admin

admin

Hi I educated in the U.K. with working experienced for 18 years in multinational companies, As an IT Manager and IT Instructor, I am attached with certkingdom.com here they provide IT exams study material, the study materials included exams Q&A with Explanation, Study Guides, Training Labs, Exams Simulations, Training Videos, etc. for certification like MCSE 2003 Training, MCITP Training, http://www.certkingdom.com, CCNA exams preparation, CompTIA A+ Training, and more Certkingdom.com provide you the best training 100% guarantee. “Best Material Great Results”

Home page: http://www.certkingdom.com

Posts by admin

Office 365’s spam filter gets smarter with bulk mailings

The Exchange Online Protection email security engine rates promotional messages on a scale of 1 to 9

In time for the holiday shopping season, Microsoft has refined how Office 365 handles bulk promotional emails from vendors like Amazon, eBay and Macy’s.

Those messages, which contain special offers, newsletters and other sales incentives, fall into a gray area between legitimate email and obvious spam. Depending on a variety of factors, recipients sometimes find them useful and other times annoying.

Now, Microsoft has added what it describes as a “simple, intuitive control” to the Exchange Online Protection (EOP) security engine in Exchange Online so that Office 365 admins can fine-tune the treatment of these messages for their domain.

EOP rates bulk messages on a scale of 1 to 9. The lower the rating, the less likely the message will be considered a nuisance by recipients. Criteria used to rate messages include whether recipients signed up for the mailings, whether the sender offers unsubscribe options and how many complaints the emails have generated.

Office 365 sets its default threshold at 7, meaning EOP will deliver bulk messages rated 6 and lower, and throw those rated 7 and above into the spam basket. However, admins can adjust the threshold to a different number.

“Bulk email can be a real nuisance for users. We hope that this feature will help you better manage the amount of bulk email your organization receives and look forward to continually improving our anti-spam service to meet your needs,” wrote Microsoft officials Shobhit Sahay and Chris Nguyen in a blog post Monday.

Microsoft is starting to roll out the improved email management capability now. Admins that want it activated right away on their domains can place a request with Microsoft via their account team.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

 

 

The early, awkward days of “portable” computing

You kids today are spoiled by your modern-day razor-thin ultrabooks. Come take a look portable technology that required some muscle.

Sure, it’s a bit unwieldy
In the first iteration of any technology, it’s amazing that you can do it. When the first Motorola mobile phone hit the market, it seemed miraculous to make phone calls unconnceted to the grid; only later did it become clear how unwieldy that first phone was.

The same is true for PCs. Early “portable” computers would make you laugh, because of their size (large), price tag (high), capabilities (poor), or some combination of the three. But as you take this tour through the history of mobile computing, we urge you to remember the day when it was amazing that you could lug these things around at all.

DYSEAC, 1954
What makes a computer “portable”? Well, at minimum, you have to be able to move it from place to place. By that standard, just about any computer made today is more portable than the earliest computers of the 1940s and 1950s, built from hundreds of vacuum tubes installed into row after row of cabinets and taking up entire rooms. In this sense, DYSEAC, built by the National Bureau of Standards for the US Army Signal Corps, was a real breakthrough: it could be easily fit into a tractor trailer and driven from place to place.

IBM 5100, 1975
Decades later, IBM looked to make a similar leap down in size from the half-ton behemoths it sold. With the IBM 5100, Big Blue was able to compress a lot of power into a package that, at 55 pounds, was relatively tiny: amazingly, the computer was able to emulate a version of the APL programming language that would run on an S/360 mainframe. Reasoning that anyone who would be opting for the 5100 over a real mainframe would put portability at a premium, IBM emphasized the suitcase-sized unit’s luggability and built a keyboard and tiny monitor directly into the all-in-one machine. Fully tricked out, the 5100 cost $19,975 — the equivalent of more than $85,000 today.

Osborne 1, 1981
Six years later, Osborne Computer introduced the Osborne 1, with a similar look and footprint but a much less cutting edge level of technology. Company founder Adam Osborne himself said that “It is not the fastest microcomputer, it doesn’t have huge amounts of disk storage space, and it is not especially expandable.” But it used the mass-market CP/M operating system, and it was cheap ($1,795, the equivalent of $4,500 today), and, at 22 pounds, relatively easy to fit into a suitcase for lugging to wherever you might need a computer. Osborne published a magazine specifically for users, The Portable Companion, and the first issue featured an amazing picture of journalist David Kline with Afghan mujahideen admiring his Osborne 1.

GRiD Compass, 1982
The GRiD Compass was an Osborne contemporary; it was smaller — at a scant 11 pounds, it’s almost getting to the same order of magnitude of modern-day laptops. It also used a unique operating system and rugged but slow bubble memory, and cost $8,150 (more than $19,000 today). The combination of its tough construction and high price tag meant that its chief customer was the U.S. federal government: the Compass went into orbit on the Space Shuttle, and was rumored to be part of the presidential “nuclear football,” which stored launch codes.

