Archive for the ‘ Tech ’ Category

Microsoft risks IT ire with Windows 10 update push

Written by admin
November 8th, 2015

Its OS-as-a-service could create headaches for shops used to a slower upgrade pace

Microsoft has made it clear that it will take on a greater role in managing the Windows update process with Windows 10. The company has also made it clear that it will aggressively push users — both consumers and businesses — to upgrade from Windows 7 and Windows 8 to its latest OS. With that in mind, it’s hard to image either predecessor hanging around anywhere near as long as Windows XP.

The decision to not only push updates out, but also ensure that all Windows 10 devices receive them in a timely fashion, fits well with the concept of Windows as a service. The change may even go unnoticed by many consumers. IT departments, however, are keenly aware of this shift — and many aren’t happy about it.

Managing Windows updates — old vs. new

Traditionally, Microsoft has given IT the final word on patches and updates. While most departments do roll out critical patches and major updates, they do so on their own time frame and only after significant testing in their specific environment. This ensures that an update doesn’t break an app, a PC configuration or cause other unforeseen issues. If an update is required that could introduce problems, IT can then develop a plan to address the issue in advance of deployment. Some updates might even be judged as unneeded and never get deployed.

With Windows 10, Microsoft is adopting a service-and-update strategy based on a series of tracks known as branches. In this model, both security and feature updates are tested internally and made available to Windows Insiders. When Microsoft feels the updates are ready for primetime, they’re pushed to the Current Branch (CB). CB devices, predominantly used by consumers, receive the updates immediately through Windows Update.

Businesses and enterprises typically fall under the Current Branch for Business (CBB). Like CB devices, CBB hardware will be able to receive updates as soon as they are published, but can defer those updates for a longer period of time. The rationale for this extra time is two-fold. First, the updates will have received extra scrutniy because they have been tested internally, by Windows Insiders and by consumers via the CB so any issues will likely be resolved, or at least identified, during that time. Second, it gives IT shops time to test the updates and develop strategies to deal with potential problems before those updates become mandatory.

Complicating the situation: There are still unknowns about how IT departments will handle the CBB update cadence and process. Microsoft has yet to complete Windows Update for Business (WUB), a set of features and tools that will be made available to organizations that have adopted the CBB update pace. There is also the possibility of using other tools, including Windows Server Update Services (WSUS), Microsoft’s System Center Configuration Manager (dubbed “Config Manager”), or a third-party patching product that can handle longer postponements.

IT pros aren’t happy

This marks a massive transition in how Windows is deployed, updated and managed in enterprise environments. Many longtime IT pros won’t be comfortable ceding this much control to Microsoft. Susan Bradley, a computer network and security consultant known in Windows circles for her expertise on Microsoft’s patching processes, has become a voice for those IT workers.

In August, Bradley kicked off a request on the matter using Microsoft’s Windows User Voice site asking for a more detailed explanation of the Windows 10 update process. Last month, she upped the ante by starting a petition demanding additional information from Microsoft as well as a change to how it will deliver updates. As of this week, the petition has more than 5,000 signatures; some signers have noted that they will refuse to move their organizations to Windows 10 unless changes are implemented. petition for Windows 10

A petition that has collected 1,600 signatures asks Microsoft CEO Satya Nadella to make his Windows 10 team provide more information to users about updates, and give customers more control over what they install on their PCs.

The impact of the petition remains to be seen. Microsoft has already established that it views its new Windows-as-a-service model, with frequent incremental updates using the branch system, as the future. Windows 10 has already passed the 132-million PC mark and Microsoft appears unapologetic about its plans to pressure users into upgrading to the new OS. All of these factors make it unlikely the company is going reverse course.

This isn’t entirely new territory

The new approach to update management is striking compared to the process for previous Windows releases, but it isn’t exactly a new model. iOS, Android and Chrome OS all limit IT’s ability to manage the update process to one degree or another.

Apple has always placed the user at the center of the iOS upgrade process. When an update becomes available, users can download and install it on day one. iOS 9 introduced the ability for IT to take some control over the process, but only in the opposite direction — allowing IT to require that devices be updated, a move designed less to ensure IT management of the overall process and more to ensure that iPhones and iPads are running to latest, and therefore most secure, version of iOS.

Things are a bit murkier with Android because each manufacturer and carrier generally has to approve the updates and make them available to users, though ultimately it remains up to the user to upgrade when an update becomes available. The update challenge for Android in the enterprise is less about preventing an update and more about the uncertainty of when (or if) devices can be updated.

Chrome OS is essentially updated by Google across all of the devices running it. This is the most apt comparison to Microsoft’s plans for Windows 10. The big difference is that Chromebooks are little more than the Chrome browser and are designed primarily for working with data in cloud-based services. Although the devices do have local storage and support for some peripherals, they are extremely uniform compared to any other major platform (which makes them easier to manage than rivals).

This isn’t to say that IT professionals have always been happy about these platforms or their upgrade processes. iOS and Android were met with skepticism and even hostility by many IT departments. As the platforms have matured into true enterprise tools and it’s become clear they are a necessary part of the enterprise computing landscape, IT has had to adapt to the realities associated with supporting, securing, and managing them.

Part of that adaptation is to the way these platforms get updated.
iOS is a great example of how IT departments already deal with being shut out of a platform’s update process.

With iOS, IT gets very limited lead time about major updates (typically about the three months between Apple’s Worldwide Developers Conference in June and the public release later that same fall). Many IT shops now realize that the next version of iOS will arrive for their organizations the day it’s released. As such, it’s common practice to download and test the developer preview builds through that period to ensure smooth operation on day one. Similarly, many IT departments keep up to date on the previews of minor iOS releases throughout the year.

Microsoft’s update process is going to require a similar adjustment. If Microsoft won’t back down on its position that regular cumulative updates of Windows is the future, IT will need to take a similar approach to Windows that it uses with other platforms.

Windows is not iOS

One major difference between iOS and Windows 10 is that Microsoft still allows updates to be deferred by IT. This means that IT departments have greater lead time for testing and developing plans to address potential pitfalls. Even if IT shops rely solely on the CB release, there is expected to be up to eight months to prep before an update becomes mandatory for CBB PCs and devices. Windows Insiders will get an even longer lead time, since they will have access to updates before public release. In effect, Microsoft is striking a middle ground between Apple’s approach and the approach used in previous Windows versions.

That longer lead time, of course, isn’t a luxury. Windows deployments can be significantly more complicated than those for iOS or Android and almost universally there are more PCs than mobile devices in an organization. Still, using an iOS update strategy as a blueprint is a good starting point for figuring out how to approach Microsoft’s planned Windows 10 update process at work.

It’s also worth noting that IT departments do have some time to develop that strategy. Although Microsoft is clearly ushering anyone and everyone it can onto Windows 10, there’s little need for enterprises to make the switch from Windows 7 immediately — particularly for those that only recently made the jump from XP to 7. Delaying a transition or focusing only on a proof-of-concept or pilot project allows IT departments to get a handle on everything related to Windows 10 before rolling it out, including how to handle updates.

Ignoring Windows 10 isn’t an option

Although it’s possible to delay a Windows 10 transition, perhaps even for years, enterprises are eventually going have to bite the bullet.

Putting off the move is perfectly logical, particularly until the core capabilities to manage Windows 10 and its update process are established. That doesn’t mean, however, that this is a time to be complacent and ignore it completely. Sooner or later, virtually every organization will need to reckon with Windows 10 (or perhaps migrate to non-Windows platforms, which would pose an entirely different set of challenges).

Preparing for that reality, even while pushing back against Microsoft’s current plans, is critical to eventually making a smooth transition.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at


The evil that lurks inside mobile apps

Written by admin
October 31st, 2015

The evil that lurks inside mobile apps

The Enterprise is at risk from malware and vulnerabilities hiding within mobile apps. You have to test your mobile apps to preserve your security.

Mobile apps are ubiquitous now, and they offer a range of business benefits, but they also represent one of the most serious security risks ever to face the enterprise. The mixing of devices and software for work and leisure opens up many potential avenues for attack, but even purpose-built enterprise apps are shipping with woefully inadequate security protections.

Defects and vulnerabilities commonplace
Did you know that mobile apps typically ship with between one and ten bugs in them?

