Tag Archive for 2015

| June 9, 2015
Comments Off on IT Pro Relationships Suffer From Stress

IT Pro Relationships Suffer From Stress

IT Pro Relationships Suffer From StressGFI Software released the results of their fourth annual IT Admin Stress Survey. The GFI Presser says IT professionals are increasingly feeling job-related stress. The IT Pros want to quit their current job due to stress. The study found that 78% of those surveyed experienced workplace stress. Almost 82% of respondents are actively considering leaving their current IT job due to workplace stress and dissatisfaction with working conditions.

TGFI Softwarehe new survey revealed a new four-year high in the number of relationships that have been impacted by work commitments intruding on personal life. More than 25% experienced this in the last year, up from 23% last year. Sergio Galindo, general manager of GFI Software observed;

… this year’s IT Stress Survey makes for worrying reading. The 2015 survey results clearly show a substantial deterioration of the work/life balance and job satisfaction among the US IT workforce 

Key findings from the GFI survey

  • substantial deterioration of the work/life balance78% of all U.S. IT staff surveyed consider their job stressful – up 1% from 2014.
  • 45% have missed social functions due to overrunning issues and tight deadlines at work, up from 38% in 2014.
  • 40% report missing time with their children due to work demands imposing on their personal time.
  • 38% of IT staff regularly lose sleep due to work pressures.
  • The number of respondents experiencing stress-related illnesses increased slightly, to 27% from 25% in 2014.
  • 19% continue to report feeling in poor physical condition due to work demands, up 25% from last year.

Management and users cause stress

Pressure and unreasonable demands from management clearly emerged as the biggest contributing factor to workplace stress in 2015.

  • substantial deterioration of job satisfaction28% of those surveyed singled out management as their biggest point of stress, down from over 36% last year.
  • Stress caused by the users that IT staff look after jumped from 16% to 23%.

Unpaid overtime

This year’s survey revealed continuing high amount of unpaid overtime required by IT staff to meet deadlines and deployments.

  • 48% of those surveyed work up to eight unpaid hours of overtime a week, with a mean average of 8.1 hours a week of unpaid overtime worked.
  • 47% of those surveyed work eight hours or more overtime, unpaid, every week.

GFI GM Galindo observed:

Realistic IT budgets and staffing headcounts make a huge difference in both workplace happiness and productivity, for example, as does automating mundane and time-intensive tasks such as resetting passwords, patching computers and servers and looking for network vulnerabilities

increases in staff looking to find another jobThe GFI presser concludes that for the fourth year running, high workplace stress levels for IT professionals is an issue. The stress is dramatically impacting both employees and employers. These impacts are illustrated by increases in staff looking to find another job. Staff working increasing amounts of unpaid overtime to cope with workloads. A growing number of IT staff are also experiencing substantial disruption to their personal lives as a result of work demands.

rb-

GFI has conducted this poll year after year and the results have not changed. Stress, stress, and more stress

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Health care | Tags: , , , , ,
| June 4, 2015
Comments Off on Project Jacquard Puts a Touchpanel In Your Pants

Project Jacquard Puts a Touchpanel In Your Pants

Project Jacquard Puts a Touchpanel In Your PantsAt the recent Google I/O 2015 conference, they unwrapped Project Jacquard. With Project Jacquard (named for a kind of weaving that requires a special loom) Google (GOOG) is creating a sort of conductive yarn that can embed right into fabrics. The plan is to weave those threads into meshes, to create interactive clothing patches that can sense your touch, how hard you’re pressing on them, and even your hand’s position in space before it even makes contact with the fabric.

Project Jacquard teams with Levi’s

Google logoEngadget reports that during the Google ATAP address, Technical Program Lead Ivan Poupyrev confirmed that the search giant is teaming up with Levi’s to bring Jacquard’s technically complex fabrics to the world of fashion. He told the gathered Google groupies that the new tech is important to the Google future; “We want digital to be just the same thing as quality of yarn or colors used.

One video demo showed a person swiping across the length of their forearm to initiate a phone call on a nearby Nexus 6. Engadget’s Chris Velazco says it is the seamlessness of behavior that’s got companies like Levi’s so worked up. Proponents of the tech claim it will reduce digital distractions caused by smartphones and smartwatches.

Improved safety claims

Levi's logoLevi Straus’s head of product innovation Paul Dillinger said that notion is what really caught the clothier’s imagination. Levi’s believes they can help reduce digital distractions through, “the clothes we love to interface with the digital world while maintaining eye with the people we’re having dinner with.”