Compaq Portable, 1982

The Compaq Portable was roughly the same size (28 pounds) and form factor as the Osborne: barely portable, in other words, despite the name, though it did come with a nifty suitcase. What made it really special wasn’t related to its portability: it was the first ever IBM clone of any sort, with reverse engineered BIOS and Microsoft’s MS-DOS, making it the ancestor of every Windows laptop ever made. Its luggable design was an added bonus; it was popular enough that IBM had to answer with its own portable version, the IBM 5155 model 68.

Epson HX-20, 1983
Having read about what passed for portable computing in the early 1980s, you can now understand how shocking and revolutionary the Epson HX-20 was. At three and half pounds, its lighter than a modern-day 15-inch MacBook Pro, and at $795 (the equivalent of $1,800 today), it’s cheaper, too.

What was the catch? While the other luggables we’ve seen had monochrome monitors on the order of 8 or 9 inches, the HX-20 sported a tiny LCD that could only show four lines of text, 20 characters wide. There was also very little software available for its proprietary OS, and the machine was distinctly underpowered.

Classic Mac form factor, 1984
Even as this spate of what we’d now recognize as the ancestors of modern notebook computers was being released, the idea of just what might make a computer count as “portable” was still in flux. For instance, nobody would’ve mistaken the original Macintosh for a laptop, with its near-cubical form factor — but at 16.5 pounds, it was lighter than many computers specifically billed as portable. The case came with a built-in handle on top so you could carry it around your house or office, and, as this page from the original owner’s manual demonstrates, custom-made carrying satchels were available.

Macintosh Portable, 1989/PowerBook 100, 1991
Five years later, Apple’s first portable Mac looked like the early ’80s dinosaurs we’ve already seen: huge, clunky, and awkwardly designed. The Portable was a bit lighter than its predecessors at 16 pounds, and of course ran a more modern OS, but at $6,500 ($12,000 in today’s money) it was difficult to justify.

The truly amazing thing was that just two years later, Apple released the PowerBook 100 series. These machines started at a third the weight and a third the price of the Portable; more importantly, their design, with wrist rests and a trackball below the keyboard, set the standard for all laptops, Mac and PC, that followed. The modern portable era had arrived.

Apple Newton, 1993
Of course, around the same time the world was launching into a whole new world of portable computing: the PDA, direct ancestor to the modern-day smartphone. We leave you with this picture that shows how far we’ve come in the “handheld computing devices much smaller than personal computers” department: the orignal Apple Newton, that prophetic flop, seemed miraculously small at the time, and yet dwarfs the original iPhone. (Though with the advent of the huge iPhone 6 Plus, perhaps this is going full circle.)


 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Peeping into 73,000 unsecured security cameras thanks to default passwords

A site linked to 73,011 unsecured security camera locations in 256 countries to illustrate the dangers of using default passwords.

Yesterday I stumbled onto a site indexing 73,011 locations with unsecured security cameras in 256 countries …unsecured as in “secured” with default usernames and passwords. The site, with an IP address from Russia, is further broken down into insecure security cameras by the manufacturers Foscam, Linksys, Panasonic, some listed only as “IP cameras,” as well as AvTech and Hikvision DVRs. 11,046 of the links were to U.S. locations, more than any other country; one link could have up to 8 or 16 channels, meaning that’s how many different security camera views were displayed on one page.

Truthfully, I was torn about linking to the site, which claims to be “designed in order to show the importance of security settings;” the purpose of the site is supposedly to show how not changing the default password means that the security surveillance system is “available for all Internet users” to view. Change the defaults to secure the camera to make it private and it disappears from the index. According to FAQs, people who choose not to secure their cameras can write the site administrator and ask for the URL to be removed. But that requires knowing the site exists.

There are 40,746 pages of unsecured cameras just in the first 10 country listings: 11,046 in the U.S.; 6,536 in South Korea; 4,770 in China; 3,359 in Mexico; 3,285 in France; 2,870 in Italy; 2,422 in the U.K.; 2,268 in the Netherlands; 2,220 in Columbia; and 1,970 in India. Like the site said, you can see into “bedrooms of all countries of the world.” There are 256 countries listed plus one directory not sorted into country categories.

Unsecured bed cams insecam
The last big peeping Tom paradise listing had about 400 links to vulnerable cameras on Pastebin and a Google map of vulnerable TRENDnet cameras; this newest collection of 73,011 total links makes that seem puny in comparison. A year ago, in the first action of its kind, the FTC brought down the hammer on TRENDnet for the company’s “lax security practices that exposed the private lives of hundreds of consumers to public viewing on the Internet.”