According to research by Evans Data, only five percent of developers claim to ship apps with zero defects, while 20% ship with between 11 and 50 bugs. Even when testing is conducted, it’s on a limited subset of devices and platform versions.

Many software developers simply don’t have the resources to conduct proper testing before release, especially with the pressure to reach the market faster than everyone else. It’s accepted that many defects will be discovered by customers and fixed later through updates, in fact 80% of developers push out updates at least monthly.

The chance of security vulnerabilities slipping through is very high. But that’s for an average mobile app developer, surely the enterprise takes security more seriously, right?

You may assume that mobile app security testing is a lot more stringent in the business world, but it’s a dangerous assumption to make. Enterprise app developers are subject to the same pressures, and they’re just as likely to forgo security in the rush to market.

BrandPost Sponsored by Adobe
For Optimal Data Security, Control Your PDFs

Yes, people make mistakes that can result in security breaches. But they will make far fewer of them…

Lack of security testing in the enterprise
Many organizations are still taking it on trust that the mobile apps they use are secure. We’ve looked at the importance of assessing third-party vendors before. Almost 40% of large companies, even in the Fortune 500, don’t take the necessary precautions to secure the apps they build for customers, according to research by IBM and the Ponemon Institute.

In fact, one-third of companies never test their apps at all, and 50% of the companies surveyed admitted they devote absolutely no budget to mobile security.

Consider that more than half of businesses are planning to deploy 10 or more enterprise mobile apps in the next two years alone, according to 451 Research. The potential risk here is enormous. More data breaches are inevitable. What’s worse is that many will go unnoticed for long periods of time. The impact on some businesses will be devastating, as security threats too often go ignored. To bury your head in the sand, is to expose your business to potential catastrophe.

Build in security and educate
If you’re only thinking about security at the end of app development, then you’ve already left it too late. You need to build in secure features and adopt stringent testing from day one. That means consulting or hiring security experts during the design phase, and empowering them to influence developers. Focus on data encryption, user authentication, and regulatory requirements.

Monitoring and reporting should be built in to your mobile apps. That way there’s an audit trail to maintain security. Reports can also produce all sorts of useful analytics that help guide future development in the right direction. It’s not just for security, it’s also an important part of ensuring ROI for mobile apps.

It’s worth noting that mobile security at a platform level is improving, but few developers are taking full advantage of the new features designed specifically to secure apps for the enterprise. There has to be some education here. Without input from InfoSec talent, and the right training for developers, there’s no doubt that insecure mobile apps will continue to flood the market.

There’s no substitute for testing
At the end of the day, you will never know if your mobile apps are truly secure unless you test them. Proper mobile security penetration testing is essential. External testers with no vested interest and the right blend of expertise, are best placed to provide the insight you need to uncover dangerous vulnerabilities, and help you mitigate them.

If development continues after release, as your mobile apps are updated with new features and defect fixes, make sure that you consider the security implications and test each new release properly – it’s the only way you can really be sure that your mobile apps are secure.

Click here to view complete Q&A of 70-342 exam

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft 70-342 Training at

7 ways to ease stress at work

Written by admin
October 17th, 2015

Workplace stress is a fact of life, especially in the IT industry. Keeping that stress to manageable levels can seem like a full-time job in and of itself. Thankfully, there are some easy ways to relax, recharge and rejuvenate, and many of them you can do right at your desk.

Ironically, the same technology that’s causing you undue stress and frustration can also be used to help manage and reduce it. From biometrics and fitness trackers that monitor your heart rate, blood pressure and the number of steps you take each day, to resilience solutions that guide you to stress-reduction resources (like those from Concern and Limeade), technology is playing a huge role in helping workers chill out and relax.

Meditation can be done anywhere, anytime, whether you’ve got five minutes or 50. Take some deep breaths and clear your mind in between meetings, or before a particularly stressful phone call. Meditate on the bus or the subway. You can try mantra meditation, where you silently repeat a word or phrase; mindfulness meditation, which focuses on the flow of your breath and on being conscious of the present moment, or some form of meditative movement like Qigong or yoga.

Exercise breaks
Does your workplace have an on-site fitness center? Use it. Is one of your employee benefits or perks a fitness center membership or reimbursement? Take advantage of that. Even a brisk walk around the block, or jogging up and down the stairs instead of taking an elevator can help get the blood flowing and help relax your mind and energize your body.

Tech time-out
It’s hard to manage stress when you’re constantly reading emails, your smartphone’s ringing off the hook, text messages keep flooding in and your to-do list keeps getting longer. Set aside a certain period of time each day for a tech time-out, says Henry Albrecht, CEO of employee wellness solutions company Limeade. Turn off all your electronic devices and focus on something other than a screen. You could even meditate during this time. You’ll be surprised how peaceful it can be.

Curb Caffeine
No one’s suggesting you give up your morning cup of Joe, but cutting down on caffeine intake, or setting a time of day when you stop drinking caffeinated beverages, can help you better manage stress. “Maybe after, say, 2 p.m., avoid anything with caffeine in it. That can affect your sleep later on in the evening, and if you aren’t well-rested, that will add to your stress,” says Albrecht.

6 sound sleep
Make sure you’re getting your rest, or you’ll be poorly equipped to manage stress. The general rule is eight hours, but some people function optimally on a little more or less. Figure out what works for you and stick to it. And don’t fall asleep in front of the TV, your tablet or your smartphone, either. Research shows that can affect the quality of your REM sleep and impact your rest.

Fix your finances
Financial issues can affect more than just your credit score – taking care of your financial health is critical to maintaining your overall physical and emotional health, too. If you’re struggling financially, check with your HR department to see if they have financial wellness and planning resources available. Or consult a financial advisor or debt consolidation organization. You should also check out free budgeting technology, like Mint, that can help track your spending.

Click here to view complete Q&A of 70-342 exam

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft 70-342 Training at

How to use stipends to ensure BYOD success

Written by admin
October 3rd, 2015

There are real differences between stipend options, and the success of your program will depend on getting them right

Stipends are a way for businesses to reimburse employees for a portion of their wireless costs and, if implemented properly, address these common issues: cost, eligibility, control and taxes. Here’s how:

* Costs. When businesses talk about costs, they generally are referring to either time or money. And companies opting to use expense reports for stipends will find the task occupies a good bit of both. It’s time-consuming for accounting departments to sort through individual expense reports and issue payments only after an employee’s usage has been verified. It’s no surprise, then, that an Aberdeen Group study suggests each expense report costs $18 to process. Compounding those costs, companies opting for this method will issue hundreds or even thousands of payments each month, so the benefits that attend stipends can be quickly outweighed.

More recently, a few carriers have started to offer a split-billing solution. Split billing attempts to categorize employee usage as either personal or work-related and, in turn, solves some of the issues that expense reports present. For starters, companies could avoid the need to process individual expense reports, as employees’ bills would obviate the need. Unfortunately, though, these split-billing solutions are only partial solutions, as they typically do not account for the voice portion of an employee’s bill. An even larger concern, however, is that split-billing forces employees to align with one carrier, a concept that is at odds with the heart of BYOD: autonomy.

A less discussed but potentially more complete stipend solution is referred to as direct-to-carrier credits. In fact, Gartner has called this process the most effective method for managing BYOD expenses. Simply put, companies determine payment levels based on employee role or any other relevant factor, and then have the stipends applied directly to employees’ bills as a credit.

This solution is typically tied into software that encourages employees to comply with mobile policies and alerts the employer and BYOD solution provider when a device is out of compliance. Plus, by integrating with HR Information Systems, the solution alerts the vendor when an employee’s role or status has changed within the organization.

* Determining Eligibility. Regardless of the stipend approach used, companies must determine which employees are eligible to participate, and many base the decision on roles. For example, an organization may decide to exclude hourly employees from its stipend program. That doesn’t necessarily mean those employees can’t access the network; it simply means they bear the entire costs themselves. If utilizing direct-to-carrier credits, companies may place eligible employees into one of three or more categories. An employee who rarely needs to be contacted outside the office might receive a $35 stipend each month. A salesperson, on the other hand, might receive twice that amount due to the demands of the position. In any event, employees would be assigned a tier by managers and then enroll in the BYOD program over a web portal.

