admin

admin

Hi I educated in the U.K. with working experienced for 18 years in multinational companies, As an IT Manager and IT Instructor, I am attached with certkingdom.com here they provide IT exams study material, the study materials included exams Q&A with Explanation, Study Guides, Training Labs, Exams Simulations, Training Videos, etc. for certification like MCSE 2003 Training, MCITP Training, http://www.certkingdom.com, CCNA exams preparation, CompTIA A+ Training, and more Certkingdom.com provide you the best training 100% guarantee. “Best Material Great Results”

Home page: http://www.certkingdom.com

Posts by admin

2015 to test Microsoft’s resolve and execution

It’s put-up or shut-up time for Windows, devices and mobile, say analysts

Microsoft faces not only its 40th anniversary in 2015, but a host of challenges that will define it for years to come, analysts said today.

The company, which is in the midst of a strategic do-over after switching CEOs and admitting that its earlier approach to the explosion of mobile wasn’t working, has a hard row to hoe, experts said.
MORE ON NETWORK WORLD: 10 (FREE!) Microsoft tools to make admins happier

“Next year is also the 20th anniversary of Windows 95,” noted Wes Miller of Directions on Microsoft. “Remember that? People stood in line to get Windows 95. Everyone was excited. That’s the big deal for 2015, whether Microsoft can reinvigorate the consumer ecosystem.”

Mobile matters

Because “consumer” is now synonymous with mobile, and because Microsoft has thus far failed to make meaningful inroads into the mobile device market — its Windows Phone powered an estimated 3% of the smartphones shipped this year, while Windows tablets accounted for 5% of 2014’s total, said IDC — Microsoft’s reinvigoration will be difficult.

forecast 2015

“They’re the canary in the coal mine,” said Miller of Windows smartphones and tablets. Without a play in mobile devices, Microsoft’s Windows operating system risks, if not irrelevance, then at least diminished importance for consumers. “Windows as an end-point [OS] then gets shoved into the background,” Miller added.

And that’s not good.
Microsoft has touted the next iteration, Windows 10, which is slated to ship in the fall of 2015, as the answer to its mobile problems. More than anything else, it’s stressing what it calls “Universal” apps, which thanks to a continued merging of the code base, will let developers recycle an application’s core, wrapping it with the user interface (UI) appropriate to each device.

Universal apps, Microsoft has argued, will boost the number of apps available to Windows on mobile, including phones and tablets, energize the developer community and put Windows back on firmer footing to take on the two mobile monsters, Android and iOS.

“I’m not sure that’s the answer [to Microsoft’s problems], but it is their answer,” said Miller. “I’m just not sure it will work out.”

Windows 10, front and center
To Jan Dawson, principal analyst at Jackdaw Research, Windows 10 is the biggest challenge Microsoft faces for 2015. “The single greatest test [in 2015] may be whether Microsoft can successfully charge large amounts of money for a new operating system to consumers and still see significant uptake,” said Dawson in a piece published Monday on Tech.pinions (subscription required).

In an interview, Dawson expanded on his thinking.
“Microsoft has a huge installed base on Windows,” Dawson said, “and the test will be upgrading this installed base to Windows 10.” At least on the consumer side; nothing will dislodge Windows specifically, and Microsoft generally, from the enterprise. “Microsoft’s enterprise business is harder to disrupt in the long term. They’re ultimately going to upgrade, so Microsoft will retain those customers.”

Microsoft’s ability to keep consumers in its fold will be iffier, Dawson said, agreeing with Miller that mobile will be a crucial challenge for the Redmond, Wash. company in 2015. “The reality is that consumers are not choosing Microsoft for mobile. They’re not choosing what Microsoft is making or its OEMs are making,” Dawson said. And that has had, and will continue to have, a knock-on effect for consumers and Windows PCs, as it makes moot going all-in on Microsoft.

“Why would I choose an all-Microsoft portfolio?” Dawson asked rhetorically.

But Dawson returned to Windows 10 as a touchstone for 2015, calling it and Microsoft’s pricing and upgrade decisions “symbolic of all the challenges facing Microsoft.”

Microsoft is the one major operating system maker that continues to charge for its OS. While it has discarded fees for all smartphones, many tablets and some notebooks, there’s no intention to expand that across the board, the firm’s chief operating officer said earlier this month.

Perhaps. But Dawson said Microsoft faces a decision this year. “Can they maintain Windows as a source of profit and revenue?” Dawson wondered. He didn’t think so, not for consumers, and expected Microsoft to take additional steps in 2015 to lower or eliminate the price of the OS to OEMs and users alike.

Patrick Moorhead, principal analyst with Moor Insights & Strategy, went a different direction than Miller or Dawson when asked to tap Microsoft’s biggest challenge in 2015.

Enterprise, enterprise, enterprise
Rather than worry about consumers, Microsoft should instead focus on the enterprise, where it’s more or less guaranteed revenue, said Moorhead. “What’s their play in the public-private cloud?” asked Moorhead. “They’ve made good strides to move Microsoft code from on-premises to the public cloud, but they haven’t made much progress on Open Stack.”

Open Stack is an open-source cloud computing platform that many enterprises have adopted to create private cloud services or run hybrid implementations blending both public and private. Microsoft’s answer to Open Stack is its Azure platform.

Next year will be important, the analysts agreed. How important, though, remains unclear. This won’t be the first time outsiders have called the coming months critical for the company: In 2011 and 2012, much of the same commentary focused on Windows 8. And even though that OS failed to meet Microsoft’s expectations, the firm survived, even thrived.

“These companies are far more resilient than most people give them credit for,” said Dawson. “In a devices-based business, it’s possible to have a rapid implosion of a company, as happened to Nokia, Motorola, and now maybe Samsung. But this is not the devices business.”

Still, Microsoft will be on the spot in 2015. “This year, [Satya] Nadella laid out in words Microsoft’s strategy,” Dawson said. “But those words were very general words. What do they actually mean? Next year must be much more about execution from Nadella.”

Miller had high hopes for that execution, in large part because Microsoft will upgrade not only Windows and another of its big money makers, Office, but will refresh most of the rest of its on-premises portfolio.

“Look at how many products they’re going to ship in 2015,” Miller pointed out. “That will pique people’s interest.”


 

 


Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com

How to get the most out of your IT talent

Finding ways to make your staff more efficient.