Security cameras are supposed to offer security, not provide surveillance footage for anyone to view. Businesses may be fine with that, but cameras that are not truly locked down in homes invite privacy invasions. In this case, it’s not just one manufacturer. Sure, a geek could Google Dork or use Shodan to end up with the same results, but that doesn’t mean the unsecured surveillance footage would be aggregated into one place that’s bound to be popular among voyeurs.
Unsecured panasonic security camera in Aruba insecam

There were lots of businesses, stores, malls, warehouses and parking lots, but I was horrified by the sheer number of baby cribs, bedrooms, living rooms and kitchens; all of those were within homes where people should be safest, but were awaiting some creeper to turn the “security surveillance footage” meant for protection into an invasion of privacy.

One of thousands of unsecured foscam baby cams insecam
Randomly clicking around revealed an elderly woman sitting but a few feet away from a camera in Scotland. In Virginia, a woman sat on the floor playing with a baby; the camera manufacturer was Linksys. There was a baby sleeping in a crib in Canada, courtesy of an unsecured Foscam camera, the brand of camera most commonly listed when pointing down at cribs. So many cameras are setup to look down into cribs that it was sickening; it became like a mission to help people secure them before a baby cam “hacker” yelled at the babies.
Unsecured Foscam baby cam insecam

I wanted to warn and help people who unwittingly opened a digital window to view into their homes, so I tried to track down some security camera owners with the hopes of helping them change the default username and password. It is their lives and their cameras to do with as they think best, but “best” surely doesn’t include using a default username and password on those cameras so that families provide peep shows to any creep who wants to watch.

Unsecured Linksys insecam

The site lists the camera manufacturer, default login and password, time zone, city and state. The results for each camera are also theoretically pinpointed with longitude and latitude on Google Maps. That can be opened in another browser window, zoomed into, converted to Google Earth, then Street View in hopes of seeing an address to take into a reverse phone look-up. It’s slightly easier if it’s a business and you see a name on a building. There may be an easier way, as it was slow and frustrating.
Unsecured IP surveillance camera insecam

I’m unwilling to say how many calls I made, or else you might think I enjoy banging my head against the wall. It was basically how I spent my day yesterday. Too many times the location couldn’t be determined, led to apartments, or the address wasn’t listed in a reverse phone search. After too many times in a row like that, I’d switch to a business as it is much easier to pinpoint and contact.

One call was to a military installation. Since the view was of beautiful fall foliage, it seemed like a “safe” thing to find out if that camera was left with the default password on purpose. Searching for a contact number led to a site that was potentially under attack and resulted in a “privacy error.” Peachy. Then I had two things to relay, but no one answered the phone. After finding another contact number and discussing both issues at length, I was told to call the Pentagon! Holy cow and yikes!

MITM attack Chrome privacy warning Chrome privacy warning

About six hours into trying to help people, I was used to talking to the manager of establishments and explaining the issue. During a call to a pizza chain place, the manager confirmed the distinct views from eight channels of cameras before things got ugly.

Managers, don’t shoot the messenger; a person out to hurt you might dig into a Linux box with root, but no exploit or hacking is needed to view the surveillance footage of your unsecured cameras! It’s exceedingly rude to yell or accuse a Good Samaritan of “hacking” you. If your cameras are AVTech and admin is both username and password, or Hikvision “secured” with the defaults of admin and 12345, then you need to change that. Or don’t and keep live streaming on a Russian site.

Unsecured security camera with 16 channels insecam

After an exasperating day of good intentions not being enough to help folks, hopefully raising awareness will help. It would be great if these manufacturers would start wrapping the boxes in tape that yells, Be sure to change the default password! In some security camera models, no password is even required.

If you don’t recall your username/password combo, then download the manual of your camera model, reset the device like you would a wireless router, and aim for a strong password to truly provide security this time. This might be a good place to start for support or manuals for Foscam, Linksys, AVTech, Hikvision, Panasonic, but some of the unsecure security cams are simply listed as IP cameras.

I don’t know what else to do if the FTC doesn’t again bring the hammer down on companies that don’t do enough to stop people from having their lives invaded. Take the issue and manufacturer names to Craigslist to try and get the attention of people in specific towns? But that would simply point back to the site and open even more people to having their privacy invaded.

Mostly, it falls on us, dear security-conscious readers, to nudge our not-so-techy friends and remind our families how very important it is to set strong passwords on security cameras unless they want to give the whole world a free pass to watch inside their homes.


 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Fire your mobile app programmer and build it yourself

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

Everyone used to hire mobile app developers to build custom programs, but that often resulted in shoddy, insecure programs that sometimes didn’t even work. And even when the software suited the need, chances are it was a colossal waste of money.

