Summertime has finally arrived and that usually means many of us are headed to the shore for some rest and relaxation. Unfortunately our mobile devices usually tag along. If this is true in your case be sure to take care with your mobile devices as they are even more susceptible to the summer's unique weather conditions then you are.
Avoid "Heat-Related Death"
Extremely warm (and hot) temperatures have noticeable effects on your phone's battery, display and the parts inside your phone. There's even a possibility of the ominously named "heat-related death," which is exactly as horrible as it sounds. The best way to protect your tech is to keep it in the shade. If you do find that your phone has overheated in the sun, don't panic and let it cool gradually. Do not put it in the refrigerator or freezer. Let it cool down on it's own, and out of the sun.
Use a cooling pad when you're working on a laptop outdoors, even if you don’t use one at home. Increased temperatures mean even new laptops could easily overheat in the summer sun. Also take the time to clean your laptop fan before heading into the sun. This will help to ensure that it is running properly and keeping your laptop cooler. Of course the best protection is to keep it in the shade.
Use "Protection"
Another concern is water damage. While your smartphone case protects against damage from dropping your phone, it will do little to protect your phone from damage caused by liquid, dust or sand. If you want to tote your cell to the shore, you’ll need a little something extra like a waterproof case. You can find these online easily. I found dozens of these cases at Amazon.com.
Tuesday, June 25, 2013
US-CERT (Risks of Default Passwords on the Internet)
I will start posting cyber alerts that are published by the United States Computer Emergency Readiness Team (US-CERT).
US-CERT’s mission is to improve the nation's cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks to the nation while protecting the constitutional rights of Americans. US-CERT's vision is to be a trusted global leader in cybersecurity — collaborative, agile, and responsive in a complex environment.
Systems Affected
Any system using password authentication accessible from the internet may be affected. Critical infrastructure and other important embedded systems, appliances, and devices are of particular concern.
Overview
Attackers can easily identify and access internet-connected systems that use shared default passwords. It is imperative to change default manufacturer passwords and restrict network access to critical and important systems.
Description
What Are Default Passwords?
Factory default software configurations for embedded systems, devices, and appliances often include simple, publicly documented passwords. These systems usually do not provide a full operating system interface for user management, and the default passwords are typically identical (shared) among all systems from a vendor or within product lines. Default passwords are intended for initial testing, installation, and configuration operations, and many vendors recommend changing the default password before deploying the system in a production environment.
What Is the Risk?
Attackers can easily obtain default passwords and identify internet-connected target systems. Passwords can be found in product documentation and compiled lists available on the internet. It is possible to identify exposed systems using search engines like Shodan, and it is feasible to scan the entire IPv4 internet, as demonstrated by such research as
Attempting to log in with blank, default, and common passwords is a widely used attack technique.
Impact
An attacker with knowledge of the password and network access to a system can log in, usually with root or administrative privileges. Further consequences depend on the type and use of the compromised system. Examples of incident activity involving unchanged default passwords include
Solution
Change Default Passwords
Change default passwords as soon as possible and absolutely before deploying the system on an untrusted network such as the internet. Use a sufficiently strong and unique password. See US-CERT Security Tip ST04-002 and Password Security, Protection, and Management for more information on password security.
Use Unique Default Passwords
Vendors can design systems that use unique default passwords. Such passwords may be based on some inherent characteristic of the system, like a MAC address, and the password may be physically printed on the system.
Use Alternative Authentication Mechanisms
When possible, use alternative authentication mechanisms like Kerberos, x.509 certificates, public keys, or multi-factor authentication. Embedded systems may not support these authentication mechanisms and the associated infrastructure.
Force Default Password Changes
Vendors can design systems to require password changes the first time a default password is used. Recent versions of DD-WRT wireless router firmware operate this way.
Restrict Network Access
Restrict network access to trusted hosts and networks. Only allow internet access to required network services, and unless absolutely necessary, do not deploy systems that can be directly accessed from the internet. If remote access is required, consider using VPN, SSH, or other secure access methods and be sure to change default passwords.
Vendors can design systems to only allow default or recovery password use on local interfaces, such as a serial console, or when the system is in maintenance mode and only accessible from a local network.
Identify Affected Products
It is important to identify software and systems that are likely to use default passwords. The following list includes software, systems, and services that commonly use default passwords:
Running a vulnerability scanner on your network can identify systems and services using default passwords. Freely available scanners include Metasploit and OpenVAS.
References
US-CERT’s mission is to improve the nation's cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks to the nation while protecting the constitutional rights of Americans. US-CERT's vision is to be a trusted global leader in cybersecurity — collaborative, agile, and responsive in a complex environment.
06/24/2013 03:11 PM EDT
Original release date: June 24, 2013
Systems Affected
Any system using password authentication accessible from the internet may be affected. Critical infrastructure and other important embedded systems, appliances, and devices are of particular concern.
Overview
Attackers can easily identify and access internet-connected systems that use shared default passwords. It is imperative to change default manufacturer passwords and restrict network access to critical and important systems.
Description
What Are Default Passwords?
Factory default software configurations for embedded systems, devices, and appliances often include simple, publicly documented passwords. These systems usually do not provide a full operating system interface for user management, and the default passwords are typically identical (shared) among all systems from a vendor or within product lines. Default passwords are intended for initial testing, installation, and configuration operations, and many vendors recommend changing the default password before deploying the system in a production environment.
What Is the Risk?
