anything.
- Use caution when searching for “HD downloads.” This term is by far the highest virus-prone search term. Consumers searching for videos or files to download should be careful not to unleash unsafe content such as malware onto their computers.
- Always use password protection on all mobile devices. If you don’t and your phone is lost or stolen, anyone who picks up the device could have access to your personal information online.
- Don’t “log in” or give other information. If you receive a message, text, or email or visit a third-party website that asks for your information — including your credit card, email, home address, Facebook login — to grant access to an exclusive story, don’t give it out. Such requests are a common tactic for phishing that could lead to identity theft.
- Search online using a tool, such as McAfee® WebAdvisor software, which protects users from malicious websites and browser exploits.
rb-
Maybe I’m just being grumpy, but McAfee has done this for 9 years and people are still falling for this online celebrity malware staff – sigh – They were right – One born every day.
Related articles
- ISIS Uses Justin Bieber To Recruit Americans… There’s Just 1 Major Problem (conservativetribune.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2015, Amy Schumer, Armin van Buuren, Betty White, Britney Spears, Dangerous Celebrities, INTC, Intel, Jay Z, Jennifer Lopez, Justin Bieber, Katy Perry, Lorde, Luke Bryan, Malware, McAfee, Nicole Kidman, Password, PII, Sandra Bullock, Security, Selena Gomez, Usher
HPE Been Busy
HP (HPQ) has been busy since it divorced itself and spawned HP Enterprise and HP Inc. There has been more enterprise activity in the past month than in the past years, as the spun-out HP Enterprise (HPE) side of the tech megalith tries to make a more relevant name for itself.
HPE layoffs
First, Tim Stonesifer the CFO of the new HPE says that up to another 30,000 people will be laid off. The Business Insider reports these cuts will be focused on HP’s Enterprise Services Division, the consulting arm of the company.
During CEO Meg Whitman‘s tenure, HP has let go 85,000 workers with this latest round of layoffs. And they aren’t over yet claims CIO.com. Ms. Whitman and CFO Cathie Lesjak said that HP would lay off another 5% of staff.
Michigan lawsuit
More bad news as the State of Michigan announced it is suing HP. Michigan’s Secretary of State Ruth Johnson is charging HP with failing to deliver on a $49 million contract after 10 years, according to a press release from the state.
FierceCIO reports that the project was supposed to replace a legacy mainframe system that has run 131 Secretary of State offices. However, since 2005, and after $27.5 million was paid to the company, the state said that not a single promised function was delivered. In the press release she states:
I inherited a stalled project when I came into office in 2011 and, despite our aggressive approach to hold HP accountable and ensure they delivered, they failed … We have no choice but to take HP to court to protect Michigan taxpayers.
The state alleged that following a set of failed negotiations over the past few months, it rescinded its contract on Aug. 28 with a termination for cause letter. The article says the state argued, according to the terms of the contract, HP was supposed to provide support services for the state for some extended period of time. The state said that, instead, HP employees stopped reporting as of Aug. 31.
HP responded to a request for comment from FierceCIO with the following email statement: “It’s unfortunate that the state of Michigan chose to terminate the contract, but HP looks forward to a favorable resolution in court.”
HPE 3PAR
On the product side, HPE has updated the software that runs all of its HP 3PAR StoreServ Storage products to boost the performance of its SAN and other storage products an HP presser announced.
One of the changes to the HP 3PAR Operating System. HP has added a new feature in the HP 3PAR Priority Optimization software. Fierce Enterprise Communications reports that the software now enables users to set specific latency goals as low as 0.5 milliseconds in the hopes of ensuring consistent performance levels in multi-tenant environments. The intention is to boost the quality of service for improved application performance.
VMware support
For data protection, HPE also added support for VMware (VMW) vSphere 6.0 with VMware Virtual Volumes to StoreOnce Recovery Manager Central for VMware. The update also includes more granular recovery of individual virtual machines and files, simplifying data recovery.
With these changes, another Fierce Enterprise Communications article observes that HP is getting cozier in its relationship with VMware as the company unveiled new consulting and support services for VMware’s NSX SDN product.
There’s actually a laundry list of new aspects of the two companies’ partnership, according to the article. The partnership includes a variety of HP services and products that tie into different VMware software-defined data center and end-user computing products, but the networking aspect comes in the form of HP Network Virtualization Services.
The consulting and support services will be available starting in January 2016. According to an HP announcement at VMworld, the services were “designed to transform and operate the network when combining physical and virtual network resources, functionality and management to ready a network for virtualized cloud, network functions virtualization or SDI.”
HP plans to implement a novel idea by putting consulting and support services under the HP Network Virtualization Services umbrella to provide a 24/7/365 single place to connect with networking, virtualization, and NSX experts in the hopes of quickly resolving issues.
Security changes
On the security front, HP announced new enterprise security tools that can detect communications between malware and a remote server as well as uncover bugs in enterprise software using machine learning.
