Archive for the ‘Tech’ Category

Your cell phone number: To give or not to give

More and more companies assume your phone is your second-factor authentication, raising potential for abuse

I was updating my company 401(k) information last week, and the website wanted me to provide my cellphone number. It didn’t say why, nor did it explain how it would use that information. A conference I signed up for also wanted my cellphone number, again with no explanation or context.

In both cases, I left the field blank, but it’s getting harder to do so these days, as more and more services require a cellphone number, ostensibly to text confirmations such as for second-factor authentication or call if suspicious activity is detected on your account. Fortunately, it is illegal for businesses to require customers to furnish a cellphone number to complete an order, notes Federal Trade Commission analyst Bikram Bandy. But some companies may still make the cell number a required field in their forms.

That may be good for security, but it raises a host of privacy and sanity issues that the industry at large has not figured out — and some are abusing.

One issue is that as people are abandoning landlines for cellphones, direct marketers are unable to reach people to hawk their services, legit and otherwise. Federal law prohibits soliciting any phone numbers — landline or cellular — via autodialers, even if that phone is not on the Do Not Call registry.

I asked the FTC about what can be done with your cellphone number if you provide it. According to analyst Bandy and spokesman Mitch Katz, despite tight restrictions on abusive telemarketing, loopholes remain to be exploited. My outreach to the Federal Communications Commission (FCC), whose rules are very similar to the FTC’s, resulted in some of the same loopholes.

At the FTC, Katz’s personal advice is never to give out your cellphone number “because it will end up in a database somewhere.” The FCC’s official advice: “Be careful about giving out your mobile phone number, email address, or any other personal information.”

Here’s what a company can and cannot do with your phone number, whether a landline or cellphone:

If you have done business with the company and provided your phone number, the company or its agents can call you for 180 days, even if your number is on the FTC’s Do Not Call registry. That’s the “business relationship” exemption. It cannot use an autodialer to place robocalls, however — only make human-dialed calls to you.

The Do Not Call registry applies to personal phones, not business units. But many of us use the same phone for both, one of the muddying consequences of BYOD and COPE, as well as of working from home. As a result, a phone used for business — no matter who owns it — is less protected against telemarketing than one used for personal calls only; the Do Not Call registry does not apply to business solicitations. Still, FTC rules restricts the types of telemarketing calls that can be made to “business” numbers: The calls must be to sell a good or service related to that specific business, so unrelated telemarketing is not allowed. A seed company can call a farmer at his office or home number if that number is on the Do Not Call registry, for example, but a vacation cruise company cannot, Bandy says.

It has been illegal since September 2009 to use autodialers to call any phone, whether cell or landline, unless you agree in advance to such calls in writing, which hardly anyone knowingly does. But we still get them from less-scrupulous marketers.

If the company has your cellphone number, per FTC rules, it can text you all it wants — the Do Not Call registry only applies to voice calls — as long as the texts are not misleading or otherwise fraudulent. Per FCC rules, texts may not be sent by an automated system unless you agree to that in writing in advance for business relationships and orally for informational purposes (such as with nonprofits). The texts must include an opt-out link and ID from the sender. As we all know, few comply with the FCC’s rules.

The federal rules don’t apply to calls or texts made from other countries, so those Indian “we’ll fix your PC” scam callers can call as much as they want.

In a nutshell: Once you’ve released that cell number, you are fair game for telemarketing. How much telemarketing you’re setting yourself up for depends on how strictly a company follows the FTC’s and FCC’s rules. Lots of boiler-room operations don’t, enforcement is low, and even when caught all a company has to do is set up shop under a new name.

Basically, given that you have a cellphone with you all the time, it would be idiocy to turn it into a telemarketing venue. But you may have no realistic choice. For example, Apple’s iCloud uses your cell number to send texts to authorize certain changes to your iTunes account, iCloud access, and Apple ID. Google will do the same if you let it, as will some banks.

The FTC’s Bandy says that if you provide your cell number, such companies could call on your cellphone for purposes other than verification and authorization. However, they would have to use human-dialed calls, which are costly, lessening the chances of spam calls.

Text spam is not prohibited by the FTC, but the FCC regulates texted commercial solicitations: As previously noted, automated texts are banned, and texts must include an opt-out method and a return address. That’s pretty much it — there’s no equivalent to the Do Not Call registry for texts. As you can see, the FCC’s text spam regulations are not as stringent as the FTC’s phone spam regulations.

Apple uses privacy protection as a competitor differentiator, and I trust it not to abuse me via texts or calls; Google, not so much, despite assurances from the company that it won’t use for other purposes or share my number. Google’s business is all about mining and selling personal data, so at some point I believe it will change those policies.

FTC rules restrict its ability to sell those numbers to others, and Do Not Call registry rules still apply. However, a real risk of text spam and a smaller risk of increased phone solicitations to your cellphone remain.

Likewise, I’m leery of my bank or other financial institution having my cellphone number, despite FTC and FCC rules. That industry is a master at spam, after all. The same goes for my Kaiser health plan; the constant robocalls to my home landline phone got so bad that I provided a fax number to stop the barrage of calls and voicemails that boiled down to “we have useful information for you; please call to see what it might be.” And Kaiser wants my cell number? Nuh-uh.

Another issue is cost — on many cellphone plans, texts cost 20 cents each. You could spend a fortune — or be forced to buy a text plan on top of the already-high cost of a data plan — if your cellphone number gets out. This issue is waning, though, as the cellular carriers have herded most people into their higher-priced “everything” plans. Most users no longer face an economic loss from telemarketing via cellular, only a loss of time and quiet.

The third issue is, as I mentioned previously, that many of us have one number — our cell — for both business and personal use. We don’t have two-line cellphones in the United States, and if there were they’d be confined to the same carrier and probably cost twice as much as a single-line plan.

That commingling means you can’t easily manage calls and texts from legitimate but off-hours sources. iOS and Android have do-not-disturb features, but they don’t work per user. In some cases, you can filter out notifications based on contacts groups, but it’s a lot of work to manage, as I discovered when I tried using Google Voice for that purpose, and it’s hardly exact.

As a journalist, I’m barraged by PR people across the globe, who don’t respect time zones or weekdays. My phone literally rings 24/7 as PR peons dial numbers from one of a half dozen databases they use to track the media. (That’s allowed as a business-to-business solicitation.)

I had to retire my old home number once I got on the PR telemarketing databases — I naively provided it to one PR person, who added it to the firm’s media database, which then propagated everywhere. Long ago, I also stopped answering my office landline due to the constant PR spam calling, so this issue is acute for me. But it’s acute for many professionals, especially anyone targeted by a vendor for a sales pitch. Ask any CIO.

What to do? Probably the best option is a federal law that disallows all marketing calls and texts from a company and all its affiliates and partners to cellphones when those numbers are provided for use as second-factor authentication or as a verification method. Furthermore, no marketing call or text should be allowed to hide its originating number (as many do), so abusers can be more easily identified.

There should be no exceptions — after all, they can always email their pitches, since most people now have phones that do email.

A federal law won’t stop abuse. Who doesn’t still get marketing calls for personal landlines or cellphones you’ve added to the federal Do Not Call registry, even a decade after its launch? But the law has reduced telespam hugely and has been effective.