* Taking Control. The decision to reimburse employees for BYOD, at least in California, became clearer with the Cochran ruling. In other states, it may simply come down to control. That is, control over the devices accessing corporate information. For example, if MDM software is required to be downloaded prior to accessing the network, businesses can ensure their employees don’t download certain apps or visit certain sites that may jeopardize security.

Stipends offer a compelling incentive for end users. Employees get help paying their mobile bill (for work-related purposes, of course) and employers get some measure of control over the device itself due to the fact that stipends can be tied into the MDM software in such a way that if a device falls out of compliance the stipends are immediately suspended. Those safeguards are absent from reimbursements made via expense reports. And though stipends may be contingent upon compliance, if those stipends aren’t synced with the MDM software, it does little to prevent a breach or respond quickly to a noncompliant device.

* Limiting Taxes. The Internal Revenue Service (IRS), in Notice 2001-72, thankfully removed mobile devices from the “heightened substantiation requirements” they were subject to prior to 2010. The devices, to avoid tax consequences, have to be provided for substantial noncompensatory business reasons, such as an employee’s need to communicate with clients after normal work hours or the employer’s need to reach the employee during similar off hours.

Shortly thereafter, the IRS issued Interim Guidance on Reimbursement of Employee Personal Cell Phone Usage in light of Notice 2011-72, wherein it addressed reimbursements made to employees for the business use of employee-owned devices. In order for a stipend to avoid taxation based on additional wages or income, the memorandum states that, where employers, for the same substantial noncompensatory business reasons noted in Notice 2001-72, require employees to use their personal cell phones, the employee must “maintain the type of cell phone coverage that is reasonably related to the needs of the employer’s business, and the reimbursement must be reasonably calculated so as not to exceed expenses the employee actually incurred in maintaining the cell phone.”

A tiered approach to stipends that considers the differing needs and demands of various roles within an organization would seem to satisfy those requirements. Though not without shortcomings, split billing solutions clearly satisfy the requirements by separating usage on each bill.

While there is much that is unclear regarding the tax code, the fact that BYOD is growing in popularity every year is undisputed. And as more Millennials enter the workforce, that trend will likely not slow.

BYOD is about more than the wishes of tech-savvy employees; it’s about productivity and the bottom line. To maximize both, companies should strongly consider offering employees a stipend for the work-related use of their personal devices.

While options for paying stipends exist, organizations need to understand there are real differences between those options and, often, the success of a BYOD program depends on how those stipends are offered.


MCTS Training, MCITP Trainnig

Best Microsoft MCP Certification, Microsoft MCSE Training at

F. Scott Fitzgerald didn’t know everything
The tech industry in 2015 is shaped by one executive’s spectacular second act: Steve Jobs, exiled from the company he helped build, returned triumphantly in 1996 to take back control and transform it into a world-changing electronics company. It’s a story that everyone knows, but it’s one that’s almost unique in the tech industry. More common is a different kind of second act: one in which a leader or visionary leaves (voluntarily or not) the role that made them famous and tries something else, something new. Sometimes these new gigs are calmer and more low-key than their first act; sometimes they might seem to be in a very different field; and sometimes they take a tech leader to new heights.

Elon Musk
In 2001, Elon Musk was deposed as CEO of PayPal, a company he helped found and focus on online payments. The coup was motivated, depending on who you ask, over either his autocratic management style or his attempt to move PayPal’s infrastructurefrom Unix to Windows. Most people would’ve been satisfied with having created a service that redefined how people pay for things, and also with a $165 million payout. Instead, Musk went for a double second act, pouring his fortune into Tesla, which aims to transform how cars are powered, and SpaceX, which seeks to make manned spaceflight profitable. It’s pretty difficult to imagine two less grandiose goals to tackle.

Ev Williams
Pyra Labs, co-founded by Ev Williams in 1999, was supposed to make (boring) project management software. But they built a publishing tool for internal use that they called Blogger, which quickly became an outward-facing service, which quickly brought blogging mainstream and got Pyra Labs acquired by Google in 2003.

Flash-forward a few years: Williams leaves Google and helps found Obvious Corp., a sort of incubator with several projects in progress; one of them, launched in 2006, was originally called twttr, and was conceived of as an SMS-based publishing network. Nearly a decade later, Twitter has come to define Web publishing for the ’10s as much as blogging did for the ’00s. Will Williams’s next startup focus on even shorter posts?

Jack Dorsey
While Williams was an important part of Twitter’s origin story, it was Jack Dorsey who laid the foundations for its technology, after having ruminated on similar ideas for much of the first half of the ’00s. Dorsey was Twitter’s CEO in its early years. However, the microblogging service was barely out if its infancy when he launched another endeavor: Square, a service that made it easy to accept credit card payments on smartphones. The company had reached beta status by 2010. Twitter is a media darling and may get more press, but more people probably encounter Square, which aggressively moved to replace standard cash registers with iPads, in real life. In a Jobsian move, Dorsey has also returned to Twitter as CEO, though that seems temporary.

Andy Rubin
Maybe Rubin didn’t have so much a second act as a second try. He was one of the co-founders of Danger, Inc., a company whose Danger Hiptop phone-PDA combo — a smartphone, essentially — was way, way ahead of its time when it arrived on the market in 2002. Rubin left the company, which ended up stagnating before being absorbed by Microsoft, but he wasn’t done with mobile. He quietly started another company, Android, which focused on mobile software, and which was, just as quietly, bought by Google in 2005. Android was the world-changer that proved that sometimes the second time’s the charm.

Carly Fiorina
In tech circles, Carly Fiorina is best remembered for her late ’90s/early ’00s stint as CEO of Hewlett-Packard, which was extremely controversial within the industry; she fought the company’s founding families, dismantled the egalitarian “HP Way,” and, most famously, engineered a much-derided merger with Compaq. Fiorina was fired in 2005, but has chosen a second act even more grandiose than conquering space: politics. Undaunted by a failed 2010 Senate run that featured one of the weirdest campaign ads in living memory, Fiorina is currently running for the 2016 Republican presidential nomination, and in her first big debate managed to humble Donald Trump.

Henry Blodget
Perhaps nobody on this list had their first act end as dramatically as Henry Blodget: as a stock analyst for Merrill Lynch during the dot-com boom he promoted stocks in public that he privately admitted weren’t worth much; he eventually paid a $2 million civil fine and was banned from the securities industry. For his second act, he turned to journalism: he helped found Silicon Alley Insider in 2007, which quickly become part of the Business Insider empire, where Blodget is the editor in chief and CEO. Much of the hostility within the industry towards him has dissipated, and many view him as a sort of kooky uncle, especially when he produces oddball it-happened-to-me articles like this one.

Kevin Rose
Kevin Rose is perhaps emblematic of the sort of second acts many tech execs who hit it big young have: the anticlimactic kind. Rose founded Digg, which for a few years in the ’00s was one of the most important websites on the Internet, with hundreds of millions of views and the power to make or break stories that it linked to. A baby-faced Rose appeared on the cover of BusinessWeek in 2006, though he later claimed the hat and headphones weren’t his. After a disastrous 2010 redesign evaporated Digg’s goodwill, Rose started an app-making shop that got bought by Google and ended up briefly working on Google+, a project that, as we all know, did not end in glory.

James Gosling
Some second acts are lower-key by choice. James Gosling created Java for Sun Microsystems in 1995; when Sun was merged into Oracle in 2010, Gosling left in short order, which was seen as emblematic of the culture clash between the two companies. After a brief five-month stint working for Google, Gosling went in a completely different direction: he took a job with Liquid Robotics, helping build low-power automatic seafaring robots. I imagine this job has to be significantly less stressful than his previous high-profile gigs.

Steve Jobs (again)
Steve Jobs’s return to Apple is so important to the industry that it’s easy to forget that he did have another, truly different second act. In 1986, after he had been ousted from Apple, Jobs spent $5 million to fund the spinoff of LucasFilm’s Graphics Group, which was quickly renamed Pixar. After years of failed attempts to market to special effects artists the custom hardware and software the group had developed, and only a little traction from doing commercial animation, Jobs was almost prepared to sell the company in 1995, when Toy Story was released to near-universal acclaim and massive box office success. The rest was history. Even Jobs’s secondary second act was pretty good.



MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

Attackers have hijacked thousands of websites running the WordPress content management system and are using them to infect unsuspecting visitors with potent malware exploits, researchers said Thursday.

The campaign began 15 days ago, but over the past 48 hours the number of compromised sites has spiked, from about 1,000 per day on Tuesday to close to 6,000 on Thursday, Daniel Cid, CTO of security firm Sucuri, said in a blog post. The hijacked sites are being used to redirect visitors to a server hosting attack code made available through the Nuclear exploit kit, which is sold on the black market. The server tries a variety of different exploits depending on the operating system and available apps used by the visitor.

“If you think about it, the compromised websites are just means for the criminals to get access to as many endpoint desktops as they can,” Cid wrote. “What’s the easiest way to reach out to endpoints? Websites, of course.”

On Thursday, Sucuri detected thousands of compromised sites, 95 percent of which are running on WordPress. Company researchers have not yet determined how the sites are being hacked, but they suspect it involves vulnerabilities in WordPress plugins. Already, 17 percent of the hacked sites have been blacklisted by a Google service that warns users before they visit booby-trapped properties. Interestingly, Cid added, the attackers have managed to compromise security provider Coverity and are using it as part of the malicious redirection mechanism. The image above shows the sequence of events as viewed from the network level using a debugging tool.

Sucuri has dubbed the campaign “VisitorTracker,” because one of the function names used in a malicious JavaScript file is visitorTracker_isMob(). Cid didn’t identify any of the compromised sites. Administrators can use this Sucuri scanning tool to check if their site is affected by this ongoing campaign.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at


Hires talent, acquires assets, teams with other provides to reach beyond its core footprint

Comcast Business, which began offering communications services to small businesses in its regional footprint in 2007 and broadened its portfolio in 2010 to appeal to larger organizations in that local realm, today announced an Enterprise Services unit that will go after Fortune 1000 companies regardless of geography.

“We have the right services in our portfolio now, the right performance levels, the right metrics, so we can target businesses outside of our footprint,” says Bill Stemper, president of Comcast Business, which has an annual run rate of $4.5 billion.

The company, which has been spending $1 billion per year to expand its business network, will offer Ethernet, Internet access, advanced voice services, and a range of managed services, including everything from managed router and security services to 3G and 4G backup services, Stemper says.

Comcast Business serves 39 states and 20 of the top 25 markets, representing roughly 45% of the US. To go after “bigger companies, even those not in our footprint, we did three things,” Stemper says:

* Hired a leader to lead the charge, Glenn Katz, who was the CEO of SpaceNet, a service aggregator that supported business customers by pulling together service offerings from different providers.

* Worked with fellow CATV-based service providers to hash out a “cable first solution,” whereby the companies have agreed to buy and sell from one another much like telephone companies cobble together services from different providers today to deliver end-to-end enterprise solutions. Comcast Business says it has reached network agreements with Brighthouse, Cablevision, Charter, Cox, Mediacom, Suddenlink and Time Warner Cable.

* Acquired Contingent Network Services for its expertise in offering managed services to many nationally known businesses. “The company will become a wholly-owned subsidiary of Comcast Business and will continue to operate under the Contingent brand name,” Comcast Business reports.

Asked what will get Comcast Business in the door, Stemper says scalable bandwidth at great price points and the speed at which they can react to customer needs. The customer sweet spot will be banking and finance firms and hospitality and food service organizations that have some centralized offices and data centers and maybe 1,000 scattered branches/outlets, he says.

In terms of what comes next, Stemper sees software defined networking playing a big role. “The new world is Ethernet based, and the more sophisticated businesses want to prioritize apps, customize the manner in which the network works with the apps. So all of us are working on software defined capabilities that gives them that capability, but in a way that is more flexible than traditional MPLS. The new world is going to be more dynamic and customizable and software defined capabilities will be one of the next things we layer in.”


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at


Get ready to live in a trillion-device world

Written by admin
September 14th, 2015

A swarm of sensors will let us control our environment with words or even thoughts

In just 10 years, we may live in a world where there are sensors in the walls of our houses, in our clothes and even in our brains.

Forget thinking about the Internet of Things where your coffee maker and refrigerator are connected. By 2025, we could very well live in a trillion-device world.
[ Stay up to date on tech news with Computerworld’s daily newsletters. ]

That’s the prediction from Alberto Sangiovanni-Vincentelli, a professor of electrical engineering and computer science at the University of California at Berkeley.

“Smartness can be embedded everywhere,” said Sangiovanni-Vincentelli. “The entire environment is going to be full of sensors of all kinds. Chemical sensors, cameras and microphones of all types and shapes. Sensors will check the quality of the air and temperatures. Microphones around your environment will listen to you giving commands.”

This is going to be a world where connected devices and sensors are all around us — even inside us, Sangiovanni-Vincentelli said in an interview with Computerworld during DARPA’s Wait, what? Forum on future technology in St. Louis this week.

“It’s actually exciting,” he said. “In the next 10 years, it’s going to be tremendous.”

According to the Berkeley professor and researcher, we won’t have just smartphones.

We’ll have a swarm of sensors that are intelligent and interconnected.

Most everything in our environment — from clothing to furniture and our very homes — could be smart. Sensors could be mixed with paint and spread onto our walls.

We’ll just speak out loud and information will instantly be given to us without having to do an online search, phone calls can be made or a robot could start to clean or make dinner.

And with sensors implanted in our brains , we wouldn’t even need to speak out loud to interact with our smart environment.

Want something? Just think about it.

“The brain-machine interface will have sensors placed in our brains, collecting information about what we think and transmitting it to this complex world that is surrounding us,” said Sangiovanni-Vincentelli. “I think I’d like to have an espresso and then here comes a nice little robot with a steaming espresso because I thought about it.”

Pam Melroy, deputy director of DARPA’s Tactical Technology Office, said the Berkeley professor isn’t just dreaming.

“I do think there’s something to that” scenario, said Melroy, who is a retired U.S. Air Force officer and former NASA astronaut. “At the very least, we should be preparing for it and thinking of what is needed. We get into very bad places when technology outstrips our planning and thinking. I’d rather worry about that and prepare for it even if it takes 20 years to come true, than just letting it evolve in a messy way.”

While having a trillion-device life could happen in as little as 10 years, Sangiovanni-Vincentelli said there’s a lot of work to be done to get there.

First, we simply don’t have the network we’d need to support this many connected devices.

We would need communication protocols that consume very small amounts of energy and can transmit fluctuating amounts of information, the professor explained. Businesses would need to build massive numbers of tiny, inexpensive sensors. We’ll need more and better security to fend off hacks to our clothing, walls and brains.

And the cloud will have to be grown out to handle all of the data that these trillion devices will create.

“Once you have the technology enabling all of this, we should be there in 10 years,” said Sangiovanni-Vincentelli.

With all of these devices, many people will be anxious about what this means for personal privacy.

Sangiovanni-Vincentelli won’t be one of them, though.

“Lack of privacy is not an issue,” he said. “We’ve already lost it all… If the government wants me now, they have me. Everything is already recorded somewhere. What else is there to lose?”

Melroy also is more excited than nervous about this increasingly digital future.

“As a technologist, I don’t fear technology,” she said. “I think having ways that make us healthier and more efficient are a good thing… There is social evolution that happens with technological evolution. We once were worried about the camera and the privacy implications of taking pictures of people. The challenge is to make the pace of change match the social evolution.”


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at


10 more security startups to watch

Written by admin
September 10th, 2015

Startups focus on encryption, endpoint protection event analysis, radio-frequency scanning

The emergence of cybersecurity startups has continued unabated as entrepreneurs vie for corporate customers seeking new technologies to battle ever increasing and innovative attackers.

The expertise of these new companies range from various improvements to encryption products to analyzing the wealth of security-incident data gathered from networks to gear that detects the potentially malicious wireless activity of Internet of Things devices.

Based on the continued interest in these startups from venture capital investors, these companies will continue to proliferate. Here are 10 more security startups we are watching and why.

Headquarters: Boston
Founded: 2013
Funding: $17 million including seed and Series A financing
Leaders: CEO Mike Duffy and CTO Jack Danahy who worked together at BBN and at IBM
Fun fact: The company name is supposed to remind you of a guard dog waking you to intrusions.

