4 basic security facts everyone should know

The bad news: It's you against an army of cyber criminals around the world. The good news: A little knowledge can provide an effective defense

1. Two starting points lead to the vast majority of attacks

Unpatched software provides the main entry point of entry for hackers or malware, in part because very few computers have the latest updates for every commonly hacked program. The victim surfs to a web page or opens an email, and their computer is instantly, silently compromised. The second-most-common attack method: The user gets tricked into installing a Trojan. Together, these two methods account for almost all successful hacks.

Sure, there are hundreds of other methods: SQL injection attacks, password guessing, and so on. But nearly everything besides unpatched software and downloaded Trojans is statistical noise. In fact, if you fix the main two issues, you almost don’t need to do anything else. 

5 simple steps to controlling cloud access

How IT can bring order and accountability to public cloud usage without getting in the way of progress

Every technology success story is also a story of unintended consequences. Take virtualization, for instance. Virtualization gave us unprecedented utilization of hardware resources. It transformed a provisioning process that used to take months into one that now takes minutes. It gave us flexibility and speed that was once unimaginable and formed the core foundation of the public cloud and private cloud platforms so prevalent today.

However, with that speed and access to public clouds came the ability to circumvent established processes, also known as “shadow IT.” Today line-of-business teams simply swipe credit cards on public cloud providers to get the self-service, on-demand provisioning they can’t get from their internal IT departments. 

Cloud anarchy is shadow IT’s better-behaved cousin. You’ll find it in IT shops that centralize cloud accounts that get passed around among different line-of-business teams, so that at least the accounting funnels through one place in the IT bureaucracy. In truth, IT typically doesn’t have much control over who is deploying what or where. Instead of per-team or per-individual usage line items, IT only sees the final bill.

Among the strengths of a cloud management platform is that it can apply the governance IT needs without sacrificing the flexibility and speed the business demands. Line-of-business teams get that highly prized self-service, on-demand provisioning, and IT can anoint specific applications -- like those passing security audits -- and dictate who is allowed to access the applications and from where. Add metering and billing to keep track of who is spending what, and IT gets accountability without hampering line-of-business agility.

What does such governance look like? Here are five ways to implement governance of public cloud usage that successfully avoids cloud anarchy:

The end of Microsoft product support (and we feel fine)

The nostalgia for periodic big upgrades every five to 10 years is seriously misplaced, and it's not good for users or IT

Last month Microsoft started sounding the "end of support" death toll for Exchange 2007. Admins have a year to plan and migrate to either Office 365 or a newer version of on-premises Exchange. (If you go with on-premises Exchange, I recommend Exchange 2016 because Exchange 2013 is already three years into its 10-year support cycle and Exchange 2016 is a slightly beefier version of Exchange 2013 -- basically, you get three extra years of support by adopting Exchange 2016.) 

How to break into Android development

Demand for Android talent is hot. Here’s how to get started and stand out

With hundreds of millions of Android devices in use today, there’s little wonder why the Android development job market continues to show strong demand.

Job search website Monster.com, for example, consistently shows more than 1,000 Android developer job postings, with California continuing to be a top destination. Android developers are also in high demand in New York City and Boston, among other cities. And job search website Indeed.com reports $163,000 as the average salary for Android developers. It’s clear that motivated developers will find plenty of opportunities to work on Android apps at startups, agencies, and other organizations. 

But if you’re looking to make good on this ongoing demand for Android development talent, where should you begin? How do new Android developers demonstrate their skills and get hired? Professionals working with well-established technologies, such as those from Oracle, Microsoft, and Cisco, have well-defined certification programs to prove their skills to potential employers. Google, however, has not yet defined a certification program for qualifying Android skills. That means it’s entirely up to you to establish your Android development credentials.

Here’s a look at several Android development career paths that are currently emerging. 

Simple succeeds: Visual Studio Code at 1.0

Microsoft's slim-and-trim development environment is now a full-blown 1.0 release with a large user base spanning languages and platforms

Visual Studio Code, Microsoft's open source, cross-platform development environment powered by Node.js and the Blink layout engine has been upgraded to a full 1.0 release after approximately a year of open beta testing.