As the spotlight on cost reduction has dimmed, IT has picked up plenty of new directives: to deliver business agility, drive innovation, and increase its value to the business, to name a few. Yet at the same time, IT remains responsible for all the tactical and operational activities it has always performed, such as keeping systems running, delivering new capabilities, and securing intellectual property and corporate data.

For CIOs and IT leaders, the management challenge is how to help IT employees break the tactical habit and use their strategic skills more effectively. We asked for advice from three tech professionals with different perspectives on IT talent. Their expertise can help IT leaders who want their teams to work smarter and be more engaged. Some of the tactics can be adopted without a lot of investment, while others require outside help or more significant cultural overhauls.

Before/after coffee tasks

Time management is a logical place to start. A capable leader can help his team make time for higher-level tasks that will increase the value of IT to the business. But good IT leaders require cultivation.

“Most IT professionals are what I call accidental managers,” says Eric Bloom, a former CIO and current president of Manager Mechanics, which specializes in helping companies develop IT leadership talent. Many IT managers were promoted because they were good at their former jobs – even though their new jobs might have little to do with their past experience.
“Most IT professionals are what I call accidental managers.”

Eric Bloom, a former CIO and current president of Manager Mechanics
“Hey, you’re the best techie, congratulations,” Bloom says. “You didn’t go to school to learn what we’re going to ask you to do. All of the things you did that made you such a star employee and made us want to promote you — none of that is applicable to what we’re going to ask you to do. And, the job opened because we promoted someone into the job last year, with a skill set somewhat like yours, but they failed miserably and we had to fire them. Welcome to management.”

New IT managers have to adjust to a role of delegating vs. building. “Your creativity comes in maximizing the efficiency of those working for you,” Bloom says.

One delegation technique Bloom has devised is what he calls zone-based staff prioritization. It’s built around the idea of being in the zone – when people know what needs to be done, aren’t distracted, and are motivated to complete a task, they can be more productive, more innovative, and do a better job. “Sometimes people are at their best. Sometimes they’re alert but not creative. Sometimes they can do things but they’re not really open to challenge. And sometimes, there are things they can do as long as they’re not asleep or semi-comatose,” Bloom says.

Bloom’s technique aims to prioritize people’s to-do lists by zone levels, with the most strategic tasks being tackled when people are performing at their highest.

“When they’re at the top of their game, they should be doing software development, writing business cases, developing project plans, and things like that. If they’re alert but not really creative, they could be doing project plan vs. actual tracking, or writing status reports,” Bloom says. “If they’re not really up for a mental challenge, they can be returning routine emails, reviewing their spam folder, completing expense reports. If they’re basically not sleeping, then they can clean their office, file things, delete old email.”

If managers can give their staff a range of assignments, and teach them this technique, then people can figure out how to plan their day, based on what zone they’re in. “IT people can be more efficient if they use zone-based priorities,” Bloom says.
Cross-training and speed dating

Keeping up with the pace of change in tech is an ongoing challenge.
Chad Cardenas, chief innovation officer at Trace3, talks about the need to cross-train tech talent in multiple disciplines so companies can better handle shifting business requirements. Cross-training can shake up the status quo and also help with retention of employees who appreciate the chance to learn new skills.

“Engineers come from different backgrounds, have different skill sets and areas of expertise. Typically, they will get trained up and inserted within that particular wheelhouse of expertise that they already have,” Cardenas says. “That’s a challenge for a lot of companies: to break down those silos of engineering prowess and get their engineers cross-trained across multiple disciplines, so they can be more efficient, more powerful, and more valuable to the organization.”

Trace3 offers a training program called ScaleThem that helps clients pinpoint their business challenges and then develops a customized education program, including road maps for each team member.

Like many of its offerings, Trace3’s training programs grew out of the firm’s own transformation, over the past several years, from a traditional value-added reseller and systems integrator to a professional services firm with an emphasis on business transformation. As the company morphed, it found it had a surplus of storage engineers and not enough big data talent. Instead of recruiting outside the firm, Trace3 gave its storage gurus the chance to train to become data scientists. The engineers were happy, and the business was growing in the right direction.

“You can get way more out of that investment than you could out of consolidating a server environment or buying a cheaper storage solution,” Cardenas says of cross-training technologists. “You’re going to have happier engineers who are more engaged, more aligned to the business.”

Another Trace3 offering aims to help IT leaders stay up to date on the latest technology developments. Through its VC briefing program, Trace3 works with venture capital firms to set up a day of meetings in Silicon Valley, tailored for a CIO or CTO. “We curate and customize the entire agenda for the day, full of venture capital companies, entrepreneurs, and founders of early-stage startups,” Cardenas says. “All of the content and the speakers for the session are selected based on the areas of interest and the business needs of our particular client.”

This “speed dating” approach to innovation can expose IT leaders to players outside the familiar vendor landscape.

Far too often, there’s little time for researching what’s on the horizon amid the day-to-day requirements of IT, Cardenas says. “It’s still shocking to me how, to this day, large IT organizations with thousands of people and a billion-dollar IT budget still don’t have a single person — let alone a dedicated team — responsible for researching new technology and then vetting it and integrating it. It blows my mind.”

Schedule time for creativity

Cambridge Consultants depends on the creativity of its engineers to solve problems for its clients.

“Clients tell us about a problem they’re facing in the marketplace. That might be a competitive threat that they want to respond to, it might be some IP protection that they need to build, or they might be worrying about an expiring patent. We apply technology to solve that problem for them,” says David Bradshaw, a director in the Boston office of the UK-based product development and technology consultancy firm.

One way the firm works to keep its employees energized is through its corporate development program, which allows engineers and scientists to pursue their own project ideas.

“Being a consulting company, we sell our hours to our clients. Obviously we carry a surplus of those hours, and we need to find a productive way of using them. What better way than to let the staff be creative on their own ideas? This gives them an outlet to develop in an area that interests them,” Bradshaw says. “It leads to better retention, because people are working on things that they’re genuinely passionate about. That’s the whole idea of the program.”

The parameters aren’t completely open-ended; the firm tries to find some correlation to what the business is trying to achieve, he says.

“That teaches our people to take some corporate responsibility in these things as well,” Bradshaw says. “So we don’t just get a crazy array of things that we would never be interested in. We tend to get things that are well thought through and are strategically aligned to what we’re trying to do as a business.”

To ensure that people have time to pursue these side projects, it’s built into the company’s annual planning process. The leadership team reserves 5% to 10% of the firm’s overall engineering hours for these activities, even without knowing the focus of the projects.

