The future is now: The 10 biggest tech innovations of 2014

A hoverboard. A virtual reality headset. A PC with a drawing board and 3D imaging capabilities. Believe it or not, all these things are real today. See them for yourself right here.

It’s amazing and it’s real

Perhaps the most noticeable story in consumer hardware in 2014 was what didn’t ship. Intel’s 14nm Broadwell chips suffered massive delays. AMD never introduced a new line of graphics cards. Valve’s hotly anticipated Steam Machines failed to launch whatsoever. Blech.

But don’t let the no-shows fool you. Some staggering technological innovation hit the streets in 2014—tremendously powerful gear that seemed like futuristic fantasy but is sitting on store shelves today.

Speaking of the future, let’s kick this off by getting back to it.

Hendo Hover
Eat your heart out, Marty McFly. You’re looking at a real-life hoverboard. No, this isn’t the next chapter in that hoverboard prank from Funny or Die—this thing is legit and already fully functional in prototype.

From the Kickstarter description: “The magic behind the hoverboard lies in its four disc-shaped hover engines. These create a special magnetic field which literally pushes against itself, generating the lift which levitates our board off the ground.”

Whoa. The Hendo Hover isn’t expected to ship until 2015, but for now we have an oh-so-sweet video of skateboarding legend Tony Hawk riding a real-life hoverboard.

Samsung Gear VR
Lawnmower Man is finally real. After several fits and false starts in previous eras, affordable, truly compelling virtual reality has at long last materialized. Only it wasn’t Oculus Rift that pulled us into the future—it was Samsung.

Samsung’s $200 Gear VR headset uses the company’s Galaxy Note 4 phablet as its brains and display to create believable, wire-free virtual reality. The software inside is actually powered by Oculus, and the headset itself outshines the Rift in some ways. Sure, the need for a Note inherently limits Gear VR’s potential audience, but you can buy it today—while the launch of the consumer version of Oculus Rift is still months off.

SSDs get faster, stronger
Solid-state drives rock, period. Even the crappiest, oldest SSD can make your PC feel like greased lightning. Two innovations in 2014 cranked SSDs to yet-higher speeds.

Samsung’s 3D V-NAND technology—which stacks flash cells rather than laying them side-by-side—was used to create the effixient and expeditious 850 Pro series SSDs. Then Samsung applied V-NAND techniques to three-bit-per-cell “TLC” flash to create the 850 EVO, which brought insane SSD longevity to the masses.

If the 850 Pro’s SATA-saturating speeds aren’t enough, crazy-fast M.2 PCIe SSDs started hitting the shelves in 2014, delivering respective read-write speeds north of 700MB/s and 500MB/s, depending on the model. Daaaaaaaang.

The future of Wi-Fi
Speaking of blistering fast speeds, the next generation of Wi-Fi—802.11ac—became the current generation of Wi-Fi early in 2014, when the standard was officially ratified. Using a mixture of beamforming, packing more data into each spatial stream, and other improvements, 802.11ac delivers significantly more than double the transfer speed of previous-gen 802.11n routers in PCWorld’s real-world testing—and that’s using a 2×2 802.11ac adapter. You can nearly triple that speed using an 802.11ac bridge.

In fact, 802.11ac is so fast that groups are scrambling to create new Ethernet standards just so wired networks can keep up. Check out PCWorld’s networking section for a slew of 802.11ac router reviews.

Intel’s power play
Okay, so Intel didn’t ship Broadwell on time. Hardcore PC types probably didn’t even notice, since Chipzilla tossed enthusiasts two mighty enticing bones in the form of Haswell-E and its new Devil’s Canyon chips.

Haswell-E is Intel’s most powerful consumer CPU ever; the flagship 3.0GHz Core i7-5960X rocks eight cores (16 processor threads), 20MB of cache, and 40 PCIe 3.0 lanes. It’s Intel’s first-ever octa-core consumer chip, and it’ll set you back a cool grand. Then there’s Devil’s Canyon. The quad-core Core i7-4790K comes clocked at 4.0GHz, with a 4.4GHz turbo clock—the first Intel chip to ever crack the 4GHz barrier.

Sure, AMD chips have cracked 5GHz and had eight cores for a while now—but they’re just not as beefy as Intel’s top-end processors.

Haswell-E dragged another cutting-edge tech into stores shelves along with it: DDR4, the next generation of RAM. Faster and far stingier with energy than DDR3, DDR4’s arrival has been long-awaited—though currently available DDR4 kits cost an arm and a leg and don’t really provide a jaw-dropping performance boost over their older brethren.

PCWorld’s DDR4 primer can explain what all the hub-bub is about. (Hint: It’s all about power.)

USB Type-C
OK, OK, one more connection technology and I’m done, I promise!

I’m drooling just thinking about USB Type C, and I’m not normally a “drool over networking” kind of guy. Why? Because Type-C is reversible—no more fumbling around to plug your USB cable in the right way! Because Type-C USB will deliver USB 3.1’s blazing 10Gbps speeds and up to a whopping 100 watts of power. Whoa. But that’s not all! Type-C will also be able to deliver DisplayPort audio/video signals. That’s some kind of wonderful.

USB Type-C was finalized and entered production this summer. We maaaay see compatible products squeeze onto shelves before the end of the year, but 2015 appears more likely.

5K displays
Did you finally splurge for 4K display this year, now that prices are coming down to semi-reasonable levels? Congratulations! Your fancy new display is already obsolete.

Apple released a Retina iMac with a “5K” display in October, while Dell released a standalone 5K monitor of its own in December. The 5120×2880-resolution screens pack the equivalent of 14.7 megapixels, which is almost twice as many as a 4K display and seven times the resolution of a typical 1080p monitor.

Each will set you back $2,500, but at least Apple tosses a fully functional computer in for that price.

Minority Report lite
Hardware makers also tinkered with fancy concepts that blurred traditional PCs, touchscreens, voice commands, and even 3D scanners into singular workstations that blend the physical with the digital.

Both HP’s Sprout and Dell’s Smart Desk rock regular monitors in their usual positions, but each also puts a touchscreen “mat” on the desk, where a keyboard would normally go. There, you can manipulate objects with your hands. HP’s Sprout goes a step further with its “Illuminator” atop the traditional monitor, which gazes down at your tactile work area and can make 3D scans of objects you place on the mat.

