Discover how mastering email communication can boost business efficiency, avoid common pitfalls, and ensure secure, respectful online interactions.
Turkey Revenge
The turkeys are pissed this Thanksgiving they are seeking revenge.
Germs Infest 60% of Americas Phones
60% of Americans sleep with their phones, harboring germs. Cleaning regularly with UV sanitizer or alcohol wipes can help keep your phone and bed germ-free.
Smartphone Sanitizing: A Practical Guide
Securely erase personal data from your old smartphone before recycling. Protect your identity from hackers—easy steps to follow.
Why Soft Skills Matter in Today’s Job Market
Boost your career with essential soft skills like communication, teamwork, and emotional intelligence. Learn why they’re crucial for workplace success.
Sweating the Oldies
If you’re “sweating assets” and holding off on making major network upgrades, you’re not alone. No Jitter brings our attention to Dimension Data’s annual Network Barometer Report. The report surveyed the system integrator’s worldwide clients and found that the percentage of aging and obsolete devices in today’s corporate networks around the globe is at its highest in six years signaling that the recent global financial crisis may still have a lingering effect today.
More than half of devices are aging
According to the article, more than 51% of all devices assessed are now aging (3-5 years old) or obsolete (5 years or older). In addition, 27% of all devices are now ‘later’ in their product life-cycle and at the point where the vendor begins to cut support.
The aging was highest in Asia-Pac and the lowest in the Americas. The survey found equipment in the Americas, was considerably lower at 44%. Dimension Data ascribed this variation to regional macroeconomic conditions.
The oldest equipment
The “sweatiest” companies were in the travel/transportation vertical which had more than 50% aging/obsolete devices according to the study. Other verticals were “sweaty as well:
Consumer/retail and utilities/energy, all of which had more than 50% aging/obsolete devices.- Automotive/manufacturing had an aging/obsolete base of 41%
- Technology industries had a 37% aging/obsolete gear 37%
- Construction/real estate was most up to date with 28% aging or obsolete.
The level of aging/obsolete networks hit 45% in 2012 without triggering a refresh and climbed to 48% in 2013 and reached 51% in 2014. That author suggests that either we’re long overdue for another refresh, or else we’re moving to an environment where aging network gear is the rule.
He goes on to speculate that as the BYOD/BYOEverything trend grew over the last 3 years and enterprises diverted technology spending to ad hoc device/cloud purchases, we’re looking at a fundamentally new buying environment.
Obsolete devices fail less
The survey results suggest that “sweating” network assets may be a smart strategy. They analyzed 91,000 trouble tickets from its own practices and found that “Obsolete devices fail less often than current devices. And, when they do fail, problems are quicker to resolve.” Specifically, the survey found that:
- Obsolete devices had the lowest failure rates (compared with new and aging),
- Aging devices had the lowest mean-time-to-repair rates among the three classes.
Old hands might be tempted to greet these findings with some variation of the old lament, “They don’t build ’em like they used to,” but the truth might actually be even more flattering to the organization.
Dimension Data suggests that gear that’s been in place while is supported by more mature processes, hence the decreased likelihood of breaking, and faster ability to fix when they do break. Of course, an asset-sweating strategy should have some rationale behind it–it’s’ not about just clinging to old stuff so you don’t have to deal with replacing it.
How to keep the old stuff going
Dimension Data “Tips for Sweating Assets” that included:
- Have an accurate inventory of your entire network estate.
- Understand the function of each device and how critical it is to the network’s uptime.
- Know at which stage in their life cycles these devices are.
- Have the right operational support strategy in place to resolve any performance issues or outages that may occur, as vendor support will be either limited or unavailable during later life cycle stages.
- Ensure that the device’s capabilities are not constraining architectural changes, which have driven upgrades in other areas of the network.
rb-
The aging of network gear is not unique. Many firms are still reeling from efforts to survive the depression, recession, economic downturn. In some places, they don’t pick up the trash regularly or replace stained ceiling tiles. The Business Insider says the average age of private fixed assets is at a 50-year high. and here a chart to prove it.
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Prevent Pervy Pics
From the world of unintended consequences, iPhone users have become the victims of a new phenomenon known as cyber-flashing. Reports out of London state that Apple iPhone users are being sent pervy pics. The pervy pics are unsolicited and indecent photographs. The pics are being sent over a new Apple feature in iOS called AirDrop.
AirDrop is a feature on the iPhone, iPad, and Mac computers. AirDrop allows users to send files, such as images, to each other at a close range. The pics can be sent up to 33 feet (10 m) via a Bluetooth connection. Apparently, even if the receiver rejects the photo, they are still shown an uncensored preview of the image.
AirDrop initially establishes a connection over Bluetooth. It then uses a direct Wi-Fi connection between the two iPhones to send files. This makes the transfer much quicker. It’s supported by devices from the iPhone 5 onwards with iOS 7 released back in 2013.