Attackers can easily obtain default passwords and identify internet-connected target systems. Passwords can be found in product documentation and compiled lists available on the internet. It is possible to identify exposed systems using search engines like Shodan, and it is feasible to scan the entire IPv4 internet, as demonstrated by such research as
- Shiny Old VxWorks Vulnerabilities
- Security Flaws in Universal Plug and Play: Unplug, Don't Play
- Serial Offenders: Widespread Flaws in Serial Port Servers
- The Wild West
- Internet Census 2012
Attempting to log in with blank, default, and common passwords is a widely used attack technique.
Impact
An attacker with knowledge of the password and network access to a system can log in, usually with root or administrative privileges. Further consequences depend on the type and use of the compromised system. Examples of incident activity involving unchanged default passwords include
- Internet Census 2012 Carna Botnet distributed scanning
- Fake Emergency Alert System (EAS) warnings about zombies
- Stuxnet and Siemens SIMATIC WinCC software
- Kaiten malware and older versions of Microsoft SQL Server
- SSH access to jailbroken Apple iPhones
- Cisco router default Telnet and enable passwords
- SNMP community strings
Solution
Change Default Passwords
Change default passwords as soon as possible and absolutely before deploying the system on an untrusted network such as the internet. Use a sufficiently strong and unique password. See US-CERT Security Tip ST04-002 and Password Security, Protection, and Management for more information on password security.
Use Unique Default Passwords
Vendors can design systems that use unique default passwords. Such passwords may be based on some inherent characteristic of the system, like a MAC address, and the password may be physically printed on the system.
Use Alternative Authentication Mechanisms
When possible, use alternative authentication mechanisms like Kerberos, x.509 certificates, public keys, or multi-factor authentication. Embedded systems may not support these authentication mechanisms and the associated infrastructure.
Force Default Password Changes
Vendors can design systems to require password changes the first time a default password is used. Recent versions of DD-WRT wireless router firmware operate this way.
Restrict Network Access
Restrict network access to trusted hosts and networks. Only allow internet access to required network services, and unless absolutely necessary, do not deploy systems that can be directly accessed from the internet. If remote access is required, consider using VPN, SSH, or other secure access methods and be sure to change default passwords.
Vendors can design systems to only allow default or recovery password use on local interfaces, such as a serial console, or when the system is in maintenance mode and only accessible from a local network.
Identify Affected Products
It is important to identify software and systems that are likely to use default passwords. The following list includes software, systems, and services that commonly use default passwords:
- Routers, access points, switches, firewalls, and other network equipment
- Databases
- Web applications
- Industrial Control Systems (ICS) systems
- Other embedded systems and devices
- Remote terminal interfaces like Telnet and SSH
- Administrative web interfaces
Running a vulnerability scanner on your network can identify systems and services using default passwords. Freely available scanners include Metasploit and OpenVAS.
References
- Home Network Security
- Choosing and Protecting Passwords
- Password Security, Protection, and Management
- Small Office/Home Office Router Security
- The Risk of Default Passwords
- SHODAN - Computer Search Engine
- Shiny Old VxWorks Vulnerabilities
- Security Flaws in Universal Plug and Play: Unplug, Don't Play
- Serial Offenders: Widespread Flaws in Serial Port Servers
- The Wild West
- Internet Census 2012
- Zombie hack blamed on easy passwords
- Secure EAS Codec s Prevent Zombie Attacks
- SCADA System's Hard-Coded Password Circulated Online for Years
- After Worm, Siemens Says Don't Change Passwords
- "Kaiten" Malicious Code Installed by Exploiting Null Default Passwords in Microsoft SQL Server
- Web Interface - DD-WRT Wiki
- Penetration Testing Software | Metasploit
- Open Vulnerability Assessment System
Monday, June 24, 2013
Windows 8.1 Preview
If you are currently using Windows 8 you are aware that it obviously is a work in progress. While Windows 8 works fine on touch screens it can be clunky on non-touch screens. In addition if Microsoft has dreams of the corporate world adopting Windows 8 in the workplace further development and customization is required. Microsoft has obviously been working on some of these issues as the upcoming release of Windows 8.1 (or Windows Blue) proves. As with Windows 8 and Office 2013 Microsoft will be releasing a "preview" a few months before the final release on June 26.
It makes sense to look at what the Windows 8.1 Preview will bring to the table, and its requirements and changes, before you make a decision whether you should upgrade your system to the preview build right away.
For many users, it may be better to wait until the final version of Windows 8.1 gets released. While there is no definite date set for that yet, it is likely that Microsoft will make it available just a couple of months after the release of the preview version.
Requirements
The system requirements have not changed at all.
There is one main change though that users need to know about. You need to use a Microsoft account to sign in to PCs that run the preview build of Windows 8.1 There is no option to create a local account in the release, but Microsoft promises that it will be made available when the final version of Windows 8.1 gets released later this year.
Windows 8.1 Preview will be made available via Windows Store as a direct download and as a Preview ISO image. If you want to download it from Windows Store, you need to install an update first on the system that you get from the Windows 8.1 Preview download page. Next time you start the system after installing the update you receive a notification that you can get Windows 8.1 Preview for free from the store.
An Internet connection is needed to download the app from Store, but once it has been downloaded no Internet connection is required until the update has been successfully installed and the system rebooted.
You can alternatively download the Windows 8.1 Preview ISO from the download page and use it to install the operating system. You will need a product key that Microsoft makes available on the download page. It is likely that this is a generic key that all users who install the preview build share.