Will these hybrid devices ever take off? Who knows. But Dell and HP deserve props for taking PCs in an imaginative direction.

Yeah, yeah, smartwatches technically existed before this year, but they truly seemed to come alive in 2014.

Android Wear, with its colorful displays and Google Now-powered smarts, sparked an unprecedented flood of smartwatches and only got better as the year went on. The long-rumored Apple Watch emerged from the shadows, complete with incredibly intriguing “Taptic” technology. Even stalwarts like Pebble upped their game after Apple and Android appeared in force.

The wearable revolution is on in full force now—but is this uprising coming from the people, or from electronics companies hungering for a new hit category now that smartphone and tablet sales are starting to taper? We’ll likely know more after the Apple Watch’s launch in early 2015.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at




The best office apps for Android

Which office package provides the best productivity experience on Android? We put the leading contenders to the test

Getting serious about mobile productivity

We live in an increasingly mobile world — and while many of us spend our days working on traditional desktops or laptops, we also frequently find ourselves on the road and relying on tablets or smartphones to stay connected and get work done.

Where do you turn when it’s time for serious productivity on an Android device? The Google Play Store boasts several popular office suite options; at a glance, they all look fairly comparable. But don’t be fooled: All Android office apps are not created equal.

I spent some time testing the five most noteworthy Android office suites to see where they shine and where they fall short. I looked at how each app handles word processing, spreadsheet editing, and presentation editing — both in terms of the features each app offers and regarding user interface and experience. I took both tablet and smartphone performance into consideration.

Click through for a detailed analysis; by the time you’re done, you’ll have a crystal-clear idea of which Android office suite is right for you.

(Note: Microsoft’s Office Mobile app is not included in this comparison, as the company does not currently allow the app to be installed on Android tablets.)

Best Android word processor: OfficeSuite 8 Premium
Mobile Systems’ OfficeSuite 8 Premium offers desktop-class word processing that no competitor comes close to matching. The UI is clean, easy to use, and intelligently designed to expand to a tablet-optimized setup. Its robust set of editing tools is organized into easily accessible on-screen tabs on a tablet (and condensed into drop-down menus on a phone). OfficeSuite 8 Premium provides practically everything you need, from basic formatting to advanced table creation and manipulation utilities. You can insert images, shapes, and freehand drawings; add and view comments; track, accept, and reject changes; spell-check; and calculate word counts. There’s even a native PDF markup utility, PDF export, and the ability to print to a cloud-connected printer.

OfficeSuite 8 Premium works with locally stored Word-formatted files and connects directly to cloud accounts, enabling you to view and edit documents without having to download or manually sync your work.

Purchasing OfficeSuite 8 Premium is another matter. Search the Play Store, and you’ll find three offerings from Mobile Systems: a free app, OfficeSuite 8 + PDF Converter; a $14.99 app, OfficeSuite 8 Pro + PDF; and another free app, OfficeSuite 8 Pro (Trial). The company also offers a dizzying array of add-ons that range in price from free to $20.

The version reviewed here — and the one most business users will want — is accessible only by downloading the free OfficeSuite 8 + PDF Converter app and following the link on the app’s main screen to upgrade to Premium, which requires a one-time $19.99 in-app purchase that unlocks all possible options, giving you the most fully featured setup, no further purchases required.

App: OfficeSuite 8 Premium
Price: $19.99 (via in-app upgrade)
Developer: Mobile Systems

Runner-up Android word processor: Google Docs
Google’s mobile editing suite has come a long way, thanks largely to its integration of Quickoffice, which Google acquired in 2012. With the help of Quickoffice technology, the Google Docs word processor has matured into a usable tool for folks with basic editing needs.

Docs is nowhere near as robust as OfficeSuite 8 Premium, but if you rely mainly on Google’s cloud storage or want to do simple on-the-go writing or editing, it’s light, free, and decent enough to get the job done, whether you’re targeting locally stored files saved in standard Word formats or files stored within Docs in Google’s proprietary format.

Docs’ clean, minimalist interface follows Google’s Material Design motif, making it pleasant to use. It offers basic formatting (fonts, lists, alignment) and tools for inserting and manipulating images and tables. The app’s spell-check function is limited to identifying misspelled words by underlining them within the text; there’s no way to perform a manual search or to receive proper spelling suggestions.

Google Docs’ greatest strength is in its cross-device synchronization and collaboration potential: With cloud-based documents, the app syncs changes instantly and automatically as you work. You can work on a document simultaneously from your phone, tablet, or computer, and the edits and additions show up simultaneously on all devices. You can also invite other users into the real-time editing process and keep in contact with them via in-document commenting.

App: Google Docs
Price: Free
Developer: Google

The rest of the Android word processors
Infraware’s Polaris Office is a decent word processor held back by pesky UI quirks and an off-putting sales approach. The app was clearly created for smartphones; as a result, it delivers a subpar tablet experience with basic commands tucked away and features like table creation stuffed into short windows that require awkward scrolling to see all the content. Polaris also requires you to create an account before using the app and pushes its $40-a-year membership fee to gain access to a few extras and the company’s superfluous cloud storage service.

Kingsoft’s free WPS Mobile Office (formerly Kingsoft Office) has a decent UI but is slow to open files and makes it difficult to find documents stored on your device. I also found it somewhat buggy and inconsistent: When attempting to edit existing Word (.docx) documents, for instance, I often couldn’t get the virtual keyboard to load, rendering the app useless. (I experienced this on multiple devices, so it wasn’t specific to any one phone or tablet.)

DataViz’s Docs to Go (formerly Documents to Go) has a dated, inefficient UI, with basic commands buried behind layers of pop-up menus and a design reminiscent of Android’s 2010 Gingerbread era. While it offers a reasonable set of features, it lacks functionality like image insertion and spell check; also, it’s difficult to find and open locally stored documents. It also requires a $14.99 Premium Key to remove ads peppered throughout the program and to gain access to any cloud storage capabilities.