Over the years, the program has results in more than 20 corporate spinouts. Most recently, a side project resulted in the creation of Aveillant, which was spun out from Cambridge Consultants in 2011. Aveillant’s holographic radar technology — which is being used to control radar inference in the wind energy industry – grew out of work a team was doing to prevent auto collisions. An engineer had an idea for applying the technology in a new area and ran with it.

In addition to boosting employee satisfaction, there are other efficiencies as well, Bradshaw says. “These people are training themselves as they’re doing this work. They’re educating themselves, often going out and finding out about new areas and actually indirectly contributing to the company strategy as these programs are undertaken.”

He credits the firm’s corporate culture with making the program work.

“We have a corporate culture of empowering individuals very early on in their careers. We take great people on, we trust them, and we empower them. That gives people the confidence to have these discussions, to believe they can achieve something, to not be afraid to bring their ideas to a manager or somebody who’s actually then able to make an investment decision based on that. It’s very much an accepted and encouraged part of what we do.”


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Weird science: The 10 oddest tech stories of 2014

Online telepaths, culinary AI, criminal drones — the tech world was full of offbeat surprises this year

Weird science: The 10 oddest tech stories of 2014
Every now and again, strange events from the world of high tech bubble over to the general news cycle and make headlines for a day or two. No doubt these crossover hits favor reports that enforce the general populace’s sentiment that technologists are fringe lunatics with their eyes on our collective future demise. This phenomenon has become more common in recent years as the intersections of technology and pop culture have become busier and more crowded. In 2014, plenty of technology weirdness cycled through the “odd news” section of mainstream media outlets. But for the real connoisseur of weird tech news, there’s a very specific sweet spot.

It concerns those instances in which emerging technology seems to misbehave, wandering to places we don’t anticipate, thereby generating a moment of cognitive dissonance. Here we take a look at 10 of the weirder tech stories of 2014, featuring online telepaths, moonlighting artificial intelligences, and criminal drones. And now, here’s the news….

IBM creates AI foodie chef
Advances in artificial intelligence and cognitive computing continued to make headlines in 2014, with Johnny Depp getting all transcendent and ex-“Jeopardy” champ AI Watson doing on-the-fly Twitter translations and demonstrating its first machine learning API. IBM launched another cognitive computing initiative earlier this year, partnering with the Institute of Culinary Education to create what is essentially a hipster foodie AI chef.

Designed to think, experiment, and learn, the computer chef has generated recipes like Belgian Bacon Pudding, Swiss-Thai Asparagus Quiche, and the deeply disturbing Austrian Chocolate Burrito. The foods, prepared by a team of carbon-based chefs, have been touring around to industry events in the IBM Food Truck — three words that really should never appear in sequence.

3D printer hacked into tattoo machine
“Trypanophobia” is the medical term for fear of needles, and for us dedicated tryanophobes, this may be the scariest tech story of the year. Back in April, a group of psychotic French design students hacked a commercial 3D-printing machine and added, yes, an actual tattoo gun.

Check out the accompanying video and you’ll see that the machine pretty much works how you think it might. A young insane person volunteer sticks his arm into the tattoo machine, whereupon his flesh is inked automatically by the computer-controlled needle, in place of the printer’s original extruder. In case you’re interested in making your own tattoo machine, the team has posted full instructions on the hack at Instructables.

Fans of Franz Kafka will note that “In the Penal Colony” got a little less metaphoric

Robot hitchhikes across Canada
Then there’s the curious case of the Canadian hitchhiking robot. In July, researchers from a pair of Canadian universities deployed hitchBOT onto the highways of the Great White North, where the experimental ‘bot ultimately traveled from Halifax, Nova Scotia, to Victoria, British Columbia — hitchhiking the entire way.

The project was part of a larger research study concerning the utility of social robots and the psychology of human kindness. Using its LED-screen face to petition for rides, hitchBOT made the coast-to-coast trip in 21 days, plugging into cars’ cigarette lighters to recharge, posting videos on social media, and relying on the kindness of strangers. Canada, generally regarded as the planet’s nicest nation-state, may be the only country where this could have worked.

University builds city of robot cars
More from the robotics desk: Back in May, an odd little news story started making the rounds about a fake city sprouting up in southern Michigan. Designed by engineers and robotics researchers at the University of Michigan, the 32-acre simulated city center is intended to be a future home for hundreds of autonomous robots.

Well, sort of. The Mobility Transformation Facility is a test site for the future of automated vehicles and self-driving cars and trucks. Situated only a few dozen miles from the original Motor City of Detroit, the ersatz metropolis will eventually include a four-lane freeway, merge lanes, stoplights, a railroad crossing, and even mechanical bicyclists and pedestrians.

Drug-smuggling drone crashes outside of prison
Probably the single most prevalent tech topic in 2014, drones made for weird news throughout the year — from controversial FAA decisions to eerie footage of Chernobyl to insanely great Halloween projects.

In July, authorities at the maximum security Lee Correctional Institution in South Carolina reported on a new and potentially problematic drone development. It seems someone attempted to fly a small drone loaded with contraband — marijuana, tobacco, and mobile phones — over the walls and into the prison yard. The scheme didn’t work, though. The drone crashed short of the prison walls.

Smartphones are the new plumage
Sometimes the worlds of hard science and social science converge to make news in a weirdo, Venn diagram kind of way. Such was the case in October when researchers at the University of Würzburg in Germany released a report that was both intriguing and entirely predictable. According to the study, men who are single or in uncommitted relationships are more likely to purchase high-end smartphones than other men.

The phones are a mating signal of sorts, the researchers conjecture, intended to communicate that the bearer of the phone has sufficient resources to provide for potential partners. “Studies have suggested that, as part of short-term mating strategies, men are particularly willing to engage in conspicuous consumption to attract mates,” according to the research abstract. The full report will be published early next year in the prestigious quarterly journal Incredibly Obvious Things We Get Paid to Quantify.

Scientists test Internet telepathy
Another odd trend in 2014 involved news stories about an emerging kind of online telepathy — really. In November, researchers at the University of Washington sent direct brain-to-brain transmissions over the Internet in which one test subject was able to move the hand of another, simply by thinking about it.

In a similar study back in August, scientists from several different countries employed Internet-linked neural devices to essentially broadcast one person’s thoughts to other people around the world. The single-word thoughts (like “hola” and “ciao”) were detected by electroencephalogram units, translated into binary code, then reassembled in the receivers’ brains by way of transcranial magnetic stimulation technology.