What's New in Windows 8.1?
Boot to Desktop More rows on start screen and additional tile sizes. Improvements for mouse and keyboard users on the desktop and start screen. Snap View feature improved, supports now up to three apps. Internet Explorer 11. Windows Defender with network behavior monitoring. Device Lockdown with Assigned Access (RT, Pro and Enterprise) to enable a "single Windows Store application experience on a device". Pervasive Device Encryption for all Windows editions. Enabled out of the box and can be configured "with additional BitLocker protection and management capabilities". Improved Biometrics including optimization for fingerprint based biometrics. Remote Business data removal. Support for a wider range of VPN clients and auto-triggered VPN. Broadband tethering. Windows Store enabled by default for Windows To Go users. Bring your own Device enhancements such as work folders, Wi-Fi direct printing, RDS enhancements and web application proxy. SkyDrive is integrated natively into Windows 8.1 but does not sync data automatically to the PC. Placeholders are displayed instead. You need to sign in to a Microsoft account to use the store. All Windows 8 apps will work on Windows 8.1 but not the other way round. Apps are automatically updated unless you are connected to a metered Internet connection. Desktop background can now be displayed on start screen. Lock Screen slideshow of photos. Aggregated search powered by Bing. Improved stock apps and new apps such as a Calculator, Sound Recorder and new Alarm features. PC Settings updated (the start screen control panel) so that it is no longer necessary to switch to the desktop Control Panel. Start button that links to the start screen.
Unconfirmed
You will lose access to apps and programs that you have installed on Windows 8.1 Preview systems when you upgrade to the final RTM version of the operating system.
I may actually end up waiting if it is indeed true that all applications will need to be re-installed when moving from the preview release to the final RTM. I am still waiting on what is happening here before deciding what to do.
Below is a video preview of Windows 8.1
It makes sense to look at what the Windows 8.1 Preview will bring to the table, and its requirements and changes, before you make a decision whether you should upgrade your system to the preview build right away.
For many users, it may be better to wait until the final version of Windows 8.1 gets released. While there is no definite date set for that yet, it is likely that Microsoft will make it available just a couple of months after the release of the preview version.
Requirements
The system requirements have not changed at all.
- 1 GHz or faster processor.
- 1 Gigabyte or 2 Gigabyte of RAM depending on whether you are using a 32-bit or 64-bit system.
- 16 Gigabyte or 20 Gigabyte of hard drive space again depending on whether you are using a 32-bit or 64-bit system.
- Microsoft DirectX 9 graphics card.
There is one main change though that users need to know about. You need to use a Microsoft account to sign in to PCs that run the preview build of Windows 8.1 There is no option to create a local account in the release, but Microsoft promises that it will be made available when the final version of Windows 8.1 gets released later this year.
Windows 8.1 Preview will be made available via Windows Store as a direct download and as a Preview ISO image. If you want to download it from Windows Store, you need to install an update first on the system that you get from the Windows 8.1 Preview download page. Next time you start the system after installing the update you receive a notification that you can get Windows 8.1 Preview for free from the store.
An Internet connection is needed to download the app from Store, but once it has been downloaded no Internet connection is required until the update has been successfully installed and the system rebooted.
You can alternatively download the Windows 8.1 Preview ISO from the download page and use it to install the operating system. You will need a product key that Microsoft makes available on the download page. It is likely that this is a generic key that all users who install the preview build share.
What's New in Windows 8.1?
Unconfirmed
You will lose access to apps and programs that you have installed on Windows 8.1 Preview systems when you upgrade to the final RTM version of the operating system.
I may actually end up waiting if it is indeed true that all applications will need to be re-installed when moving from the preview release to the final RTM. I am still waiting on what is happening here before deciding what to do.
Below is a video preview of Windows 8.1
Sunday, June 23, 2013
GREAT article on the classical model...
http://schoolsofthought.blogs.cnn.com/2013/06/21/classical-schools-put-plato-over-ipad/
http://schoolsofthought.blogs.cnn.com/2013/06/21/classical-schools-put-plato-over-ipad/
Friday, June 21, 2013
West Chester Connect Is On The Horizon!
Today the Windows Phone 8 app for "West Chester Connect" became available in the Windows Store. The iPhone and Android Apps are already available. Still waiting on Blackberry to approve our app, but that will not stop us from launching our very exciting new citizen engagement tool, "West Chester Connect" next month! Stay tuned for exciting details!
West Chester Connect in the Windows Phone Store! |
The mission of “West Chester Connect” is to provide enhanced communication between our community and our staff. Work Orders that are reported through “West Chester Connect” shall be handled in the same professional manner as service requests made by telephone, walk-in or email.
Work Orders shall be completed in a timely and professional manner at all times. It should be understood that anyone can access any work order filed through “West Chester Connect”.
Citizens who submit work orders have the ability to receive “push notifications” on their mobile device as the work order is processed.
Work Orders completed through “West Chester Connect” are a public record and shall be handled in the most efficient manner possible.
The Borough of West Chester is committed to utilizing technology whenever possible in order to improve engagement and involvement between the members of our community and our government.
Thursday, June 20, 2013
Foundations Summer Preparation Tips For Parents and Students
Bible
Search out, display, and memorize scriptures as your family "mottos" on topics like diligence for the year ahead. You
may wish to get a gentle "jump start" on the long scripture passages recommended for memorization in the year ahead.