Best Android spreadsheet editor: OfficeSuite 8 Premium
With its outstanding user interface and comprehensive range of features, OfficeSuite 8 Premium stands out above the rest in the realm of spreadsheets. Like its word processor, the app’s spreadsheet editor is clean, easy to use, and fully adaptive to the tablet form.

It’s fully featured, too, with all the mathematical functions you’d expect organized into intuitive categories and easily accessible via a prominent dedicated on-screen button. Other commands are broken down into standard top-of-screen tabs on a tablet or are condensed into a drop-down menu on a smartphone.

With advanced formatting options to multiple sheet support, wireless printing, and PDF exporting, there’s little lacking in this well-rounded setup. And as mentioned above, OfficeSuite offers a large list of cloud storage options that you can connect with to keep your work synced across multiple devices.

App: OfficeSuite 8 Premium
Price: $19.99 (via in-app upgrade)
Developer: Mobile Systems

Runner-up Android spreadsheet editor: Polaris Office
Polaris Office still suffers from a subpar, non-tablet-optimized UI, but after OfficeSuite Premium 8, it’s the next best option.

Design aside, the Polaris Office spreadsheet editor offers a commendable set of features, including support for multiple sheets and easy access to a full array of mathematical functions. The touch targets are bewilderingly small, which is frustrating for a device that’s controlled by fingers, but most options you’d want are all there, even if not ideally presented or easily accessible.

Be warned that the editor has a quirk: You sometimes have to switch from “view” mode to “edit” mode before you can make changes to a sheet — not entirely apparent when you first open a file. Be ready to be annoyed by the required account creation and subsequent attempts to get you to sign up for an unnecessary paid annual subscription.

Quite honestly, the free version of OfficeSuite would be a preferable alternative for most users; despite its feature limitations compared to the app’s Premium configuration, it still provides a better overall experience than Polaris or any of its competitors. If that doesn’t fit the bill for you, Polaris Office is a distant second that might do the trick.

App: Polaris Office
Price: Free (with optional annual subscription)
Developer: Infraware

The rest of the Android spreadsheet editors
Google Sheets (part of the Google Docs package) lacks too many features to be usable for anything beyond the most basic viewing or tweaking of a simple spreadsheet. The app has a Function command for standard calculations, but it’s hidden and appears in the lower-right corner of the screen inconsistently, rendering it useless most of the time. You can’t sort cells or insert images, and its editing interface adapts poorly to tablets. Its only saving grace is integrated cloud syncing and multiuser/multidevice collaboration.

WPS Mobile Office is similarly mediocre: It’s slow to open files, and its Function command — a vital component of spreadsheet work — is hidden in the middle of an “Insert” menu. On the plus side, it has an impressive range of features and doesn’t seem to suffer from the keyboard bug present in its word-processing counterpart.

Docs to Go is barely in the race. Its embarrassingly dated UI makes no attempt to take advantage of the tablet form. Every command is buried behind multiple layers of pop-up menus, all of which are accessible only via an awkward hamburger icon at the top-right of the screen. The app’s Function command doesn’t even offer descriptions of what the options do — only Excel-style lingo like “ABS,” “ACOS,” and “COUNTIF.” During my testing, the app failed to open some perfectly valid Excel (.xlsx) files I used across all the programs as samples.

Best Android presentation editor: OfficeSuite 8 Premium
OfficeSuite 8 Premium’s intuitive, tablet-optimized UI makes it easy to edit and create presentations on the go. Yet again, it’s the best-in-class contender by a long shot. (Are you starting to sense a pattern here?)

OfficeSuite offers loads of options for making slides look professional, including a variety of templates and a huge selection of slick transitions. It has tools for inserting images, text boxes, shapes, and freehand drawings into your slides, and it supports presenter notes and offers utilities for quickly duplicating or reordering slides. You can export to PDF and print to a cloud-connected printer easily.

If you’re serious about mobile presentation editing, OfficeSuite 8 Premium is the only app you should even consider.

App: OfficeSuite 8 Premium
Price: $19.99 (via in-app upgrade)
Developer: Mobile Systems

Runner-up Android presentation editor: Polaris Office
If it weren’t for the existence of OfficeSuite, Polaris’s presentation editor would look pretty good. The app offers basic templates to get your slides started; they’re far less polished and professional-looking than OfficeSuite’s, but they get the job done.

Refreshingly, the app makes an effort to take advantage of the tablet form in this domain, providing a split view with a rundown of your slides on the left and the current slide in a large panel alongside it. (On a phone, that rundown panel moves to the bottom of the screen and becomes collapsible.)

With Polaris, you can insert images, shapes, tablets, charts, symbols, and text boxes into slides, and drag-and-drop to reorder any slides you’ve created. It offers no way to duplicate an existing slide, however, nor does it sport any transitions to give your presentation pizazz. It also lacks presenter notes.

Most people would get a better overall experience from even the free version of OfficeSuite, but if you want a second option, Polaris is the one.

App: Polaris Office
Price: Free (with optional annual subscription)
Developer: Infraware

The rest of the Android presentation editors
Google Slides (part of the Google Docs package) is bare-bones: You can do basic text editing and formatting, and that’s about it. The app does offer predefined arrangements for text box placement — and includes the ability to view and edit presenter notes — but with no ability to insert images or slide backgrounds and no templates or transitions, it’s impossible to create a presentation that looks like it came from this decade.

WPS Mobile Office is similarly basic, though with a few extra flourishes: The app allows you to insert images, shapes, tables, and charts in addition to plain ol’ text. Like Google Slides, it lacks templates, transitions, and any other advanced tools and isn’t going to create anything that looks polished or professional.

Last but not least, Docs to Go — as you’re probably expecting by this point — borders on unusable. The app’s UI is dated and clunky, and the editor offers practically no tools for modern presentation creation. You can’t insert images or transitions; even basic formatting tools are sparse. Don’t waste your time looking at this app.

Putting it all together
The results are clear: OfficeSuite 8 Premium is by far the best overall office suite on Android today. From its excellent UI to its commendable feature set, the app is in a league of its own. At $19.99, the full version isn’t cheap, but you get what you pay for, which is the best mobile office experience with next to no compromises. The less fully featured OfficeSuite 8 Pro ($9.99) is a worthy one-step-down alternative, as is the basic, ad-supported free version of the main OfficeSuite app.