Maybe Apple or Google will figure out smarter ways to filter incoming calls and texts to block abuse before it wakes you up at 2 a.m., interrupts your dinner, or raises your monthly bill. Or maybe the industry will support two-line phones in a way the carriers don’t abuse.

I’m not holding my breath for a technology solution: Look at how ineffective technology has been in dealing with email spam.

I suspect the only way for our cellphones to not reach that state is to keep off the telemarketing grid in the first place. When asked to provide my cellphone number, I say no 99 percent of the time. Security is important, but sanity is more crucial.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

The top infosec issues of 2014

Security experts spot the trends of the year almost past

There is still time for any list of the “top information security issues of 2014” to be rendered obsolete. The holiday shopping season is just getting into high gear, after all, and everybody knows it was from late November to mid-December last year when the catastrophic Target breach occurred.

But this list is about more than attacks and breaches – it is about broader infosec issues or trends that are likely to shape the future of the industry.

Several experts offered CSO some thoughts on their top picks, what can be learned from them and whether that knowledge can help organizations improve their security posture in the coming year.

Cyber threats trump terrorism
An Associated Press story this past week on the federal government’s $10-billion annual effort to secure its multiple agencies noted, almost in passing, that, “intelligence officials say cybersecurity now trumps terrorism as the No. 1 threat to the U.S.”

That makes sense to Sarah Isaacs, managing partner at Conventus. While cyber attacks have been expanding and evolving for decades, Isaacs said there has been a qualitative change: It is not just criminals trying to steal money – it is nation states using it for espionage and even military advantage.

Be sure not to miss:

Free security tools you should try

In May, “the Department of Justice indicted five members of China’s People’s Liberation Army on felony hacking charges for stealing industrial secrets,” she said. “We’ve never seen that before.”

Then in September, “NATO agreed that a cyber-attack could trigger a military event,” she said. “This is about more than protecting credit cards. This is escalating to new levels.”
“Everyone is oversharing everything. The threats are broad and potentially catastrophic.”
sarah isaacs

Sarah Isaacs, managing partner, Conventus
Author, security guru and Co3 Systems CTO Bruce Schneier, would likely agree. In a recent blog post, he wrote that increasingly sophisticated attacks, especially advanced persistent threats (APT) that are not about financial theft, are coming from, “a new sort of attacker, which requires a new threat model.”

There is evidence of that in a recent study by ISACA on APTs. CEO Rob Clyde said 92% of respondents, “feel APTs are a serious threat and have the ability to impact national security and economic stability.”

Clouds – private, public and hybrid – are not new. But the steady increase in the use of cloud storage services is posing larger risks to businesses.

Schneier, in his blog post, said the continuing migration to clouds means, “we’ve lost control of our computing environment. More of our data is held in the cloud by other companies …”

While experts say cloud service providers frequently provide better security, that may not be true of so-called “shadow” or “rogue” use of clouds by workers who believe that is an easier way to do their jobs than going through IT.

Internet of Everything (IoE) – a hacker frontier

The Internet of Things (IoT) is so last year. It is now the IoE. Smart, embedded devices in homes, cars, electronics, machines, and worn by individuals are now mainstream. They already number in the billions, and estimates of their growth range from 50 billion by 2020 to more than a trillion within the next decade.

And that means a growing tsunami of data flowing to the Internet, where it can be sold for marketing purposes or stolen for more malicious means.

Isaacs, who says she is among those who uses an exercise wearable, said she used “dummy data” to register it. “So nobody knows it’s my data,” she said. “It can’t be mapped directly to me.”

In general, however, she said, “everyone is oversharing everything. The threats are broad and potentially catastrophic. I’m very nervous about the smart cars I see.

There does seem to be an increasing awareness of the privacy implications of smart cars. The AP reported this week that 19 automakers that make most of the cars and trucks sold in the U.S. signed on to a set of principles, delivered to the Federal Trade Commission (FTC), that seek to reassure vehicle owners that the information gathered by those vehicles, “won’t be handed over to authorities without a court order, sold to insurance companies or used to bombard them with ads … without their permission.”

The vulnerabilities of “smart” devices to hacking have been demonstrated numerous times, prompting Phil Montgomery, senior vice president of Identiv to call for, “a more regimented standards-based security approach that relies less on outdates processes around username/password technology and more on stronger forms of authentication.”

No parties for third parties
This was the year that the risks of breaches through third-party contractors made it into mainstream consciousness. The Target breach, which exposed 70 million records, was just one of many that came through outside vendors.

Regulatory agencies are trying to maintain that awareness. Stephen Orfei, the new general manager of the Payment Card Industry Security Standards Council (PCI SSC) noted in a recent interview that, “security is only as good as your weakest link – which means the security practices of your business partners should be as high a priority as the integrity of your own systems.”
“Employee negligence was at an all-time high in 2014.”
christine marciano

Christine Marciano, president, Cyber Data-Risk Managers
Christine Marciano, president of Cyber Data-Risk Managers, said that in addition to vetting vendors for rigorous security standards, companies should, “require their vendors to carry and purchase cyber/data breach insurance, to indemnify them for any costs associated with a data breach caused by the vendor’s negligence.”

The porous, sometimes malicious, human OS
While third parties may be a weak link in the security chain, that is less likely due to technology and more due to the human factor.

It was former National Security Agency contractor Edward Snowden who brought the risks of malicious insiders to international attention in 2013, but the danger to enterprises can be just as great from loyal insiders who are simply “clueless or careless,” and fall for social engineering scams.

Joseph Loomis, founder and CEO of CyberSponse, said he is, “sure there are major companies out there with little controls over their employees and their access rights. Who is watching who and what they’re doing?”

It is also about employees controlling themselves when presented with ever-more persuasive social engineering attacks.

The federal government reported earlier this year that 63 percent of the breaches of its systems in 2013 were due to human error.

According to Marciano, “employee negligence was at an all-time high in 2014,” with the problems ranging from, “failure to perform routine security procedures to lack of security awareness, routine mistakes and misconduct.”

Eldon Sprickerhoff, cofounder and chief security strategist at eSentire, noted that, “phishing emails are getting better and better. I’ve seen some that were so well targeted, so well done that I could not tell the difference.”

And it is not just the average worker who is a problem. Identity Finder CEO Todd Feinman said the problem goes all the way to the top. “Many executives don’t know where their sensitive data is so they don’t know how to protect it,” he said.

Ubiquitous BYOD
While BYOD is now mainstream in the workplace, Isaacs calls the increased focus on mobile computing, “very scary, and it’s going to get even worse.”

BYOD is now bringing, “extremely unreliable business applications inside the walls of corporations,” she said. “There are a lot of software vulnerabilities. Every app that is free or 99 cents, probably doesn’t have great level of security. And people don’t install patches either.”

According to Clyde, “there are now many times more mobile devices than PCs in the world. In fact, in many regions of the world, mobile devices are the only way most users connect to the Internet,” yet security remains a relative afterthought.

ISACA found that, “fewer than half (45%) have changed an online password or PIN code.