English Grammar
Work lightly through an English text that is grade level appropriate for each (or all) of your Foundations children, to prepare them for certain terminology to be introduced in our memory work. Do grammar exercises aloud or written.
Geography
Familiarize your children with globes and maps with fun activites, use directions on the map, explore water and land masses, and begin tracing/drawing locations, so this is not a challenge when it is introduced in Foundations.
History
Read together a history series that covers the topics for the upcoming cycle, such as The Story of the World, to gain an "big picture" understanding, so that more detailed reading/projects/studies can take place at home, throughout the academic year, as the new memory work is introduced each week. Movies may be incorporated, as well as field trips, or other projects, to begin to provide "learning pegs" even before the history facts are introduced, and then memorized.
Latin
You may wish to begin to work through Latin's Not So Tough beginner levels, Latin for Children, or another elementary Latin program, to familarize your students with the Latin, (but this is not a requirement of the Foundations program).
Math
Introduce or review the Multiplication Tables, plus the cubes and squares, especially if your children are new to them.
Science
Spend lots of time outside playing in nature. Read books including some science topics covered in the upcoming cycle.
Timeline
Organize and preview the timeline cards and begin to read through the information provided on the back of the cards. This is one of the most challenging subjects for some families to "keep up" with, so a "gentle start" can be helpful here. Read books and view movies/documentaries on some of the history topics covered in the timeline cards, as there will not be sufficient time for all of the world events to be studied weekly, at this level of detail, during the busy school year.
Pink Floyd Invades Spotify
A month or so ago my son was praising the merits of the internet music service, Spotify. I checked it out and there is a lot to like about it but I had a couple of problems with it.
You can now enjoy the entire awesome Pink Floyd catalog on Spotify. |
1. Although there is a free version of this - you can not listen to Spotify on mobile devices without paying $9.99 per month. That is too expensive for me, especially since I already am a subscriber to Sirius/XM Radio.
2. My son went on about the massive song selection, however I found that there was almost no Pink Floyd there. This was a big problem for me.
Meanwhile, shortly after I checked out and gave up on Spotify my favorite rock group Pink Floyd gave the green light to Spotify to host the band's entire catalog. Why did the greatest rock band ever formed do this? Well apparently Pink Floyd announced earlier this month that it would resist releasing its music on Spotify until the 1975 classic "Wish You Were Here" hit 1 million streams.
You can check out Spotify at www.spotify.com.
Now I have a decision to make....
NASA Seeks Your Help
On Tuesday, June 18, 2013 NASA announced an Asteroid Grand Challenge that solicits the public’s help in proposing asteroid-wrangling strategies for the agency’s Asteroid Initiative.
"NASA already is working to find asteroids that might be a threat to our planet, and while we have found 95 percent of the large asteroids near the Earth's orbit, we need to find all those that might be a threat to Earth," said NASA Deputy Administrator Lori Garver, in a press release. "This Grand Challenge is focused on detecting and characterizing asteroids and learning how to deal with potential threats. We will also harness public engagement, open innovation and citizen science to help solve this global problem.".
Throughout recorded history there have been hundreds of Earth impacts with many of these occurrences causing death and destruction. Of course the one we are think of is the one that took out the dinosaurs 65 million years ago. There is some recent evidence that perhaps it was actually a comet that ruined everything for the dinosaurs, but even if was a comet - it was big - and it was from space.
NASA seems too be on edge about asteroid strikes these days - and with good reason. Here are just some of the recent events if you missed them:
1908 - This is one of the most infamous events in modern times. The explosion of an asteroid of Siberia, Russia destroyed 80 million trees in a remote region.
1913 - A ship was destroyed when it was struck by a meteorite while sailing between Sydney and South America.
1954 - The first recorded case of a human being injured from space rocks occurred on November 30, in Alabama.
1972 - A meteorite which ranged in size from a house to a car was filmed over the Rocky Mountains. Luckily the rock was reduced in size enough as it travelled through the atmosphere (photo below), otherwise the impact could have been a Hiroshima type event.
2000 - A fireball exploded over the city of Whitehorse in the Canadian Yukon lighting up the night sky. The space rock that exploded was estimated to weigh about 180 tons.
2007 - On September 15, a chondritic meteor crashed near the village of Carancas in southeastern Peru near Lake Titicaca, leaving a water-filled hole (photo below) and spewing gases across the surrounding area. Many residents became ill, apparently from the noxious gases shortly after the impact.
2007 - On October 7, a meteroid labeled 2008 TC3 was tracked for 20 hours as it approached Earth and as it fell through the atmosphere and impacted in Sudan. This was the first time an object was detected before it reached the atmosphere and hundreds of pieces of the meteorite were recovered from the Nubian Desert.
2013 - On February 15 an asteroid entered Earth's atmosphere (photo below) over Russia as a fireball and exploded above the city of Chelyabinsk during its passage through the Ural Mountains region. The object's air burst occurred at an altitude between 19 and 31 miles above the ground. About 1,500 people were injured, mainly by broken window glass shattered by the shock wave.
These are just a small amount of the countless documented collisions between space debris and the Earth. The problem we have is that NASA's mission has been seriously damaged by recent cuts to it's budget. In addition there are actually some things that NASA could do if a space rock was observed hurtling toward our planet, however there simply is not the money to monitor the space in a way that we should be, especially considering we are living in the 21st century and that we landed on the Moon 44 years ago.
You can learn more about NASA's Asteroid Initiative here.