According to Engadget’s Roberto Baldwin, the conductive surface uses low-power Wi-Fi to communicate with devices. While the demo was on a flat surface, the other electronics needed to power and connect the fabric to a device are not quite ready to be sewn into your pants. The team is still working on shrinking those components down to integrate with its loom. But once they do, you might be swiping your next jacket to control your smartphone.

rb-

Levi’s expects to release a pair of jeans with a touch panel in early 2016.

Fast Company cites predictions from Gartner that “smart garments” will become a regular part of our wardrobes. By 2016, smart garments should make up 26 million of the 91 million units shipped for wearables, vs. 19 million for wristbands. And it’s only going to get bigger from there.

Related articles
  • Google working with Levi’s to make smart clothes (msn.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| June 2, 2015
Comments Off on Millennials Riskiest With Your Data

Millennials Riskiest With Your Data

Around half of the workforce will be millennials by 2020, but today they represent a bigger threat to your data. A recent report by endpoint security and management products producer Absolute Software (ABT) concludes that millennials take the most risks with your data. The report says they pose a greater risk to corporate data security than other user demographics.

Boomer vs. millennialThe findings between generational mobile security behaviors are likely to be counter-intuitive to many who assume younger generations to be more knowledgeable and more aware of security threats in mobile tech use than older generations according to FierceBigDataStephen Midgley, VP of Global Marketing at Absolute Software said;

We conducted this survey with the intention of helping enterprises better understand the current attitudes that employees have towards data security and privacy.

The presser from Absolute Software says that:

  • 64% of millennials use their employer-owned device for personal use, as opposed to 37% of baby boomers
  • Shrug it off50% of respondents believe that security is not their responsibility
  • 35% of millennials change their default settings, compared to 8% of baby boomers
  • 27% of millennials access “Not Safe For Work content, compared with only 5% of baby boomers
  • 25% of millennials believe they compromise IT security, compared with only 5% of baby boomers

rb-

The author concludes that these findings underscore why data trumps instinct or gut feeling given its counter-intuitive results. Corporate hiring and training programs and policies often focus on wComing soon to your workplacehat companies think of different worker demographics rather than on how those workers actually work. Armed with useful data such as this, hiring and training practices can be better aligned with the realities.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| May 26, 2015
Comments Off on Another Hole in Internet Armor

Another Hole in Internet Armor

Another Hole in Internet ArmorAnother hole in our Internet armor has been discovered. The hole is in the Diffie-Hellman key exchange, a popular cryptographic algorithm that allows Internet protocols to agree on a shared key and negotiate a secure connection. It is fundamental to many protocols including HTTPS, SSH, IPsec, SMTPS, and protocols that rely on TLS.

Diffie-Hellman key exchangeResearchers from the University of Michigan, Inria, Microsoft Research, Johns Hopkins University, and the University of Pennsylvania have uncovered several weaknesses in how Diffie-Hellman key exchange has been deployed. In what they are calling the Logjam attack the DF flaw allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and change any data passed over the connection.

The problem, according to the researchers, is that millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange. Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve—the most efficient algorithm for breaking a Diffie-Hellman connection—is dependent only on this prime. After this first step, an attacker can quickly break individual connections.

prime numberTo prove this hypothesis, the researchers carried out this computation against the most common 512-bit prime number used for TLS and demonstrated that the Logjam attack can be used to downgrade connections to 80% of TLS servers supporting DHEEXPORT.

They also estimated that an academic team can break a 768-bit prime and that a nation-state can break a 1024-bit prime. Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers.

VPN attackThere is speculation that this “flaw” was being exploited by nation-state bad actors. A close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having created, exploited, harnessed the Logjam vulnerability.

What should you do?

1 – Go to the researcher’s website https://weakdh.org/ to see if your browser is secure from the Logjam flaw. (It reported that Google Chrome Version 43.0.2357.81 (64-bit) on OSX 10.10.3 was not secure}

2 – Microsoft (MSFT) patched the Logjam flaw on May 12 with security bulletin MS15-055. A Microsoft spokesperson told eWEEK;

Customers who apply the update, or have automatic updates enabled, will be protected. We encourage all customers to apply the update to help stay protected.