And now, connected wearable devices (BYOW) are becoming common in the workplace, yet, “a majority of professionals say their BYOD policy does not address wearable tech, and some do not even have a BYOD policy,” Clyde said.

The age of Incident Response (IR)
All of the above issues have led to an increased focus on IR. According to Schneier, this is not just the year but the decade of IR, following a decade of protection products and another of detection products.

In his blog post, he cited three trends: More data held in the cloud and more networks outsourced; more APTs by nation states and; a continuing lack of investment in protection and detection, leaving the bulk of the burden on response.

But IR has been more on everybody’s lips in 2014 than even a couple of years ago. The mantra of security experts is that it is not a matter of if, but when, an organization will be breached, and that an effective IR plan (combined with detection) can make attacks more of a nuisance than a disaster.

Getting IR right is crucial, but Tom Bain, vice president of CounterTack, calls it, “the hardest job in security. You can have all the technology in place to detect, prevent and analyze, but if your workflow is broken, or the team is so inundated with incident investigation, you are still vulnerable,” he said.

More regulation, please
An industry that generally decries government regulation – retail – is now singing the opposite tune when it comes to cyber security.

A Nov. 6 letter signed by 44 state and national organizations representing retailers, addressed to the leaders of both houses of Congress, called for, “a single federal law applying to all breached entities (to) ensure clear, concise and consistent notices to all affected consumers regardless of where they live or where the breach occurs.”

Sprickerhoff said such a law would be, “a good first step. There are 38 states with different definitions of what is a breach, so things are getting a bit out of hand,” he said. “If you had unifying description of what needs to be done, that’s not a bad thing.”

Richard Bejtlich, chief security strategist, FireEye
“I worry that ‘compliance with frameworks’ attracts a lot of attention,” said Richard Bejtlich, chief security strategist at FireEye. “I would prefer that organizations focus on results or outputs, like what was the time from detection to containment?

“Until organizations track those metrics, based on results, they will not really know if their security posture is improving,” he said.

What to do?
There are, of course, no magic bullets in security. Isaacs said, noting that it’s almost impossible to say what is the biggest threat. “I heard a speech where it was described as, “death by a thousand cuts,” she said.

But experts do have suggestions. Sprickerhoff said more training is crucial, not just the security awareness of employees, but the next generation of IT security experts.

“I don’t think it’s ever been harder to find good people in IT security,” he said. “There’s not much in course work at the college level.”

Eyal Firstenberg, vice president research, LightCyber, said improving security is going to take a combination of technology and training.

“There is a need for fast and accurate alerts and notifications, which ultimately determine the outcome of these cyber engagements,” he said, but added that, “organizations need more professional diagnosticians on staff who are trained to know what threats are real and need to be addressed, and which ones aren’t.”

Ashley Hernandez, an instructor for Guidance Software, calls for more communication among organizations. “Security professionals need to have a way to share intelligence about patterns or attack types to others in their industry or trusted security groups,” she said.

Clyde notes that ISACA, “has a number of programs, from risk governance frameworks like COBIT 5 to the Cybersecurity Nexus (CSX), to ensure cybersecurity professionals have the skills they need to defend enterprises from the plethora of threats.”

Finally, Loomis offers a short list:
Improve procurement processes. “It takes too long to buy new tools,” he said.
Start educating your staff on what the DHS and NIST Frameworks really are. Read the MITRE book on the 10 strategies to a world-class SOC.
Stop believing the marketing and get real-world feedback on tools. “Security has put a lot of money into marketing, but that doesn’t mean the solution is right for the organization,” he said.
Run simulations. “When was the last time a company ran a real cyber drill?” he asked.
Stop following paper policy, “Militarizing your team, running drills, making it second nature is what will help the response process, not following a check list,” he said.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

SDN tools increase WAN efficiency

SDNs can help automate and manage WAN operations
Configuring, maintaining and changing WAN infrastructure can be a nightmare given the distributed nature of the beast and all the remote touch points, but emerging Software Defined Networking (SDN) tools promise to make these operations more efficient.

Usually touted as a data center tool, SDN can be used to automate and manage WAN operations, says Zeus Kerravala, principal of ZK Research. WAN issues are hard to address because of the dispersed nature of the resources, he says. “There’s no perfect way of making changes to the WAN,” but “SDN brings automation and orchestration from a centralized location and allows you to react faster.”

“SDN brings automation and orchestration from a centralized location and allows you to react faster.”

Zeus Kerravala, principal of ZK Research
More than data center nets, the WAN is a bigger headache for customers, especially those that are IT constrained, Kerravala says. And major IT trends such as SaaS, private clouds, BYOD, mobility and voice/data convergence are adding extra WAN stress, according to analyst Lee Doyle of Doyle Research. WAN links now require improved security, lower latency, higher reliability and support for any device in any location to accommodate these trends.

“The WAN or branch is ripe for disruption” through SDN, Doyle says. SDN vendors are “trying to simplify the mess we have with branch operations.”

Indeed, for two years running the members of the Open Network User Group (ONUG) have identified SDN WANs as the No.1 use case, according to Nick Lippis of Lippis Enterprises, a founding member of ONUG.

Be sure not to miss:
How to get more out of your virtualized and cloud environments
Public cloud storage can be efficient, but its role is still pretty limited
How to get the most out of your IT talent
How UPS uses analytics to drive down costs

And a number of start-ups are intent on using SDN to make WANs more efficient, including the likes of Glue Networks, CloudGenix and Viptela. Here’s a look at their different approaches:

* Glue Networks is targeting Cisco’s installed base of WAN routers with its SDN WAN offering. Glue says its addressable market is the $12 billion worth of 16 million Cisco WAN routers installed globally, which the company expects to reach 23 million in 2017.

Glue’s Gluware orchestration software runs in the cloud and provides a service for turning up remote sites and teleworkers worldwide. It is designed to lower the cost of private WAN networking by automating those operations and handling ongoing maintenance, monitoring, life-cycle management and feature extension.

The software automates the provisioning of voice, video, wireless, LAN networking, IP addressing, PKI security, firewalls, VLANs and ACLs, and allows users to configure a meshed, spoke-to-spoke, low latency infrastructure that is QoS-enabled, the company says.

Glue’s products are essentially a software-defined dynamic multipoint VPN offered as a monthly software-as-a-service subscription. It includes a central policy-based controller, applications with “CCIE intelligence,” and an API to configure the OS using the applications.

Cisco includes Glue products on its price list and will compensate 14,000 sales people for selling them. Cisco also recently invested in SDN WAN company LiveAction, a maker of network traffic visibility and centralized application control software.

* CloudGenix is offering a software-defined enterprise WAN (SDEwan) designed for hybrid clouds and a mobile workforce. SDEwan is designed to virtualize enterprise networks and securely enable access to cloud and data center applications, while reducing remote office infrastructure requirements.

CloudGenix officials said the market for their products is $5 billion in remote branch office WAN infrastructure and operations.

The CloudGenix platform is based on a business policy framework with cloud-based control, designed to automate the rollout of cloud-based applications to remote offices while maintaining regulatory and business practice compliance. SDEwan is intended to enable scale of enterprise WANs based on business intent rather than technology constraints, connecting users to applications rather than connecting locations only.