"NASA already is working to find asteroids that might be a threat to our planet, and while we have found 95 percent of the large asteroids near the Earth's orbit, we need to find all those that might be a threat to Earth," said NASA Deputy Administrator Lori Garver, in a press release. "This Grand Challenge is focused on detecting and characterizing asteroids and learning how to deal with potential threats. We will also harness public engagement, open innovation and citizen science to help solve this global problem.".
Throughout recorded history there have been hundreds of Earth impacts with many of these occurrences causing death and destruction. Of course the one we are think of is the one that took out the dinosaurs 65 million years ago. There is some recent evidence that perhaps it was actually a comet that ruined everything for the dinosaurs, but even if was a comet - it was big - and it was from space.
NASA seems too be on edge about asteroid strikes these days - and with good reason. Here are just some of the recent events if you missed them:
1908 - This is one of the most infamous events in modern times. The explosion of an asteroid of Siberia, Russia destroyed 80 million trees in a remote region.
1913 - A ship was destroyed when it was struck by a meteorite while sailing between Sydney and South America.
1954 - The first recorded case of a human being injured from space rocks occurred on November 30, in Alabama.
1972 - A meteorite which ranged in size from a house to a car was filmed over the Rocky Mountains. Luckily the rock was reduced in size enough as it travelled through the atmosphere (photo below), otherwise the impact could have been a Hiroshima type event.
2000 - A fireball exploded over the city of Whitehorse in the Canadian Yukon lighting up the night sky. The space rock that exploded was estimated to weigh about 180 tons.
2007 - On September 15, a chondritic meteor crashed near the village of Carancas in southeastern Peru near Lake Titicaca, leaving a water-filled hole (photo below) and spewing gases across the surrounding area. Many residents became ill, apparently from the noxious gases shortly after the impact.
2007 - On October 7, a meteroid labeled 2008 TC3 was tracked for 20 hours as it approached Earth and as it fell through the atmosphere and impacted in Sudan. This was the first time an object was detected before it reached the atmosphere and hundreds of pieces of the meteorite were recovered from the Nubian Desert.
2013 - On February 15 an asteroid entered Earth's atmosphere (photo below) over Russia as a fireball and exploded above the city of Chelyabinsk during its passage through the Ural Mountains region. The object's air burst occurred at an altitude between 19 and 31 miles above the ground. About 1,500 people were injured, mainly by broken window glass shattered by the shock wave.
These are just a small amount of the countless documented collisions between space debris and the Earth. The problem we have is that NASA's mission has been seriously damaged by recent cuts to it's budget. In addition there are actually some things that NASA could do if a space rock was observed hurtling toward our planet, however there simply is not the money to monitor the space in a way that we should be, especially considering we are living in the 21st century and that we landed on the Moon 44 years ago.
You can learn more about NASA's Asteroid Initiative here.
Microsoft's Bounty Program
Microsoft is following in the footsteps of Google, Facebook, and Mozilla by finally implementing a bug bounty program. These programs have helped Google and Mozilla create very competitive internet browsers which of course have been stealing market share away from Microsoft's Internet Explorer for years.
Starting on June 26, Redmond will kick off three bounty programs for exploits related to Windows 8.1 and Internet Explorer 11. Those who manage to crack Microsoft's programs can collect up to $100,000 in reward money.
These programs will allow Microsoft to reward work by researchers and improve the security of their software — all to the benefit of consumers.
The three programs include:
Mitigation Bypass Bounty: Earn up to $100,000 for an exploit against Microsoft's upcoming Windows 8 update, Windows 8.1.
BlueHat Bonus for Defense: Earn up to $50,000 "for defensive ideas that accompany a qualifying Mitigation Bypass submission," Microsoft said.
Internet Explorer 11 Preview Bug Bounty: Earn up to $11,000 for vulnerabilities on IE11 within Windows 8.1.
Microsoft did not set a hard deadline for the first two programs, but participants have 30 days, or until July 26, to uncover a bug within IE11.
The highest rewards will be given to those who demonstrate the ability of the exploit to bypass Microsoft's security layers.
Aside from offering heaps of cash to researchers, the three researcher-focused programs "will also help to fill gaps in the current marketplace and enhance our relationships within this invaluable community, all while making our products more secure for our customers," Mike Reavey, senior director of the Microsoft Security Response Center, said in a statement.
This move marks Microsoft's first step into the world of bug bounties which their competitors have been using for years. I expect Microsoft's Internet Explorer to improve as a result of this new program. I just wish they had done this years ago.
Starting on June 26, Redmond will kick off three bounty programs for exploits related to Windows 8.1 and Internet Explorer 11. Those who manage to crack Microsoft's programs can collect up to $100,000 in reward money.
These programs will allow Microsoft to reward work by researchers and improve the security of their software — all to the benefit of consumers.
The three programs include:
Mitigation Bypass Bounty: Earn up to $100,000 for an exploit against Microsoft's upcoming Windows 8 update, Windows 8.1.
BlueHat Bonus for Defense: Earn up to $50,000 "for defensive ideas that accompany a qualifying Mitigation Bypass submission," Microsoft said.
Internet Explorer 11 Preview Bug Bounty: Earn up to $11,000 for vulnerabilities on IE11 within Windows 8.1.
Microsoft did not set a hard deadline for the first two programs, but participants have 30 days, or until July 26, to uncover a bug within IE11.
The highest rewards will be given to those who demonstrate the ability of the exploit to bypass Microsoft's security layers.
