Archive for October, 2014:

Ebola crisis brings out another sickness: Vile scammers

Volunteers who will be sent to Africa in the forthcoming days are taught how to work with patients infected with the Ebola virus during a training session.

Credit: Reuters
Phishing, false advertising, cybercrap pervade as Ebola fraud grows

Sadly we all knew it would happen, once the Ebola situation became international news, the contemptible fraud and scam artists would crawl out from under their rocks to exploit it.

They have not disappointed.
New York State Attorney General Eric Schneiderman and others this week noted a number of scams in the works:

Consumer Reports published an article referencing a bogus e-mail solicitation offering a $29 “surplus protection kit” supposedly designed for emergency response teams and law enforcement agencies.

The Federal Trade Commission has warned that there are no FDA-approved medical treatments for Ebola and that consumers should file complaints with the FTC and the FDA if they encounter a fraud.

According to USA Today, at least three companies have been issued warnings by the Food and Drug Administration in the past month for selling bogus treatments, solutions, or therapies for Ebola. The FTC and FDA recently sent a warning letter to Natural Solutions Foundation, which sells supplements, putting it on notice that some of its claims around Ebola violate a number of federal laws.

According to a report in Daily Finance, the Better Business Bureau’s New York office has received complaints about fraudulent telephone solicitations involving a charity claiming to raise funds to help Ebola victims. There have also been reports of door-to-door frauds claiming to raise money for a Texas nurse who became infected with the disease.
Better Business Bureau is warning consumers about a variety of Ebola-related scams and problematic fundraisers that have emerged recently.
The AARP warned about online offers for an Ebola cure or special “natural” or “dietary” methods to alleviate or prevent symptoms; email scams with alarming messages like “Ebola update” or

“Ebola Pandemic” which may include links that release computer viruses; sales of “personal protection kits” at low prices to provide supposed “infection defense”; charity scams claiming to help victims or fight the disease; and potential stock investment frauds involving companies that say they are involved in the development of products that will prevent the spread of viral diseases like Ebola.

US-CERT reminded users to protect against email scams and cyber campaigns using the Ebola virus disease as a theme. Phishing emails may contain links that direct users to websites which collect personal information such as login credentials, or contain malicious attachments that can infect a system.

The FTC wrote that there are currently no FDA-approved vaccines or drugs to prevent or treat Ebola. “Although there are experimental Ebola vaccines and treatments under development, these are in the early stages of product development, have not yet been fully tested for safety or effectiveness, and the supply is very limited. There are no approved vaccines, drugs, or products specifically for Ebola available for purchase online or in stores. No dietary supplements can claim to prevent or cure Ebola, according to the supplements industry. If you’ve seen companies or products touting these claims, report them to the FTC and FDA.”

 


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

 


Continue Reading

Quality of Service explained: How routers with strong QoS make better home networks

The devices connected to your router battle for bandwidth like thirst-crazed beasts jostling for access to a receding watering hole. You can’t see the melee, but you can feel its impact. Without intervention, the strongest competitors—a BitTorrent download, for instance—will drink their fill, even if it’s not essential to their survival, while others—a VoIP call, a Netflix stream, or a YouTube video—are left to wither and die.

A router with good Quality of Service (QoS) technology can prevent such unequal distribution of a precious resource. You can dip only one straw into the Internet at a time, after all. QoS ensures that each client gets its chance for a sip, and it also takes each client’s specific needs into account. BitTorrent? Cool your jets. If one of your packets is dropped, it’ll be resent. You can run in the background. Netflix, VoIP, YouTube? Lag results in a bad user experience. Your data gets priority.

That’s a gross oversimplification, of course. Here’s a more in-depth explanation. QoS, also known as traffic shaping, assigns priority to each device and service operating on your network and controls the amount of bandwidth each is allowed to consume based on its mission. A file transfer, such as the aforementioned BitTorrent, is a fault-tolerant process. The client and the server exchange data to verify that all the bits are delivered. If any are lost in transit, they’ll be resent until the entire package has been delivered.

That can’t happen with a video or audio stream, a VoIP call, or an online gaming session. The client can’t ask the server to resend lost bits, because any interruption in the stream results in a glitch (or lag, in terms of game play). QoS recognizes the various types of traffic moving over your network and prioritizes it accordingly. File transfers will take longer while you’re watching a video or playing a game, but you’ll be assured of a good user experience.
Traditional QoS

Different routers take different approaches to QoS. With some models, you simply identify the type of traffic you want to manage and then assign it a priority: High, medium, or low. With others, you can choose specific applications, or even identify the specific ports a service or application uses to reach the Internet. Yet another way is to assign priority to a specific device using its IP or MAC address.
Router Quality of Service QoS

Many older routers, such as this Netgear WNR2000 802.11n model, have predefined Quality of Service for a limited number of applications, but you must configure your own rules for anything the manufacturer didn’t think of.