If basic on-the-go word processing is all you require — and you work primarily with Google services — Google’s free Google Docs may be good enough. The spreadsheet and presentation editors are far less functional, but depending on your needs, they might suffice.

Polaris Office is adequate but unremarkable. The basic program is free, so if you want more functionality than Google’s suite but don’t want to pay for OfficeSuite — or use OfficeSuite’s lower-priced or free offerings — it could be worth considering. But you’ll get a significantly less powerful program and less pleasant overall user experience than what OfficeSuite provides.

WPS Mobile Office is a small but significant step behind, while Docs to Go is far too flawed to be taken seriously as a viable option.

With that, you’re officially armed with all the necessary knowledge to make your decision. Grab the mobile office suite that best suits your needs — and be productive wherever you may go.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

Will Microsoft sue the makers of Adblock Plus?

European publications claim Microsoft could go after the ad-blocking service, but without citing sources.

Microsoft, Google, and a group of French publishers are reportedly planning to sue developers of ad-blocking software because it has been a bit too effective and popular.

Adblock Plus, a simple add-on to Chrome and Firefox, has about 144 million active users, up 69% in a year, according to a September report from software publisher Adobe and PageFair, a company that helps publishers see which ads are being blocked. It’s detailed in a report (PDF) that discusses “How Adblock Plus is changing the Web.”

There are other ad blockers, and according to the Adobe/PageFair report, 54% of male survey respondents said they use some kind of ad blockers. There was no mention of female users.

Since many sites depend on ads for revenue, those missing out on the advertising dollars aren’t happy about this. The online version of French newspaper L’Equipe, one of the companies that could file a suit against Adblock Plus and other developers, will not let anyone access its site at all if they have Adblock Plus installed.

“This is no small matter; it affects all publishers. Our members have lost an estimated 20-40% of their advertising revenue,” Laure de Lataillade, CEO of GESTE, an association of web publishers in gaming, media, music and other domains, told AFP.

Microsoft’s involvement is not much of a surprise. It has some big online sites, like MSN and Bing, and it provides ads to other sites through Bing. The Adobe/PageFair report says Microsoft’s Internet Explorer only accounts for 4% of the ad blocking, with Chrome at 63% and Firefox at 26%. Much of that is due to the fact that IE doesn’t have an add-on market like Chrome and Firefox.

Microsoft declined to comment. Normally they offer up some kind of canned quote, but not this time. I’m reluctant to read too much into this, mostly because I’d hate to think it’s come to this conclusion. But if the CESTE CEO comments are indeed true, they have a legitimate gripe. I just have no idea what the law is on this subject.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

Cisco to acquire malware prevention company

ThreatGRID will enhance products Cisco obtained in last year’s Sourcefire acquisition

Cisco this week announced its intent to acquire ThreatGrid, a New York-based maker of malware analysis and threat intelligence technology. Terms of the acquisition were not disclosed.

ThreatGrid’s products will enhance the malware protection portfolio obtained from Cisco’s acquisition of Sourcefire in 2013, the company says. ThreatGrid makes products for both on-premises and cloud-based security.

[ Find out what topics and issues affect tech’s biggest names and news makers in the IDGE Insider CEO interview series. | Read Bill Snyder’s Tech’s Bottom Line blog for what the key business trends mean to you. ]

On-premises products are designed for internal data retention. The Sourcefire sourced products address network to endpoint capabilities, including malware detection and blocking, analysis and retrospective remediation of advanced threats.

The combination of Sourcefire and ThreatGrid will allow Cisco customers to aggregate and correlate data to identify cyber threats, Cisco says.

Cisco expects the acquisition to close in the fourth quarter of its fiscal year 2014.

ThreatGrid adds malware sandboxing capabilities for public and private clouds to the Sourcefire FireAMP (advanced malware protection) product line, says Derek Idemoto, vice president of corporate development at Cisco.

“Sourcefire’s been aware of ThreatGrid for years,” Idemoto said at this week’s Cisco Live conference. “We asked them, ‘What is the next thing we should be doing?'”

Acquiring ThreatGrid’s 25 engineers is apparently what the Sourcefire team recommended.

There is no product overlap with the FireAMP portfolio, Idemoto said.

Jim Duffy has been covering technology for over 28 years, 23 at Network World. He also writes The Cisco Connection blog and can be reached on Twitter @Jim_Duffy.

Read more about wide area network in Network World’s Wide Area Network section.

Cisco CCNA Training, Cisco CCNA Certification

Best CCNA Training and CCNA Certification and more Cisco exams log in to

Your cell phone number: To give or not to give

More and more companies assume your phone is your second-factor authentication, raising potential for abuse

I was updating my company 401(k) information last week, and the website wanted me to provide my cellphone number. It didn’t say why, nor did it explain how it would use that information. A conference I signed up for also wanted my cellphone number, again with no explanation or context.

In both cases, I left the field blank, but it’s getting harder to do so these days, as more and more services require a cellphone number, ostensibly to text confirmations such as for second-factor authentication or call if suspicious activity is detected on your account. Fortunately, it is illegal for businesses to require customers to furnish a cellphone number to complete an order, notes Federal Trade Commission analyst Bikram Bandy. But some companies may still make the cell number a required field in their forms.

That may be good for security, but it raises a host of privacy and sanity issues that the industry at large has not figured out — and some are abusing.

One issue is that as people are abandoning landlines for cellphones, direct marketers are unable to reach people to hawk their services, legit and otherwise. Federal law prohibits soliciting any phone numbers — landline or cellular — via autodialers, even if that phone is not on the Do Not Call registry.

I asked the FTC about what can be done with your cellphone number if you provide it. According to analyst Bandy and spokesman Mitch Katz, despite tight restrictions on abusive telemarketing, loopholes remain to be exploited. My outreach to the Federal Communications Commission (FCC), whose rules are very similar to the FTC’s, resulted in some of the same loopholes.

At the FTC, Katz’s personal advice is never to give out your cellphone number “because it will end up in a database somewhere.” The FCC’s official advice: “Be careful about giving out your mobile phone number, email address, or any other personal information.”