Aside from offering heaps of cash to researchers, the three researcher-focused programs "will also help to fill gaps in the current marketplace and enhance our relationships within this invaluable community, all while making our products more secure for our customers," Mike Reavey, senior director of the Microsoft Security Response Center, said in a statement.
This move marks Microsoft's first step into the world of bug bounties which their competitors have been using for years. I expect Microsoft's Internet Explorer to improve as a result of this new program. I just wish they had done this years ago.
Wednesday, June 19, 2013
Office 365 Arrives @ Apple - Sort Of
Timing is everything. We here at the Borough of West Chester have been in Microsoft's (email) cloud for over 2 years now and in fact just a couple weeks ago we were upgraded to Microsoft 365. This week after more than a year of rumors, Microsoft has finally released a version of its Office suite for the iPhone (yes the iPhone). If you use an iPhone you can now access Office 365 from your smartphone.
The app, available for subscribers of Office 365, includes iPhone versions of Word, Excel, and PowerPoint, which will allow you to create, edit, and update all of your documents and sync them with Microsoft's SkyDrive cloud storage service.
However the app is currently only being offered for the iPhone, not the iPad. You can get around this somewhat by searching in the store for it on your iPad but selecting iPhone apps. Once downloaded you will need to increase the size (2x) to fill your screen. Until a true iPad app is available this is the only option if you want to access your Office 365 account on your iPad.
Here is How to Setup Office 365 on Your iPhone or iPad
1. Search for Office 365 in the app store. If you are using an iPad make sure to select "iPhone Apps" or you will not see it. The app is free so there is no reason not to install it - if you have an Office 365 account.
2. Once downloaded slide through the short tutorial and at the end you will be promoted to log into to your account. Select "I have an Office 365 subscription" and enter your email address to activate Office.
3. It will then ask you what type of account you have. Select "Organizational Account".
4. Once completed you will have access to any documents you have saved in SkyDrive or SharePoint.
5. If you have an additional Skydrive account you can add it by selecting the "Open" folder and choosing Add a Place.
With Microsoft now selling Office 365 as a subscription service to consumers I am sure a true iPad app as well one for Android devices is around the corner as well. Stay tuned.
Office 365 in the iPhone App Store! |
The app, available for subscribers of Office 365, includes iPhone versions of Word, Excel, and PowerPoint, which will allow you to create, edit, and update all of your documents and sync them with Microsoft's SkyDrive cloud storage service.
However the app is currently only being offered for the iPhone, not the iPad. You can get around this somewhat by searching in the store for it on your iPad but selecting iPhone apps. Once downloaded you will need to increase the size (2x) to fill your screen. Until a true iPad app is available this is the only option if you want to access your Office 365 account on your iPad.
Here is How to Setup Office 365 on Your iPhone or iPad
1. Search for Office 365 in the app store. If you are using an iPad make sure to select "iPhone Apps" or you will not see it. The app is free so there is no reason not to install it - if you have an Office 365 account.
2. Once downloaded slide through the short tutorial and at the end you will be promoted to log into to your account. Select "I have an Office 365 subscription" and enter your email address to activate Office.
3. It will then ask you what type of account you have. Select "Organizational Account".
4. Once completed you will have access to any documents you have saved in SkyDrive or SharePoint.
5. If you have an additional Skydrive account you can add it by selecting the "Open" folder and choosing Add a Place.
With Microsoft now selling Office 365 as a subscription service to consumers I am sure a true iPad app as well one for Android devices is around the corner as well. Stay tuned.
Monday, June 17, 2013
Teach Them Diligently Conference in Oaks, PA!
Ken Hamm is the featured speaker in Philadelphia.
Visit teachthemdiligentlymarketplace.com for more information...
Ken Hamm is the featured speaker in Philadelphia.
Visit teachthemdiligentlymarketplace.com for more information...
|
Friday, June 14, 2013
Securing Your Mobile Devices
Our mobile devices (smartphones and tablets) are becoming a bigger and more important part of our daily lives everyday. Because of this security concerns are growing and becoming more complex as well. I have written about this before and I am sure I will again as security concerns continue to impact how we use these devices.
The threat to our mobile devices is especially challenging because our smartphones are always connected, and they carry personal data, as well as being equipped with cameras, microphones, and positioning device. Because there are many built-in devices options their operating systems and apps complex. All of this adds up to increasing the way that cybercriminals can take advantage of any security holes.
Here are some things you can do to protect yourself in respect to your mobile devices.
Be careful when “checking in” on social sites: This is one of my personal weaknesses. I love to check in so that my friends can know what I am going. This is because Facebook, FourSquare and other geo-location programs are fun and sometimes you can score some deals for “checking in” at locations. However you should to be cautious of letting people know where you are – especially if you’re away from home.
Don’t remember your passwords: Don’t set user name and passwords to be remembered in your mobile browser or in apps and make sure you always log out of accounts when you access them.
Be careful what you share: Yes it’s fine to stay in touch with our friends and family via social networks, but be careful what you share. Even if your privacy settings are set to only let your friends see the information, it’s best to take the approach that once something is online, it lives forever. Think if you’re really ok with your grandmother or boss to see that update, picture or video.
Don’t text or email personal information: While this might seem pretty basic, we may find we need to share credit card numbers or personal details with another person. But this should be done via a secure site or app or use your mobile’s other function (the phone itself - voice call). Emails and texts can be intercepted and then your information can fall into the wrong hands.
Always remember that legitimate organizations like banks will not ask you to text personal details!