Today you can program without programming. Even business people can define and build apps that suit their needs – in just hours or days, depending on the complexity. Or have them built for you for as a low as $500 from a provider harnessing the same automated software creation tools.

Either way you go, it is a far cry from shelling out $50,000 or more, which is what you typically pay a mobile developer for just one piece of software for just one mobile platform.

We are not talking about overly simplistic, do nothing bits of software. With today’s new visual approach to designing and generating mobile software, you can create sophisticated custom business apps. These apps can work with data from the Web, cloud or your own internal systems – or all three, and can include pre-built features such as: forms, lists, database services, web services, location services, and strong security and encryption.

It is particularly easy to create apps for companies in these vertical industries: real estate, health care, construction, job estimating, insurance and more.
New tech to the rescue

For decades the Holy Grail of programming was to get there without programming. Many stabs have been taken, such as Fourth Generation Languages (4GL), object oriented programming where objects could be reused and stitched together to create new programs, and code generation, where you define what you need and the system creates the code for you.

All this work laid the foundation where we are finally achieving the promise of programming without programming. In the mobile space in particular a number of new companies are making all this work.

The key is visual development. By leveraging myriad pieces of software that have been written and fully vetted, the end user, even a non-technical person, visually designs the app they need and the system assembles the app based on what we used to call objects. And because all these components have been used in thousands of apps, they are secure and the bugs long since worked out.

Some vendors offering this new approach focus on easing creation of mobile applications that replace paper forms, letting IT customize or build apps that are then run as Software as a Service (SaaS).

Others offer a Platform as a Service (PaaS) approach. Initially PaaS was simply a way of offering a software development stack in the cloud, so programmers needn’t worry about configuring, updating and maintaining development systems. Now the stack itself is richer with the advent of true visual-based and model-driven development, and the cloud is better able to host these developed apps as well.

There are multiple PaaS options today. One approach allows stakeholders to model what they want their app to do, and then have that interpreted by a runtime environment. While another allows business users to decide what they want, describe it by manipulating icons that represent a large catalog of fully tested services, objects, actions or lines of code, and then the system builds a full piece of software whose components are automatically integrated.

The savings are real

Research by AnyPresence, a Backend-as-a-Service (BaaS) provider, shows most companies spend at least $50,000 for an app. Close to 25% spend more than $100,000.
102714 mobileapp

Using traditional methods, mobile apps aren’t just expensive to build, they take a tremendous amount of time to complete. Let’s say you just want a program that takes information from a database and puts it in a simple list, maybe to let salespeople check inventory. That could take one to two months to build and cost over $25,000, says AnyPresence. And that is for just one platform.

Want an enterprise app that integrates with your business processes? You’ll need an awfully big piggy bank because that will run you over $150,000.

What’s more, eventually you’ll need to update that app, which can cost serious bucks. Forrester says the initial cost of development is only 35% of the overall two-year cost. Part of this cost is updating and upgrading. This may be due to new feature requirements, changes in business processes, the need to run on or exploit new mobile environments or to port to currently unsupported operating systems. MGI Research says mobile apps have, on average, one major update ever six months.

With visual programming and application generation you can add new features or just freshen the interface with a few swipes of a WYSIWYG editor, then touch the screen to distribute the update. Programmers call this iteration, and they earn much of their livelihood this way.



MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

 

Google to kill off SSL 3.0 in Chrome 40

To protect against POODLE attacks and other vulnerabilities in SSL 3.0, Google will remove support for the aging protocol in version 40 of its Chrome browser.

Google plans to remove support for the aging Secure Sockets Layer (SSL) version 3.0 protocol in Google Chrome 40, which is expected to ship in about two months.

The decision comes after Google security researchers recently discovered a dangerous design flaw in SSL 3.0. Dubbed “POODLE,” the vulnerability allows a man-in-the-middle attacker to recover sensitive, plain text information like authentication cookies, from a HTTPS (HTTP Secure) connection encrypted with SSLv3.

Even though POODLE is the biggest security issue found in SSL 3.0 so far, it is not the protocol’s only weakness. SSL version 3 was designed in the mid-1990s and supports outdated cipher suites that are now considered insecure from a cryptographic standpoint.

HTTPS connections today typically use TLS (Transport Layer Security) versions 1.0, 1.1 or 1.2. However, many browsers and servers have retained their support for SSL 3.0 over the years — browsers to support secure connections with old servers and servers to support secure connections with old browsers.

This compatibility-driven situation is one that security experts have long wanted to see change and thanks to POODLE it will finally happen. The flaw’s impact is significantly amplified by the fact that attackers who can intercept HTTPS connections can force a downgrade from TLS to SSL 3.0.

Based on an October survey by the SSL Pulse project, 98 percent of the world’s most popular 150,000 HTTPS-enabled sites supported SSLv3 in addition to one or more TLS versions. It’s therefore easier for browsers to remove their support for SSL 3.0 than to wait for hundred of thousands of web servers to be reconfigured.