Configuring QoS this way can be very cumbersome, requiring lots of knowledge of protocols, specific details about how your router operates, and networking in general. Some routers, for instance, depend on you to inform them of the maximum upload and download speeds your ISP supports. Enter the incorrect values, and your network might perform worse instead of better.

Fortunately, router manufacturers have made great strides in making QoS easier to configure. In some cases, it’s become entirely automatic.
Intelligent QoS

Some routers include the option of automated QoS handling. Most newer models support the Wi-Fi Multimedia (WMM) standard, for instance. WMM prioritizes network traffic in four categories, from highest to lowest: Voice, video, best effort (most traffic from apps other than voice and video), and background (print jobs, file downloads, and other traffic not sensitive to latency). WMM is good as far as it goes, but it ameliorates only wireless network contention. It does nothing to resolve the battle for bandwidth among wired network clients.

Better routers go further to cover both sides of the network. They automatically choose which traffic gets priority based upon assumptions—putting video and voice ahead of file downloads, for instance. The intelligence behind each vendor’s QoS functionality, however, varies according to the quality of the algorithm in use and the processor power available to run it.
Router Quality of Service QoS

Qualcomm’s StreamBoost technolog enables the the D-Link DGL-5500 to display exactly what’s consuming the majority of your network’s bandwidth.

Right now, Qualcomm’s StreamBoost traffic-shaping technology seems to be the hot QoS ticket. StreamBoost, first announced in January, 2013, is based on technology originally developed by Bigfoot Networks. Bigfoot, a company that Qualcomm acquired in 2011, designed network-interface cards targeted at gamers, who are among the most latency-sensitive computer users in the world.

Qualcomm doesn’t manufacture routers, but the company does design and manufacture processors that go into high-end consumer routers such as Netgear’s Nighthawk X4 and D-Link’s DGL-5500 Gaming Router. While there’s no technological barrier to running StreamBoost on a Marvel or Broadcom processor, Qualcomm currently doesn’t license the firmware separate from its chips.

StreamBoost can distinguish between and prioritize latency-sensitive traffic (audio, video, gaming, and so on) over latency-insensitive traffic (downloads, file transfers, etc.), and it can adjust its allocation of bandwidth to various network activities to ensure all clients get a good experience. If several clients are streaming Netflix videos at the same time, for instance, it can automatically reduce one or more of those streams from 1080p quality to 720p quality to ensure all the sessions have enough bandwidth.

What’s more, StreamBoost can distinguish among the types of client devices and reduce the image quality streaming to a smartphone or tablet, because the degradation won’t be as noticeable on those small screens as it would be on a big-screen smart TV.
Router Quality of Service QoS

StreamBoost lets you assign priorities to client PCs, so you can preserve bandwidth for a smart TV at the expense of a PC used for BitTorrent downloads, for instance.

StreamBoost’s bandwidth graphs and tools provide better visibility and more precise tuning than other QoS tools I’ve seen. And if you opt in to participate, you’ll receive ongoing updates from Qualcomm’s database in the cloud so that your router can continually optimize its performance and learn how to handle new devices that come on the market. StreamBoost support alone won’t make a crappy router great, but it can make a difference.

Good Quality of Service is essential if you use your network to stream video, play online games, make VoIP and Skype calls, or watch YouTube (and if you don’t do any of those things, you wouldn’t have clicked on this story in the first place). The performance benefits you’ll realize might even save you from moving up to a pricier service tier with your ISP.

An 802.11ac router can deliver higher performance even with clients that are equipped with 802.11n adapters.
But there are other things you can do beyond traffic shaping. Perform a site survey using a tool such as Kismet to see which radio channels your neighbors are relying on, and configure your router to use something else. There are only three non-overlapping channels in the 2.4GHz frequency band: 1, 6, and 11. Use one of these if possible.

If you have a dual-band router that supports both the 2.4- and 5GHz frequency bands, use the less-crowded higher frequency for latency-sensitive traffic such as media streaming, and reserve 2.4GHz for things like downloads. There are many more non-overlapping channels at 5GHz, and the higher channels—150 and up—support more bandwidth than the lower channels.

Lastly, if you’re using an 802.11n (or older) router, consider moving up to a model based on the newer 802.11ac standard. Even if your clients are stuck with 802.11n adapters, you’ll still see a significant performance boost with an 802.11ac router.