Google Glass app promises brainwave control
In yet another variation on the theme, an intriguing open source app surfaced over the summer that — in terms of strict dictionary definition — appears to give users telekinetic powers. The MindRDR system uses Google Glass plus a commercially available EEG headset to let users take pictures and post social media — using brainwaves.

The dermal patch on the headset can be positioned to detect when you’re concentrating hard on a particular image in your field of view. When the displayed indicator reaches a threshold, MindRDR snaps a pic via the Glass camera and uploads it automatically to whatever online destination you’ve previously chosen. When news broke about MindRDR in July, nerdier observers noted that the effect is arguably telekinetic — you’re effecting change in the material world by the power of thought. Jean Grey would be proud.

Smartphone chip beams real hologram
Speaking of nerdy, the new “Star Wars” trailer has fans geeking out yet again, nearly 40 (!) years after the first film’s debut. That movie featured one of the most iconic images in all of science fiction: R2-D2 projecting a free-floating hologram of Princess Leia imploring Obi Wan Kenobi, “You’re my only hope.”

Hope for actual free-floating holograms has waned in the years since — the technology is further away than the Death Star, it seems. Or maybe not. In June, the Wall Street Journal reported on a low-profile but impressively funded project to create a hologram projector chip small enough to fit into a smartphone. The report even featured video evidence — a short clip of the technology generating a 3D hologram of floating dice.

Letterman hosts hologram musical guest
In the absence of actual free-floating holograms, you can always rely on show business to bring you the next best thing. In October, the indefatigable David Letterman welcomed his first hologram musical guest: the Japanese pop star sensation known as Hatsune Miku.

The technology behind this particular brand of hologram is similar to that used for famous previous appearances by, for example, hologram Tupac. The image appears to be free-floating, but it’s actually projected onto a transparent 2D surface. Hatsune Miku’s “voice,” meanwhile, is synthesized from vocal samples. Nevertheless, the virtual pop star is regularly booked in theaters and arenas. Hatsune Miku’s name, by the way, translates roughly to “First Sound From the Future.” There you go.



MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

5 top-paying IT jobs for every stage of tech careers

Whether you’re entry level, mid-level or C-level, CIO.com has you covered as we identify the highest-paying IT roles in each of those three categories.

5 Top-Paying IT Jobs for Every Stage of Tech Careers
Demand for highly skilled IT workers isn’t slowing down – research, managed services and staffing firm Upp reports that the unemployment rate for IT careers is hovering under 4 percent in every U.S. state, well below unemployment rates for other industries. But some hot, in-demand roles pay more than others.

Using data from research and compensation benchmarking provider PayScale’s databases, we’ve put together the top five highest-paying IT roles for every career stage — whether you’re just starting your IT career, have a few years of experience under your belt or are moving into the C-suite.

Compensation data is median pay based on total cash compensation (TCC). Median pay is the 50th percentile – half of workers doing the job are paid more, half are paid less. TCC combines base annual salary or hourly wage, bonuses, profit sharing, tips, commissions and other forms of cash earnings. It does not include stock, retirement benefits or the value of healthcare benefits, for example.

5 Highest Paid Entry-Level Roles
If you’re just getting started in your IT career, consider these five IT roles. Not only are they in high demand, the compensation’s highly competitive for these entry-level positions. For our purposes, entry-level is defined as having zero to five years of experience in all applicable jobs in the field, not just the current job.

Business Intelligence Architect
The primary responsibility of the business intelligence architect is data standards and procedures; warehousing; design and development of logical and physical data models and databases; distributed data management; information management functions.

The business intelligence architect designs, develops and enforces standards and architecture for installing, configuring and using business intelligence applications for the purpose of directing and managing the organization. The role usually requires a bachelor’s degree and at least some experience in a BI role.

Median Pay: $81,200

ASIC Design Engineer
The role produces application-specific integrated circuit (ASIC) designs and modifications by identifying design objectives and issues; researching and developing ASIC engineering techniques and approaches; verifying and validating designs; maintaining documentation; and mentoring team members, if applicable.

The role usually requires a bachelor’s degree and experience with general ASIC designs, concepts and usage.

Median Pay: $83,300

Solutions Architect
While the title might seem vague, a solutions architect (SA) plays a key role in the software development lifecycle: in the conversion of the product, application or solution requirements taken from the business or customer into an architecture and design that will become the blueprint for the solution being created. This conversion is based largely upon the previous design patterns that the solutions architect has been involved with in the past through reading and staying abreast of the latest techniques, or through personal experience.

The role requires a bachelor’s degree or equivalent experience.

Median Pay: $91,500

Software Architect
A software architect (SA) is responsible for the initial design and development of new software or extensive software revisions. The software architect defines product requirements and creates high-level architectural specifications, ensuring feasibility, functionality and integration with existing systems/platforms for internal use or for customers.

The role requires a bachelor’s degree and, while still considered an entry level position, a solutions architect may be expected to have an advanced degree in area of specialty and may manage or guide other developers through the project to completion.

Median Pay: $94,100

Data Scientist, IT
Also known as “the sexiest job in IT,” a data scientist’s role is to use predictive analytics and machine learning experience to extract insight and actionable information from a firm’s data stores. The role is fairly new and still evolving, but requires a bachelor’s degree and at least familiarity with data mining, structured data modeling and predictive analytics.

Median Pay: $97,600

5 Highest Paid Mid-Level Roles
You’ve paid your dues in entry level jobs and you’re looking to move up the ladder. Well, hopefully one of these lucrative and high-demand roles is in your career path.

A mid-level role is defined as having five to 10 years of experience in all applicable jobs in the field, not just the current job.

Principal Software Engineer
Principal software engineers are in charge of most of the technical aspects of an organization’s software projects. Their primary function is scaling software projects efficiently while maximizing performance and minimizing costs. They also oversee development teams and coordinate strategies to make sure the technologies are interconnected and product lines are working smoothly. Principal software engineers focus on best practices and standards of design, application requirements and proper maintenance. Engineers in this role often manage teams of developers.

A bachelor’s degree in computer science is usually the minimum educational requirement, although a (CSDP) Certified Software Development Professional certification along with hands-on experience in a previous position is also generally accepted.