The first called HP DNS Malware Analytics, uses an algorithm to detect enterprise machines infected with malware by analyzing Domain Name System traffic between the devices and remote servers according to a FierceCIO article. A one-year subscription to HP DMA starts at $80,000 to analyze up to 5 million DNS packets per day. Frank Mong, vice president of solutions at HP Security, claims, “This solves the problem of finding an infected host that has been missed by anti-virus and endpoint security”.
HP also introduced HP Fortify scan analytics, machine-learning technology, as part of HP Fortify on Demand, which uses an enterprise’s app security data to improve the accuracy and efficiency of app security. This technology integrates into existing app security testing workflows, increasing the efficiency of the app security audit process and the relevancy of findings, HP explained.
rb-
Color me skeptical but I’m not sure that HP is the best horse for VMware to bet on in their battle with former partner Cisco (CSCO).
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Project Management Tips for Small Engagements
We have all been involved in projects that do not rate a full project team where one person has to take on multiple project roles. CircleID offers project management tips for small engagements If an engineer, developer, or technician takes on the project manager duties.
If you should find yourself in such an expanded role, the article says to be S.M.A.R.T. about the kick-off meeting. The author recommends during your kick-off meeting (call) be sure you review the statement of work (SOW) and make sure the project goals and milestones are:
Specific: Specificity reduces misunderstandings.
Measurable: A task that is not measurable will never be completed. How would you know when it’s finished?
Agreed upon by all parties: If a milestone or task is not agreed upon by all parties, it is not worth doing.
Realistic: It is the task of the delivery engineer to determine what is realistic and craft a plan that takes into account the client approval processes, change management restrictions, and human resources.
Time Constrained: A task or milestone that has no time constraints will always be finished “tomorrow” and never today.
On small-scale engagements in which there is a finite number of project hours (aren’t they always limited?), the kickoff call may be the only structured status meeting that occurs prior to onsite project delivery. This makes the meeting more urgent: it’s your chance to open communication channels that are crucial to success.
And while you might think project goals are apparent to everyone, experience tells us that sometimes this simply isn’t the case. In fact, it is not uncommon for key personnel to have never seen the SOW.
Think about it: representatives from divisions such as network, application, firewall, network operations center (NOC), security operations center (SOC), identity management, and the Change Control Board were most likely not involved in crafting the SOW — nor were they consulted prior to the contract being signed. Although the project’s success is dependent on their work and expertise, they aren’t familiar with the project’s goals. The article correctly states it’s a mistake to assume they are in the loop, and as manager of the project, you must educate all the key players about all elements of the project.
Moving beyond covering the statement of work, the project goals, and how you plan to complete the project, the blog says you should also bring your sharpest, most probing questions to the meeting. Your goal should be to uncover obstacles encountered in the past and flesh out the details on how to overcome them.
Best practice of all: Remembering that the only dumb question is the one you didn’t ask.
rb-
Of course, all projects should have a trained project manager but if there is no PM, these are pretty good tips.
Related articles
- How Project Management Training Helps Organizations (coloradotech.edu)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
IPv4 IPocalypse Strikes U.S.
The world is ending. the IPocalypse is upon us! As I (and a lot of other people) have been warning for a while now, North America has finally run out of new IPv4 addresses. The American Registry for Internet Numbers (ARIN), the group that distributes Internet addresses for North America, said Thursday it has assigned the last addresses in its IPv4 free pool.
IPv4 dates back to 1981 and only has room for 4.3 billion unique addresses. IPv6, introduced in 1999, should have enough addresses to serve Internet users for generations, according to ARIN.
Anyone who still needs IPv4 addresses can request them from ARIN, but they won’t have any to give away unless it gets more from the global Internet Assigned Numbers Authority (IANA) or returned addresses from users who don’t need them anymore.
According to PCWorld, ARIN already runs a waiting list for requests, which they set up earlier this year. Users can also buy IPv4 addresses on the IPv4 grey market (rb- I first reported on the IPv4 grey market in 2011) from others who don’t need them and are looking to make some money. Addresses recently were going for around US$10-$12 each, according to people who follow the transfer market.
PC World speculates that more North American addresses may go on the grey market now that ARIN has exhausted its pool of fresh ones. That event triggered a change in the organization’s rules for approving transfers: There is no longer any restriction on how often an address holder can request transfers to specified recipients.
North American is just the latest to run out of IP addresses according to the Register.
- APNIC, which allocates addresses in Asia-Pacific, ran out of available IPv4 addresses in 2011;
- RIPE, which oversees Europe, the Middle East, and parts of Central Asia, ran out in 2012; and
- LACNIC, which manages Latin America and the Caribbean, ran dry in 2014.
All that’s left is AFRINIC, which oversees Africa, and is expected to run out of IPv4 addresses in 2019.
The IPv4 space globally offers 4,294,967,296 network addresses – which seemed like an awful lot back in the 1970s when the internet was coming together. Vint Cerf, father of the internet, (not Al Gore) told the Register,
When we designed the Internet 40 years ago, we did some calculations and estimated that 4.3 billion terminations ought to be enough for an experiment. Well, the experiment escaped the lab
IPv6 uses 128-bit addresses, and there are 3.4 × 1038 available – that’s 340 undecillion, although, practically speaking, 42 undecillion are usable.