Why we’re following it: In the hot endpoint security space, Barkly promises a lightweight agent to gather data – lightweight in its footprint and in its CPU usage. That makes it less intrusive to end users. Given that its founders promise general availability of its first product by the end of the year and that the company has enough funding for two years, Barkly could be a player. Plus its founders have driven other successful startups, notably OpenPages and Ounce Labs, both bought by IBM.

Headquarters: Atlanta
Founded: 2014
Funding: $9 million from Bessemer Venture Partners
Leader: Founder and CEO Chris Rouland who also founded End Game
Fun fact: The initial idea for the company stemmed from a system Rouland devised to make pickup time more efficient at schools by mapping children to the unique radio-frequency signatures of their parents’ cars.

Why we’re following it: With the proliferation of wirelessly connected Internet of Things devices inside enterprises, security professionals lack technology to adequately monitor what they are up to or even that they are inside the network. Bastille’s monitoring of corporate airspace for such devices and analysis that reveals when they are acting maliciously is a means to gain that important intelligence and pass it along to existing security tools.

Consumer Identity & Access Management Buyer’s Guide
How to Find Hidden Malware Lurking in Your Systems

Headquarters: San Jose
Founded: 2013
Funding: $35 million in two round from Norwest Venture Partners, NEA and SingTel Innov8
Leaders: Founders CEO Nat Kausik, CEO of four startups one bought by Cisco, one by CA, and CTO Anurag Kahol, a Juniper alum
Fun fact: The company ran an experiment to track what happens to stolen credit card data and found that once posted on the Dark Net it was opened more than 1,000 times in 12 days.

Why we’re following it: The company’s patented technology makes it safe to store corporate data in the cloud without degrading the speed at which the data can be searched, a common problem with searching encrypted files. Rather than store the data encrypted in the cloud, it stores an encrypted handle representing the data. When the data needs to be retrieved, the handle is downloaded and the full file is pulled from a database stored securely within the corporate network. This allows a high level of encryption (AES 256) as well as speedy search.

Headquarters: San Jose
Founded: 2014
Funding: Digital Arts
Leaders: CEO Gord Boyce, COO Scott Gordon (both formerly with ForeScout)
Fun fact: The company is a spin-out from Japanese email and Web-filtering company Digital Arts which wanted to focus on selling the platform in the U.S. market.
Top News

Michael Dell
Dell expanding in China with $125B investment over five years
North Korea is likely behind attacks exploiting a Korean word processing…
apple tv 01
Apple’s tvOS: Can connected-home apps be far behind?

Why we’re following it: FinalCode takes the work out of managing the complex key management that is necessary to encrypt documents and have decryption rights follow the documents around wherever they go. It allows flexibility for where these permissions are stored, either in its cloud or within customers’ firewalls. The platform makes using document sharing services such as Box and Dropbox secure enough to handle corporate information but doesn’t require any changes to the services themselves.

Ionic Security
Headquarters: Atlanta
Founded: 2011
Funding: $78.1 million from Kleiner Perkins Caufield & Byers, Meritech Capital Partners and Google Ventures
Leaders: CEO Steve Abbott, with roots in Symantec, PGP and Network Associates, and CTO Adam Ghetti, named a 2015 Technology Pioneer by the World Economic Forum
Fun fact: The company used to be called Social Fortress.

Why we’re following it: Ionic’s service encrypts documents using symmetric-key encryption, then manages the key, taking a huge burden off its customers. In addition to securing entire documents from anyone but authorized users, it can secure parts of a document so that one group of recipients can see all of it, but others can decrypt only a designated portion. It also monitors who is actually opening up documents.

Menlo Security

Headquarters: Menlo Park
Founded: 2013
Funding: $35.5 million through Series B funding from Sutter Hill Ventures, General Catalyst, Osage University Partners and Engineering Capital
Leaders: CEO Amir Ben-Efraim and Chief Product Officer Poornima DeBolle, both formerly with Juniper Networks
Fun fact: The founders are commercializing technology licensed from University of California at Berkeley research.

Why we’re following it: Menlo Security offers a simple service that looks to be effective at stripping malware from email and Web traffic. It does this by proxying all such traffic to the company’s cloud where any code is executed in a container. Only a rendering of the content reaches the user’s browser, so it is free of any potential malware. For upstream traffic, the code in the container proxies back to the servers.

Headquarters: Sunnyvale
Founded: 2013
Funding: $29.4 million from Venrock, New Enterprise Associates (NEA) and Index Ventures through two rounds.
Leader: CEO Sriram Ramachandran with executive experience at Aruba, Juniper, Netscreen and Neoteris
Fun fact: The name Niara means haystack in Spanish, and has no particular significance relating to what the company does.

Why we’re following it: The company makes a security-event analyzer that correlates events that could be signs of attack, assigns them severity scores and issues alerts. The upside for customers is the analyzer takes input about events from existing security platforms, enhancing their usefulness. The goal is to provide very necessary screening and prioritizing of events for human security analysts to check out rather than going through them manually – an overwhelming task. This platform could help businesses better deal with the security information they already gather without having to drastically increase hard-to-find security staff.

Red Canary
Headquarters: Denver
Founded: 2014
Funding: $2.5 million in seed funding led by Kyrus-Tech
Leaders: CEO Brian Beyer, head of detection operations Keith McCammon, research and development chief Jason Garman and engineer Chris Rothe who all worked together at Kyrus and, except for Rothe, at ManTech
Fun fact: The company name invokes the proverbial canary in the coal mine that warns miners of poison gasses.

Why we’re following it: The company offers a service necessary to many businesses – human analysts who sort through security alerts to eliminate false-positives before alerting their customers to the danger. The cost and scarcity of qualified security analysts puts in-house staffing beyond the budgets of businesses of varying sizes. Red Canary’s focus is on analyzing security event data and it delegates gathering that data to other vendors – Bit9+CarbonBlack for endpoint sensors and threat intelligence from Threat Recon, Farsight Security and Bit9+CarbonBlack’s Threat Intelligence Cloud, in addition to its own threat intelligence.

Soha Systems
Headquarters: Sunnyvale
Founded: 2013
Funding: $9.76 million in venture funding from Menlo Ventures, Andreessen Horowitz, Cervin Ventures and Moment Ventures
Leaders: CEO Haseeb Budhani (Infineta and NET) , Vice President of Engineering Hanumantha Kavuluru (MobileIron, Nortel), and Vice President of Marketing Rob Quiros (Cisco, Riverbed)
Fun fact: Soha it the Arabic name for a star Arabs used to test their vision

Why we’re following it: Soha provides cloud-based security services that reduce the time, cost and expertise required when compared to buying and deploying infrastructure to accomplish the same goals. The service includes authentication, authorization, application firewalling, WAN optimization and server load balancing among multiple application instances. It has a dashboard that shows how accessible their applications are.

Headquarters: Palo Alto
Founded: 2014
Funding: $14 million from Battery Ventures
Leaders: CEO Ajay Arora has worked at startups acquired by Cisco, Intel and IBM
Fun fact: Arora says if the company were a superhero it would be Violet Parr from The Incredibles because she can generate an invisible shield.

Why we’re following it: Vera software imposes encryption on documents that follows them around until a legitimate recipient authenticates to release the decryption keys. That has security benefits, but this is also done with minimal altering of how users interact with the application whose files are being encrypted. It can be used on any device and in conjunction with other security tools. All this means that the product not only secures information, it is unobtrusively enough that it will hurdle obstacles to adoption.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

The 15 biggest enterprise ‘unicorns’

Written by admin
August 31st, 2015

The Wall Street Journal found 115 companies valued at more than $1 billion, these are the 15 biggest enterprise tech ones

Yester-year there were only a few unicorns in the world of startups.

This week though, the Wall Street Journal and Dow Jones VenturSource identified 115 companies with valuations north of $1 billion, which are referred to as unicorns.

Below are 15 of the highest valued enterprise software companies that have received venture funding but have not yet been sold or gone public.

Valuation: $20 billion
Funding: $1.5 billion

What it does: Palantir has created a program that’s really good at finding relationships across vast amounts of data, otherwise known as link analysis software. Its meteoric rise has been fueled by big-money contracts with federal government agencies. Palantir is the second-largest unicorn, behind Uber, that The Wall Street Journal identified.