Median Pay: $133,000

Data Scientist, IT
The role so nice, it appears on our list twice. As stated before, a data scientist’s role is to use predictive analytics and machine learning experience to extract insight and actionable information from a firm’s data stores. In a mid-level role, data scientists could be required to have software engineering experience, as well as higher-level strategic thinking and communication skills to more accurately make the case for business action based on the results generated by machine learning algorithms and insight gained from data mining.

The role is fairly new and still evolving, but requires a bachelor’s degree and extensive experience with software development, data mining, structured data modeling and predictive analytics.

Median Pay: $134,000

Scrum Coach
The scrum coach role teaches and coaches all agile software development best practices and Scrum adoption to an IT organization or an agile development environment. Ideally, a scrum coach will have extensive experience with an agile development environment and will use his or her broad experience to help businesses adopt best practices as related to an agile framework.

Most scrum coaches have a bachelor’s degree and experience in software development, engineering or architecture. While there is a specific scrum coach certification, experience and previous demonstrable success is most often used as criteria for hiring.

Median Pay: $151,000

Principal Software Architect
A principal software architect is tasked with identifying and evaluating software product requirements and their limitations to make sure solutions will work within larger business system functions. Principal software architects solicit the input of users, solution sponsors and executives to make sure the software meets the requirements, vision and needs of the business and customers; they work to drive innovation and research into new methods and technologies and also help position overall IT department and software development strategy.

The principal software architect role requires a bachelor’s degree, as well as proven “soft skills” like business analysis, research skills, communications and negotiation skills.

Median Pay: $151,000

Chief Architect, IT
The chief architect role is one that’s highly political and complex, and the job description varies widely from company to company. That said, there are some commonalities; the chief architect of IT must understand all aspects of a business’ processes, infrastructure, applications and initiatives – in other words, the entire organization’s IT blueprint. They are then tasked with ensuring that every part of the business operates in sync with these strategic IT initiatives.

The role requires a bachelor’s degree and extensive technical and “soft skills” experience, and often reports directly to the CIO.

Median Pay: $155,000

5 Highest Paid Senior and Executive Roles
Ah, senior management – this is where all your hard work and political maneuvering pays off, literally. Senior and executive roles not only come with big responsibility, in the IT field, they also come with big paychecks.

Senior and executive roles are defined has having more than 10 years of experience in all applicable jobs, not just the current job, and include only management, senior and executive-level roles.

Project Management Director, IT
An IT project management director supervises and governs all corporate IT projects. The role is responsible for all aspects of project management direction, including reviewing proposals, determining costs, timelines, funding, identifying sponsors, setting and maintaining staffing requirements, and making sure goals and objectives are met. Professionals in this role are also likely to oversee project managers and their teams.

The role requires a bachelor’s degree and requires not only technical skills, but also a degree of creativity, problem-solving, negotiation and management skills.

Median Pay: $142,000

Business Intelligence Director
The business intelligence director is responsible for developing and maintaining an organization’s business intelligence reporting frameworks, tools and data stores. The role works cross-functionally with various business unit heads to determine their reporting and analytics needs and determines how best to meet them given constrains of time, budget and staffing. The business intelligence director is also charged with making sure that information is delivered on time and is of high quality – making sure business has the necessary data for ongoing daily operations as well as forward-looking strategy and competitive data.

A bachelor’s degree is necessary, but in some instances an advanced degree in a related field is required.

Median Pay: $143,000

Senior Computer Scientist
Computer scientists often work as part of a research team with computer programmers, mechanical or electrical engineers, and other IT professionals. Their role leans more toward the theoretical than the practical – their research often is used to design new technology in areas like artificial intelligence, robotics or virtual reality. Computer scientists are also tasked with improving performance of existing computer systems and software as well as the development of new hardware or computing techniques and materials.

Most computer scientists hold a bachelor’s degree with a major in computer science, information systems or software engineering, but at this senior level, many hold a Ph.D. in computer science, computer engineering or a similar field.

Median Pay: $145,000

Vice President, IT
The vice president of IT is responsible for strategizing and planning an organization’s IT future, as well as implementing new technology and maintaining current systems. The vice president of IT also ensures teams are effectively supporting maximum uptime and stability in the company’s computer systems and networks. The essence of the role is technology leadership, and the vice president of IT must use both technical skills and soft skills – leadership, communication, negotiation and analysis – to lead an IT focused business successfully.

In many organizations, the vice president of IT role is a stepping stone to the CIO position. Most companies require a master’s degree in computer science or IT, while some organizations require an MBA, since extensive business knowledge is critical to the role.

Median Pay: $157,000

Vice President, Ecommerce
The vice president of ecommerce is responsible for all of a business’ ecommerce activities, including channel development strategies, Web architecture and infrastructure requirements, and collaboration with IT, sales, supply chain and operations teams to successfully execute on e-commerce business strategies. The vice president of ecommerce must have extensive experience with ecommerce concepts, best practices, processes and strategies, as well as excellent communications, negotiations and strategic planning skills.

The role requires a bachelor’s degree and, at many organizations, a minimum of 15 years of experience in the field.

Median Pay: $164,000


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

Top Cyber Monday tech deals

While Cyber Monday has long taken a back seat to the holiday shopping tsunami that is Black Friday, this year things may be different — especially since some sale prices on the Monday after Thanksgiving could be better than day-after-Thanksgiving deals.

“Cyber Monday brings savings that are 10% – 14% better than Black Friday,” claims “deal journalist” Matt Granite, who hosts the Ways to Save segment aired on Gannett-owned local TV stations. “That’s based on my findings from last year and the trends we expect this year. Obviously there will be exceptions, but this is my prediction for many major categories.”

One Cyber Monday drawback, though, is that specials can be harder to find. Fewer show up in TV ads and newspaper circulars, which means if you’re not subscribed to an online retailer’s email list, you may miss some of the day’s best shopping deals.

But here’s the good news: We’ve done a lot of the legwork for you. We’ve scoured the Web, signed up for email specials and monitored social media to help find you some of the best tech specials for Dec. 1 online shopping.

Ready to shop? Check out the searchable, sortable chart below to see if there’s a deal that appeals. And remember to bookmark this page, because we’ll be updating the chart as we find out about more Cyber Monday specials.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

Office 365’s spam filter gets smarter with bulk mailings

The Exchange Online Protection email security engine rates promotional messages on a scale of 1 to 9

In time for the holiday shopping season, Microsoft has refined how Office 365 handles bulk promotional emails from vendors like Amazon, eBay and Macy’s.