 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCP Training at certkingdom.com


Continue Reading

11 ways to re-energize your IT career

Mid-career blues, begone. Here are 11 actionable items tech pros can tackle to keep moving on up in IT.

Stuck in the middle — and blue?
Eric Reed knows a thing or two about mid-career pitfalls. He’s seen some mid-level IT managers get too enamored with technology for its own sake, rather than viewing it as a way to advance business goals. Other would-be leaders didn’t know how to communicate or collaborate with non-IT colleagues and were sidelined as techies rather than ID’d as future business leaders.

Reed is grateful he was able to overcome those challenges in his own career and sustain his momentum — he’s now CTO at GE Capital. With that goal in mind, Computerworld asked Reed and other seasoned IT pros for advice on how to keep your tech career from getting bogged down. Read on for their tips.

Develop a road map
It’s smart to know not just where you want to land but how best to get there. Piera Palazzolo, senior vice president at Dale Carnegie Training, which specializes in business-oriented improvement, recommends starting with self-reflection. Map out the exact positions you’d like to hold and the ultimate title you’d like to achieve. “Then set a course for yourself and find out what you need to learn,” Palazzolo says. Talk to your supervisor and other higher-ups in the company to determine how they can help you and whether your company’s plans for you mesh with your own.

Gain new perspective
Managers often pay lip service to the concept of “walking the shop floor,” but James Stanger, senior director of product development at CompTIA, an IT trade association, suggests going beyond the typical pat-on-the-back mentality. Instead, get to know how your direct reports, your colleagues and your customers view the world.

“In middle management, due to the demands of the job and just trying to get it done, people get these blinders on, and they don’t think about how others think,” Stanger says. Try asking: What do you think about this problem? What’s your perspective? Can you explain your need here?

“Take those blinders off and you’ll find yourself much more nimble in your thinking,” Stanger says, which in turn will make you a better problem-solver — a valued leadership quality.

Find leadership opportunities
To continue honing your leadership skills, look for opportunities that will get you noticed — especially ones outside of your department. “Volunteer for a cross-functional task force that exposes you to senior leaders. Get out of your silo, and get more people in your organization to know who you are,” says Carly Goldsmith, a career coach specializing in guiding mid-career professionals. She suggests seeking out projects and committees that will help you grow your skills.

One of her clients took Goldsmith’s advice, joining a project that required her to have more interactions and strategic conversations with senior leaders. The move paid off: She was offered a promotion shortly after the project wrapped up

Be a perfectionist
Sure, no one’s perfect, but if you’re gunning for more responsibilities, you have to make sure you’re doing your current job as close to perfect as possible.

Sean Andersen, director of interactive services at Six Flags Entertainment Corp., works with IT managers across the company’s 18 theme parks. He says he notices the ones who “keep their house in order” — consistently fulfilling all of their assigned duties, including routine and mundane tasks that often get overlooked. Andersen taps those individuals for special projects because they’re most likely to be able to handle additional responsibilities.

Case in point: When the company launched a pilot program with the new Chromebox two years ago, he went to the manager who had everything else already under control.

Learn constantly, and share what you discover
To protect yourself from becoming technically obsolete as you move up in management and away from the tech trenches, you need to be constantly building and refreshing a well-rounded set of skills. “The idea is to be constantly learning,” CompTIA’s Stanger says. Take more classes, get another certification, earn an advanced degree, he says.

If you’re like most workers, your current job requirements already fill your work week, which means you’ll have to dig hard to find more hours for learning something new. Andersen, the Six Flags executive, says he carves out time — usually late at night — to read up on and test out new technologies. And he says he likewise has doled out plum assignments to direct reports who show similar initiative.

Compensate for your blind spots
Reed, the CTO at GE Capital, admits that in the past he often didn’t think about the impact his decisions had on other people. “I’d sign onto an objective and put together a plan, but I was not thinking about the ramifications on the team,” he says. He didn’t realize the problem until someone on his team called him out on it.

Reed says his headlong decision-making style didn’t kill his career, but it had done some damage with his business partners. Now that he’s became aware of his blind spot, he works to keep it front of mind as he makes commitments that affect his team.

Bernadette Rasmussen, divisional senior vice president of information management and CTO of Health Care Service Corp. (HCSC), agrees with Reed’s approach. “Listen to your team members, listen to your peers and listen to your business leaders,” she advises.

Know how your business makes money…
It’s not enough to have generic business acumen. That’s required for most technologists these days.