On Oct.14, when the POODLE flaw was publicly revealed, Google said that it hopes to remove support for SSL 3.0 completely from its client products in the coming months. Google security engineer Adam Langley provided more details of what that means for Chrome in a post on the Chromium security mailing list Thursday.

According to Langley, Chrome 39, which is currently in beta and will be released in a couple of weeks, will no longer support the SSL 3.0 fallback mechanism, preventing attackers from downgrading TLS connections.

“In Chrome 40, we plan on disabling SSLv3 completely, although we are keeping an eye on compatibility issues that may arise,” Langley said. “In preparation for this, Chrome 39 will show a yellow badge over the lock icon for SSLv3 sites. These sites need to be updated to at least TLS 1.0 before Chrome 40 is released.”

Google Chrome typically follows a six-week release cycle for major versions. Chrome 38 stable was released on Oct. 7, meaning Chrome 40 will probably arrive towards the end of December.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

IBM’s chip business sale gets national security scrutiny

GlobalFoundries is already talking over security issues with the U.S. government

IBM’s plan to transfer its semiconductor manufacturing business to GlobalFoundries faces a government review over national security implications. It has the potential of being complicated because of IBM’s role as a defense supplier.

GlobalFoundries is based in the U.S., but is owned by investors in Abu Dhabi, which is part of the United Arab Emirates (U.A.E.). IBM is paying the firm $1.5 billion to take over its semiconductor manufacturing operations. IBM says it isn’t cutting back on R&D or its design of semiconductors, but will rely on GlobalFoundries for manufacturing.
MORE ON NETWORK WORLD: 25 crazy and scary things the TSA has found on travelers

IBM’s semiconductor manufacturing unit work includes production of components used in defense systems and intelligence.

“We are in discussions with the U.S. government on the security-related issues, and we believe there are solutions that can address national security interests,” Jason Gorss, GlobalFoundries spokesman, said in an email.

Gorss points to the fact that GlobalFoundries successfully completed a national security review by the government when it purchased AMD assets in 2008, “so we are familiar with the process.” GlobalFoundries was created out that divestiture.

Because of the foreign ownership issue, the sale will be reviewed by the Committee on Foreign Investment (CFIUS), said Gorss.

Retired U.S. Army Brig. Gen. John Adams, who authored a report last year for an industry group about U.S. supply chain vulnerabilities and national security, said the sale “needs to be closely studied and scrutinized.”

Adams said CFIUS will have to look at where the investors are. Some countries are more closely aligned with the U.S. than others, “and I don’t want cast aspersions unnecessarily on Abu Dubai — but they’re not Canada,” he said. “I think that the news that we may be selling part of our supply chain for semiconductors to a foreign investor is actually bad news.”

Gorss points out that the U.A.E. has purchased some of the U.S.’s most sophisticated defense equipment, including F-16s and missile defense systems. The Congressional Research Service, in a report last month to lawmakers, said about 5,000 U.S. military personnel are stationed in U.A.E. and noted its role in extending the U.S.-led efforts against the Islamic State organization, or ISIS.

GlobalFoundries has manufacturing operations in New York, Germany, and Singapore and it would keep operating IBM’s chip making operations in New York and Vermont once the sale is completed next year. It also plans to hire nearly all the workers. GlobalFoundries also has R&D, design, and customer support operations in the U.S., Singapore, China, Taiwan, Japan, Germany and the Netherlands.

Apart from the U.A.E.’s investment in the firm, U.S. officials have had long-standing concerns about foreign ownership of critical technology, including semiconductors.

In 2003, the U.S. Department of Defense called for a “Defense Trusted Integrated Circuit Strategy” that provides access “to trusted suppliers of critical microcircuits used in sensitive defense weapons, intelligence, and communications systems.”

That led to a pilot program with the NSA and formation of the “Trusted Access Program Office” and then to “a contractual arrangement with the IBM Corp., for the manufacture of leading-edge microelectronic parts in a trusted environment,” according to a Defense Department report released in July.

If the U.S. loses more of its industrial capacity, “we mortgage our ability to make national security decisions to investors who come from countries who have interests opposed to ours,” said Adams.

To give an example of how extreme foreign dependences can go, one problem cited in Adam’s report was the U.S. reliance on a Chinese firm as the sole source for a chemical needed to propel Hellfire air-to-surface missiles. Since that report, the U.S. has identified an American company that is scheduled now to begin production of this propellant component in the next few months. The U.S. is giving some tax incentives and other assistance to make that happen, said Adams.

The U.A.E., has seen its trade suffer because of the embargo with Iran. But the U.A.E is also viewed as a conduit for technology shipments to Iran that bypass the embargo.