Valuation: $10 billion
Funding: $607 million

What it does: One of the pioneers of the cloud market, Dropbox’s file synch and share system has been a hit with consumers, and increasingly with businesses too. Chief competitor Box would have been a unicorn, but the company went public this year.

Valuation: $4.5 billion
Total funding: $596 million

What it does: Zenefits provides a cloud-based human resource management (HRM) system for small and midsized business, with an emphasis on helping businesses manage health insurance administration and costs.

Valuation: $4.1 billion
Total funding: $670 million

What it does: Cloudera provides a distribution of Hadoop. It’s chief competitor in the big data/Hadoop market, Hortonworks, filed for an initial public offering earlier this year after being a unicorn itself.

Pure Storage
Valuation: $3 billion
Funding: $530 million

What it does: Pure storage is one of the most popular startups in the solid-state, flash-storage market. It pitches its hardware-software product as a more affordable competitor to storage giant EMC.

Valuation: $3 billion
Funding: $515 million

What it does: Docusign lets users electronically sign and file paperwork.

Valuation: $2.8 billion
Funding: $315 million

What it does: Slack is an enterprise communication and collaboration platform, allowing users to text and video chat, plus share documents too.

Valuation: $2 billion
Funding: $312 million

What it does: Nutanix is one of the startups in the hyperconvernged infrastructure market, providing customers an all-in-one system that includes virtualized compute, network and storage hardware, controlled by a custom software. Converged systems are seen as the building blocks of distributed systems because of their ability to optimize performance, particularly on the storage side.

Valuation: $2 billion
Funding: $459 million

What it does: Founded by Josh James (who sold his previous startup Omniture to Adobe for $1.8 billion), this Utah-based company provides business intelligence software hosted in the cloud tailored for business executives. The idea is to provide c-level executives at companies ready access to important data they need to run their companies in a user-friendly format accessible on any device.

Valuation: $2 billion
Funding: $350 million

What it does: GitHub is a platform for storing software that makes up open source projects. These repositories can be public or private and allow users to track bugs, usage and downloads. If you use an open source project, it’s likely hosted on GitHub.

Valuation: $1.8 billion
Funding: $142 million

What it does: Tanium is a platform for identifying and remedying application outages or security threats in real-time. One of it biggest differentiating features is an intuitive search bar that allows users to quickly search in natural language to check the status of the system they’re monitoring for a variety of issues.

Valuation: $1.6 billion
Funding: $311 million

What it does: MongoDB is one of the most popular NoSQL databases. These new breeds of databases are ideal for managing unstructured data, like social media streams, documents and other complex data that don’t fit well into traditional structured databases.
Valuation: $1.5 billion
Funding: $199 million

What it does: is a big data platform that analyzes business relationships with customers and provides predictive analytics for future sales strategy.

Valuation: $1.5 billion
Funding: $259 million

What it does: Mulesoft is the commercial product for the open source Mule software, an enterprise service bus that helps integrate and coordinate data across applications. Having a common data set that multiple applications can use reduces duplication and cost.

Jasper Technologies
Valuation: 1.4 billion
Funding: $204 million

What it does: Jasper Technologies creates a platform for the budding Internet of Things. The company’s software allows data generated by machines to be stored and analyzed in the company’s software.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

Newly hired graduates are often technology savvy, but not very enterprise security savvy. That can be a dangerous combination.

Newly hired college grads are a particular security risk to your organization, and special measures need to be taken to manage this “graduate risk.”

That’s the view of Jonathan Levine, CTO of Intermedia, a Calif.-based cloud services provider whose customers employ many recent graduates.

“The problem is that new graduates are often very computer savvy, but unfortunately they are not enterprise savvy,” he says. That’s different to what was the case in the past – certainly when many current CIOs took their first jobs – where most graduates knew nothing about computers or the security requirements of the organizations they were joining.

He points out that from middle school or even earlier students use apps to do their school work, and use various services to share documents. But they are rarely educated about corporate requirements like information security and confidentiality.

“Coupling a technical literacy in tools like Dropbox and Snapchat with a naiveté about the way that enterprises need to operate is a dangerous combination,” Levine warns.

That means it’s your IT department’s or security team’s responsibility to provide security education to graduates. This should warn them of the dangers of using consumer services, such as cloud storage or webmail, that generally offer inadequate auditing, management capabilities and security for use in an enterprise environment.

“Data loss is a big risk that graduates can introduce when they come from an academic environment,” Levine says. “They come from an environment where information wants to be free and open source programming is common, to the corporate world where we want some sorts of information to be free – and some definitely not to be free.

“We may want information to be shared, but we need to be able to know who is accessing it,” he adds.

Graduates also introduce a disproportionate risk that information useful to hackers may be shared on social media services such as Facebook or Twitter. That’s simply because they’re accustomed to using these services without thinking about the security implications of what they’re making public.

While educating graduates is key, making sure that they put what they learn into practice is also important. Here are six ways you can help ensure that this happens:

1. Judge graduates on the security they practice. Newly hired graduates usually undergo some sort of appraisal or performance review process on a regular basis. This provides the opportunity to make security – and adherence to security practices – a goal that new hires can be evaluated on.

2. Gamify security. Despite the name, this does not involve turning security into a game. Rather, it involves running incentivized security awareness programs.

This approach encourages graduates to attend security courses or gain security qualifications – which may just be internal courses or qualifications run or awarded by the IT department.

As graduates progress they can be awarded points that earn rewards appropriate to the organization, such as certificates, prizes, corporate perks or monetary bonuses.

3. Monitor graduate behavior. This adheres to the old adage of “trust but verify.” The idea is that the IT department should monitor certain aspects of graduate’s IT usage so that their managers can better understand how well they are adhering to security best practices – and intervene when necessary.

4. Make security easy. One way to reduce graduates’ temptation to use consumer services is to ensure that there are enterprise-grade alternatives that are attractive and easy to use.

So while it may be hard to get a graduate who has grown up with Gmail to start using an email client like Outlook that they may see as ugly and unwieldy, it may be easier to wean graduates off Gmail by providing alternatives. This could be something as simple as Outlook Web Access, or a more sophisticated alternative like offering access to Exchange data on a mobile device such as an iPhone or Android tablet using ActiveSync.

5. Run a security event. As an example, Levine says Intermedia runs a “Hacktober” event every fall. During the event the security team does everything that it has warned graduates against, such as leaving USB keys around (that contain harmless malware) and sending out phishing emails (which also do no real harm.)

The team can then contact any graduates who pick up and use these USB sticks or who respond to the phishing emails – and graduates can gain kudos but reporting that they have spotted these planted USB devices or phishing emails.

6. Quick win. If there’s one single thing you can do to make a big difference, Levine believes it is to drum it in to new graduates that they need to use separate passwords for each corporate system or application that they log in to.

It’s important to make sure that these are different to any passwords they use to provide access to consumer services. That’s because consumer services are tempting targets for hackers because they often have poor security, and if a hacker can get a password from a consumer service that’s also used in a corporate environment then that presents a significant security risk.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

Who’s upgrading to Windows 10?

Written by admin
August 20th, 2015

In the three weeks since the new OS’s debut, Windows 8.1 users have been the most willing to migrate

Windows 8.1 users have been half again as likely to upgrade to Windows 10 as their compatriots running Windows 7, data from a Web metrics vendor showed today, confirming expectations about who would upgrade first to Microsoft’s new operating system.

The ascension of Windows 10’s usage share has largely come at the expense of Windows 8.1, according to measurements by Irish analytics company StatCounter. Of the combined usage share losses posted by Windows 7, Windows 8 and Windows 8.1 since the last full week before Windows 10’s July 29 launch, 57% has been attributed to Windows 8.1 deserters.

Windows 7, meanwhile, contributed 37% of the losses by the last three editions, and Windows 8, 6%.

The disparity was not unexpected: Most pundits and analysts figured that users of Windows 8.1 — like Windows 7, eligible for a free upgrade — would be first in line to dump their existing OS and migrate to the new. The changes in Windows 10, including the restoration of the Start menu and windowed apps, were most attractive to Windows 8 and 8.1 users, experts believed, because their removal had been widely panned.