How to prevent the pervy pics
To prevent the pervy pics from appearing on your iDevice, you need to take action. Mark James, a security specialist at ESET UK, explains. You have to set your AirDrop settings to “Contacts Only” which will only permit AirDrop file transfers from people in your address book or disable AirDrop entirely. He explains that AirDrop is not turned on by default, but it’s easy to set AirDrop to receive from Everyone, and then forget all about it.
ESET explains how to prevent cyber flashing:
- On the home screen of your iPhone, swipe up to open the Control Center.
- Tap on AirDrop, below the media playback and volume controls.
- Tap ‘Off’ or ‘Contacts Only’ to prevent files from being sent from strangers.
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedIn, Facebook and Twitter. Email the Bach Seat here.
Mobile Apps Leaking Your Info
Just in time for Blackhat, San Francisco-based Appthority released its Q2 2015 Enterprise Mobile Threat Report. The big headline from the Appthority report is that enterprise mobile apps are leaking your info. They are sending personally identifiable information (PII) and other sensitive information all over the world often without the enterprise’s knowledge. Your phone is leaking your info all over the web.
FierceMobileIT says that the Appthority Enterprise Mobile Threat Team (EMTT) collected and analyzed security and risky behaviors in three million apps. They found that the top iOS apps sent data to 92 different countries, while the top Android apps are leaking your info to 63 different countries.
Zombie apps are leaking your info
The report found another threat to all data. Appthority’s all-in-one App Risk Management service shows that 100% of enterprises surveyed have zombie apps in their environments. Zombie apps are apps that have been revoked by the app stores and are no longer getting security updates. Zombie apps can give attackers a conduit into the enterprise.
The report estimates that 5.2% of the Apple (AAPL) iOS apps on employee devices in an enterprise are dead apps, and 37.3% are stale Apps. On Google (GOOG) Android devices, 3.9% are dead apps and 31.8% are stale apps.
Zombie apps can leak your info. Appthority explains that malicious third parties could use a man-in-the-middle attack to hijack the update mechanism for these apps to install new malware on user devices.
Threat to the enterprise
Despite the threats, app stores run by Apple, Google, and Microsoft (MSFT) are under no regulatory obligation to tell users of revoked apps anything after release. Including copyright infringements or serious security/privacy concerns. The report points out. Domingo Guerra, president, and co-founder of Appthority classified this as a stealthy risk; “The ongoing threat of zombie apps and stale apps continues to be an ‘under the radar’ threat to the enterprise.”
A third risk to the firm’s data comes from their own programmers according to the venture capital-backed Appthority. The firm says over-taxed enterprise app development teams are increasingly relying on third-party libraries and software development kits. Vulnerabilities in the third-party packages can put enterprise data at risk when they get baked into a corporate app.
The company told CSO that few mobile devices have security applications installed. In particular, only 4 percent of Android devices in use within enterprises had on-device scanning solutions.
Rb-
Firms that depend on mobile solutions as part of a Bring Your Own Device (BYOD) effort need to look after their apps as well as connectivity and hardware and data and governance and reimbursements. Bring your own device hardly seems like a cost saver to me.
I have said this repeatedly, it seems like costs are just being moved around. From spending on a PC in the office that is very less likely to be lost and that can be controlled to a bunch of new enterprise applications like EMM, mobile anti-malware to app monitoring.
Related articles
- Beware of Zombie apps on mobile devices: Report (itworldcanada.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
SmartWatches – Not Ready for Primetime
Pundits predict that Apple iWatch sales will surpass iPad first-year sales. The experts expect Apple to sell 21 million watches in fiscal 2015. Many believe that the iWatch will drive wearable tech into the enterprise. With this kind of hype, security vendors have started to take a look at iWatch and other smartwatches.
FierceMobileIT reports that just in time for BlackHat, MobileIron released a report looking at the security risks smartwatches pose to corporate data. According to the enterprise mobility management firm, workers are increasingly using smartwatches to connect wirelessly to their smartphones and access corporate email, calendar, contacts, and apps.
MobileIron looked at the security of smartwatches that can be paired with iOS and Android smartphones accessing enterprise resources as well as the pairing apps on the smartphones. The author says the EMM vendor analyzed the Apple (AAPL) Watch, Motorola Moto 360, Samsung (005930) Gear 2 Neo, and Shenzhen Qini U8.
The Qini U8 had a pairing app that displayed some “suspicious behaviors” that could pose a risk to personally identifiable data such as access to downloaded and cached content and phone hardware data, judged MobileIron. The pairing app was downloaded from an unknown IP address in China and not the relative safety of the official Google Play store, which scans apps from malicious traits.
Another security concern noted in the article is the implementation of passcodes on smartwatches. Smartphone passcodes are usually time-based so that if the device is not used within a certain time period, the device is locked and access requires entering the passcode.
Smart
watch passcodes examined by MobileIron are proximity-based so that the device is locked when the smartwatch loses wireless connection with the smartphone. However, only the Apple Watch prompted the user to set up a passcode, suggesting that many users of the other smartwatches do not enable the passcode option.