In late 2007, Iran claimed to have built a small Linux supercomputer using 216 AMD Opteron chips. Imports of microprocessors and other technologies to Iran isn’t allowed under the U.S. embargo.

The Iranian High Performance Computing Research Center (IHPCRC) research center included a series of photographs on its Web site showing workers assembling the supercomputer. The chips could not be identified in the photos, but the shipping boxes and the name of company and the initials U.A.E. on the boxes were visibile.

AMD said it has never authorized any shipment of its products to the U.A.E., and said so again in a response to an SEC query2009.

It’s unclear how capable Iran’s supercomputing capabilities are at this point; Iran’s Amirkabir University of Technology, the home of the IHPCRC, had in 2010 a system with 4,600 CPUs, but it did not identify the processor maker.

After Computerworld published the initial story, Iran removed the photographs. The website of IHPCRC appears to have disappeared as well, replaced by a web page about acne medication.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

 

Yahoo squeezes out growth in Q3

The company’s mobile revenue was material enough to report for the first time

Yahoo reported a 1 percent sales increase on Tuesday, a marked shift after multiple quarters of decline, though results in its critical ad business were mixed.

The company also said its mobile revenue had become significant enough to report for the first time, passing $200 million. That was a minor victory for CEO Marissa Mayer, who’s been trying hard to get more traction for Yahoo on smartphones and tablets.

“We had a good, solid third quarter,” Mayer said in the company’s announcement Tuesday.

Total sales for the quarter, ended Sept. 30, were $1.15 billion, up from $1.14 billion last year, the company reported. Excluding traffic acquisition costs, revenue was $1.09 billion and slightly ahead of analyst expectations, as polled by Thomson Reuters.

Net income was $6.77 billion, or $6.70 a share, driven largely by an after-tax profit of $6.3 billion from the sale of Yahoo’s stake in e-commerce giant Alibaba in the Chinese company’s IPO last month.

Yahoo’s adjusted earnings per share was $0.52, clobbering analyst estimates of $0.30.

Much of the success in mobile came from so-called native ads, which are designed to look like the editorial content that appears around them.

“We are moving from a company that makes web pages and money through banner ads to a company that makes mobile apps and monetizes them through native ads,” Mayer said in a conference call to discuss the results.

Since she took over as CEO in 2012, the company has made numerous mobile acquisitions and revamped mobile offerings in the areas of news, email, weather, and photos with Flickr.

But declines in traditional desktop display ads persisted, Mayer said.

Display ad revenue rose by 5 percent to $447 million, and the number of display ads sold increased by 24 percent. But the amount paid for those ads dropped by 24 percent.

In search advertising, revenue rose by 4 percent. The number of paid clicks was flat, and the price-per-click paid rose by about 17 percent, Yahoo said.

In the after-hours market, Yahoo’s stock was trading at $41.33 at the time of this report, up 2.3 percent from the close of regular trading.


 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Gartner: IT careers – what’s hot?

Do you know smart machines, robotics and risk analysis? Gartner says you should

ORLANDO— If you are to believe the experts here a the Gartner IT Symposium IT workers and managers will need to undergo wide-spread change if they are to effectively compete for jobs in the next few years.

How much change? Well Gartner says by 2018, digital business requires 50% less business process workers and 500% more key digital business jobs, compared to traditional models. IT leaders will need to develop new hiring practices to recruit for the new nontraditional IT roles.

“Our recommendation is that IT leaders have to develop new practices to recruit for non-traditional IT roles…otherwise we are going to keep designing things that will offend people,” said Daryl Plummer, managing vice president, chief of Research and chief Gartner Fellow. “We need more skills on how to relate to humans – the people who think people first are rare.”

Gartner intimated within large companies there are smaller ones, like startups that need new skills.

“The new digital startups in your business units are thirsting for data analysts, software developers and cloud vendor management staff, and they are often hiring them fast than IT,” said Peter Sondergaard, senior vice president and global head of Research. “They may be experimenting with smart machines, seeking technology expertise IT often doesn’t have.”

So what are the hottest skills? Gartner says right now, the hottest skills CIOs must hire or outsource for are:
Mobile
User Experience
Data sciences

Three years from now, the hottest skills will be:
Smart Machines (including the Internet of Things)
Robotics
Automated Judgment
Ethics

Over the next seven years, there will be a surge in new specialized jobs. The top jobs for digital will be:
Integration Specialists
Digital Business Architects
Regulatory Analysts
Risk Professionals


 

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Biggest, baddest, boldest software backdoors of all time

These 12 historically insidious backdoors will have you wondering what’s in your software — and who can control it

The boldest software backdoors of all time

It’s always tough to ensure the software you’re using is secure, but it’s doubly difficult if the creators of the software — or some malicious unknown third party — has surreptitiously planted a back way in.