Rb-
I told you so again and again and again. Maybe now that North America has run out of new IPv4 addresses, the IPv6 migration might get some attention and pick up speed. Maybe.
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2015, ARIN, Grey market, IPocalypse, IPV4, IPv6, Networking, Vint Cerf
How Safe Is Your Connected Car?
There will be 250 million wirelessly connected cars on the road by 2020 according to Gartner (IT). The technical prognosticators believe that 60% – 75% of them will be capable of consuming, creating, and sharing Web-based data. In light of predictions like these and highly publicized car network attack demonstrations car need more security. Intel (INTC) has established the Automotive Security Review Board (ASRB) to help mitigate cyber-security risks associated with connected automobiles.
An Intel presser says ASRB researchers will do ongoing security tests and audits. They will codify best practices and design recommendations for advanced cyber-security solutions and products. Intel will publish automotive cyber-security best practices white papers, which the company will update based on ASRB findings. Chris Young, senior vice president, and general manager of Intel Security said in the presser.
We can, and must, raise the bar against cyberattacks in automobiles … Few things are more personal than our safety while on the road, making the ASRB the right idea at the right time.
Secure car networks
It is the right time to secure the networks in cars. A study released by Atlanta-based PT&C|LWG Forensic Consulting Services looked at what made cars vulnerable to attacks.
Robert Gragg, a forensic analyst with PT&C|LWG told CSO cars with the highest risk of cyber threat tended to have the most features networked together, especially where radio or Wi-Fi networks are connected to physical components of vehicles.
Today’s modern automobile uses between 20 and 70 computers, each with its own specialized use. The article explains that engine control units oversee a wide array of electronic sensors and actuators that regulate the engine and maintain optimal performance. Vehicle manufacturers use the generic term “electronic control units” (ECUs) to describe the myriad of computers that manage various vehicle functions.
For example, the author says ECUs control vehicle safety functions, such as antilock brakes and proximity alerts. The ECU which governs climate control systems receives temperature data from sensors inside the cabin and uses that to adjust airflow, heating, and cooling.
What is a controller area network
Typically, all of a vehicle’s computer systems can be accessed over a vehicle’s controller area network (CAN) via the radio head unit, a computerized system that runs a car’s or truck’s communications and entertainment system.
Many of today’s modern vehicles can be accessed via cellular, Bluetooth, or even WiFi connectivity. While no easy task, the CSO article says, once a hacker gains access to the vehicle’s head unit, its firmware can be used to compromise the vehicle’s CAN, which speaks to all the ECUs. Then it’s just a matter of discovering which CAN messages can control various vehicle functions.
Car attacks
These attacks can happen at a distance. PT&C|LWG study estimated minimum distances from which a vehicle could be hacked according to the wireless communication protocol it is using. For example, a passive anti-theft system could be access from 10 meters, a radio data system (or radio head unit) could be hacked from 100 meters, a Bluetooth system could be accessed from 10 meters, a smart key from five to 20 meters, and a vehicle equipped with Wi-Fi… well, it could be hacked from anywhere there’s Internet access (rb- I wrote about this vulnerability in 2011).
That may be a problem. Increasingly, carmakers are coming out with vehicles that include Wi-Fi routers for Internet connectivity. PT&C|LWG’s Gragg said.
In more advanced vehicles — the ones that have infotainment systems — wireless security and wireless access points are all connected into the navigation system. So those are more susceptible to hacking because there are just more wireless access points … Anything open to wireless capabilities is susceptible to the hacking.
rb-
In May, both General Motors (of ignition switch cover-up infamy) and the Auto Alliance, the car maker’s lobbyist, testified against a proposed exemption in copyright law that would allow third-party researchers to get access to vehicle software. A decision in that matter could come any day from the U.S. Copyright Office.
The Auto Alliance has also threatened to run to Congress should the Copyright Office rule in favor of the researchers to cover up threats to the consumer, like Volkswagen and GM. The lobbying group calls legitimate researchers attackers in a letter to a Congressional subcommittee investigating the auto industry’s ability to thwart cyber attackers; “Automakers are facing pressure from the organized efforts of technology pirates and anti-copyright groups to allow the circumvention of protected onboard networks, and to give hackers with the right to attack vehicles carte blanche under the auspices of research”.
This would set a dangerous precedent for devices connected to the Internet of Things (IoT) to be unregulated. If the automakers are successful in their DMCA claims, it would be deadly for everyone on the road too.
Who remembers “Unsafe At Any Speed“?
Related articles
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Cars |
Tags: 2015, Attack, Audi, Auto Alliance, Bluetooth, Connected cars, DMCA, Electronic control units, Ford, GM, Hack, IOT, Jeep, Ralph Nader, Volkswagen, Wi-Fi