To gain a leadership position, you have to know how your organization operates and, more importantly, how it makes money. “Some people get into middle management and they don’t understand that. They don’t understand that we’re not here to implement neat technology. We’re here to help the business make money,” Reed says.

He recommends spending more time meeting with business colleagues to develop that insight and then using it to make smarter decisions within IT. Understanding which technologies have the biggest impact on the company’s bottom line will help you prioritize projects and deliver the big bang that draws attention, Reed says.

… then use that knowledge to drive business results
As an IT middle manager, you most certainly need to know technology and must consistently deliver on your technology projects. As an aspiring C-level leader, your priority should be making sure those projects deliver a tangible benefit to the company. In other words, show your ROI.

“You must change your perspective from mastering technology to helping your organization drive results,” says HCSC’s Rasmussen. “Help connect the dots, drive change with perspective beyond your own and add your unique value,” she advises.

Be the expert that people seek out
You need to be more than an expert to attain a corner office — you need to be the expert.

Theresa Caragol learned that lesson during her upward climb. “You have to be the best and have the deepest expertise so someone says, ‘If I want to understand this, I have to go talk to this person.’ And if you’re the expert in more than one technology, that’s even better,” she says.

Caragol, now global vice president for channels and partners at Extreme Networks Inc., positioned herself as an expert in software-defined networking at a previous employer. Her mentors helped line up opportunities for her to speak on the topic, which brought her to the attention of those in positions to promote her. She worked her way up to vice president of global channel, alliances and partners at Ciena Corp., her previous employer, a role that in turn served as a stepping stone to her current position.

Manage up and manage down
If you really want to shine, make sure your team does. And make your manager look good, too. After all, in almost all cases your boss will be the one to recommend you for top assignments and promotions. Have regular face-to-face conversations where you can talk about company objectives, professional goals and, yes, even your personal interests, says Dale Carnegie Training’s Palazzolo.

Put the same effort into building relationships with your team, because you’re only as good as the output you get from them. Vidhya Ranganathan, senior vice president of products and engineering at cloud-services firm Accellion Inc., takes a commonsense approach to building relationships. She regularly has lunch with her team and chats over coffee. “It’s not to give them [formal] guidance, but to just listen and let them know I’m available,” she says.

Avoid missteps
To make your rise through the ranks as painless as possible:
Don’t wait for your manager to offer you opportunities. There’s a reason why Microsoft CEO Satya Nadella recently found himself embroiled a firestorm of criticism when he urged women seeking a raise to “have faith in the system” rather than asking for what they want — it’s bad advice for all employees. “Too often, middle managers take a passive approach to their career advancement” — including raises and promotions, career-coach Goldsmith says. “Go out and find the opportunities yourself.
Don’t linger in a job you dislike or that’s not well suited for you. “Motivation plummets, mistakes are made, stress increases. And whether you’re conscious of it or not, you start to be seen as a poor performer,” Goldsmith explains.
Don’t get trapped in the weeds. According to Goldsmith, middle managers often do more hands-on work than they should. You need to move out of the tech trenches and lead your team, not code with them.


 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Posted in: TECH

Continue Reading

Drupal releases patch for severe SQL injection flaw

Drupal has released a patch for a highly critical flaw in its content management system, which could allow rogue code to run.

Drupal, which is a volunteer open-source project whose software is used by websites such as The White House and the Economist, said all of 7.x releases prior to 7.32 are affected, according to an advisory.

Administrators should update to version 7.32. If that is not possible, a patch is available for the “database.inc” file that fixes the problem.
MORE ON NETWORK WORLD: Free security tools you should try

Drupal uses a database abstraction API (application programming interface) that filters harmful SQL (structure query language) queries, but the vulnerability (CVE-2014-3704) can allow an attacker to send malicious queries that could be executed. These so-called SQL injection attacks are among the most common type of attacks against a website.

“Depending on the content of the request this can lead to privilege escalation, arbitrary PHP execution or other attacks,” Drupal wrote.

The flaw can be exploited by anonymous users, and there are now proof-of-concept instructions circulating that show how to exploit it, according to a FAQ document.

“While we do not have reports of actual usage, the nature of this vulnerability is such that the attack can be difficult to detect,” it said.

The vulnerability was reported last month by Sektion Eins, which is a PHP-focused security firm in Germany that was hired by an unnamed client to audit its code, Drupal wrote. Drupal’s security team often gets reports from those kind of audits, it said.

Drupal debated whether to release a patch early, but opted to stick to its normal schedule for releasing security updates due to its Amsterdam conference at the end of September.