SDEwan virtualizes networks and assigns application-specific business and IT policies. As applications are delivered from public, private and hybrid clouds, SDEwan allows IT to enforce security, performance and compliance policies in a location-independent manner.

The CloudGenix product virtualizes a hybrid infrastructure of MPLS, best effort Internet and 4G/LTE networks. It also centralizes network functions such as firewalling, threat detection and data leakage prevention, while distributing enforcement of those security policies out to remote sites.

This is intended to reduce the amount of equipment and administration necessary at the branch office, ease management and optimize WAN utilization.

* Viptela notes the need for SDN in the WAN is to help reduce complexity associated with stitching together multiple transport networks, patching security vulnerabilities, and segmenting the network for lines of business and business partners. SDNs and virtual network overlays can also improve WAN performance for cloud and Internet applications, enable use of optimal technology for capacity and scale requirements, and help translate business logic into network and security policies.

Viptela’s products for making WAN operations more efficient are vEdge Routers, vSmart SDN Controller and the vManage network management system for building Secure Extensible Network (SEN). The routers sit at the perimeter of a remote, branch, campus or data center site and provide secure data connectivity over any transport, the company says.

The SDN controller centrally manages routing, policy, security, segmentation, and authentication of new devices that join the overlay network. The vManage system enables centralized configuration and management of the Viptela SEN environment with a dashboard displaying the real-time health of the network.

Kerravala says Viptela is focusing on the implications of today’s WAN architectures, where traffic patterns are becoming less predictable with the advent of mobile and cloud. Traffic is no longer following a well-defined pattern of backhaul to the data center from the branch, he notes.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at


20-plus eye-popping Black Friday 2014 tech deals

iPhone 6, iPad Air, Samsung Galaxy gear and big cheap TVs among the hottest electronic deals for Black Friday and Cyber Monday in 2014.

Black Friday is upon us
Word is that more retailers will relent to public pressure – I mean do the right thing for their employees – and close on Thanksgiving Day this year. But that won’t prevent them from going all out online, where much is automated and the workers are less prominent. Here are some of the best deals on network and technology offerings for Black Friday, Cyber Monday and in between. (Compare with last year’s deals)

Black Friday is upon us
Word is that more retailers will relent to public pressure – I mean do the right thing for their employees – and close on Thanksgiving Day this year. But that won’t prevent them from going all out online, where much is automated and the workers are less prominent. Here are some of the best deals on network and technology offerings for Black Friday, Cyber Monday and in between. (Compare with last year’s deals)

Dell: Inspiron 15-inch laptop
Powered by an Intel Celeron processor and running Windows 8.1, this system boasts 4GB of RAM and a 500GB hard drive. Dell’s special pricing for those getting through online beginning at 12 a.m. on Friday, Nov. 28, is $190, a $110 discount off what Dells calls the “market price” (though Dell appears to regularly sell the laptop for $250.

Target: Apple TV
Like other retailers, Target has a number of deals on Apple products. Among them: $11 off an Apple TV device, which you can get for $89 on Black Friday.

Target: iPhones, iPads and gift cards
Apple gives retailers little leeway in terms of discounting its products, so Target and others often resort to selling the Apple products for the regular price, but bundling the with gift cards. Target is offering a $100 Target gift card with an iPad Air 16GB WiFi tablet ($400), iPad mini 3 16GB WiFi tablet ($400) or iPad mini 2 16GB WiFi Tablet ($300).

Best Buy: Samsung Gear Fit Fitness watch with heart rate monitor
Best Buy is slashing the price on this gadget, which comes in black, from $150 to $100. Count your steps taken and calories burned in style, with this device, which syncs up with various Android phones. Best Buy’s online sales will run Thursday/Friday, with stores opening at 5 pm on Thanksgiving Day where allowed, and again at 8 am on Friday.

Best Buy: Surface Pro 3
The retailer is cutting $50 to $150 off the price of Microsoft Surface Pro 3 tablets with 128GB of storage or more (they start at $1,000 before the discount). Note that this does not include the keyboard for the flexible 12-inch touchscreen device.

Best Buy: Panasonic 50-inch LED TV doorbuster
This 33-pound Panasonic TV, which serves up a 1080p and 60Hz HDTV picture, usually costs $550. The pre-Black Friday price is down to $500, but will go for just $200 in this in-store-only deal on Thanksgiving/Black Friday.

Microsoft: Tablets and games
The Microsoft Store lists a slew of deals, some for which you need to wait until Thanksgiving or Black Friday, and others that you can snag ahead of time. Among the early bird specials is a Lumia 635 phone for 1 cent with a new service contract. The phone has a 4.5-inch screen, runs Windows 8.1 and has 8GB of storage. Microsoft also has lots of Xbox and game deals available in its store this holiday shopping season.

Staples: Asus x205-TA Laptop computer
This bare-bones Windows 8.1 machine, with a 32GB hard drive and 2GB of RAM, normally goes for $250. It’s already been marked down to $200, and for Black Friday, Staples is cutting that price in half. The laptop, featuring 802.11abgn WiFi, is powered by an Intel Atom processor and has an 11.6-inch screen.

Staples: JLab Pro-7 Tablet
OK, can’t say we know this brand either, but for $40, it could be worth a shot if you just want to play around with a small Android tablet. The device usually sells for $70. It only packs 8GB or storage, but has a MicroSD slot for adding up to 32GB more.

RadioShack: RC Surveyor Drone
Satisfy your drone curiosity and freak out your neighbors with this 2.4GHz quadcopter that’s been marked down from $70 to $35 for Black Friday. This lightweight flyer comes with a built-in 1080×720 camera, can be controlled up to 65 feet away and can even do stunts. RadioShack will be opening on Thanksgiving morning, again late in the afternoon, and then at 6 am on Black Friday.

Costco: HP Envy 15.6-inch TouchSmart Laptop
This computer is powered by an Intel 4th generation Core i7 processor, runs Windows 8, features Beats audio and a 1TB hard drive. Costco, which is tossing in a second-year warranty, is slashing its $800 warehouse price by $150 for Black Friday shoppers who come into the store.

Office Depot/Officemax: Samsung Galaxy Tab 4
The price on this 10.1-inch Android tablet has been axed to $250, which is $100 off the usual price. Yes, this isn’t Samsung’s latest model, but it only came out in April. The device features a 1.2GHz quad core processor, and 16GB of storage, expandable to 64GB.

Meijer: Samsung Galaxy Tablet Lite
This 7-inch, 8GB tablet will run you $99 on Black Friday, which is $40 off the regular price. Plus, you’ll get a $20 coupon for your next shopping trip. The touchscreen tablet boasts a 1.2Ghz dual-core processor.

Sears: 55-inch Samsung LED TV
This 1080p Smart HD-TV, usually priced at $1,400, is available for $800 starting on Thanksgiving night (though note that Sears already lists TV for $1,000, not $1,400). It comes integrated with services such as Netflix and Pandora.

Belk: iLive Bluetooth Soundbar
This 32-inch black bar will enable you to wireless boom your tunes for $70 — $30 off the usual price. Works with iOS gadgets and most Android and BlackBerry devices. Can also sync up with your TV, game systems and more. This is an online deal.