Here’s what a company can and cannot do with your phone number, whether a landline or cellphone:

If you have done business with the company and provided your phone number, the company or its agents can call you for 180 days, even if your number is on the FTC’s Do Not Call registry. That’s the “business relationship” exemption. It cannot use an autodialer to place robocalls, however — only make human-dialed calls to you.

The Do Not Call registry applies to personal phones, not business units. But many of us use the same phone for both, one of the muddying consequences of BYOD and COPE, as well as of working from home. As a result, a phone used for business — no matter who owns it — is less protected against telemarketing than one used for personal calls only; the Do Not Call registry does not apply to business solicitations. Still, FTC rules restricts the types of telemarketing calls that can be made to “business” numbers: The calls must be to sell a good or service related to that specific business, so unrelated telemarketing is not allowed. A seed company can call a farmer at his office or home number if that number is on the Do Not Call registry, for example, but a vacation cruise company cannot, Bandy says.

It has been illegal since September 2009 to use autodialers to call any phone, whether cell or landline, unless you agree in advance to such calls in writing, which hardly anyone knowingly does. But we still get them from less-scrupulous marketers.

If the company has your cellphone number, per FTC rules, it can text you all it wants — the Do Not Call registry only applies to voice calls — as long as the texts are not misleading or otherwise fraudulent. Per FCC rules, texts may not be sent by an automated system unless you agree to that in writing in advance for business relationships and orally for informational purposes (such as with nonprofits). The texts must include an opt-out link and ID from the sender. As we all know, few comply with the FCC’s rules.

The federal rules don’t apply to calls or texts made from other countries, so those Indian “we’ll fix your PC” scam callers can call as much as they want.

In a nutshell: Once you’ve released that cell number, you are fair game for telemarketing. How much telemarketing you’re setting yourself up for depends on how strictly a company follows the FTC’s and FCC’s rules. Lots of boiler-room operations don’t, enforcement is low, and even when caught all a company has to do is set up shop under a new name.

Basically, given that you have a cellphone with you all the time, it would be idiocy to turn it into a telemarketing venue. But you may have no realistic choice. For example, Apple’s iCloud uses your cell number to send texts to authorize certain changes to your iTunes account, iCloud access, and Apple ID. Google will do the same if you let it, as will some banks.

The FTC’s Bandy says that if you provide your cell number, such companies could call on your cellphone for purposes other than verification and authorization. However, they would have to use human-dialed calls, which are costly, lessening the chances of spam calls.

Text spam is not prohibited by the FTC, but the FCC regulates texted commercial solicitations: As previously noted, automated texts are banned, and texts must include an opt-out method and a return address. That’s pretty much it — there’s no equivalent to the Do Not Call registry for texts. As you can see, the FCC’s text spam regulations are not as stringent as the FTC’s phone spam regulations.

Apple uses privacy protection as a competitor differentiator, and I trust it not to abuse me via texts or calls; Google, not so much, despite assurances from the company that it won’t use for other purposes or share my number. Google’s business is all about mining and selling personal data, so at some point I believe it will change those policies.

FTC rules restrict its ability to sell those numbers to others, and Do Not Call registry rules still apply. However, a real risk of text spam and a smaller risk of increased phone solicitations to your cellphone remain.

Likewise, I’m leery of my bank or other financial institution having my cellphone number, despite FTC and FCC rules. That industry is a master at spam, after all. The same goes for my Kaiser health plan; the constant robocalls to my home landline phone got so bad that I provided a fax number to stop the barrage of calls and voicemails that boiled down to “we have useful information for you; please call to see what it might be.” And Kaiser wants my cell number? Nuh-uh.

Another issue is cost — on many cellphone plans, texts cost 20 cents each. You could spend a fortune — or be forced to buy a text plan on top of the already-high cost of a data plan — if your cellphone number gets out. This issue is waning, though, as the cellular carriers have herded most people into their higher-priced “everything” plans. Most users no longer face an economic loss from telemarketing via cellular, only a loss of time and quiet.

The third issue is, as I mentioned previously, that many of us have one number — our cell — for both business and personal use. We don’t have two-line cellphones in the United States, and if there were they’d be confined to the same carrier and probably cost twice as much as a single-line plan.

That commingling means you can’t easily manage calls and texts from legitimate but off-hours sources. iOS and Android have do-not-disturb features, but they don’t work per user. In some cases, you can filter out notifications based on contacts groups, but it’s a lot of work to manage, as I discovered when I tried using Google Voice for that purpose, and it’s hardly exact.

As a journalist, I’m barraged by PR people across the globe, who don’t respect time zones or weekdays. My phone literally rings 24/7 as PR peons dial numbers from one of a half dozen databases they use to track the media. (That’s allowed as a business-to-business solicitation.)

I had to retire my old home number once I got on the PR telemarketing databases — I naively provided it to one PR person, who added it to the firm’s media database, which then propagated everywhere. Long ago, I also stopped answering my office landline due to the constant PR spam calling, so this issue is acute for me. But it’s acute for many professionals, especially anyone targeted by a vendor for a sales pitch. Ask any CIO.

What to do? Probably the best option is a federal law that disallows all marketing calls and texts from a company and all its affiliates and partners to cellphones when those numbers are provided for use as second-factor authentication or as a verification method. Furthermore, no marketing call or text should be allowed to hide its originating number (as many do), so abusers can be more easily identified.

There should be no exceptions — after all, they can always email their pitches, since most people now have phones that do email.

A federal law won’t stop abuse. Who doesn’t still get marketing calls for personal landlines or cellphones you’ve added to the federal Do Not Call registry, even a decade after its launch? But the law has reduced telespam hugely and has been effective.

Maybe Apple or Google will figure out smarter ways to filter incoming calls and texts to block abuse before it wakes you up at 2 a.m., interrupts your dinner, or raises your monthly bill. Or maybe the industry will support two-line phones in a way the carriers don’t abuse.

I’m not holding my breath for a technology solution: Look at how ineffective technology has been in dealing with email spam.