According to a blog post on the Visual Studio site, Code became a 1.0-grade product because its API has been stabilized. Code was originally created for JavaScript and TypeScript development, but it now supports common languages like C++, Python, Go, and React Native. 

Google will let you navigate around your phone, hands-free

Need to use your Android phone but your hands are tied up? A new voice feature from Google can help.

Voice Access, currently in beta status, allows you to move around the screen, jump to other screens and open apps through your voice. You can utter specific commands, such as "Open Chrome" or "Go home." Voice Access also places numbers next to icons and other objects on a screen. So you can say the number associated with an item to access it.

Smartphones play a vital role in helping people communicate, find information and manage their lives, all with a few taps. But people with disabilities can sometimes feel cut off from the technology designed to help us.

Voice Access is part of Google's effort to make its phones more accessible to people with disabilities that prevent them from using their hands or seeing the screen clearly. Apple has its own iPhone technology called VoiceOver, which reads whatever you tap on the screen, a helpful option for people who are blind or visually impaired.

"We recently launched Voice Access Beta, an app that allows people who have difficulty manipulating a touch screen due to paralysis, tremor, temporary injury or other reasons to control their Android devices by voice," Google said in a blog post Monday.

Those who want to try Voice Access Beta are out of luck for now. The program is apparently full. The Voice Access page says: "At this time, the testing program has enough testers and isn't accepting more users."

Voice Access joins other Google features designed for people with disabilities. Google Docs users can create and edit documents using their voice. Google Chromebooks include a screen reader called ChromeVox that helps people use text-to-speech software to navigate the screen. The next version of Android will offer a Vision Settings screen through which you can manage the font size, display size and other attributes.

Source: Cnet

Use Facebook Messenger to send and receive money

It's a little-known fact that Facebook's chat app can also make like PayPal.
Here's how to set it up.
Remember when Facebook Messenger broke out of Facebook proper? A lot of users, including yours truly, were seriously irked. Why did we have to switch to entire different app just to chat with a Facebook friend?
Turns out Facebook had bigger plans for Messenger, including voice calls, chat bots, chess games and -- who knew? -- mobile payments.
It's true: You can use the Facebook Messenger app to send and receive money, PayPal-style.

Well, not quite -- Messenger payments require a debit card on both ends of the transaction. But there's no cost to use the service, which offers PIN-based protection and "industry-leading security," according to Facebook. Here's how to get started:

Add a debit card to Facebook Messenger so you can send and receive money.

VMware goes after Outlook with Boxer email app for AirWatch

VMware launched a new version of the Boxer iOS app for companies using VMware to manage their employees' mobile devices

It seems like every major tech company needs to have an email app these days, and VMware is no exception. The company launched a new version of the Boxer iOS app today for companies using VMware to manage their employees' mobile devices.

Amazon threatens to banish anyone selling dodgy USB-C cables

The convenient new cables are the future -- if we don't have to worry that shoddily built ones will zap our laptops when it's time to charge our phone.

Amazon apparently doesn't want to stand in the way of a major improvement coming to computer cables.

USB cables for charging your phone and connecting your printer to your PC are getting easier to use and more powerful with the new USB Type-C variety. But defective cables that can damage your computer's USB ports are ten-a-penny, and Amazon is cracking down on businesses selling them on its site.

The online retailing giant on Wednesday tightened regulations for selling USB Type-C cables. It added faulty USB-C cables to a list of banned items that also includes pirated DVDs and portable lasers. Those selling them risk Amazon shutting down their account and destroying any of their products stocked in Amazon fulfillment centers.

It's vindication for Google engineer Benson Leung, a Type-C fan who's painstakingly tested dozens of Type-C cables bought through Amazon and posted the results to try to help buyers steer clear of faulty models. During that testing, a shoddy USB-C cable zapped his own Pixel laptop.