“We felt that it would be better to use the regularly scheduled date which also happened to be the first date when the Drupal community would be likely to have time to focus on the upgrade,” the organization wrote.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com


Continue Reading

Blowing the whistle without blowing your career

How techies can bring data mishandling and abuses to light without putting their careers in jeopardy.

Technology professionals are among today’s most infamous whistleblowers. The list of those who have made headlines for exposing corporate or government skulduggery includes Shawn Carpenter, a network security analyst who blew the lid off a Chinese cyberespionage ring; Bradley (now Chelsea) Manning, who shared more than 250,000 classified State Department cables with WikiLeaks; and Edward Snowden, who leaked top-secret information about NSA surveillance activities.

But for every high-profile case, there are plenty of tales of IT professionals who have accused their employers of wrongdoing without making national headlines or feeling the need to seek asylum in foreign countries.

Take Nell Walton, for example. A former database administrator at Nova Information Systems (now Elavon), Walton filed a whistleblower complaint with the Occupational Safety and Health Administration in 2005 against the credit card processor for security violations on databases that contained billions of transaction records.

According to Walton, she repeatedly asked the company to bolster its database security — a request that she claims prompted retaliation from Nova’s “chain of command.” Walton’s complaint was dismissed by OSHA. She appealed the decision with the U.S. Department of Labor but eventually lost her case against Nova in a federal court. (Elavon didn’t respond to an interview request.)

The case, which lasted nearly three years, cost Walton her job, physical health and nearly $50,000 in legal fees. “It totally pretty much wrecked my life for three years,” she says. “Even after the case was over and we lost, it was just awful.”

Such is the difficult and often stressful path for IT professionals who dare to expose what they perceive to be misconduct or negligence on the part of their employers. “It’s like that saying from my childhood: Nobody likes a squealer,” says James Lewis, director and senior fellow of the Strategic Technologies Program at the Center for Strategic and International Studies, a Washington-based think tank. “You can be noble and a whistleblower, but don’t expect it to be an easy life.”

Yet the potential for techies to become high-profile whistleblowers is growing, whether they like it or not. For starters, today’s data deluge — bits and bytes of information being generated by everything from assembly-line sensors to point-of-sale devices — is fueling a demand for unprecedented data transparency. Suddenly, the public is requesting greater openness from IT departments regarding what data is being collected, how it’s being used, how it’s being secured and who’s accessing it.

At the same time, the stakes have never been higher for organizations to keep their systems secure. According to Ponemon Institute’s “2014 Cost of Data Breach Study: Global Analysis,” a report sponsored by IBM, the average cost of a data breach to a company was $3.5 million, up 15% from the average reported by companies participating in last year’s study. The 314 companies from 10 countries that took part in this year’s study estimate they will be dealing with an average of 17 malicious codes and 12 sustained probes each month. IT teams must keep confidential data safe from these mounting threats or face the wrath of angry shareholders, fine-wielding regulatory bodies and disgruntled customers.

All of that puts technology professionals between a rock and a hard place. On one hand, they’re saddled with the awesome responsibility of ensuring data openness and seeing to it that data management practices meet the highest ethical standards. On the other hand, IT professionals who detect — and then report — shoddy security measures or misuse of data are sitting on “a potential powder keg,” warns Larry Ponemon, founder of Ponemon Institute, a privacy and data protection think tank in Traverse City, Mich. It’s no surprise that many IT leaders “take the attitude that [reporting malfeasance is] someone else’s problem,” he says, “or convince themselves that even though it’s a data breach, it won’t really be harmful to people.”

Fortunately, a number of new developments are helping IT leaders more readily embrace their emerging role as corporate watchdogs. Greater legal protections, innovative whistleblowing platforms, new reporting processes, cultural shifts — they all promise to help technology professionals prepare for a new era of high-tech whistleblowing, even under the threat of employer retaliation, lengthy legal battles and foreign exile.

Legal matters

For four years now, the Dodd-Frank Wall Street Reform and Consumer Protection Act has received mixed reviews on its ability to fulfill its mandate to reward and protect people who report governmental or corporate misconduct. The legislation works by granting whistleblowers monetary awards ranging from 10% to 30% of the money collected in an enforcement action. In fact, in the first seven weeks after the Dodd-Frank Act took effect in August 2011, the Securities and Exchange Commission received 334 tips from informers seeking rewards. Since then, the SEC has fielded more than 6,000 whistleblower reports.

In addition to offering financial rewards, the Dodd-Frank Act aims to protect whistleblowers from employer retaliation by allowing them to maintain anonymity.