Simply put, Windows 7 users, who were more satisfied with the OS Microsoft gave them, would be less motivated to upgrade. That’s been proven out by StatCounter’s early numbers.

But there were recent signs that Windows 7 users have begun jumping to Windows 10 in numbers nearly equal to Windows 8.1.

During the week of August 10-16, the difference between the declines in Windows 7 and Windows 8.1 was the smallest it’s been since Windows 10’s debut. In that week, Windows 7 lost 0.55 percentage points of usage share, only slightly less than the 0.64 percentage points given up by Windows 8.1. The week before — August 3-9 — the gap between the two was much larger: Windows 7 lost 0.95 percentage points, while 8.1 declined by 1.42 points.

StatCounter’s data also illustrated just how important Windows 7 conversions will be to Windows 10’s ultimate success — as Microsoft has defined it, that would mean 1 billion devices running the operating system by mid-2018. Even if it coaxed every Windows 8 and 8.1 user into upgrading, Microsoft would be looking at a usage share of less than 21% for Windows 10. It must convince large segments of Windows 7’s base to migrate as well.

That may require modification of the Windows 10 pitch, perhaps with less talk about the return of the Start menu, say, and more about enhanced security. Working against Microsoft are a plethora of Windows 10 behaviors, particularly its mandated updates and the concurrent loss of control over what reaches customers’ devices and when. That has raised hackles among the traditionalists who stuck with Windows 7.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at


A new report from Google finds a disconnect between online security best practices from experts and users. Here’s where the groups differ.

How secure are you?
When it comes to online security, experts and users don’t always agree on the most effective ways to stay safe, according to a new report from Google.

The company surveyed 294 users and 231 security experts (participants who worked five or more years in computer security) to better understand the differences and why they exist. Here’s what they found.

Software updates
Installing software updates was the security practice that differed the most between security experts and users, according to the report. Thirty-five percent of experts mentioned it as a top security tactic, compared to just 2 percent of non-experts.

A lack of awareness of how effective software updates are might explain users’low numbers, the report said. “Our results suggest the need to invest in developing an updates manager that downloads and installs software updates for all applications—much like mobile application updates on smartphones,” it said.

Antivirus software
Using antivirus software was the security action mentioned by most users relative to experts. Forty two percent of users said that running antivirus software on their personal computers is one of the top-three things they do to stay safe online, compared to just 7 percent of experts.

Firewalls also ranked high among users, which 17 percent mentioned in their top-three security actions, often in conjunction with antivirus software. Just 3 percent of experts prioritized firewalls as high. Experts cautioned against antivirus software and firewalls, calling them “simple, but less effective than installing updates”and “less sophisticated.”

Using strong and unique passwords were some of the most mentioned strategies by both groups, the report found. While more experts than users emphasized unique passwords (25 percent vs. 15 percent) fewer talked about having strong passwords (18 percent vs. 30 percent). Users also prioritized changing passwords more often than experts (21 percent vs. just 2 percent).

Password managers
Despite password specifics claiming two of their top-five spots, using password managers ranked low among users. Just 3 percent of users mentioned using the tools, compared to 12 percent of experts. Adopting password managers rounded out the top five security practices for experts.

Furthermore, just 32 percent of users ranked password managers as very effective or effective, while only 40 percent said they would follow advice to use them. Users commented that password managers were too “complicated for non-technical users.”

“Users’ reluctance to adopt password managers may also be due to an ingrained mental model that passwords should not be stored or written down—advice users have been given for decades,”the report said. “Password managers can make it feasible to use truly random and unique passwords to help move users away from memorable passwords, which are vulnerable to smart-dictionary attacks.”

Two-factor authentication
While password managers ranked low among users, they rated the use of two-factor authentication considerably higher, both in terms of effectiveness (83 percent) and likelihood of following advice (74 percent). Experts, however, expressed concerns that two-factor authentication is still too difficult for many users and not widely enough available.

“Additional work needs to be done to understand why non-experts are not using two-factor authentication,” the report said. “Some of the expert participants in our study offered several reasons, including the fact that this security feature is still to difficult to explain to non-tech-savvy users, that it is not available on all websites and that it causes significant inconvenience.”

Visiting only known websites
After using antivirus and changing passwords frequently, the practice most mentioned by users relative to experts was visiting only known websites. Twenty-one percent of users—compared to just 4 percent of experts—said they only go to known or reputable websites to stay safe online.

Experts polled by Google pointed out problems with this advice: “Visiting only known websites is great, but paralyzing,” one respondent commented, while another said, “Visiting websites you’ve heard of makes no difference in a modern web full of ads and cross-site requests.”

Using HTTPS is not a major priority for neither the experts nor users, the report found. Just 10 percent of experts and and 4 percent of users placed it in their top-three actions. A majority of both groups, however, said they often look at the URL bar to verify HTTPS (experts: 86 percent; users: 59 percent).

Browser cookies
More than half (54 percent) of users considered clearing browser cookies an effective security measure, while the same percentage of security experts called this practice “not good”or “not good at all.”

Security experts commented that doing so might be ok to prevent session hijacking, but “the annoyance of logging in again might throw some users off.”

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at



Black Hat 2015: Spectacular floor distractions

Written by admin
August 8th, 2015

As if hacked cars and massive Android vulnerabilities weren’t enough to keep the attention of security experts attending Black Hat 2015 in Las Vegas, the vendors at this increasingly vendor-driven show were wheeling out shiny distractions ranging from food and drink to celebrity lookalikes to custom art and free giveaways.

May Black Hat be with you
As if hacked cars and massive Android vulnerabilities weren’t enough to keep the attention of security experts attending Black Hat 2015 in Las Vegas, the vendors at this increasingly vendor-driven show were wheeling out shiny distractions ranging from food and drink to celebrity lookalikes to custom art and free giveaways. Here’s a look at some of what helped keep Black Hat entertained. (See all the stories from Black Hat.)

Bring it on
Black Hat 2015 – Time for ice cream, cocktails, massages

Free T-shirts
Free t-shirts from Dell Software that were custom silk-screened inreal-time and emblazoned with a choice of logos.

I’ll be back next year
Cyborg Aaahnold lookalike dressed up as The Terminator guarding Blue Coat’s booth.

The force is with her
A worker defends the RSA booth with light sabers.
On the juice too
Yoda offers up Jedi Juice energy drink at the Palo Alto booth.

Star Wars
A classic Star Wars video game at the ThreatConnect booth.

We scream for ice cream
Free ice cream for the taking provided by the show.

Say cheese
Free cheese and crackers.

To go with the cheese
Free mojitos in lit stem glasses.

You are so tense
Massages to take away the stress of worrying about network security.

Trust the ball
A little Skee Ball at the BeyondTrust booth to bring back childhood carnival memories.

The Monstah
A replica of Boston’s Fenway Park at the Parsons booth so they could show how to pull the plug on the lights with a switch hack.

Message from the wife?
A fox loses his head so he can check his texts outside the ZeroFox booth.

Out-of-this-world booth theme decorations like this of Area 51 set up by Alien Vault.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

Toshiba’s BiCS technology stacks 48 layers of microscopic NAND layers atop one another, vastly increasing memory density. Credit: Toshiba

The new 3D NAND chip is designed for wide use in consumer, client, mobile and enterprise products

SanDisk and Toshiba announced today that they are manufacturing 256Gbit (32GB), 3-bit-per-cell (X3) 48-layer 3D NAND flash chips that offer twice the capacity of the next densest memory.

The two NAND flash manufacturers are currently printing pilot the 256Gb X3 chips in their new Yokkaichi, Japan fabrication plant. They are expecting to ship the new chips next year.

Last year, Toshiba and SanDisk announced their collaboration on the new fab wafer plant, saying they would use the facility exclusively for three dimensional “V-NAND” NAND flash wafers.

At the time of the announcement, the companies reported the collaboration would be valued at about $4.84 billion when construction of the plant and its operations were figured in.

In March, Toshiba announced the first 48-layer 3D V-NAND chips; those flash chips held 128Gbit (16GB) of capacity.

The new 256Gbit flash chip, which uses 15 nanometer lithography process technology, is suited for diverse applications, including consumer SSDs, smartphones, tablets, memory cards, and enterprise SSDs for data centers, the companies said.