USB-C connections have begun replacing today's array of USB cables as the way to provide data and power connections. They're reversible, so you don't need to figure out which end is which, and they can carry a lot more power, meaning that they'll be useful charging not just phones and tablets but also laptops, external hard drives, monitors and just about any other gadget. But the promise of USB-C will never be achieved if everyone has to fret that some noncompliant cable could fry or shut down their computer.

Reacting to the news on Google+, Leung said: "Really great news, but we all have to continue to be vigilant and call out any bad products we find on Amazon and other stores (both online and brick and mortar) as we find them."

Source: Cnet 

Clear the Store cache in Windows 10

Having trouble with the Windows Store? If the Store is refusing to launch, crashing or freezing, or if apps are not downloading or updating, you're probably just a little frustrated. Before you toss your computer out the window and swear off Windows 10 forever, try clearing the Store cache -- it's fast, simple and may resolve all of your issues (then again, it may not).

Here's how to do it:

1. Right-click the Start button and choose Run to open the Run window.

2. In the Run window, type in WSReset.exe and click OK.

3. An empty command prompt window will open up.

 

When the reset is complete, this window will close and the Store window will open. This fix will also work for the Windows Store in Windows 8, 8.1 and RT.

Source: Cnet

3D-printed cartilage could restore ears, shoulders, knees and nose

A new technique for 3D printing cartilage could "revolutionise tissue engineering and regenerative medicine".

Cartilage is pretty important. It provides structure to parts of the body and softens the joints between bones. When cartilage is damaged, it can cause a lot of pain. And, unfortunately, cartilage does not regenerate well on its own, since it doesn't have a blood supply.

The field of bioprinting -- fabricating biological material with 3D printing -- is increasingly looking like an excellent option for restoring damaged cartilage. Last year, the Department of Health Sciences and Technology at ETH Zurich developed a method of 3D printing cartilage from biopolymers and cartilage cells.

Now a team, led by Paul Gatenholm at the Wallenberg Wood Science Center in Sweden, has developed a similar method and demonstrated its viability as a medical treatment by testing it on mice. They presented their research this week at the 251st National Meeting & Exposition of the American Chemical Society (ACS).

"Three-dimensional bioprinting is a disruptive technology and is expected to revolutionise tissue engineering and regenerative medicine," Gatenholm said in a statement. 

"Our team's interest is in working with plastic surgeons to create cartilage to repair damage from injuries or cancer. We work with the ear and the nose, which are parts of the body that surgeons today have a hard time repairing. But hopefully, they'll one day be able to fix them with a 3D printer."

Current methods of regenerating cartilage involve implanting cartilage-building cells in a scaffold and growing them in conditions similar to those found in the human body. The 3D-printing technique would print cells and scaffold together in the one step.

The problem Gatenholm's team found was that this would often result in a blobby mess. Creating a scaffold recipe that would keep its structure was key. To do so, they turned to plants. Using polysaccharides from brown algae and cellulose fibrils from wood, the mixture still kept its shape.

To see how it responded in a living system rather than a laboratory setting, the team implanted their samples into living mice. Sure enough, the cells survived and began to produce cartilage. The team was then able to increase this cartilage production by introducing stem cells found in bone marrow.

The technique is not quite ready for testing in humans, but Gatenholm is working with a plastic surgeon to make sure that any clinical trials comply with all regulations.

Source: Cnet

Make sure your online accounts get deleted when you die

Not everyone wants to leave this earth with their online accounts being managed by relatives and next-of-kin, or just floating around on the Internet forever. If you're the kind of person who likes your privacy -- even in death -- you should probably make some plans to have all of your online and social media accounts nuked when you pass away.

Some services, such as Google and Facebook, let you set up your eventual account deletion before you get anywhere close to death. Other services will keep your account forever unless an immediate family member or the executor of your estate requests it be removed. Here's how to make sure all your loose ends are tied up, and that nobody ever gets hold of your top-secret/possibly incriminating emails and Twitter direct messages.

'It's prehistoric!' Today's teens react to Windows 95

Teens give Windows 95 a spin and learn about a time when dial-up Internet and patience were required to run a desktop computer.