Here’s a look at 12 of the trickiest, subtlest, and nastiest software backdoors found in the wild yet.

Back Orifice
Far from being the first backdoor, Back Orifice brought backdoor awareness to a wider audience. Created in 1998 by folks from the Cult of the Dead Cow hacker collective, Back Orifice allowed computers running Microsoft Windows to be controlled remotely over a network (and cleverly played off the name of Microsoft BackOffice Server, a precursor to Windows Small Business Server).

Back Orifice was devised to demonstrate deep-seated security issues in Microsoft Windows 98, and so it sported such features as being able to hide itself from the user — something that endeared it to a generation of black hat hackers because it could be used as a malicious payload.

The DSL backdoor that wouldn’t die
Having a backdoor in your hardware product is bad enough; promising to fix it and then only covering up its existence is even worse. But that’s what happened at the end of 2013 with a number of DSL gateways that used hardware made by Sercomm, all of which sported a manufacturer-added backdoor on port 32764. A patch was later released in April 2014 to fix the problem, but the “fix” only concealed access to the port until a specially crafted packet (a “port knock”) was sent to reveal it. We’re still waiting for a real fix.

The PGP full-disk encryption backdoor
Here’s one for the “not a backdoor, but a feature” department: PGP Whole Disk Encryption, now marketed by Symantec, allows an arbitrary static password to be added to the boot process for an encrypted volume. (By default the password expires the first time it’s used.) When first unearthed in 2007, PGP replied that other disk-encryption products had similar functionality, although the lack of public documentation for the feature was unnerving. At least now we know it’s in there, but the jury’s still out on whether it should be there to begin with.

Backdoors in pirated copies of commercial WordPress plug-ins
WordPress may be one of the most popular and powerful blogging and content management systems out there, but its track record on security leaves a lot to be desired. Some of the sneakiest breaches have come by way of pirated copies of premium plug-ins surreptitiously patched to include backdoors, at least one of which was obfuscated so well that expert WordPress users might have trouble detecting it.

Yet another reason to avoid pirated software (as if you needed any more).

The Joomla plug-in backdoor
WordPress isn’t the only major CMS that’s experienced backdoor issues with plugins. Joomla installations have been victimized in a similar way — for instance, via a free plug-in, the code of which was apparently modified after the fact.

Such sneak attacks are generally performed as a means for getting back into a website that’s been hacked because few think twice about checking whether a CMS plug-in was the point of entry of an attack.

The ProFTPD backdoor
ProFTPD, a widely used open source FTP server, nearly had a backdoor planted in it as well. Back in 2010, attackers gained access to the source code hosting server and added code which allowed an attacker to spawn a root shell by sending the command “HELP ACIDBITCHEZ.” Irony abounded in this case: The attackers used a zero-day exploit in ProFTPD itself to break into the site and plant the malicious code!

The Borland Interbase backdoor
This one’s guaranteed to raise hairs. From 1994 through 2001, Borland (later Inprise) Interbase Versions 4.0 through 6.0 had a hard-coded backdoor — one put there by Borland’s own engineers. The backdoor could be accessed over a network connection (port 3050), and once a user logged in with it, he could take full control over all Interbase databases. The kicker, and a sign of some strange programmer humor at work, was the credentials that were used to open the backdoor. Username: politically. Password: correct.

The Linux backdoor that wasn’t
Back in 2003, someone attempted to insert a subtle backdoor into the source code for the Linux kernel. The code was written to give no outward sign of a backdoor and was added to the Linux source by someone who broke into the server where the code was hosted.

Two lines of code were changed — something that might have breezed past most eyes. Theoretically, the change could have allowed an attacker to give a specific, flagged process root privileges on a machine. Fortunately, the backdoor was found and yanked when an automatic code audit detected the change. Speculation still abounds about who might have been responsible; perhaps a certain three-letter agency that asked Linus Torvalds to add backdoors to Linux might know.

The tcpdump backdoor
One year before someone tried to backdoor the Linux kernel, someone tried to sneak a backdoor into a common Linux (and Unix) utility, tcpdump. A less stealthy hack than the Linux one — the changes were fairly obvious — it added a command-and-control mechanism to the program that could be activated by traffic over port 1963. As with the Linux backdoor, it was added directly to the source code by an attacker who broke into the server where the code was hosted. As with the Linux backdoor attempt, it was quickly found and rooted out (no pun intended).

The tcpdump backdoor
One year before someone tried to backdoor the Linux kernel, someone tried to sneak a backdoor into a common Linux (and Unix) utility, tcpdump. A less stealthy hack than the Linux one — the changes were fairly obvious — it added a command-and-control mechanism to the program that could be activated by traffic over port 1963. As with the Linux backdoor, it was added directly to the source code by an attacker who broke into the server where the code was hosted. As with the Linux backdoor attempt, it was quickly found and rooted out (no pun intended).