Turn off your Bluetooth: If you’re not using this connection, it’s best to turn it off. Not only will this help save your battery life, but it prevents hackers from accessing your device through this technology.
The threat to our mobile devices is especially challenging because our smartphones are always connected, and they carry personal data, as well as being equipped with cameras, microphones, and positioning device. Because there are many built-in devices options their operating systems and apps complex. All of this adds up to increasing the way that cybercriminals can take advantage of any security holes.
Here are some things you can do to protect yourself in respect to your mobile devices.
Be careful when “checking in” on social sites: This is one of my personal weaknesses. I love to check in so that my friends can know what I am going. This is because Facebook, FourSquare and other geo-location programs are fun and sometimes you can score some deals for “checking in” at locations. However you should to be cautious of letting people know where you are – especially if you’re away from home.
Don’t remember your passwords: Don’t set user name and passwords to be remembered in your mobile browser or in apps and make sure you always log out of accounts when you access them.
Be careful what you share: Yes it’s fine to stay in touch with our friends and family via social networks, but be careful what you share. Even if your privacy settings are set to only let your friends see the information, it’s best to take the approach that once something is online, it lives forever. Think if you’re really ok with your grandmother or boss to see that update, picture or video.
Don’t text or email personal information: While this might seem pretty basic, we may find we need to share credit card numbers or personal details with another person. But this should be done via a secure site or app or use your mobile’s other function (the phone itself - voice call). Emails and texts can be intercepted and then your information can fall into the wrong hands.
Always remember that legitimate organizations like banks will not ask you to text personal details!
Turn off your Bluetooth: If you’re not using this connection, it’s best to turn it off. Not only will this help save your battery life, but it prevents hackers from accessing your device through this technology.
Thursday, June 13, 2013
Microsoft Stores Are Coming!
In news that continues Microsoft's attempt to capture more of the tablet and smartphone market Microsoft Corp. and Best Buy Co. Inc. today announced a strategic partnership to create the Windows Store only at Best Buy. The comprehensive store-within-a-store will be in 500 Best Buy locations across the United States.
Ranging in size from 1,500 square feet to 2,200 square feet, the Windows Store will be the premier destination for consumers to see, try, compare and purchase a range of products and accessories, including Windows-based tablets and PCs, Windows Phones, Microsoft Office, Xbox, and more. Each store will feature an innovation space highlighting a variety of Windows scenarios across devices; a showcase section with the latest Windows-based PC form factors such as ultrabooks, convertibles, detachables and all-in-ones — including portable devices; and a standalone area featuring Microsoft Surface.
Microsoft stated that "The Windows Store offers a large-scale, hands-on customer experience that will show customers how Windows and Microsoft devices and services can make it easier for them to work and play," said Tami Reller, chief marketing officer and chief financial officer of the Windows Division at Microsoft. "We're pleased to partner with Best Buy in bringing the latest technologies to consumers at scale in a unique environment where they can explore how Microsoft products fit together across entertainment, travel, music and other scenarios."
What does all this mean? Although Microsoft has stumbled recently with some of their decisions regarding Xbox One they realize one thing. Their presence must be established in the retail market and consumers must be provided the opportunity to try out their products if there is any real hope of Microsoft gaining market share in the tablet, smartphone and gaming markets.
Microsoft is about to invade space at Best Buy stores in the USA & Canada. |
Microsoft stated that "The Windows Store offers a large-scale, hands-on customer experience that will show customers how Windows and Microsoft devices and services can make it easier for them to work and play," said Tami Reller, chief marketing officer and chief financial officer of the Windows Division at Microsoft. "We're pleased to partner with Best Buy in bringing the latest technologies to consumers at scale in a unique environment where they can explore how Microsoft products fit together across entertainment, travel, music and other scenarios."
What does all this mean? Although Microsoft has stumbled recently with some of their decisions regarding Xbox One they realize one thing. Their presence must be established in the retail market and consumers must be provided the opportunity to try out their products if there is any real hope of Microsoft gaining market share in the tablet, smartphone and gaming markets.
Wednesday, June 12, 2013
Apple Mirrors Windows 8 Phone?
It looks to me that Apple has moved closer to Microsoft’s design with it's just announed iO7. Apple's upcoming new operating system looks in many ways to have duplicated some of the design elements of Microsoft's Windows phone. Microsoft is working hard to become a serious player in the mobile market. And recent market data suggest that, Windows Phone has grown from about 3% to about 6% in market share. This may seem small, however in a world where Android and Apple dominate and considering where Microsoft was only a year ago there is reason to hope that we won't be forced to live in a mobile world controlled by only two mobile operating systems.
Even if Microsoft could take some weird pride in the fact that Apple may have actually copied elements of their design there can be no resting on their laurels. Microsoft's Windows 8 operating system in many ways is superior to Apple and Android, and Apple's new iO7 demonstrates that clearly.
However Microsoft must continue improving it's App store if there is any hope of hitting double digits in market share. The shame of it is that many of the Windows 8 Phone apps when compared directly to Android or Apple really shine and stand-out. However I hope that Microsoft can grow it's App store.... and soon.
Microsoft is also obviously aware of this "app problem' because it has been rumored that they (Microsoft) have been offering $100,000 or more to companies that will build Windows Phone apps. All told, Microsoft has 145,000 apps and games today. That includes 48 of the top 50 most downloaded, though it still lacks versions of some very popular services such as Sirius Radio, Tivo, LogmeIn, Pinterest and Instagram. If Microsoft is truly offering financial compenstation to software vendors it demonstrates that they (Microsoft) are indeed serious about remaining in the mobile game for a long time.... which is good news for everyone. Yes even for those still attached to their Apple or Android. This is because the result of Microsoft remaining in the game will force competition and that in turn inspires innovation.