Those messages, which contain special offers, newsletters and other sales incentives, fall into a gray area between legitimate email and obvious spam. Depending on a variety of factors, recipients sometimes find them useful and other times annoying.

Now, Microsoft has added what it describes as a “simple, intuitive control” to the Exchange Online Protection (EOP) security engine in Exchange Online so that Office 365 admins can fine-tune the treatment of these messages for their domain.

EOP rates bulk messages on a scale of 1 to 9. The lower the rating, the less likely the message will be considered a nuisance by recipients. Criteria used to rate messages include whether recipients signed up for the mailings, whether the sender offers unsubscribe options and how many complaints the emails have generated.

Office 365 sets its default threshold at 7, meaning EOP will deliver bulk messages rated 6 and lower, and throw those rated 7 and above into the spam basket. However, admins can adjust the threshold to a different number.

“Bulk email can be a real nuisance for users. We hope that this feature will help you better manage the amount of bulk email your organization receives and look forward to continually improving our anti-spam service to meet your needs,” wrote Microsoft officials Shobhit Sahay and Chris Nguyen in a blog post Monday.

Microsoft is starting to roll out the improved email management capability now. Admins that want it activated right away on their domains can place a request with Microsoft via their account team.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

 

 

The early, awkward days of “portable” computing

You kids today are spoiled by your modern-day razor-thin ultrabooks. Come take a look portable technology that required some muscle.

Sure, it’s a bit unwieldy
In the first iteration of any technology, it’s amazing that you can do it. When the first Motorola mobile phone hit the market, it seemed miraculous to make phone calls unconnceted to the grid; only later did it become clear how unwieldy that first phone was.

The same is true for PCs. Early “portable” computers would make you laugh, because of their size (large), price tag (high), capabilities (poor), or some combination of the three. But as you take this tour through the history of mobile computing, we urge you to remember the day when it was amazing that you could lug these things around at all.

DYSEAC, 1954
What makes a computer “portable”? Well, at minimum, you have to be able to move it from place to place. By that standard, just about any computer made today is more portable than the earliest computers of the 1940s and 1950s, built from hundreds of vacuum tubes installed into row after row of cabinets and taking up entire rooms. In this sense, DYSEAC, built by the National Bureau of Standards for the US Army Signal Corps, was a real breakthrough: it could be easily fit into a tractor trailer and driven from place to place.

IBM 5100, 1975
Decades later, IBM looked to make a similar leap down in size from the half-ton behemoths it sold. With the IBM 5100, Big Blue was able to compress a lot of power into a package that, at 55 pounds, was relatively tiny: amazingly, the computer was able to emulate a version of the APL programming language that would run on an S/360 mainframe. Reasoning that anyone who would be opting for the 5100 over a real mainframe would put portability at a premium, IBM emphasized the suitcase-sized unit’s luggability and built a keyboard and tiny monitor directly into the all-in-one machine. Fully tricked out, the 5100 cost $19,975 — the equivalent of more than $85,000 today.

Osborne 1, 1981
Six years later, Osborne Computer introduced the Osborne 1, with a similar look and footprint but a much less cutting edge level of technology. Company founder Adam Osborne himself said that “It is not the fastest microcomputer, it doesn’t have huge amounts of disk storage space, and it is not especially expandable.” But it used the mass-market CP/M operating system, and it was cheap ($1,795, the equivalent of $4,500 today), and, at 22 pounds, relatively easy to fit into a suitcase for lugging to wherever you might need a computer. Osborne published a magazine specifically for users, The Portable Companion, and the first issue featured an amazing picture of journalist David Kline with Afghan mujahideen admiring his Osborne 1.

GRiD Compass, 1982
The GRiD Compass was an Osborne contemporary; it was smaller — at a scant 11 pounds, it’s almost getting to the same order of magnitude of modern-day laptops. It also used a unique operating system and rugged but slow bubble memory, and cost $8,150 (more than $19,000 today). The combination of its tough construction and high price tag meant that its chief customer was the U.S. federal government: the Compass went into orbit on the Space Shuttle, and was rumored to be part of the presidential “nuclear football,” which stored launch codes.

Compaq Portable, 1982

The Compaq Portable was roughly the same size (28 pounds) and form factor as the Osborne: barely portable, in other words, despite the name, though it did come with a nifty suitcase. What made it really special wasn’t related to its portability: it was the first ever IBM clone of any sort, with reverse engineered BIOS and Microsoft’s MS-DOS, making it the ancestor of every Windows laptop ever made. Its luggable design was an added bonus; it was popular enough that IBM had to answer with its own portable version, the IBM 5155 model 68.

Epson HX-20, 1983
Having read about what passed for portable computing in the early 1980s, you can now understand how shocking and revolutionary the Epson HX-20 was. At three and half pounds, its lighter than a modern-day 15-inch MacBook Pro, and at $795 (the equivalent of $1,800 today), it’s cheaper, too.

What was the catch? While the other luggables we’ve seen had monochrome monitors on the order of 8 or 9 inches, the HX-20 sported a tiny LCD that could only show four lines of text, 20 characters wide. There was also very little software available for its proprietary OS, and the machine was distinctly underpowered.

Classic Mac form factor, 1984
Even as this spate of what we’d now recognize as the ancestors of modern notebook computers was being released, the idea of just what might make a computer count as “portable” was still in flux. For instance, nobody would’ve mistaken the original Macintosh for a laptop, with its near-cubical form factor — but at 16.5 pounds, it was lighter than many computers specifically billed as portable. The case came with a built-in handle on top so you could carry it around your house or office, and, as this page from the original owner’s manual demonstrates, custom-made carrying satchels were available.

Macintosh Portable, 1989/PowerBook 100, 1991
Five years later, Apple’s first portable Mac looked like the early ’80s dinosaurs we’ve already seen: huge, clunky, and awkwardly designed. The Portable was a bit lighter than its predecessors at 16 pounds, and of course ran a more modern OS, but at $6,500 ($12,000 in today’s money) it was difficult to justify.

The truly amazing thing was that just two years later, Apple released the PowerBook 100 series. These machines started at a third the weight and a third the price of the Portable; more importantly, their design, with wrist rests and a trackball below the keyboard, set the standard for all laptops, Mac and PC, that followed. The modern portable era had arrived.