Way before we all had easy-to-use laptops and Wi-Fi, there were desktop computers that used Windows 95.

Those of use who still remember using Windows 95 might recall how long it would take computers to boot up and the sweet sounds of a modem connecting to the Internet.

In this latest "Teens React to Technology" video from new-media production duo Benny and Rafi Fine (also known as The Fine Brothers), we see today's teens try to figure out how to use a computer running Microsoft's Windows 95 operating system.

"Windows 95 had its 20th anniversary last year, so we got our hands on an old system and showed it to teenagers who were not even alive in 1995," Benny Fine told. "The results, were pretty great and also makes you feel quite old."

Teen actor Karan Brar, age 17, guest stars on the episode. Brar is best know for his roles in "Diary of a Wimpy Kid" films and the Disney Channel TV series "Jessie" and "Bunk'd."

When Brar first turned on the old computer to get started he commented in the video, "Everything looks so dull and ancient."

Some highlights of the video include a teen thinking this was the first computer ever made, complaints of how long it takes to boot up, not understanding how to get to the Internet without Wi-Fi, and not knowing what a modem is. 

"It's scary to think that Wi-Fi is like so vital to us now," Morgan, age 19, said in the video. "If you go somewhere and they don't have Wi-Fi, that's the worst thing that can ever happen to you."

While it's easy to mock the teens in the video for not knowing how to use the kind of computers that many of us older folks were used to back in the day, that doesn't mean they don't appreciate the tech relic placed before them.

"Those who know technology should know something beyond the current, they need to know part of the past," Ethan, age 18, said in the video. 

Trying out Windows 95 sparked an interesting discussion about how technology has evolved.

"One teen reminded us all we may be upset with them for taking this old tech for granted, but it's not their technology," Fine added. "We may have felt the same way about things 20 years older than us when we were teens."

Source: Cnet

Get to know the Galaxy S7's Always-On Display

A feature we're sure to see more of this year is a display that never truly powers off. Let's take a closer look at Samsung's version.

According to Samsung, the average smartphone owner checks his or her device nearly 150 times a day: A quick press of the power button to view the time here, and double tap not the screen to view notifications there, apparently adds up fast.

Samsung's solution for this obsessive checking and waking our smartphones is through a feature it calls Always-On Display.

As the name implies, Samsung's latest Galaxy devices are equipped with the fancy new feature.

After locking your device, the screen will remain dimly lit. The default setting is to display the current time, with the information moving around on the screen every few seconds. Alerts for missed calls and text messages are also placed on the screen, with a few caveats (more on that in a minute).

Google Docs adds automatic outline feature

It's now easier to navigate lengthy documents with Google Docs on the Web and Android.

I use Google Docs for all of my writing, from CNET blog posts and other writing for work to quick lists and tried-and-true recipes. I opened up Google Docs this morning to start my daily labor to find an outline panel on the left side of my document. It had recognized the bold headers in my document and used them to create an outline that I could use to jump to different parts of my document without needing to scroll. It's a convenient time saver for browsing through lengthy documents.

If Google Docs doesn't offer this new feature upon your next visit, you can enable it by going to Tools > Document outline. The Outline panel sits to the left of your document and lets you jump to different spots with a single click.

Stream Facebook Live Video like a Superstar

When it comes to broadcasting an event or a random rant to your social media friends, Twitter users have Periscope and Facebook users have, well, Facebook.

Facebook's Live Video feature was first announced in 2015 and available only to celebrities. As of last week, however, Facebook is expanding the feature's availability to iPhone users starting in the US, with expansion to the rest of the world in the "coming weeks."

Facebook's announcement also notes that it's working on adding the feature to the Android app "soon."

For those who have access to Facebook's Live Video feature, starting a stream is as easy as posting a status update.

Enlarge Image

• In the Facebook app, begin to compose a status as you normally would.
• Instead of entering text, look for a new icon just above the keyboard. If you don't see it yet, check back in a day or two. Facebook is known for slowly rolling out new features to users.
• If you do have the icon, tap on it.
• Tap on Continue, fill in a title and select your privacy options (friends, public, etc.).