Monday, June 10, 2013
Don't Let Social Media Ruin TV & Film
As you know - if you are a dedicated reader that is, I really enjoyed the new Star Trek movie. In fact I mentioned that there were at least 3 real surprises to me during the movie. I had to work really hard to keep myself sheltered from Trek news and movie spoilers for almost an entire year. This was a very difficult task, considering how connected we are all and that everything these days can appear on twitter and Facebook seconds after it has occurred.
My efforts to remain in the dark (pun intended), for "Star Trek Into Darkness" got me thinking about how social media can serious hurt our enjoyment of TV & film.
For example last night HBO aired the season finale of Game of Thrones which resulted in millions of tweeters obviously saying, “Finally! We can talk about this massive event!”
Except not everyone watched the show when it aired. And in the fine tradition those with DVR's or with subscriptions to HBO GO took to social media last night to beseech their friends, acquaintances, or random people on their Twitter feed to please, please, please not talk about the show. And in another fine Internet tradition, people immediately took exception to being told what to do online and began arguing about it.
Riveting television shows, divergent TV viewing schedules, and Internet “discussions” dominated by people who can’t go to bed because someone is wrong are not going to go away. But you don’t have to be sucked into the madness, or suffer spoilers on your favorite TV shows.
Read on for some suggestions on how to avoid the spoiler aspects of social media.
On average spoilers last about one week for movies, and considerably less for TV. What this means is that spoilers will appear on social medial sites very quickly once the TV show or movie has aired. The tweeting for a new movie can go on for a week after premiering and a day or so after a TV episode has aired.
The best way to avoid spoilers on social media is to forsake the social dimension of watching TV, and go offline until you’ve had a chance to catch up. I know this is difficult but it can pay off especially for shows like Game of Thrones & Mad Men.
However, sometimes your job requires you to check in regularly on social media or you just can't help yourself. Even then, the responsibility is still on you to filter out or screen content that you don’t want to see. You can do this by unfollowing people on Facebook or Twitter, hiding people on Facebook, sorting your Twitter feed into lists of people talking about pop culture versus those who don’t, or hiding tweets based on hashtags. Third-party Twitter applications will usually let you create filters that block out specific hashtags.
If all this seems like a lot of work simply do what I did with "Star Trek into Darkness". Whenever you stumble upon comments regarding the episodes of shows you have not watched, stop, don't read the post and move on quickly. This self control can be difficult I admit but it is the most sure way to not spoil your favorite TV shows or upcoming movies.
Finally you must accept the new spoiler situation. Know that filtering by hashtag or blocking streams only works if other people are playing by the rules—and, as we all know, enforcing any rules online is a loser’s bet. Also accept that you will get hit by stray spoilers in any social media space. So find something else to read if the comments are discussing a TV show or movie you have not seen yet.
My efforts to remain in the dark (pun intended), for "Star Trek Into Darkness" got me thinking about how social media can serious hurt our enjoyment of TV & film.
For example last night HBO aired the season finale of Game of Thrones which resulted in millions of tweeters obviously saying, “Finally! We can talk about this massive event!”
Except not everyone watched the show when it aired. And in the fine tradition those with DVR's or with subscriptions to HBO GO took to social media last night to beseech their friends, acquaintances, or random people on their Twitter feed to please, please, please not talk about the show. And in another fine Internet tradition, people immediately took exception to being told what to do online and began arguing about it.
Riveting television shows, divergent TV viewing schedules, and Internet “discussions” dominated by people who can’t go to bed because someone is wrong are not going to go away. But you don’t have to be sucked into the madness, or suffer spoilers on your favorite TV shows.
Read on for some suggestions on how to avoid the spoiler aspects of social media.
On average spoilers last about one week for movies, and considerably less for TV. What this means is that spoilers will appear on social medial sites very quickly once the TV show or movie has aired. The tweeting for a new movie can go on for a week after premiering and a day or so after a TV episode has aired.
The best way to avoid spoilers on social media is to forsake the social dimension of watching TV, and go offline until you’ve had a chance to catch up. I know this is difficult but it can pay off especially for shows like Game of Thrones & Mad Men.
However, sometimes your job requires you to check in regularly on social media or you just can't help yourself. Even then, the responsibility is still on you to filter out or screen content that you don’t want to see. You can do this by unfollowing people on Facebook or Twitter, hiding people on Facebook, sorting your Twitter feed into lists of people talking about pop culture versus those who don’t, or hiding tweets based on hashtags. Third-party Twitter applications will usually let you create filters that block out specific hashtags.
If all this seems like a lot of work simply do what I did with "Star Trek into Darkness". Whenever you stumble upon comments regarding the episodes of shows you have not watched, stop, don't read the post and move on quickly. This self control can be difficult I admit but it is the most sure way to not spoil your favorite TV shows or upcoming movies.
Finally you must accept the new spoiler situation. Know that filtering by hashtag or blocking streams only works if other people are playing by the rules—and, as we all know, enforcing any rules online is a loser’s bet. Also accept that you will get hit by stray spoilers in any social media space. So find something else to read if the comments are discussing a TV show or movie you have not seen yet.
Subscribe to:
Posts (Atom)