I suspect the only way for our cellphones to not reach that state is to keep off the telemarketing grid in the first place. When asked to provide my cellphone number, I say no 99 percent of the time. Security is important, but sanity is more crucial.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

The top infosec issues of 2014

Security experts spot the trends of the year almost past

There is still time for any list of the “top information security issues of 2014” to be rendered obsolete. The holiday shopping season is just getting into high gear, after all, and everybody knows it was from late November to mid-December last year when the catastrophic Target breach occurred.

But this list is about more than attacks and breaches – it is about broader infosec issues or trends that are likely to shape the future of the industry.

Several experts offered CSO some thoughts on their top picks, what can be learned from them and whether that knowledge can help organizations improve their security posture in the coming year.

Cyber threats trump terrorism
An Associated Press story this past week on the federal government’s $10-billion annual effort to secure its multiple agencies noted, almost in passing, that, “intelligence officials say cybersecurity now trumps terrorism as the No. 1 threat to the U.S.”

That makes sense to Sarah Isaacs, managing partner at Conventus. While cyber attacks have been expanding and evolving for decades, Isaacs said there has been a qualitative change: It is not just criminals trying to steal money – it is nation states using it for espionage and even military advantage.

Be sure not to miss:

Free security tools you should try

In May, “the Department of Justice indicted five members of China’s People’s Liberation Army on felony hacking charges for stealing industrial secrets,” she said. “We’ve never seen that before.”

Then in September, “NATO agreed that a cyber-attack could trigger a military event,” she said. “This is about more than protecting credit cards. This is escalating to new levels.”
“Everyone is oversharing everything. The threats are broad and potentially catastrophic.”
sarah isaacs

Sarah Isaacs, managing partner, Conventus
Author, security guru and Co3 Systems CTO Bruce Schneier, would likely agree. In a recent blog post, he wrote that increasingly sophisticated attacks, especially advanced persistent threats (APT) that are not about financial theft, are coming from, “a new sort of attacker, which requires a new threat model.”

There is evidence of that in a recent study by ISACA on APTs. CEO Rob Clyde said 92% of respondents, “feel APTs are a serious threat and have the ability to impact national security and economic stability.”

Clouds – private, public and hybrid – are not new. But the steady increase in the use of cloud storage services is posing larger risks to businesses.

Schneier, in his blog post, said the continuing migration to clouds means, “we’ve lost control of our computing environment. More of our data is held in the cloud by other companies …”

While experts say cloud service providers frequently provide better security, that may not be true of so-called “shadow” or “rogue” use of clouds by workers who believe that is an easier way to do their jobs than going through IT.

Internet of Everything (IoE) – a hacker frontier

The Internet of Things (IoT) is so last year. It is now the IoE. Smart, embedded devices in homes, cars, electronics, machines, and worn by individuals are now mainstream. They already number in the billions, and estimates of their growth range from 50 billion by 2020 to more than a trillion within the next decade.

And that means a growing tsunami of data flowing to the Internet, where it can be sold for marketing purposes or stolen for more malicious means.

Isaacs, who says she is among those who uses an exercise wearable, said she used “dummy data” to register it. “So nobody knows it’s my data,” she said. “It can’t be mapped directly to me.”

In general, however, she said, “everyone is oversharing everything. The threats are broad and potentially catastrophic. I’m very nervous about the smart cars I see.

There does seem to be an increasing awareness of the privacy implications of smart cars. The AP reported this week that 19 automakers that make most of the cars and trucks sold in the U.S. signed on to a set of principles, delivered to the Federal Trade Commission (FTC), that seek to reassure vehicle owners that the information gathered by those vehicles, “won’t be handed over to authorities without a court order, sold to insurance companies or used to bombard them with ads … without their permission.”

The vulnerabilities of “smart” devices to hacking have been demonstrated numerous times, prompting Phil Montgomery, senior vice president of Identiv to call for, “a more regimented standards-based security approach that relies less on outdates processes around username/password technology and more on stronger forms of authentication.”

No parties for third parties
This was the year that the risks of breaches through third-party contractors made it into mainstream consciousness. The Target breach, which exposed 70 million records, was just one of many that came through outside vendors.

Regulatory agencies are trying to maintain that awareness. Stephen Orfei, the new general manager of the Payment Card Industry Security Standards Council (PCI SSC) noted in a recent interview that, “security is only as good as your weakest link – which means the security practices of your business partners should be as high a priority as the integrity of your own systems.”
“Employee negligence was at an all-time high in 2014.”
christine marciano

Christine Marciano, president, Cyber Data-Risk Managers
Christine Marciano, president of Cyber Data-Risk Managers, said that in addition to vetting vendors for rigorous security standards, companies should, “require their vendors to carry and purchase cyber/data breach insurance, to indemnify them for any costs associated with a data breach caused by the vendor’s negligence.”

The porous, sometimes malicious, human OS
While third parties may be a weak link in the security chain, that is less likely due to technology and more due to the human factor.

It was former National Security Agency contractor Edward Snowden who brought the risks of malicious insiders to international attention in 2013, but the danger to enterprises can be just as great from loyal insiders who are simply “clueless or careless,” and fall for social engineering scams.

Joseph Loomis, founder and CEO of CyberSponse, said he is, “sure there are major companies out there with little controls over their employees and their access rights. Who is watching who and what they’re doing?”

It is also about employees controlling themselves when presented with ever-more persuasive social engineering attacks.

The federal government reported earlier this year that 63 percent of the breaches of its systems in 2013 were due to human error.

According to Marciano, “employee negligence was at an all-time high in 2014,” with the problems ranging from, “failure to perform routine security procedures to lack of security awareness, routine mistakes and misconduct.”

Eldon Sprickerhoff, cofounder and chief security strategist at eSentire, noted that, “phishing emails are getting better and better. I’ve seen some that were so well targeted, so well done that I could not tell the difference.”

And it is not just the average worker who is a problem. Identity Finder CEO Todd Feinman said the problem goes all the way to the top. “Many executives don’t know where their sensitive data is so they don’t know how to protect it,” he said.

Ubiquitous BYOD
While BYOD is now mainstream in the workplace, Isaacs calls the increased focus on mobile computing, “very scary, and it’s going to get even worse.”