Shopko: Kindle Fire HD tablet
This lightweight 7-inch WiFi tablet (with 8GB of storage, 1GB of which is internal memory) will have its price shaved by $20, so you pay $80. The retailer’s Black Friday deals start at 6 pm on Thanksgiving Day, though look for additional doorbusters as early as Wednesday.

Various retailers: Record Store Day specials
Got an MP3 hater in your life who prefers to spin big ol’ discs? Record Store Day, an annual April event designed to accommodate record lovers, expands for a Black Friday event that will feature limited-edition offerings from a variety of singers and bands, including The Afghan Whigs, The Beatles and Chvrches.

Walmart: iPhone 6
The monster retailer, which has said it will match Amazon prices in all its stores to kick off the holiday shopping season, has a pretty fine deal on the iPhone 6, which will cost $179 for a 16GB model with a two-year contract (typically $199). What’s more, you’ll get a $75 Walmart gift card, plus another $200 gift card for a smartphone trade-in. (Some industry watchers have warned about whether the 16GB size will only lead to frustration for iPhone 6 users…)

Walmart: 65-inch Vizio LED TV
This behemoth set will go for $648 this Black Friday, a savings of $350. Walmart says a 60-incher last holiday season went at $688, so you can see where pricing for big TVs is going…

Walmart: Xbox One Assassin’s Creed Unity Bundle
This package, including the Microsoft game console, the new edition of Assassin’s Creed and Version IV: Black Flag, will be available for $329 starting on Thanksgiving Day at Walmart. That’s down from the usual price of $400, though actually that price has already been marked down to $349.

Toys R Us: 5th generation iPod touch
You don’t hear about these much anymore, but it makes sense that Toys R Us would sell this Apple mainstay. The 16GB model is selling on Black Friday for $150 — $50 off the usual price. It comes in many pretty colors, too!

Kohl’s: Innovative Technology portable power bank
Kohl’s isn’t the first retailer we think of for tech products, but we did come across this possible stocking stuff: a Justin 2200mAh Power Stick Portable Power Bank for $10, which is $15 off the regular price. USB-pluggable, works with most smartphones to keep you from running out of juice when not able to plug in.

Hhgregg: LG 50-inch smart LED TV
The electronics retailer has a ton of TVs on sale, with many prices slashed by $100 or more. One example: The LG 1080p 120Hz LED WebOS Smart HDTV, which will go for $658, down from $800. You get a free 6-month Spotify subscription to boot.

Comptia A+ Training, Comptia A+ certification

Best comptia A+ Training, Comptia A+ Certification at

How automation could take your skills — and your job

A new book by Nicholas Carr should give IT managers pause about the rush to automation

Nicholas Carr’s essay IT Doesn’t Matter in the Harvard Business Review in 2003, and the later book, argued that IT is shifting to a service delivery model comparable to electric utilities. It produced debate and defensiveness among IT managers over the possibility that they were sliding to irrelevancy. It’s a debate that has yet to be settled. But what is clear is that Carr has a talent for raising timely questions, and he has done so again in his latest work The Glass Cage, Automation and Us (W.W. Norton & Co.)

This new book may make IT managers, once again, uncomfortable.

The Glass Cage examines the possibility that businesses are moving too quickly to automate white collar jobs, sophisticated tasks and mental work, and are increasingly reliant on automated decision-making and predictive analytics. It warns of the potential de-skilling of the workforce, including software developers, as larger shares of work processes are turned over to machines.

This book is not a defense of Luddites. It’s a well-anchored examination of the consequences and impact about deploying systems designed to replace us. Carr’s concerns are illustrated and found in, for instance, the Federal Aviation Administration’s warning to airlines about automation, and how electronic medical records may actually be raising costs and hurting healthcare.

In an interview, Carr talked about some of the major themes in his book. What follows are edited excerpts:
Glass Cage cover

The book discusses how automation is leading to a decay of skills and new kinds of risks. It cites an erosion of skills among aircraft pilots, financial professionals and health professionals who, for instance, examine images with automation. But automation has long replaced certain skills. What is different today about the automation of knowledge or mental work that makes you concerned? I think it comes to the scope of what can be automated today. There has always been, from the first time human beings developed tools, and certainly through the industrial revolution, trade-offs between skill loss and skill gain through tools. But until the development of software that can do analysis, make judgments, sense the environment, we’ve never had tools, machines that can take over professional work in the way that we’re seeing today. That doesn’t mean take it over necessarily entirely, but become the means through which professionals do their jobs, do analytical work, make decisions, and so forth. It’s a matter of the scope of automation being so much broader today and growing ever more broad with each kind of passing year.

Where do you think we stand right now in terms of developing this capability? There are some recent breakthroughs in computer technology that have greatly expanded the reach of automation. We see it on the one hand with the automation of complex psychomotor skills. A good example is the self-driving car that Google, and now other car makers, are manufacturing. We’re certainly not to the point where you can send a fully autonomous vehicle out into real-world traffic without a backup driver. But it’s clear that we’re now at the point where we can begin sending robots out into the world to act autonomously in a way that was just impossible even 10 years ago. We’re also seeing, with new machine-learning algorithms and predictive algorithms, the ability to analyze, assess information, collect that, interpret it automatically and pump out predictions, decisions and judgments. Really, in the last five years or so we, have opened up a new era in automation, and you have to assume the capabilities in those areas are going to continue to grow, and grow pretty rapidly.

What is the worry here? If I can get into my self-driving car in the morning, I can sit back and work on other things. There are two worries. One is practical and the other is philosophical. The actuality of what’s facing us in the foreseeable future is not complete automation, it’s not getting into your car and simply allowing the computer to take over. It’s not getting into a plane with no pilots. What we’re looking at is a shared responsibility between human experts and computers. So, yes, maybe at some point in the future we will have completely autonomous vehicles able to handle traffic in cities. We’re still a long way away from that. We have to figure out how to best balance the responsibilities between the human expert or professional and computer. I think we’re going down the wrong path right now. We’re too quick to hand over too much responsibility to the computer and what that ends up doing is leaving the expert or professional in a kind of a passive role: looking at monitors, following templates, entering data. The problem, and we see it with pilots and doctors, is when the computer fails, when either the technology breaks down, or the computer comes up against some situation that it hasn’t been programmed to handle, then the human being has to jump back in take control, and too often we have allowed the human expert skills to get rusty and their situational awareness to fade away and so they make mistakes. At the practical level, we can be smarter and wiser about how we go about automating and make sure that we keep the human engaged.

Then we have the philosophical side, what are human beings for? What gives meaning to our lives and fulfills us? And it turns out that it is usually doing hard work in the real world, grappling with hard challenges, overcoming them, expanding our talents, engaging with difficult situations. Unfortunately, that is the kind of effort that software programmers, for good reasons of their own, seek to alleviate today. There is a kind of philosophical tension or even existential tension between our desire to offload hard challenges onto computers, and that fact that as human beings, we gain fulfilment and satisfaction and meaning through struggling with hard challenges.