Apple Newton, 1993
Of course, around the same time the world was launching into a whole new world of portable computing: the PDA, direct ancestor to the modern-day smartphone. We leave you with this picture that shows how far we’ve come in the “handheld computing devices much smaller than personal computers” department: the orignal Apple Newton, that prophetic flop, seemed miraculously small at the time, and yet dwarfs the original iPhone. (Though with the advent of the huge iPhone 6 Plus, perhaps this is going full circle.)


 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Peeping into 73,000 unsecured security cameras thanks to default passwords

A site linked to 73,011 unsecured security camera locations in 256 countries to illustrate the dangers of using default passwords.

Yesterday I stumbled onto a site indexing 73,011 locations with unsecured security cameras in 256 countries …unsecured as in “secured” with default usernames and passwords. The site, with an IP address from Russia, is further broken down into insecure security cameras by the manufacturers Foscam, Linksys, Panasonic, some listed only as “IP cameras,” as well as AvTech and Hikvision DVRs. 11,046 of the links were to U.S. locations, more than any other country; one link could have up to 8 or 16 channels, meaning that’s how many different security camera views were displayed on one page.

Truthfully, I was torn about linking to the site, which claims to be “designed in order to show the importance of security settings;” the purpose of the site is supposedly to show how not changing the default password means that the security surveillance system is “available for all Internet users” to view. Change the defaults to secure the camera to make it private and it disappears from the index. According to FAQs, people who choose not to secure their cameras can write the site administrator and ask for the URL to be removed. But that requires knowing the site exists.

There are 40,746 pages of unsecured cameras just in the first 10 country listings: 11,046 in the U.S.; 6,536 in South Korea; 4,770 in China; 3,359 in Mexico; 3,285 in France; 2,870 in Italy; 2,422 in the U.K.; 2,268 in the Netherlands; 2,220 in Columbia; and 1,970 in India. Like the site said, you can see into “bedrooms of all countries of the world.” There are 256 countries listed plus one directory not sorted into country categories.

Unsecured bed cams insecam
The last big peeping Tom paradise listing had about 400 links to vulnerable cameras on Pastebin and a Google map of vulnerable TRENDnet cameras; this newest collection of 73,011 total links makes that seem puny in comparison. A year ago, in the first action of its kind, the FTC brought down the hammer on TRENDnet for the company’s “lax security practices that exposed the private lives of hundreds of consumers to public viewing on the Internet.”

Security cameras are supposed to offer security, not provide surveillance footage for anyone to view. Businesses may be fine with that, but cameras that are not truly locked down in homes invite privacy invasions. In this case, it’s not just one manufacturer. Sure, a geek could Google Dork or use Shodan to end up with the same results, but that doesn’t mean the unsecured surveillance footage would be aggregated into one place that’s bound to be popular among voyeurs.
Unsecured panasonic security camera in Aruba insecam

There were lots of businesses, stores, malls, warehouses and parking lots, but I was horrified by the sheer number of baby cribs, bedrooms, living rooms and kitchens; all of those were within homes where people should be safest, but were awaiting some creeper to turn the “security surveillance footage” meant for protection into an invasion of privacy.

One of thousands of unsecured foscam baby cams insecam
Randomly clicking around revealed an elderly woman sitting but a few feet away from a camera in Scotland. In Virginia, a woman sat on the floor playing with a baby; the camera manufacturer was Linksys. There was a baby sleeping in a crib in Canada, courtesy of an unsecured Foscam camera, the brand of camera most commonly listed when pointing down at cribs. So many cameras are setup to look down into cribs that it was sickening; it became like a mission to help people secure them before a baby cam “hacker” yelled at the babies.
Unsecured Foscam baby cam insecam

I wanted to warn and help people who unwittingly opened a digital window to view into their homes, so I tried to track down some security camera owners with the hopes of helping them change the default username and password. It is their lives and their cameras to do with as they think best, but “best” surely doesn’t include using a default username and password on those cameras so that families provide peep shows to any creep who wants to watch.

Unsecured Linksys insecam

The site lists the camera manufacturer, default login and password, time zone, city and state. The results for each camera are also theoretically pinpointed with longitude and latitude on Google Maps. That can be opened in another browser window, zoomed into, converted to Google Earth, then Street View in hopes of seeing an address to take into a reverse phone look-up. It’s slightly easier if it’s a business and you see a name on a building. There may be an easier way, as it was slow and frustrating.
Unsecured IP surveillance camera insecam

I’m unwilling to say how many calls I made, or else you might think I enjoy banging my head against the wall. It was basically how I spent my day yesterday. Too many times the location couldn’t be determined, led to apartments, or the address wasn’t listed in a reverse phone search. After too many times in a row like that, I’d switch to a business as it is much easier to pinpoint and contact.

One call was to a military installation. Since the view was of beautiful fall foliage, it seemed like a “safe” thing to find out if that camera was left with the default password on purpose. Searching for a contact number led to a site that was potentially under attack and resulted in a “privacy error.” Peachy. Then I had two things to relay, but no one answered the phone. After finding another contact number and discussing both issues at length, I was told to call the Pentagon! Holy cow and yikes!

MITM attack Chrome privacy warning Chrome privacy warning

About six hours into trying to help people, I was used to talking to the manager of establishments and explaining the issue. During a call to a pizza chain place, the manager confirmed the distinct views from eight channels of cameras before things got ugly.

Managers, don’t shoot the messenger; a person out to hurt you might dig into a Linux box with root, but no exploit or hacking is needed to view the surveillance footage of your unsecured cameras! It’s exceedingly rude to yell or accuse a Good Samaritan of “hacking” you. If your cameras are AVTech and admin is both username and password, or Hikvision “secured” with the defaults of admin and 12345, then you need to change that. Or don’t and keep live streaming on a Russian site.

Unsecured security camera with 16 channels insecam

After an exasperating day of good intentions not being enough to help folks, hopefully raising awareness will help. It would be great if these manufacturers would start wrapping the boxes in tape that yells, Be sure to change the default password! In some security camera models, no password is even required.

If you don’t recall your username/password combo, then download the manual of your camera model, reset the device like you would a wireless router, and aim for a strong password to truly provide security this time. This might be a good place to start for support or manuals for Foscam, Linksys, AVTech, Hikvision, Panasonic, but some of the unsecure security cams are simply listed as IP cameras.

I don’t know what else to do if the FTC doesn’t again bring the hammer down on companies that don’t do enough to stop people from having their lives invaded. Take the issue and manufacturer names to Craigslist to try and get the attention of people in specific towns? But that would simply point back to the site and open even more people to having their privacy invaded.