Enlarge Image

Once you begin streaming, an alert will be sent to your Facebook friends, notifying them of your stream. The top half of your screen will show what your viewers are seeing, with a control to switch between the front and rear facing camera in the top-right corner.

The bottom half of the screen is where notifications of comments and new viewers will show up.

Source: Cnet

How to share custom short URLs from your Android

Want to share short URLs that you can pronounce? Or just keep a history of links you share on your Android? This app makes both easy.

Sharing links with friends on Android leaves you at the mercy of the app you're using to shorten the ridiculously long ones. Plus, you won't be able to easily see how many times your link has been clicked. Unless, of course, you use an app like URL Shortener.

Instead of generating a random mix of letters, you can control the structure of your short URL with seven choices, including lower and upper case, pronounceable, numbers only and custom. While smartphones can easily open a link, these choices will make it less cumbersome if your recipient wants to type the URL into a desktop browser. Additionally, you can add statistic tracking with several of the providers, giving you useful info about whether or not your links are being seen.

Step 1: Grab a copy of URL Shortener for your Android device.

Step 2: Open the app and head to Settings so you can choose your preferred URL provider (six choices), and whether you want to enable tracking. Unfortunately, you cannot set a default structure.

Step 3: When you're ready to share a link you have two options:

• Copy the URL and paste it into the app, giving you access to structure choices, and allowing you to divert from your default URL shortening service.

Note: According to tips offered by Guiding Tech, Goo.gl does not support anything other than standard structure, and tinyurl does not offer statistics.

• Share the link with the URL Shortener app (listed as Shorten URL in the menu). This option will not let you choose between URL structures, but will follow your default provider choice. You'll be able to copy the URL quickly, or share it through another app.

As an added bonus, the app will keep a history of all URLs you shorten.

What's your preferred method of shortening URLs? Share your thoughts in the comments.

Source: Cnet

How to add family members to your Windows 10 PC

Give each member of the household their own Windows 10 login.

Sharing a PC doesn't have to be a pain if you give each family member their own personal login. Personal logins allow for separate files, desktops, and browser favorites, and adult family members can monitor and restrict kids' activity by blocking websites, limiting screen time, and keeping tabs on what sites kids are visiting and what they're searching for.

To add a family member to your Windows 10 PC, you'll need to sign them up for a Microsoft account -- only the primary user can have a local login.

Here's how to get started:

This magical cable charges both iPhones and Android phones

For years, iPhones and Android phones have needed different cables to charge — Apple requires the Lightning cable and you’ll need a micro USB cable for an Android device. But now there’s a single cable that connects to both.

The LMcable, which is picking up significant traction on Kickstarter, works in Lightning and micro USB ports by having a reversible male end with two differently designed sides.

Parody site drags Reddit 1,000 years into the future

Nobody can truly see into the future, but a spoof website imagines what popular social news and discussion site Reddit would look like 1,000 years from now and it sure feels real.

Reddit3016 takes a deep dive into a world where Mars is populated, people slice genes for fun, and pocket whales are the hot pet trend. The look is spot-on, right down to the light-blue banner across the top.

Reddit3016 is thick with inside jokes. There's a post noting that subreddit category /r/cringe is now /r/ShameSingularity. Cringe is known as a hotspot for people who want to share their most embarrassing moments. In 3016, it becomes known as the place where "all humiliation across the universe will be transcendentally absorbed, experienced and shared in total."

On Reddit3016, the world of Star Wars is real. There's a subreddit called "/r/DebateAJedi" and there's a reference to a future Netflix called Holoflix acquiring the rights to the Bible and creating a Boba Fett crossover.

Microsoft preps HoloLens beta kits along with a mixed-reality video app

Some beta testers are already working with the augmented-reality headset and an app called Actiongram that lets them create mixed-reality videos, according to leaked documents.