3 – Google (GOOG) fixed the issue with the Chrome 42 update, which debuted on April 15. Google engineer Adam Langley wrote;

We disabled TLS False-Start with Diffie-Hellman (DHE) in Chrome 42, which has been the stable version for many weeks now.

patch for Firefox4 – Mozilla’s patch for Firefox isn’t out yet, but “we expect it to be published in the next few days,” Richard Barnes, cryptographic engineering manager at Mozilla, told eWEEK.

5 – DarkReading reports that on the server-side, organizations such as Apache, Oracle (ORCL), IBM (IBM), Cisco (CSCO), and various hosting providers have been informed of the issue. There has been no response from these tech titans.

The researchers have also provided guidance:

  1. If you have a web or mail server, they recommend  – disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group. They have published a Guide to Deploying Diffie-Hellman for TLS with step-by-step instructions.
  2. If you use SSH, you should upgrade both your server and client installations to the most recent version of OpenSSH, which prefers the Elliptic-Curve Diffie-Hellman Key Exchange.
  3. If you’re a sysadmin or developer, make sure any TLS libraries you use are up-to-date, that servers you support use 2048-bit or larger primes, and that clients you maintain reject Diffie-Hellman primes smaller than 1024-bit.

rb-

Finally, get involved. Write someone, your representative, senator, your favorite bureaucrat, the president, your candidate, and tell them to get out of the way. 

Ars Technica notes that Logjam is partly caused by export restrictions put in place by the US government in the 1990s, to allow government agencies the ability to break the encryption used in other countries. “Logjam shows us once again why it’s a terrible idea to deliberately weaken cryptography, as the FBI and some in law enforcement are now calling for,” said Michigan’s J. Alex Halderman to the report. “Today that backdoor is wide open.”

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , , ,
| May 26, 2015
Comments Off on Mobile Malware FUD?

Mobile Malware FUD?

Mobile Malware FUD?Just last week, I wondered out loud from my Bach Seat if all the hype around mobile malware was real or just more FUD. Looks like I am not alone, TechCo recently asked a similar question, “Are We Overstating the Threats from Mobile Devices?

mobile threatsThe author cites several recent reports that back up the claim that the actual mobile threats that mobile devices introduce into the enterprise are overstated. The data indicates that the mobile malware threat is statistically small and has even decreased since 2012.

• A McAfee report shows out of all the malware now out there, only 1.9% of it is mobile malware. The author equates the mobile threat to 4 million / 195 million McAfee knows about.
• Another report (PDF) from Verizon (VZ) shows even lower numbers, with only 0.03 percent of smartphones being infected with what is called “higher grade malicious code.”
hit by lighting• But some numbers go even lower than that. Damballa, a mobile security vendor that monitors roughly half of mobile data traffic, recently released a report that claims you have a better chance of getting hit by lightning than by mobile malware. Dramballa found only 9,688 smartphones out of more than 150 million showed signs of malware infection. If you do the math, that comes out to an infection rate of 0.0064 percent.

Even more interesting is that despite the increase in mobile devices, Damballa found the infection rate had declined by half compared to 2012.

Walled gardenThese reports may show mobile threats aren’t as big of a problem as previously thought, but the author asks, why the numbers are so low at all. After all, cybercriminals like to target new platforms and exploit security weaknesses. Why do they seem to be avoiding mobile devices?

The truth of the matter is that mobile users tend to get their apps from high-quality app stores. The stores from Google (GOOG) and Apple (AAPL) work to filter out suspicious apps. If malware is found in apps after they’ve already been on the market for a while, app stores can also execute a kill switch, which takes the app off the store and the devices where they were downloaded. This limits malware’s ability to spread.

remotely wipe devicesThe article concludes that companies that adopt BYOD should just ignore BYOD security; they just don’t have to go all-out as many businesses have done. Most mobile security experts say a mobile device management system remains a good investment to make sure mobile devices are handled appropriately. MDM systems also allow an organization to remotely wipe devices, thus keeping sensitive data safe in the event a device is lost or stolen. But malware really isn’t a factor in those cases, so the overall message from these recent reports is that getting worked up over mobile threats is not necessary. A company can still gain all the benefits of BYOD without having to worry incessantly over what they’re doing to protect every device that connects to their network.

rb-

What do you think?

Is mobile malware over-hyped FUD?

View Results

Loading ... Loading ...

 

Related articles
  • Your BYOD implementation checklist (powermore.dell.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , , , ,
« Older Entries   Recent Entries »