However, as financial experts continue to debate the impact of Dodd-Frank, many organizations are taking matters into their own hands. “The Dodd-Frank rules around whistleblowing were a good wake-up call, but I’m seeing a lot of organizations stepping back and asking, ‘How can we take this to the next level? What’s the Version 2.0?'” says Mohammed Ahmed, a senior manager at Deloitte Financial Advisory Services and co-author of the Deloitte report “Whistleblowing and the New Race to Report.”
How not to air dirty laundry

For many organizations, the answer is to establish an internal whistleblowing program, complete with a 24/7 hotline and financial rewards for employees who expose bad behavior and faulty systems. Whistleblower hotlines, for example, allow IT workers to anonymously report any misconduct they witness within their organization either by phone or via a Web portal. Although IT professionals are most likely to notice something like the mishandling of data, other causes for concern include fraud, corruption and illegal activity of any kind, of course, as well as safety violations and health hazards.
Mohammed Ahmed, Deloitte Financial Advisory Services

Deloitte’s Mohammed Ahmed says many companies “are uncomfortable with the notion that they don’t know what’s being reported about them.”

Walton says she wishes whistleblower hotlines were available back in 2005 when she decided to tell her employer about her concerns about data security. “I honestly think that a [whistleblowing] channel would have opened [the case] up to people that were more interested in protecting the data rather than protecting their own jobs,” she says.

Even so, while more and more organizations are providing internal communication platforms and incentives for whistleblowing, the real motive behind many of these initiatives is to ensure corporate missteps are handled in-house and not brought to the attention of authorities.

The rationale behind many of these internal programs “is to motivate whistleblowers to report internally first before going to the SEC,” says Ahmed. “Companies are grappling with the fact that reports can be made directly to the SEC. Most are uncomfortable with the notion that they don’t know what’s being reported about them and that the first time they find out is from a regulator.”
Solutions hidden in plain sight

If today’s internal whistleblowing tools fail to instill confidence in IT leaders, there’s a growing crop of third-party sites and submission systems to choose from.
Techies who talked
Whistleblower: Karen Silkwood

• Disclosure: The American chemical technician and labor union activist spoke out about the poor corporate practices that compromised the health and safety of workers in a Kerr-McGee nuclear plant.

• Resolution: Silkwood died in a car crash under mysterious circumstances. Years later, Kerr-McGee settled with the Silkwood estate out of court for $1.38 million.
Whistleblower: Alan Parkinson

• Disclosure: The Australian mechanical and nuclear engineer helped expose the unsatisfactory cleanup of the British atomic bomb test site at Maralinga in South Australia.

• Resolution: Parkinson was eventually removed from the project and wrote a book about his ordeal entitled Maralinga: Australia’s Nuclear Waste Cover-up.
Whistleblower: Shawn Carpenter

• Disclosure: A former network security analyst at Sandia National Laboratories, Carpenter discovered that a sophisticated group of hackers was infiltrating hundreds of computer networks and accessing sensitive data at major U.S. defense contractors, military installations and government agencies.

• Resolution: Carpenter’s employment was terminated when he informed the U.S. Army and the FBI about the security breaches. Today, Carpenter continues to work in the national security field.
Whistleblower: Edward Snowden

• Disclosure: The former National Security Agency contractor and IT infrastructure analyst gave reporters top-secret documents suggesting that the NSA is collecting phone records on millions of Americans.

• Resolution: To avoid facing charges related to the leaks, Snowden fled to Russia, where he recently received a three-year residence permit.
Whistleblower:
Bradley (now Chelsea) Manning

• Disclosure: The U.S. Army intelligence analyst was convicted in July 2013 of violations of the Espionage Act for downloading and releasing more than 250,000 classified State Department cables and sending them to WikiLeaks.

• Resolution: Manning was sentenced to 35 years’ confinement at the maximum-security U.S. Disciplinary Barracks at Fort Leavenworth in Kansas and was dishonorably discharged from the Army.

— Cindy Waxer

Tor (previously known as The Onion Router), for example, is an anonymizing program that routes traffic through a network of multiple nodes — or virtual tunnels — to anonymize the identities of its users.

According to the Tor website, the technology bounces communications around a distributed network of relays operated by volunteers around the world. Tor prevents websites from tracking users, be they CIOs or political dissidents, so those individuals can remain undetected if they want to, say, communicate sensitive information to journalists, connect with authorities or browse whistleblowing sites.

Another option is GlobaLeaks, an open-source whistleblowing framework that’s designed to help IT professionals report wrongdoing without having to rely on in-house tools or technologies. “Whistleblowing is risky,” says Marco Calamari, a member of the Hermes Center for Transparency and Digital Human Rights in Milan, Italy, which developed the innovative technology. “GlobaLeaks is a highly configurable software built on the foundation of Tor, which allows for anonymous browsing of the Internet.” The upside of GlobaLeaks, which boasts 5,000 voluntary servers and 1 million users, is its ease of use, which allows even nontechnical people to set up their own anonymous whistleblowing sites.