Microsoft's HoloLens is already in the hands of a group of private beta participants. Those in the program are working on augmented-reality videos using a new Microsoft app called Actiongram that's due to be announced on February 29.

These tidbits are courtesy of documents discovered and posted to Twitter by infamous Microsoft sleuth WalkingCat. The Cat uncovered a bunch of public relations documents for the augmented-reality headset and beta assets for Actiongram, code-named Project Burbank, and made them available for download. Redmond, Washington-based Microsoft has since pulled them from public access.

Augmented reality is gaining attention thanks to the backing of heavy tech hitters such as Google and Microsoft. Unlike virtual reality, which completely immerses you in a computer-generated world, augmented reality blends the digital and physical worlds. Another difference is that people will be able to buy virtual-reality tech like the Oculus Rift and HTC's Vive this year, but Microsoft's HoloLens isn't intended for consumers just yet.

Microsoft officials previously said they'd begin shipping the $3,000 developer edition of the HoloLens in the first calendar quarter of 2016. One of my contacts said Microsoft told applicants the first wave of "accepted" developers would be notified at the end of February about the imminent arrival of the kits.

By getting HoloLens goggles and an early version of the Actiongram app into the hands of testers, Microsoft is hoping to get the app in shape for a February 29 reveal, according to a leaked internal schedule. Microsoft filed for the Actiongram trademark eight months ago.

The aim of the Actiongram videos that testers will create using the app "is not to review the product," according to Microsoft's guidelines, "but to showcase and document the unique process of creation."

I'm thinking the Actiongram-created videos might look like some of the promo videos Microsoft employees began highlighting via Twitter late last year. Maybe we'll see even more than just those kinds of videos from the closed beta participants.

Closed Beta 1 for Actiongram began in early February and will last through March 31, according to Microsoft's schedule. A second, larger closed beta will run from early April until late May, and an open beta for the app will run from June through the end of October.

In a video targeting Actiongram creators, Microsoft provides a glimpse of the HoloLens Start menu, dubbed the HoloShell, in action.

The leaked documents also mention a Bluetooth clicker, which should be a great asset for those who find air taps difficult to master and tiring to repeat. (Yay for mouselike devices prevailing in natural user environments!)

This story originally posted as "Microsoft gears up to roll out HoloLens beta kits, Actiongram mixed-reality videos" on ZDNet.

Source: Cnet

How to easily toggle alerts in Skype chats

Getting annoyed with alerts from one of your Skype chats? There's a fast way to turn them off.

Skype's group conversations are a convenient way to stay in touch with family, friends, or coworkers from your computer. But sometimes the constant stream of blips and beeps for new messages can be frustrating if you need to focus on another task.

Disabling notifications for all chats means you may miss something important if you also use Skype for work. And leaving a group conversation means you can't catch up on what was said later. Luckily, there's a quick way to disable alerts on a group-by-group (or individual) basis, and still get notified if someone mentions you by name. Here's how:

Note: For Mac users, these commands are available, but do not work consistently, according to Skype support.

Toggling alerts

• Open the chat window you want to disable alerts for. This can be a group or individual chat.
• Type /alertsoff, then press Enter. You will not see a confirmation message, but alerts for this chat are now disabled and no notification counters will appear on the Skype icon.
• When you want to enable alerts for the chat again, simply type /alertson. Again, you will not see a confirmation message.

Trigger word alerts

After turning off alerts, you can set up trigger words that will still alert you when mentioned in the chat.

• If you type /alertson [yournamehere], you'll be notified and your name will be highlighted.
• You can expand on this trigger by adding more words with spaces between them. So if your name is David and you like talking about basketball, you can use /alertson david basketball.

Now you won't have to hear every alert, just the ones pertaining to you or your interests.

Source: Cnet

Six ways to make your iPhone more secure

1. Use a passcode

I now use a passcode. The standard passcode for iOS 9 is a six-digit passcode, though you can increase the strength of the passcode by choosing an alphanumeric passcode or a numeric passcode longer than six digits. You can also move in the opposite direction and choose a four-digit passcode, which was the default option prior to iOS 9. (Even if you set up Touch ID to use your fingerprint to unlock your iPhone, you'll still need a passcode for times when your finger is sweaty or wet or otherwise can't be read by your iPhone's fingerprint scanner.)