The NSA’s TAO hardware backdoors
Never let it be said that the NSA doesn’t have some clever tricks up its sleeve. Recent revelations about its TAO (Tailored Access Operations) program show that one of the NSA’s tricks involves intercepting hardware slated for delivery overseas, adding backdoors to the device’s firmware, and then sending the bugged hardware on its merry way. Aside from network gear, the NSA also apparently planted surveillance software in the firmware for various PCs, and even in PC peripherals like hard drives.

The Windows _NSAKEY backdoor that might have been
Speaking of the NSA, in 1999 researchers peered into Windows NT 4 Service Pack 5 and found a variable named _NSAKEY with a 1024-bit public key attached to it. Speculation ran wild that Microsoft was secretly providing the NSA with some kind of backdoor into encrypted data on Windows or into Windows itself. Microsoft denied any such activity, and security expert Bruce Schneier also doubted anything nefarious was going on. But rumors have swirled ever since concerning unpluggable backdoors into Windows.

The dual elliptic curve backdoor
Yet another from the NSA, and perhaps the sneakiest yet: a deliberate, stealthy weakening of a random number generator commonly used in cryptography. Theoretically, messages encrypted with the Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) standard, ratified by NIST, had a subtle weakness that could allow them to be decrypted by an attacker. Only after Edward Snowden leaked internal NSA memos did it come to light that said agency had manipulated the approval process for the standard to allow the backdoor to remain in the algorithm. Fortunately, plenty of other random number generators exist, and NIST has since withdrawn its recommendations for Dual_EC_DRBG. Small wonder people speculate what else the NSA may have hidden up its (and other peoples’) sleeves.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

 

Gartner: Top 10 strategic predictions for businesses to watch out for

For a session that is high-tech oriented, this year’s Gartner strategic predictions were decidedly human.

That is to say many were related to increasing the customer’s experience with technology and systems rather than the usual techno-calculations.
Gartner 2014

“Machines are taking an active role in enhancing human endeavors,” said Daryl Plummer is a managing vice president, chief of Research and chief Gartner Fellow. “Our predictions this year maybe not be directly tied to the IT or CIO function but they will affect what you do.”

Plummer outlined the following predictions and a small recommendation as to what IT can do to prepare for the item. Read on:

1. By 2018, digital business requires 50% less business process workers and 500% more key digital business jobs, compared to traditional models. IT leaders — need to develop new hiring practices to recruit for the new nontraditional IT roles.

2. By 2017, a significant disruptive digital business will be launched that was conceived by a computer algorithm. CIOs must begin to simulate technology-driven transformation options for business.

3. By 2018, the total cost of ownership for business operations will be reduced by 30% through smart machines and industrialized services. CIOs must experiment with precursor “almost smart machine” technologies and phantom robotic business process automation. Business leaders must examine the impact of increased wellness on insurance and employee healthcare costs as a competitive factor.

4. By 2020, developed world life expectancy will increase by 0.5 years due to widespread adoption of wireless health monitoring technology. Business leaders must examine the impact of increased wellness on insurance and employee healthcare costs as a competitive factor

5. By year-end 2016, $2.5 billion in online shopping will be performed exclusively by mobile digital assistants. Apple’s Siri is a type of assistant, but many online vendors offer some sort of software-assist that you may or may not be aware of. Marketing executives must develop marketing techniques that capture the attention of digital assistants as well as people. By the end of 2016, $2.5 billion in online shopping will be performed exclusively by mobile digital assistants.

6. By 2017, U.S. customers’ mobile engagement behavior will drive U.S. mobile commerce revenue to 50% of U.S. digital commerce revenue. Recommendation: Marketing executives must develop marketing techniques that capture the attention of digital assistants as well as people. Mobile marketing teams investigate mobile wallets such as Apple’s Passbook and Google Wallet as consumer interest in mobile commerce and payments grows.

7. By 2016, 70% of successful digital business models will rely on deliberately unstable processes designed to shift as customer needs shift. CIO need to create an agile, responsive workforce that is accountable, responsive, and supports your organizational liquidity.

8. By 2017, more than half of consumer product and service R&D investments will be redirected to customer experience innovations. Consumer companies must invest in customer insight through persona and ethnographic research.

9. By 2017, nearly 20% of durable goods e-tailers will use 3D printing to create personalized product offerings. CIOs, product development leaders, and business partners—evaluate gaps between the existing “as is” and future “to be” state (process, skills, and technology.)

10. By 2018, retail businesses that utilize targeted messaging in combination with internal positioning systems (systems that know you are in or near a store) will see a 20% increase in customer visits. CIOs must help expand good customer data to support real-time offers.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

admin's RSS Feed
Go to Top