Let’s talk about software developers. In the book, you write that the software profession’s push to “to ease the strain of thinking is taking a toll on their own skills.” If the software development tools are becoming more capable, are software developers becoming less capable? I think in many cases they are. Not in all cases. We see concerns — this is the kind of tricky balancing act that we always have to engage in when we automate — and the question is: Is the automation pushing people up to higher level of skills or is it turning them into machine operators or computer operators — people who end up de-skilled by the process and have less interesting work. I certainly think we see it in software programming itself. If you can look to integrated development environments, other automated tools, to automate tasks that you have already mastered, and that have thus become routine to you that can free up your time, [that] frees up your mental energy to think about harder problems. On the other hand, if we use automation to simply replace hard work, and therefore prevent you from fully mastering various levels of skills, it can actually have the opposite effect. Instead of lifting you up, it can establish a ceiling above which your mastery can’t go because you’re simply not practicing the fundamental skills that are required as kind of a baseline to jump to the next level.

What is the risk, if there is a de-skilling of software development and automation takes on too much of the task of writing code? There are very different views on this. Not everyone agrees that we are seeing a de-skilling effect in programming itself. Other people are worried that we are beginning to automate too many of the programming tasks. I don’t have enough in-depth knowledge to know to what extent de-skilling is really happening, but I think the danger is the same danger when you de-skill any expert task, any professional task, …you cut off the unique, distinctive talents that human beings bring to these challenging tasks that computers simply can’t replicate: creative thinking, conceptual thinking, critical thinking and the ability to evaluate the task as you do it, to be kind of self-critical. Often, these very, what are still very human skills, that are built on common sense, a conscious understanding of the world, intuition through experience, things that computers can’t do and probably won’t be able to do for long time, it’s the loss of those unique human skills, I think, [that] gets in the way of progress.

What is the antidote to these pitfalls? In some places, there may not be an antidote coming from the business world itself, because there is a conflict in many cases between the desire to maximize efficiency through automation and the desire to make sure that human skills, human talents, continue to be exercised, practiced and expanded. But I do think we’re seeing at least some signs that a narrow focus on automation to gain immediate efficiency benefits may not always serve a company well in the long term. Earlier this year, Toyota Motor Co., announced that it had decided to start replacing some of its robots in it Japanese factories with human beings, with crafts people. Even though it has been out front, a kind of a pioneer of automation, and robotics and manufacturing, it has suffered some quality problems, with lots of recalls. For Toyota, quality problems aren’t just bad for business, they are bad for its culture, which is built on a sense of pride in the quality that it historically has been able to maintain. Simply focusing on efficiency, and automating everything, can get in the way of quality in the long-term because you don’t have the distinctive perspective of the human craft worker. It went too far, too quickly, and lost something important.

Gartner recently came out with a prediction that in approximately 10 years about one third of all the jobs that exist today will be replaced by some form of automation. That could be an over-the-top prediction or not. But when you think about the job market going forward, what kind of impact do you see automation having? I think that prediction is probably over aggressive. It’s very easy to come up with these scenarios that show massive job losses. I think what we’re facing is probably a more modest, but still ongoing destruction or loss of white collar professional jobs as computers become more capable of undertaking analyses and making judgments. A very good example is in the legal field, where you have seen, and very, very quickly, language processing software take over the work of evidence discovery. You used to have lots of bright people reading through various documents to find evidence and to figure out relationships among people, and now computers can basically do all that work, so lots of paralegals, lots of junior lawyers, lose their jobs because computers can do them. I think we will continue to see that kind of replacement of professional labor with analytical software. The job market is very complex, so it’s easy to become alarmist, but I do think the big challenge is probably less the total number of jobs in the economy then the distribution of those jobs. Because as soon as you are able to automate what used to be very skilled task, then you also de-skill them and, hence, you don’t have to pay the people who do them as much. We will probably see a continued pressure for the polarization of the workforce and the erosion of good quality, good paying middle class jobs.

What do you want people to take away from this work? I think we’re naturally very enthusiastic about technological advances, and particularly enthusiastic about the ways that engineers and programmers and other inventors can program inanimate machines and computers to do hard things that human beings used to do. That’s amazing, and I think we’re right to be amazed and enthusiastic about that. But I think often our enthusiasm leads us to make assumptions that aren’t in our best interest, assumptions that we should seek convenience and speed and efficiency without regard to the fact that our sense of satisfaction in life often comes from mastering hard challenges, mastering hard skills. My goal is simply to warn people.

I think we have a choice about whether we do this wisely and humanistically, or we take the road that I think we’re on right now, which is to take a misanthropic view of technological progress and just say ‘give computers everything they can possibly do and give human beings whatever is left over.’ I think that’s a recipe for diminishing the quality of life and ultimately short-circuiting progress.


Cisco CCNA Training, Cisco CCNA Certification

Best Microsoft MCTS Certification, Microsoft MCITP Training at

Internet of Things roundtable: Experts discuss what to look for in IoT platforms

Networking is at the heart of every Internet of Things deployment, connecting sensors and other “Things” to the apps that interpret the data or take action.

But these are still early days. Assembling an IoT network from commercial off-the-shelf components is still, let’s just say, a work in progress. This will change over time, but for now the technical immaturity is being addressed by System Integrators building custom code to connect disparate parts and by a new class of network meta-product known as the IoT Platform.

IoT Platform products are still in their infancy, but there are already more than 20 on the market today. Approaches vary, so when making a build or buy decision, consider these critical areas of IoT Platform tech: security, sensor compatibility, analytics compatibility, APIs and standards.

iot platform diagram Iot-Inc.

To see where we stand on developments in these areas, I emailed experts from seven IoT Platform companies, big and small, asking for input: Roberto De La Mora, Sr. Director at Cisco, Steve Jennis, SVP at PrismTech, Bryan Kester, CEO at SeeControl, Lothar Schubert, Platform Marketing leader, GE Software, Niall Murphy, Founder & CEO at EVRYTHNG, Alan Tait, Technical Manager at Stream Technologies and Raj Vaswani, CTO and Co-Founder, Silver Spring Networks. Here’s what they had to say:

* Security
De La Mora: Security technologies and solutions that are omnipresent in IT networks can be adapted (carefully) to serve Operational Technology in IoT environments. But security is not about adding firewalls or IPS/IDS systems here and there. Cyber Security for IoT should follow a model applied at every layer of the architecture, and be combined with physical security to add intelligence to the operation via data correlation and analytics.

Jennis: Without a standards-based security framework it is very difficult to create communication channels that are both secure and interoperable. An interoperable security solution is very important in order to prevent vendor lock-in and to enable the system to be extended if required.

Kester: Sophisticated customers are encrypting traffic between the sensor board and the cloud. However most deployments are using private VPNs which don’t require a lot precious CPU or RAM from the remote device/system.

Murphy: Crypto-secure digital identities for physical things enable authenticated identities online by applying token-based security methods through Web standards to manage application access to these digital identities.

Vaswani: Embed security at each layer of the network, including sophisticated authentication and authorization techniques for all intelligent endpoints, require digital signatures and private keys to prevent any unauthorized access or activity on the system, and end-to-end encryption for all communications across the network. Incorporating physical tamper detection and resistance technologies further reduces the risk of unauthorized access and monitoring.