Enlarge Image

To turn on a passcode, head to Settings > Touch ID & Passcode. Tap Turn Passcode On and enter a six-digit code. To downgrade to a more convenient but less secure four-digit passcode or a stronger custom passcode, tap Change Passcode and then tap Passcode Options.

Get Gmail features for Yahoo and Outlook accounts on Android

Gmail may not be the only email provider you use, and that's why Google added the ability to access other email accounts through their app. Unfortunately, those non-Gmail accounts didn't gain access to the features that make Google's version of email so great. Now Google is changing that by letting you Gmailify your Yahoo! Mail and Hotmail/Outlook.com accounts.

So what exactly is Gmailify? It's a shorthand version of forwarding your email from other services to Gmail. That way, Gmail can offer you some of its best features. Here's some of the perks you can expect, according to AndroidPolice, and how to set it up:

• Better spam protection
• Sorting into Gmail categories
• Advanced search capabilities
• Itineraries appearing in Google Now

Note: This feature is rolling out in Gmail version 5.11. If you are not on this version yet, you can download and install it from APKMirror.

Startup touts four-factor authentication for VIP-level access

Trusona’s system involves an app, a dongle, the post office, and the subject of 'Catch Me If You Can'

Startup Trusona is launching what it claims to be a 100 percent accurate authentication scheme aimed at corporate executives, premiere banking customers and IT admins who have unfettered authorization to access the most valued corporate assets.

The system uses four-factor authentication to assure that the person logging in is the person they say they are. It requires a dongle that is tied to a set of specific devices (phones, tablets, laptops), certain cards with magnetic stripes that the user already owns, and a biometric ID based on how the card is swiped through the card reader on the dongle.

The TruToken dongle is the miniaturization of anti-ATM-card cloning technology made by MagTek that reads not the digital data recorded on cards' magnetic strips but rather the arrangement of the pattern of the barium ferrite particles that make the strips magnetic. The particles are so numerous and so randomly placed that no two strips have identical patterns, says Ori Eisen, Trusona's CEO. That also makes the strips unclonable, he says.

5 tips to protect your admin credentials

Credentials are the main battlefront in our ongoing computer security war. Deploy everything you have to keep them safe

Protecting elevated authentication credentials is one of the best defense-in-depth strategies any company can deploy.

In today’s pass-the-hash, pass-the-Kerberos-token, steal-any-credentials world, preventing credentials from falling into the wrong hands can be the entire battle. Identity is security. If an identity and its authentication credentials get into the wrong hands, often enough, it’s game over. 

For decades we’ve told people not to stay logged in as admin or root all the time. Alternatively, they should have two accounts: one for regular user duties (email, browsing the Web, and so on) and another elevated one for administrative duties.

That’s the old way of thinking. Today’s advice includes using just-in-time credentials, two-factor authentication, and least-privilege delegation.

Why you don't need an RFID-blocking wallet

You don't need a tinfoil hat, either. Opportunists have exploited consumer fears to create an industry that doesn't need to exist

Because I’m a computer security guy, I have friends who like to show off their new RFID-blocking wallets and purses. "Look what I got for Christmas!" they say. My lack of response should be telling, but they don’t seem to pick up on it.

They've seen the TV ads about malicious hackers who can “stand on any street corner” and wirelessly steal their credit card and other identity information. I've seen similar demonstrations at Black Hat and other computer security conferences for nearly a decade now. They never fail to wow the audience.

An entire, multi-billion-dollar RFID-blocking industry has emerged. You can get RFID blocking for almost any object you own. Some of my friends have so much faith in RFID-blocking products that they buy expensive, customized purses and wallets. These are the same people who drive extra miles to save a few cents on gas.

It goes to show that humans don’t evaluate risk very well. 