BYOD is now bringing, “extremely unreliable business applications inside the walls of corporations,” she said. “There are a lot of software vulnerabilities. Every app that is free or 99 cents, probably doesn’t have great level of security. And people don’t install patches either.”

According to Clyde, “there are now many times more mobile devices than PCs in the world. In fact, in many regions of the world, mobile devices are the only way most users connect to the Internet,” yet security remains a relative afterthought.

ISACA found that, “fewer than half (45%) have changed an online password or PIN code.

And now, connected wearable devices (BYOW) are becoming common in the workplace, yet, “a majority of professionals say their BYOD policy does not address wearable tech, and some do not even have a BYOD policy,” Clyde said.

The age of Incident Response (IR)
All of the above issues have led to an increased focus on IR. According to Schneier, this is not just the year but the decade of IR, following a decade of protection products and another of detection products.

In his blog post, he cited three trends: More data held in the cloud and more networks outsourced; more APTs by nation states and; a continuing lack of investment in protection and detection, leaving the bulk of the burden on response.

But IR has been more on everybody’s lips in 2014 than even a couple of years ago. The mantra of security experts is that it is not a matter of if, but when, an organization will be breached, and that an effective IR plan (combined with detection) can make attacks more of a nuisance than a disaster.

Getting IR right is crucial, but Tom Bain, vice president of CounterTack, calls it, “the hardest job in security. You can have all the technology in place to detect, prevent and analyze, but if your workflow is broken, or the team is so inundated with incident investigation, you are still vulnerable,” he said.

More regulation, please
An industry that generally decries government regulation – retail – is now singing the opposite tune when it comes to cyber security.

A Nov. 6 letter signed by 44 state and national organizations representing retailers, addressed to the leaders of both houses of Congress, called for, “a single federal law applying to all breached entities (to) ensure clear, concise and consistent notices to all affected consumers regardless of where they live or where the breach occurs.”

Sprickerhoff said such a law would be, “a good first step. There are 38 states with different definitions of what is a breach, so things are getting a bit out of hand,” he said. “If you had unifying description of what needs to be done, that’s not a bad thing.”

Richard Bejtlich, chief security strategist, FireEye
“I worry that ‘compliance with frameworks’ attracts a lot of attention,” said Richard Bejtlich, chief security strategist at FireEye. “I would prefer that organizations focus on results or outputs, like what was the time from detection to containment?

“Until organizations track those metrics, based on results, they will not really know if their security posture is improving,” he said.

What to do?
There are, of course, no magic bullets in security. Isaacs said, noting that it’s almost impossible to say what is the biggest threat. “I heard a speech where it was described as, “death by a thousand cuts,” she said.

But experts do have suggestions. Sprickerhoff said more training is crucial, not just the security awareness of employees, but the next generation of IT security experts.

“I don’t think it’s ever been harder to find good people in IT security,” he said. “There’s not much in course work at the college level.”

Eyal Firstenberg, vice president research, LightCyber, said improving security is going to take a combination of technology and training.

“There is a need for fast and accurate alerts and notifications, which ultimately determine the outcome of these cyber engagements,” he said, but added that, “organizations need more professional diagnosticians on staff who are trained to know what threats are real and need to be addressed, and which ones aren’t.”

Ashley Hernandez, an instructor for Guidance Software, calls for more communication among organizations. “Security professionals need to have a way to share intelligence about patterns or attack types to others in their industry or trusted security groups,” she said.

Clyde notes that ISACA, “has a number of programs, from risk governance frameworks like COBIT 5 to the Cybersecurity Nexus (CSX), to ensure cybersecurity professionals have the skills they need to defend enterprises from the plethora of threats.”

Finally, Loomis offers a short list:
Improve procurement processes. “It takes too long to buy new tools,” he said.
Start educating your staff on what the DHS and NIST Frameworks really are. Read the MITRE book on the 10 strategies to a world-class SOC.
Stop believing the marketing and get real-world feedback on tools. “Security has put a lot of money into marketing, but that doesn’t mean the solution is right for the organization,” he said.
Run simulations. “When was the last time a company ran a real cyber drill?” he asked.
Stop following paper policy, “Militarizing your team, running drills, making it second nature is what will help the response process, not following a check list,” he said.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

SDN tools increase WAN efficiency

SDNs can help automate and manage WAN operations
Configuring, maintaining and changing WAN infrastructure can be a nightmare given the distributed nature of the beast and all the remote touch points, but emerging Software Defined Networking (SDN) tools promise to make these operations more efficient.

Usually touted as a data center tool, SDN can be used to automate and manage WAN operations, says Zeus Kerravala, principal of ZK Research. WAN issues are hard to address because of the dispersed nature of the resources, he says. “There’s no perfect way of making changes to the WAN,” but “SDN brings automation and orchestration from a centralized location and allows you to react faster.”

“SDN brings automation and orchestration from a centralized location and allows you to react faster.”

Zeus Kerravala, principal of ZK Research
More than data center nets, the WAN is a bigger headache for customers, especially those that are IT constrained, Kerravala says. And major IT trends such as SaaS, private clouds, BYOD, mobility and voice/data convergence are adding extra WAN stress, according to analyst Lee Doyle of Doyle Research. WAN links now require improved security, lower latency, higher reliability and support for any device in any location to accommodate these trends.

“The WAN or branch is ripe for disruption” through SDN, Doyle says. SDN vendors are “trying to simplify the mess we have with branch operations.”

Indeed, for two years running the members of the Open Network User Group (ONUG) have identified SDN WANs as the No.1 use case, according to Nick Lippis of Lippis Enterprises, a founding member of ONUG.

Be sure not to miss:
How to get more out of your virtualized and cloud environments
Public cloud storage can be efficient, but its role is still pretty limited
How to get the most out of your IT talent
How UPS uses analytics to drive down costs

And a number of start-ups are intent on using SDN to make WANs more efficient, including the likes of Glue Networks, CloudGenix and Viptela. Here’s a look at their different approaches:

* Glue Networks is targeting Cisco’s installed base of WAN routers with its SDN WAN offering. Glue says its addressable market is the $12 billion worth of 16 million Cisco WAN routers installed globally, which the company expects to reach 23 million in 2017.