Mostly, it falls on us, dear security-conscious readers, to nudge our not-so-techy friends and remind our families how very important it is to set strong passwords on security cameras unless they want to give the whole world a free pass to watch inside their homes.


 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Fire your mobile app programmer and build it yourself

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Everyone used to hire mobile app developers to build custom programs, but that often resulted in shoddy, insecure programs that sometimes didn’t even work. And even when the software suited the need, chances are it was a colossal waste of money.

Today you can program without programming. Even business people can define and build apps that suit their needs – in just hours or days, depending on the complexity. Or have them built for you for as a low as $500 from a provider harnessing the same automated software creation tools.

Either way you go, it is a far cry from shelling out $50,000 or more, which is what you typically pay a mobile developer for just one piece of software for just one mobile platform.

We are not talking about overly simplistic, do nothing bits of software. With today’s new visual approach to designing and generating mobile software, you can create sophisticated custom business apps. These apps can work with data from the Web, cloud or your own internal systems – or all three, and can include pre-built features such as: forms, lists, database services, web services, location services, and strong security and encryption.

It is particularly easy to create apps for companies in these vertical industries: real estate, health care, construction, job estimating, insurance and more.
New tech to the rescue

For decades the Holy Grail of programming was to get there without programming. Many stabs have been taken, such as Fourth Generation Languages (4GL), object oriented programming where objects could be reused and stitched together to create new programs, and code generation, where you define what you need and the system creates the code for you.

All this work laid the foundation where we are finally achieving the promise of programming without programming. In the mobile space in particular a number of new companies are making all this work.

The key is visual development. By leveraging myriad pieces of software that have been written and fully vetted, the end user, even a non-technical person, visually designs the app they need and the system assembles the app based on what we used to call objects. And because all these components have been used in thousands of apps, they are secure and the bugs long since worked out.

Some vendors offering this new approach focus on easing creation of mobile applications that replace paper forms, letting IT customize or build apps that are then run as Software as a Service (SaaS).

Others offer a Platform as a Service (PaaS) approach. Initially PaaS was simply a way of offering a software development stack in the cloud, so programmers needn’t worry about configuring, updating and maintaining development systems. Now the stack itself is richer with the advent of true visual-based and model-driven development, and the cloud is better able to host these developed apps as well.

There are multiple PaaS options today. One approach allows stakeholders to model what they want their app to do, and then have that interpreted by a runtime environment. While another allows business users to decide what they want, describe it by manipulating icons that represent a large catalog of fully tested services, objects, actions or lines of code, and then the system builds a full piece of software whose components are automatically integrated.

The savings are real

Research by AnyPresence, a Backend-as-a-Service (BaaS) provider, shows most companies spend at least $50,000 for an app. Close to 25% spend more than $100,000.
102714 mobileapp

Using traditional methods, mobile apps aren’t just expensive to build, they take a tremendous amount of time to complete. Let’s say you just want a program that takes information from a database and puts it in a simple list, maybe to let salespeople check inventory. That could take one to two months to build and cost over $25,000, says AnyPresence. And that is for just one platform.

Want an enterprise app that integrates with your business processes? You’ll need an awfully big piggy bank because that will run you over $150,000.

What’s more, eventually you’ll need to update that app, which can cost serious bucks. Forrester says the initial cost of development is only 35% of the overall two-year cost. Part of this cost is updating and upgrading. This may be due to new feature requirements, changes in business processes, the need to run on or exploit new mobile environments or to port to currently unsupported operating systems. MGI Research says mobile apps have, on average, one major update ever six months.

With visual programming and application generation you can add new features or just freshen the interface with a few swipes of a WYSIWYG editor, then touch the screen to distribute the update. Programmers call this iteration, and they earn much of their livelihood this way.



MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

 

Google to kill off SSL 3.0 in Chrome 40

To protect against POODLE attacks and other vulnerabilities in SSL 3.0, Google will remove support for the aging protocol in version 40 of its Chrome browser.

Google plans to remove support for the aging Secure Sockets Layer (SSL) version 3.0 protocol in Google Chrome 40, which is expected to ship in about two months.

The decision comes after Google security researchers recently discovered a dangerous design flaw in SSL 3.0. Dubbed “POODLE,” the vulnerability allows a man-in-the-middle attacker to recover sensitive, plain text information like authentication cookies, from a HTTPS (HTTP Secure) connection encrypted with SSLv3.

Even though POODLE is the biggest security issue found in SSL 3.0 so far, it is not the protocol’s only weakness. SSL version 3 was designed in the mid-1990s and supports outdated cipher suites that are now considered insecure from a cryptographic standpoint.

HTTPS connections today typically use TLS (Transport Layer Security) versions 1.0, 1.1 or 1.2. However, many browsers and servers have retained their support for SSL 3.0 over the years — browsers to support secure connections with old servers and servers to support secure connections with old browsers.

This compatibility-driven situation is one that security experts have long wanted to see change and thanks to POODLE it will finally happen. The flaw’s impact is significantly amplified by the fact that attackers who can intercept HTTPS connections can force a downgrade from TLS to SSL 3.0.

Based on an October survey by the SSL Pulse project, 98 percent of the world’s most popular 150,000 HTTPS-enabled sites supported SSLv3 in addition to one or more TLS versions. It’s therefore easier for browsers to remove their support for SSL 3.0 than to wait for hundred of thousands of web servers to be reconfigured.

On Oct.14, when the POODLE flaw was publicly revealed, Google said that it hopes to remove support for SSL 3.0 completely from its client products in the coming months. Google security engineer Adam Langley provided more details of what that means for Chrome in a post on the Chromium security mailing list Thursday.

According to Langley, Chrome 39, which is currently in beta and will be released in a couple of weeks, will no longer support the SSL 3.0 fallback mechanism, preventing attackers from downgrading TLS connections.

“In Chrome 40, we plan on disabling SSLv3 completely, although we are keeping an eye on compatibility issues that may arise,” Langley said. “In preparation for this, Chrome 39 will show a yellow badge over the lock icon for SSLv3 sites. These sites need to be updated to at least TLS 1.0 before Chrome 40 is released.”

Google Chrome typically follows a six-week release cycle for major versions. Chrome 38 stable was released on Oct. 7, meaning Chrome 40 will probably arrive towards the end of December.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

admin's RSS Feed
Go to Top