In addition, smartwatches do not have enterprise mobility application programming interfaces to do policy enforcement on the devices. The Apple Watch stood out in terms of security by wiping enterprise apps from the device when its companion iPhone is quarantined or retired and the enterprise apps are removed from the phone.
In terms of data encryption, there is no encryption on the Shenzhen Qini U8, while it is optional at the app level for the Motorola Mobility Moto 360 and the Samsung Gear 2 Neo. For the Apple Watch, encryption is enabled for the data on the watch and optional at the app level. The MobileIron report concluded, “As enterprises embrace these devices for enterprise applications … we expect smartwatch vendors to place an even stronger emphasis on security.”
Not only has MobileIron recently scrutinized smartwatches so has HP. HP’s Fortify security unit tested 10 different smartwatches and found that all of them were vulnerable to cyberattacks.
HP (HPQ) did not say which brand of smartwatches it tested. However, FierceITSecurity reports that HP did test the devices and their Android and iOS cloud and mobile app components, indicating that the Apple Watch was one of those tested.
HP Fortify found that all the smartwatches they tested were insecure. Jason Schmitt, general manager of HP security at Fortify said
[Smartwatches] … will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks
HP combined manual testing and automated tools to check the devices against the open web application security project’s Internet of Things Top 10 security risks. HP found that data collected on the smartwatch was often sent to multiple backend destinations (often including third parties). The researchers used HP’s Fortify on Demand to find many more smartwatch vulnerabilities (PDF, reg. req).
100% tested were paired with a mobile interface that lacked two-factor authentication and the ability to lock out accounts after 3-5 failed password attempts.- 90% allowed watch communications to be easily intercepted.
• 70% of the time firmware was transmitted without encryption.
• Only 50% of tested devices offered the ability to add a screen lock (PIN or Pattern), which could hinder access if lost or stolen.
•40% of the cloud connections were vulnerable to the POODLE attack, allow the use of weak ciphers, or still used SSL v2. Transport encryption is critical because personal information is being moved to multiple locations in the cloud.
HP offered recommendations for consumers looking to use smartwatches more securely:
- Do not enable sensitive access control functions (e.g., car or home access) unless strong authentication is offered (two-factor, etc).
- Enable passcodes to prevent unauthorized access to your data, the opening of doors, or payments on your behalf.
- Enable security functionality (passcodes, screen locks, two-factor, and encryption).
- Use strong passwords for any interface such as mobile or cloud applications associated with your watch.
- Do not approve any unknown pairing requests to the watch.
These security measures are also critical as smartwatches enter the workplace and are connected to corporate networks. HP recommends that enterprise technical teams:
- Ensure TLS implementations are configured and implemented properly.
- Require strong passwords to protect user accounts and sensitive data.
- Implement controls to prevent man-in-the-middle attacks.
rb-
As smartwatches become more mainstream, they will increasingly store more sensitive information such as health data, and enable physical access functions including unlocking cars and homes. HP’s Schmitt warns that,
Smartwatches … open the door to new threats to sensitive information and activities … vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting smartwatches into corporate networks.
All smartwatches collected some form of personal information, such as name, address, weight, gender, heart rate, and other health information. Given the account issues and weak passwords identified by MobileIron and HP, the exposure of this personal information is a concern. I am calling smartwatches not ready for prime-time.
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Facebook Friends Without Benefits
The USPTO has granted Facebook (FB) a patent that could be used to help lenders determine your creditworthiness. The Social Networker plans to allow creditors to look at who is in your social network to judge your creditworthiness.
Business Insider says the patent would make it possible for banks to check the credit rating of the members of your Facebook network to decide if you are worthy of a loan. It seems that your shiftless uncle Louie is going to determine if you get a mortgage. According to BI, the patent states:
… When an individual applies for a loan, the lender examines the credit ratings of members of the individual’s social network who are connected to the individual through authorized nodes. If the average credit rating of these members is at least a minimum credit score, the lender continues to process the loan application. Otherwise, the loan application is rejected.
T
he patent was first discovered by Atlanta legal tech start-up SmartUp was part of a bundle of patents Facebook acquired in 2010 when it purchased the patents from failed social network Friendster for $40 million.
BI reports that the patent may walk a legal tight rope. The U.S. Equal Credit Opportunity Act requires creditors to tell applicants why they have been denied credit, so using social data to determine someone’s credit risk could walk a fine line. Despite federal law, the author points out that financial institutions are already using applicant’s social data to help verify their identity. For example, Lending Club, and Affirm use online data for decision-making.
Rb-
Back in 2010, I wrote about this day coming.
Many banks are now outsourcing their social network data mining operations to firms such as Rapleaf. (now TowerData).
Maybe it is time to un-friend your kid in college with no job and crazy aunt Patti in Paducah and instead friend Warren Buffet, Bill Gates, and Mark Zuckerberg.
Related articles
- Proposed Legislation Aims to Halt Consumer Credit Profiling By Insurance Companies (autoinsurancecenter.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2015, Big data, Credit score, Data, Data mining, Facebook, FB, Friendster, Mark Zuckerberg, Patent, Patent troll, PII, Predatory lending, Security