One of today’s more innovative submission systems is an online advertising network called AdLeaks. Unlike tools such as Tor, which rely on SSL connections over an anonymizing network to mask a user’s identity, AdLeaks works by embedding AdLeaks ads onto a website.

These ads contain code that encrypts a whistleblower’s messages, which are then delivered back to AdLeaks as small packets of encrypted information. By letting a whistleblower’s browser substitute messages with encrypted parts of a disclosure, AdLeaks ensures the sender is completely unobservable and that eavesdroppers can’t distinguish between a regular browser’s transmissions and those of a whistleblower’s browser.

But even AdLeaks isn’t a foolproof solution. For one thing, because it leaks only a small piece of information each time, the process may take weeks to complete. And because AdLeaks is a research project, the system is still considered part of an experimental research product line. Professor Volker Roth of Freie Universitat (Free University) in Berlin, who is spearheading the project, says, “We cannot guarantee the security of any submissions, and we do not have the organization to handle whatever would be submitted to us.”


 

 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Posted in: TECH

Continue Reading

creepy mobile apps that make spying easier

This week, the U.S. Justice Department indicted the CEO of StealthGenie on charges that the company’s apps violate federal laws against invading others’ privacy, an arrest the government has called the first of its kind. However, StealthGenie is hardly the only company that has developed tools that turn communications devices into tools for spying, stalking, and digging up information on other people. Here are 10 of the creepiest mobile apps, some of which are still available for download, but might not be for long if the prosecution against StealthGenie is successful.

StealthGenie did it all
According to the FBI, StealthGenie’s software recorded the phone calls made on the device on which it was installed; allowed a remote user to activate the device’s microphone to broadcast in-person conversations within a 15-foot radius of the device; monitored text, email, and voicemail messages; granted access to the device’s photographs, videos, address book, and calendar; and tracked and displayed the users’ movements on an online map. The company claimed that most of its business consisted of people trying to figure out if their significant others were carrying on affairs, although it also marketed the software to parents who want to keep tabs on their children and businesses that want to monitor employees.

Mobile Spy: Still available for iOS, Android, Blackberry, Mac, and PC
The next most prominent suite of device spying tools, at least on Google search results for “mobile apps for spying,” is the aptly named Mobile Spy, which supports basically every type of mobile device available on the market. The website’s description of the Mobile Spy service seems pretty incriminating in the wake of the StealthGenie indictment – “You install a small application directly onto the phone you own and want to monitor. It starts at every boot of the phone, remains stealth and does not show up in the running process list.” Also like StealthGenie, Mobile Spy users can activate a device’s microphone remotely and follow the location of the device.

How to Spy guide on iOS
For the less technologically inclined, an iOS app that calls itself “a step-by-step how to spy and phone tracker guide” promises to teach people how to spy on text and email messages, find hidden passwords, and how to use spyware and keyloggers.

Girls Around Me
This app gained notoriety in early 2012 by scanning for location data of nearby Foursquare and Facebook users to aggregate information on all the people within its users’ proximity. The problem was that the Girls Around Me app (which, despite its name, also aggregated data on men) never asked Foursquare or Facebook users for permission to access this data, nor to show it to Girls Around Me users. This violated Foursquare’s API policy, not to mention other peoples’ privacy, and before long Foursquare shut off the developers’ API access and Apple withdrew the app from the App Store.

TopSpyApp
Another app that blatantly bills itself as spyware, TopSpyApp promises to “reveal the truth” on iOS, Android, and Blackberry devices, and even boasts the ability to monitor conversations on third-party messaging services like Viber, WhatsApp, Skype, and Facebook’s Messenger app.

Winky for Google Glass
One common complaint among those who oppose Google Glass is that it’s not always clear when those wearing the device are taking photos or capturing video of those around them. Winky tried to make that even more discrete, enabling the device to snap a photo whenever the user blinked while the device was turned on. Without Winky, users need to either make a voice command or press a button on the side of the Glass device to capture a photo. Google eventually baked the wink-for-photo command into a Glass software update as an “experimental feature.”

NameTag facial recognition for Google Glass
A highly controversial app called NameTag used facial recognition to search photos of people against a database containing records from social networks, dating sites, and multiple criminal databases, including the National Sex Offender Registry. Google was quick to denounce the app, reminding the world that facial recognition apps violate the Glass developer policy. NameTag’s developers were seemingly aware that their app would not be supported for Glass, and expressed interest in adapting it for Glass competitors that had fewer restrictions.