Glue’s Gluware orchestration software runs in the cloud and provides a service for turning up remote sites and teleworkers worldwide. It is designed to lower the cost of private WAN networking by automating those operations and handling ongoing maintenance, monitoring, life-cycle management and feature extension.

The software automates the provisioning of voice, video, wireless, LAN networking, IP addressing, PKI security, firewalls, VLANs and ACLs, and allows users to configure a meshed, spoke-to-spoke, low latency infrastructure that is QoS-enabled, the company says.

Glue’s products are essentially a software-defined dynamic multipoint VPN offered as a monthly software-as-a-service subscription. It includes a central policy-based controller, applications with “CCIE intelligence,” and an API to configure the OS using the applications.

Cisco includes Glue products on its price list and will compensate 14,000 sales people for selling them. Cisco also recently invested in SDN WAN company LiveAction, a maker of network traffic visibility and centralized application control software.

* CloudGenix is offering a software-defined enterprise WAN (SDEwan) designed for hybrid clouds and a mobile workforce. SDEwan is designed to virtualize enterprise networks and securely enable access to cloud and data center applications, while reducing remote office infrastructure requirements.

CloudGenix officials said the market for their products is $5 billion in remote branch office WAN infrastructure and operations.

The CloudGenix platform is based on a business policy framework with cloud-based control, designed to automate the rollout of cloud-based applications to remote offices while maintaining regulatory and business practice compliance. SDEwan is intended to enable scale of enterprise WANs based on business intent rather than technology constraints, connecting users to applications rather than connecting locations only.

SDEwan virtualizes networks and assigns application-specific business and IT policies. As applications are delivered from public, private and hybrid clouds, SDEwan allows IT to enforce security, performance and compliance policies in a location-independent manner.

The CloudGenix product virtualizes a hybrid infrastructure of MPLS, best effort Internet and 4G/LTE networks. It also centralizes network functions such as firewalling, threat detection and data leakage prevention, while distributing enforcement of those security policies out to remote sites.

This is intended to reduce the amount of equipment and administration necessary at the branch office, ease management and optimize WAN utilization.

* Viptela notes the need for SDN in the WAN is to help reduce complexity associated with stitching together multiple transport networks, patching security vulnerabilities, and segmenting the network for lines of business and business partners. SDNs and virtual network overlays can also improve WAN performance for cloud and Internet applications, enable use of optimal technology for capacity and scale requirements, and help translate business logic into network and security policies.

Viptela’s products for making WAN operations more efficient are vEdge Routers, vSmart SDN Controller and the vManage network management system for building Secure Extensible Network (SEN). The routers sit at the perimeter of a remote, branch, campus or data center site and provide secure data connectivity over any transport, the company says.

The SDN controller centrally manages routing, policy, security, segmentation, and authentication of new devices that join the overlay network. The vManage system enables centralized configuration and management of the Viptela SEN environment with a dashboard displaying the real-time health of the network.

Kerravala says Viptela is focusing on the implications of today’s WAN architectures, where traffic patterns are becoming less predictable with the advent of mobile and cloud. Traffic is no longer following a well-defined pattern of backhaul to the data center from the branch, he notes.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at


Microsoft: ‘Nobody loves developers more than us’

Sharing? At Microsoft? It’s more likely than you think.

Last week, Microsoft made huge waves when it announced that its long-proprietary .Net application framework was now available as open source, completely rocking the Redmond, Wash., giant’s cross-platform strategy and public image, all in one fell swoop.

This week is the TopCoder Open, which, for competitive coders, is like the World Series or the International, depending on how nerdy you are, with 1,400 developers in attendance and $260,000 worth of prizes on the line. Microsoft’s developer evangelist Matt Thompson took the stage to talk about the kinder, gentler Microsoft and why students, startups and anybody with an interest in coding should take the company seriously.

“Nobody loves developers more than us,” Thompson said to the packed crowd.

Thompson came to the TopCoder Open with the goal of getting developers to take Microsoft’s platform at least as seriously as they do Amazon’s, Google’s and Salesforce’s. The net result of Thompson’s presentation: A pretty decent sales pitch for working on the Microsoft platform and a lot of un-Microsoft-like talk about the importance of sharing, working together and open source.

Thompson began his presentation with some of his personal history. He was an evangelist for Java at Sun Microsystems; a platform and API developer at early mobile startups General Magic and Taligent; and a mobile developer besides. If there’s a trend he’s noticed in his career, he says, it’s that coding is getting easier thanks to modern development tools, and that code literacy is going to be more crucial than ever as a basic life skill.

As mobile and social experiences continue to dominate more of our daily lives, he says, opportunity is increasingly going to come in the form of new software. That’s why hackers and makers are the vanguard of the new wave of developers, he says.

“Coding is the easiest way to express new ideas,” Thompson says.

Which is why startups need to consider Microsoft. Thanks to the new Visual Studio Community Edition, teams of fewer than five can use Microsoft’s development environment to build those new ideas together and have them work across platforms.

Because Microsoft is, you know, Microsoft, it has something for everybody. Deploy your .Net app on Microsoft Windows Azure and scale up (maybe even for free, if you qualify for the Microsoft BizSpark program). That app can run on iOS, Android or Windows Phone, which heaven knows needs apps (or euthanasia, depending who you ask). Given the entire terrible majesty of the Microsoft ecosystem, it’s a path leading from a startup with a $1 billion idea to an enterprise with a $1 billion bottom line, Thompson says.

And the way to get there, he says, is with openness and open technologies — a rising tide lifts all ships, and Microsoft wants to help all developers succeed no matter what technologies they use. Getting a billion-dollar idea to market is easier when you can stand on the shoulders of giants.

“It’s no longer monolithic or proprietary,” Thompson says. “It’s about sharing.”

Un-Microsoft-like, indeed. But maybe the surest sign yet that Microsoft is rethinking its relationships with developers. Which is a good thing, because if Microsoft is serious about this “platform,” developers are going to be its most precious resource, and it has some image rehabilitation to do. In that light, having startups and independent coders at one of the premiere events for the same is a shrewd move.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at