IT salaries, job market hit a speed bump

Janco Associates survey finds a mere 1.39 percent increase in salaries and waning demand for IT professionals in the past year

Don't look now, but IT salaries are static and hiring is slowing, according to a survey of the job market.

Management consulting firm Janco Associates and eJobDescription.com's 2016 IT Salary Survey found that salaries for IT professionals in North America had increased only 1.39 percent in the past 12 months, with demand for IT professionals waning. The increase in the previous year had been close to 3 percent. 

According to U.S. Bureau of Labor statistics, the U.S. job market for IT grew by 125,700 positions in 2015, compared to 129,400 in 2014; 74,900 in 2013; and 62,500 in 2012.

"What's happening is demand for new IT activity is decreasing because of uncertainty in the business community," said M. Victor Janulaitis, Janco CEO, in an interview. These uncertainties include the economy, situations in Europe and China, and the Presidential race.

Janco's research pours some cold water on what have been glowing job market assessments recently from Dice.com. Foote Partners, though, found a slowdown in IT job growth late last year.

Janulaitis sees tough going for IT job seekers. "If you don't have the exact skills an organization is looking for, it's going to be very difficult for you to find a position," he said. And people with jobs will find there won't be much of a salary increase because there is no pressure to do so.

The Janco research found that from January 2015 to January 2016, the total mean compensation for all IT professionals had increased from $81,583 to $82,483. In large enterprises, the median compensation rose 1.48 percent, from $83,872 to $85,110.

Janco surveyed 252 companies with revenues of at least $500 million and 722 companies with revenues less than $500 million as part of its research. Salary data for the survey drew from 78 U.S. cities and 23 Canadian cities. 

Source: InfoWorld

The cloud and the Internet of things are inseparable

The Internet of things requires the cloud to work, and the cloud will evolve to better serve IoT

The annual Consumer Electronics Show (CES) last week featured plenty of cloud-related announcements from a wide variety of companies. Indeed, most new devices, from refrigerators to cars, have a massive cloud-based back end. The cloud components of these technologies are becoming more systemic. Indeed, the cloud is assumed.

More and more, people expect everything to be connected. No matter if it’s a washer and dryer, a refrigerator, or a car, they all communicate or will communicate with cloud servers. Why? Companies that make these devices understood early on that it does not make sense to keep all the smarts and storage in the device itself, and these devices must be instantly upgradable for them to have long-term value. Think about your TV service or smartphone updates. That's how cars and thermostats -- and eventually everything else that’s electronic in your home -- are beginning to work.

However, there are downsides to all this connectivity -- security, for one. Although I don’t mind my TV getting hacked, I am concerned about the connected car I’ll be driving. Worse, I’m not seeing a focus on security by manufacturers. It’s going to take a few close calls for the industry to wake up and understand that anything connected must come with well-defined and well-implemented security.

We’ll see a lot of growth in cloud-based services for devices in the next few years, much of it from Amazon Web Services, Google, and Microsoft, plus some from purpose-built clouds that device developers may share or use exclusively. We’ll see growth in compute and storage services to support these devices, and we'll see upgrades in communications networks, including higher-speed cellular systems that will rival the pace of home networks.

Keep in mind that this is not some future development. It’s happening right now. Look at the number of devices that are connected to your Wi-Fi hub at home as evidence that we’re undergoing a major change in how we use technology. This change cannot happen without the use of cloud services. And the explosion in cloud-enabled devices is one more reason cloud-based systems usage will explode in the next several years.

Source: InfoWorld 

Picking a public cloud? Think beyond AWS, Google, and Microsoft

No single cloud provider is likely to meet all your needs, so don't try to force-fit everything to one 'solution'

I often get this question: "Which public cloud should we go with?" That is, should the questioner's company go with Google, Microsoft, or, more likely, Amazon Web Services?

The right answer depends on many, many factors, and the answer is never a single public cloud platform. (Few people appreciate that response.) 

What you should be after is an architecture, or what many people call a stack. Let's say you have 2,000 enterprise applications that, if moved to the cloud, will likely drive more value, such as reduced total cost of ownership or increased business agility.