* Sensor Compatibility
Jennis: The following Platform considerations should be taken into account:

· Memory footprint – how much memory does the Platform require to function? Some simple sensors have only 128KB of memory to work with.

· Operating system support – does the Platform require a full POSIX-like OS or can it accept something simpler?

· Network stack support, e.g. IPv4, IPv6, 6LoWPAN, other – simple sensors used in Low Power Wireless Area Networks (LoWPAN) may require a cut down IP stack.

· Programming language support – a Platform may provide APIs for only specific programming languages (e.g. C or C++).

· Java dependence – does the Platform require a JVM to function, limiting sensor choices?

Murphy: The most important consideration is recognizing the risks inherent in vertically integrated solution architectures. By definition, the Internet of Things is heterogeneous in the types of things it is connecting. A horizontal architecture, to manage the information from and about the things they are connecting, can abstract the transport layer from the application layer. This allows applications to be developed independently of specific sensor devices, and sensor devices to be changed and network connectivity methods changed without breaking the application dependencies.

Schubert: A Software-Defined Machine (SDM) decouples software from the underlying hardware, making machines directly programmable through machine apps and allows connecting with virtually “any” machine and edge device, including retrofitting machines and connections to legacy systems.

* Analytics Compatibility

De La Mora: Support for structured and non-structured data, ease of integration with existing operation, automation and control systems, and the ability to operate in a distributed computing environment are all important factors for analytic compatibility.

Kester: To do advanced long-term business intelligence, machine learning or Hadoop-type of parallel processing, your Platform choice should have a well-documented and Web accessible API to interface with your analytic product of choice. It should also be easy for any IT employee, or even savvy business analysts, to use without training.

Murphy: The network platform has to enable multiple disparate audiences within a company access to benefit from data collection and perform meaningful analysis. Analytics is often thought of in a reporting sense only, but increasingly analytics is being applied in conjunction with machine learning algorithms and rules logic to drive applications and actuate devices.

Tait: You need to be sure the information you are collecting is stored well (backed up, secure, etc.) and that you have the ability to export your data and you maintain ownership.

Schubert: The tremendous data growth in industrial IoT demands massively scalable, low-cost infrastructure, such as that based on Apache Hadoop v2 and COTS (commercial off-the shelf) hardware. It has to support the various security, compliance and data privacy mandates. Predictive Analytics is how value is delivered to customers. It provides timely foresight into asset and operations, and provides actionable recommendations (when paired with rule engines). Perhaps most important, analytics need to be integrated into the operational processes, rather than be a stand-alone IT solution.

* APIs
De La Mora: RESTful API’s are becoming standard. The abstraction capabilities they provide, along with the architectural model based on the Web, are key. SDK’s that provide API’s that are not compatible with the W3C TAG group are a nonstarter for applications that should be in the end, connected to the Internet.

Jennis: First and foremost, APIs should be clean, type-safe and idiomatic. In addition, APIs should favor non-blocking/asynchronous interaction models to make it easier to build responsive systems. Where possible APIs should be standardized to ease component integration and prevent lock-in.

Murphy: APIs should use Web standards and blueprints (e.g. REST and no WSDL/SOAP), and state-of-art Web security systems. They should also offer ways of extracting the data, not just feeding it in.

Tait: Keep it simple, truly good APIs are clear, concise and have a purpose. They should also do the common things easily.

Schubert: Service-oriented architectures (SOA) and related application development paradigms rely on APIs for integration of services, processes and systems. APIs must be open, accessible and upgrade-compatible.

* Standards
De La Mora: We are calling this the Internet of Things because it will be part of the next generation of the Internet, so the only key standard protocol, that I see in the future, is IPv6.

Kester: Any Platform that is in communication with devices should support the major communication protocols in use today, which are UDP, MQTT, XMPP, CoAP, Modbus/TCP and HTTP.

Murphy: RESTful application programming interfaces, JSON and similar Web-centric formats for data exchange should be used. The Platform that an enterprise uses to manage its physical products and assets as digital assets, needs to be able to integrate smoothly with both the enterprise’s other systems and third party applications. Integration means both the technical protocols of system-to-system interaction (e.g. REST, OAuth) but also critically, the semantics of the information itself.

Vaswani: The use of universal standards such as IP ensures that products can be easily mixed and matched from different vendors to ensure full interoperability and to deliver on other applications supported by an even broader ecosystem of hardware and software players.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at



Workers use their own devices at work, without boss’s knowledge

Line between work and play is getting more blurred, Gartner survey indicates

Many workers use their personally owned smartphones and other computers for job tasks, but a new survey shows a big percentage are doing so without their employer’s knowledge.

Market research firm Gartner surveyed 4,300 U.S. consumers in June who work at large companies (with more than 1,000 employees) and found 40% used personally owned smartphones, tablets, laptops or desktops as a primary or supplemental business device.

That 40% might not be unusual, but more surprisingly, Gartner found that 45% of workers not required to use a personal device for work were doing so without their employer’s knowledge.

“Almost half [are using their device] without their employer’s awareness,” said Gartner analyst Amanda Sabia in an interview.

“Are those without employer’s awareness violating a rule? That would depend on the employer,” Sabia added. “The point is that some CIOs are underestimating [the number of] employees using their devices and should be prepared for this.”

The Gartner survey found the most popular personally owned device used for work was a desktop computer, at 42%, closely followed by a smartphone, at 40%, a laptop, at 36%, and a tablet, at 26%.

“The lines between work and play are becoming more and more blurred as employees choose to use their own device for work purposes whether sanctioned by an employer or not,” Sabia said. “Devices once bought for personal use are increasingly used for work.”

Technology manufacturers and wireless service providers could do more to respond to the bring-your-own-device trend, Sabia said. The survey found that the primary use of a smartphone, after making calls and texting, was to get maps and directions.

“Smartphone vendors should focus on ensuring ease of integration of a smartphone with in-car sound and media systems for hands-free and real-time operation of these [mapping and directions] functions,” Sabia added.

The survey asked a wide range of questions beyond BYOD concerns. Another finding was that 32% of respondents plan to buy a smartphone in the next 12 months, while 23% want to buy a laptop or notebook, 20% plan to buy a tablet and 14% a desktop PC.

Also, about 80% of respondents said they had downloaded a mobile app. Of that number, three-fourths of the apps were free, and one-fourth were paid.

Nick Ingelbrect, a Gartner analyst, noted that the app industry has struggled to make money on its products, but the survey results should provide encouragement. The app market is maturing, and consumers are more discerning, but will pay for apps that they find valuable, he said.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

9 employee insiders who breached security


These disgruntled employees show what can happen when an employer wrongs them.

Security admins used to have to worry about keeping the bad guys out of the network, but there have been many documented cases where the devil you know is sitting right next to you. A review of recent FBI cyber investigations revealed victim businesses incur significant costs ranging from $5,000 to $3 million due to cyber incidents involving disgruntled or former employees, according to AlgoSec. Here are just a few over the years of insiders trying to take down their employer’s network.

Terry Childs, the former network administrator for the City of San Francisco, held the city’s systems hostage for a time. He refused to surrender passwords because he felt his supervisors were incompetent. Childs was convicted of violating California’s computer crime laws in April 2010.