Recognizr facial recognition for smartphones
In 2010, a mobile software company called The Astonishing Tribe demoed an app called Recognizr that created a 3D model based on a photo of a person and finds a match within social networks, then uses augmented reality to project links to their social accounts next to their face. The app never made it to the public, and The Astonishing Tribe was acquired by Research In Motion in 2010, so if a Blackberry-only version of the app is in the works, it’s taking a while to come to market.

Background Check for iOS and Android
A website called BeenVerified.com offers an app for both iOS and Android that provides one free background check per month, and charges for each background check after that. The app bills itself as some kind of a digital private investigator. Its description in the Google Play store promises users they can be their own detective, and says “imagine sitting at the bar and finding out the truth about the person who just bought you a drink all before they return from the bathroom.”

Trick or Tracker for monitoring kids’ whereabouts
Trick or Tracker describes itself as a tool for keeping track of where their kids go while trick or treating on Halloween, but presumably works on other days of the year. According to a Market Watch article, the app – installed on both the child’s and parent’s smartphones – keeps track of the child’s location through its GPS capability and can be set to automatically send the parent a text message showing the child’s phone’s location every 15 minutes.


 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

Posted in: TECH

Continue Reading

The crazy cellphone ideas of 2004

Take a look back at the futuristic cellphone ideas of a decade ago.

A year is a long time in smartphone technology today, so remember if you can the changes that have taken place over the last decade.

In 2004, Apple had only just started working on development of its iPhone and no one outside the company knew about it, Samsung was focused on the South Korean market, and the hottest thing in wireless was the success of the I-mode mobile Internet service in Japan.

Here’s a look back at the futuristic phones on display at ITU’s Telecom Asia expo in Busan, South Korea in September 2004.

Samsung Satellite TV Phone
It seems improbable, but satellite TV direct to cellphones was a dream of Japanese and South Korean engineers in 2004. The service was broadcast from a custom satellite and didn’t require the bulky dishes usually associated with satellite TV reception in homes. Samsung’s SCH-B100 had a flip-out screen for watching the programs and packed an MPEG4 video recorder function with a two-hour memory. The 14-channel service cost US$11 per month at the time and was successful for a while, but was later eclipsed by free terrestrial TV and online streaming. In Japan, the service never achieved success.

Pantech Body Temperature Cellphone
If you think swiping left and right on a bulky smartwatch looks goofy, you probably don’t remember Pantech’s G670 cellphone. The phone had a body temperature sensor on it’s rear that required it to be held up and pressed against the user’s forehead to take a measurement.

NTT DoCoMo Fuel Cell Charger
Back then as now, battery life was a headache for phone users. NTT DoCoMo thought it had an answer with a portable fuel cell that could generate power from a little bit of methanol. The idea was that small methanol cartridges would be sold in convenience stores and, when your phone ran out of power, you could snap it in the charger cradle, squirt in some methanol in and back in business. Fuel cells were seen at the time as an answer to the on-the-go charging needs of phone and laptop PC users in part because the power generation was immediate. The charger never came to market, but some companies are still pursuing fuel cell technology.

Samsung Hard Disk Phone
Apple’s new iPhone 6 packs as much as 128GB of storage and just this week SanDisk announced a 512GB SD card. Imagine how improbable that sounded in 2004 when Samsung proudly announced the first cellphone in the world … with a hard-disk drive! The SPH-V5400 was only available in South Korea and packed an impressive (at the time) 1.5GB of storage capacity. The phone also featured an FM transmitter so stored music could be played through a radio.

LG Glucose Monitor Phone
Another phone with a medical twist was LG’s KP8400. It had a built in sensor for measuring blood sugar. You’d put a drop of blood onto a glucose testing strip and slide that into a reader embedded in the clamshell phone. After a few moments, the phone would provide the blood sugar reading. There was even a facility to load the data to an online database over the phone’s GPRS connection.

Pantech Gaming Phone
It’s a gaming device! No, it’s a phone! Whatever Pantech’s PH S-3500 was intended to be, it was unique. A circular clamshell phone with a circular keypad that probably took a lot of getting used to, especially when tapping out text messages, the phone had a 2.1-inch color display and packed a 3D graphics chip — a rarity at the time. Unfortunately for Pantech, just three months later Sony released the PlayStation Portable and handheld gaming was changed forever.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

 

Posted in: TECH
Tags:

Continue Reading

Follow Us

Bookmark and Share


Popular Posts