In June 2012, Ricky Joe Mitchell of Charleston, W.Va., a former network engineer for oil and gas company EnerVest, was sentenced to prison for sabotaging the company’s systems. He found out he was going to be fired and decided to reset the company’s servers to their original factory settings.

It was discovered in 2007 that database administrator William Sullivan had stolen 3.2 million customer records including credit card, banking and personal information from Fidelity National Information Services. Sullivan agreed to plead guilty to federal fraud charges and was sentenced to four years and nine months in prison and ordered to pay a $3.2 million fine.

Flowers Hospital had an insider data breach that occurred from June 2013 to February 2014 when one of its employees stole forms containing patient information and possibly used the stolen information to file fraudulent income tax returns.

According to, 34-year-old Sam Chihlung Yin created a fake VPN token in the name of a non-existent employee which he tricked Gucci IT staff into activating after he was fired in May 2010.

Army Private First Class Bradley Manning released sensitive military documents to WikiLeaks in 2009. Manning, now known as Chelsea Manning, was given a sentence of 35 years in prison.

Back in 2002, Timothy Lloyd was sentenced to three-and-a-half years in prison for planting a software time bomb after he became disgruntled with his employer Omega. The result of the software sabotage was the loss of millions of dollars to the company and the loss of 80 jobs.

Earlier this year, NRAD Medical Associates discovered that an employee radiologist had accessed and acquired protected health information from NRAD’s billing systems without authorization. The breach was estimated to be 97,000 records of patient names and addresses, dates of birth, Social Security information, health insurance, and diagnosis information.

And of course there is the most famous whistleblower of all time: Edward Snowden. Before fleeing the country, he released sensitive NSA documents that became a blowup about government surveillance.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

8 cutting-edge technologies aimed at eliminating passwords

In the beginning was the password, and we lived with it as best we could. Now, the rise of cyber crime and the proliferation of systems and services requiring authentication have us coming up with yet another not-so-easy-to-remember phrase on a near daily basis. And is any of it making those systems and services truly secure?

One day, passwords will be a thing of the past, and a slew of technologies are being posited as possibilities for a post-password world. Some are upon us, some are on the threshold of usefulness, and some are likely little more than a wild idea, but within each of them is some hint of how we’ve barely scratched the surface of what’s possible with security and identity technology.

The smartphone

The idea: Use your smartphone to log into websites and supply credentials via NFC or SMS.

Examples: Google’s NFC-based tap-to-unlock concept employs this. Instead of typing passwords, PCs authenticate against the users phones via NFC.

The good: It should be as easy as it sounds. No interaction from the user is needed, except any PIN they might use to secure the phone itself.

The bad: Getting websites to play along is the hard part, since password-based logins have to be scrapped entirely for the system to be as secure as it can be. Existing credentialing systems (e.g., Facebook or Google login) could be used as a bridge: Log in with one of those services on your phone, then use the service itself to log into the site.

The smartphone, continued
The idea: Use your smartphone, in conjunction with third-party software, to log into websites or even your PC.

Examples: Ping Identity. When a user wants to log in somewhere, a one-time token is sent to their smartphone; all they need to do is tap or swipe the token to authenticate.

The good: Insanely simple in practice, and it can be combined with other smartphone-centric methods (a PIN, for instance) for added security.

The bad: Having enterprises adopt such schemes may be tough if they’re offered only as third-party products. Apple could offer such a service on iPhones if it cared enough about enterprise use; Microsoft might if its smartphone offerings had any traction. Any other takers?

The idea: Use a fingerprint or an iris scan — or even a scan of the vein patterns in your hand — to authenticate.

Examples: They’re all but legion. Fingerprint readers are ubiquitous on business-class notebooks, and while iris scanners are less common, they’re enjoying broader deployment than they used to.

The good: Fingerprint recognition technology is widely available, cheap, well-understood, and easy for nontechnical users.

The bad: Despite all its advantages, fingerprint reading hasn’t done much to displace the use of passwords in places apart from where it’s mandated. Iris scanners aren’t foolproof, either. And privacy worries abound, something not likely to be abated once fingerprint readers become ubiquitous on phones.

The biometric smartphone
The idea: Use your smartphone, in conjunction with built-in biometric sensors, to perform authentication.

Examples: The Samsung Galaxy S5 and HTC One Max (pictured) both sport fingerprint sensors, as do models of the iPhone from the 5S onwards.

The good: Multiple boons in one: smartphones and fingerprint readers are both ubiquitous and easy to leverage, and they require no end user training to be useful, save for registering one’s fingerprint.

The bad: It’s not as hard as it might seem to hack a fingerprint scanner (although it isn’t trivial). Worst of all, once a fingerprint is stolen, it’s, um, pretty hard to change it.

The digital tattoo
The idea: A flexible electronic device worn directly on the skin, like a fake tattoo, and used to perform authentication via NFC.

Examples: Motorola has released such a thing for the Moto X (pictured), at a cost of $10 for a pack of 10 tattoo stickers, with each sticker lasting around five days.

The good: In theory, it sounds great. Nothing to type, nothing to touch, (almost) nothing to carry around. The person is the password.

The bad: So far it’s a relatively costly technology ($1 a week), and it’s a toss-up as to whether people will trade typing passwords for slapping a wafer of plastic somewhere on their bodies. I don’t know about you, but even a Band-Aid starts bothering me after a few hours.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at



Gartner: IT careers – what’s hot?

Do you know smart machines, robotics and risk analysis? Gartner says you should

ORLANDO— If you are to believe the experts here a the Gartner IT Symposium IT workers and managers will need to undergo wide-spread change if they are to effectively compete for jobs in the next few years.

Gartner 2014

Gartner: Top 10 Technology Trends for 2015 IT can’t ignore
Gartner: Top 10 strategic predictions for businesses to watch out for
Gartner: IT careers – what’s hot?
Gartner: Make way for digital business, risks or die?

How much change? Well Gartner says by 2018, digital business requires 50% less business process workers and 500% more key digital business jobs, compared to traditional models. IT leaders will need to develop new hiring practices to recruit for the new nontraditional IT roles.

“Our recommendation is that IT leaders have to develop new practices to recruit for non-traditional IT roles…otherwise we are going to keep designing things that will offend people,” said Daryl Plummer, managing vice president, chief of Research and chief Gartner Fellow. “We need more skills on how to relate to humans – the people who think people first are rare.”

Gartner intimated within large companies there are smaller ones, like startups that need new skills.

“The new digital startups in your business units are thirsting for data analysts, software developers and cloud vendor management staff, and they are often hiring them fast than IT,” said Peter Sondergaard, senior vice president and global head of Research. “They may be experimenting with smart machines, seeking technology expertise IT often doesn’t have.”

So what are the hottest skills? Gartner says right now, the hottest skills CIOs must hire or outsource for are:
User Experience
Data sciences

Three years from now, the hottest skills will be:
Smart Machines (including the Internet of Things)
Automated Judgment

Over the next seven years, there will be a surge in new specialized jobs. The top jobs for digital will be:
Integration Specialists
Digital Business Architects
Regulatory Analysts
Risk Professionals

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at