Based on a vertical flash stacking technology that the companies call BiCS [Bit Cost Scaling], the new flash memory stores three bits of data per transistor (triple-level cell or TLC), compared to the previous two-bit (multi-level cell or MLC) memory Toshiba had been producing with BiCS.

“This is the world’s first 256Gb X3 chip, developed using our industry-leading 48-layer BiCS technology and demonstrating SanDisk’s continued leadership in X3 technology. We will use this chip to deliver compelling storage solutions for our customers,” Siva Sivaram, SanDisk’s executive vice president for memory technology, said in a statement.
sandisk nand manufacturing image2

SanDisk and Toshiba’s fab operations in Yokkaichi, Japan where the new 48-layer 3D V-NAND chip is being produced.

Last year, Samsung became the first semiconductor manufacturer to begin producing 3D NAND. Its V-NAND chip provides two to 10 times higher reliability and twice the write performance, according to Samsung.

Samsung’s V-NAND uses cell structure based on 3D Charge Trap Flash (CTF) technology. By applying the latter technologies, Samsung’s 3D V-NAND can provide more than twice the scaling of today’s 20nm-class planar NAND flash.

Samsung is using its 3D V-NAND for a wide range of consumer electronics and enterprise applications, including embedded NAND storage and solid-state drives (SSDs). Samsung’s 3D NAND flash chips were used to create SSDs with capacities ranging from 128GB to 1TB.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.

After careful consideration you’ve decided it’s time to migrate a major on-premise software solution to the cloud. But how do you create and execute a plan to make sure your migration stays on time, on budget, and delivers on your expectations? Effective planning is critical, and it should start with a thorough assessment of your infrastructure by an experienced vendor who understands your specific objectives.

Usually available as a service engagement from a hosting vendor or, better yet, from the software vendor whose solution is being migrated to the cloud, this cloud readiness assessment is part checklist and part roadmap. It audits the entire environment so you can plan and execute an efficient and effective migration.

Why should you consider such a service? It takes the pressure off. Too many organizations attempt to go it alone, which usually means asking overworked IT staff to try to “fit it in.” Today, the average IT department is already responsible for multiple systems, often as many as seven or eight. Trying to add a project as large and complex as an enterprise cloud migration to is simply not realistic. Not only is that approach a disservice to those tasked with making it happen, it also sends the wrong message about the size and importance of the project. Future problems are usually inevitable.

A cloud readiness assessment may also help you achieve a faster time to value. Remember, when you go to a SaaS model, ROI has a completely different meaning. For example, you are no longer looking to recover your long-term capital investment, but instead, expecting to gain instant value from your new OpEx spending. A cloud readiness assessment can help you carefully plan the migration so you can achieve a faster time to value.

Finally, a vendor’s cloud readiness team can usually deliver skills and specialized expertise required for the specific solution that you or hosting provider might not have in-house. These teams are truly cross-functional, with a mix of expertise in project management, technical implementations, business processes, industry-specific insights, and more. Additionally, these teams usually have dozens, if not hundreds, of migrations under their belts.

While no one can say they’ve seen it all, these teams are typically astute and can help you identify potential obstacles – challenges you may not have been aware of – before they become unmanageable.

For example, a cloud readiness team will carefully evaluate your existing environment and document all aspects of your infrastructure that could be affected. This includes your entire architecture, including databases, applications, networks, specialized hardware, third-party interfaces, extensions, customizations, and more. Then, they create a comprehensive report that details these findings as well as their recommended action plan to achieve the most successful migration possible.

To better understand how a cloud readiness offering could work – and its ultimate benefits – consider the example of moving an on-premise workforce management solution to the cloud. Workforce management solutions are generally large, enterprise-level implementations that span employee-focused areas such as time and attendance, absence management, HR, payroll, hiring, scheduling, and labor analytics.

The example of workforce management is especially relevant because recent research shows that an increasing number of workforce management buyers are adopting SaaS tools. Research shows that SaaS will be the main driver in growing the global workforce management market by almost $1.5 billion from 2013 to 2018. Additionally, Gartner research indicates, through 2017, the number of organizations using external providers to deliver cloud-related services will rise to 91 percent to mitigate cost and security risks as well as to meet business goals and desired outcomes.

This research demonstrates that a majority of companies will soon be moving their on-premise workforce management systems to the cloud. But will they be successful?

They have to be. Workforce management systems manage processes and data related to paying employees, managing their time and balances, storing sensitive HR information, complying with industry regulations, and other critical functions. Errors can be extremely costly, especially if they lead to missing paychecks, employee morale issues, lost productivity, grievances and compliance, or even potential lawsuits. Failure is simply not an option.

A cloud readiness service is the perfect way to minimize these risks and maximize the results. Specifically, a readiness service is ideally suited to address specialized areas of a workforce management deployment, including:

* Data collection terminals. While many employees still refer to these as “timeclocks,” the fact is that today’s data collection devices are sophisticated proprietary technology consisting of hardware, software, and network/communication capabilities. As part of a migration, a readiness audit would assess the organization’s data collection methods. It would also provide recommendations for transitioning them to a secure network model that meets the organization’s security and performance objectives while ensuring that service is not interrupted when the switchover occurs.

* Interfaces and integrations. Like other enterprise-level technology, workforce management solutions tend to use many different interfaces and custom integrations to feed applications such as ERP systems, outside payroll systems, or third-party analytics applications. In this example, the readiness assessment evaluates the entire integration strategy, including database settings, to make sure mission-critical data continues to flow to support existing business processes.

* Customizations and configurations. Most organizations have custom reports, products, or database tables. Here, the cloud readiness service will thoroughly review existing customizations and configurations, and will provide recommendations to maintain, or even improve, the value they deliver.

When it comes to something as significant — and important — as migrating a major enterprise solution to the cloud, don’t go it alone. Investing in a cloud readiness service can help you assess where you stand today, plan for the migration, and execute against the plan. This helps free up valuable IT resources to focus on what’s really important – implementing strategic initiatives to help the business grow.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

If the beta version of Apple’s next mobile OS is causing problems on your iDevice, there’s an easy out

his is a time of temptation for Apple enthusiasts, many of whom are eager to get their hands — and devices — on the company’s newest software. Between June, when company execs tout the upcoming versions of Apple’s desktop and mobile operating systems, and the fall, when the polished, finished versions arrive, Apple users get a chance to serve as beta testers.

Having a hardcore set of fans eager to try out the latest software is a benefit that Apple has embraced. Last year, it allowed users to check out pre-release versions of OS X 10.10 Yosemite. This year, they can beta test OS X 10.11 El Capitan and — for the first time — an early version of the company’s mobile operating system — in this case, iOS 9. (Not available as a public beta is the pre-release build of Watch OS, which is a good thing; some of the developers that have tried it have found it to be unstable, and who wants to brick their brand new Apple Watch?)

To do so, users must sign up for Apple’s Beta Software Program, which is free. The program allows access to relatively stable versions of the pre-release software and gives Apple engineers a wider audience to test it. That, theoretically, leads to more bugs uncovered and fixed before the final release. Public betas roll out every few weeks — the most recent one arrived yesterday.


The problem with the time between beta and final releases is that many people who aren’t developers or technology insiders use their primary device to test what is actually unfinished software — and pre-release software is historically unstable, at best. Yes, Apple routinely warns you not to use your main iPhone, iPad or desktop to test the software. And users routinely ignore that advice.

But there’s good news for iPhone and iPad owners who took the plunge into iOS 9 and have now decided — whether because of problematic apps or the need for a more stable OS — they prefer iOS 8. You can downgrade your device, and it’s not even that difficult to do. But there is a caveat: Any data accumulated between the last time your device was backed up running iOS 8 and since the upgrade to iOS 9 will be lost, even if you recently backed up your data. Put simply, you cannot restore backup data from iOS 9 to a device running iOS 8; it’s not compatible. The best you can do is restore from the most recent backup of iOS 8.

Assuming you still want to return to iOS 8, here’s what to do.
If you’re a public beta tester (who hasn’t signed up to be full-fledged developer), you can downgrade your iDevice by putting it into DFU mode. (DFU stands for Device Firmware Update.) You use this method to restore iOS 8 without having to get the older operating system manually.

First, perform a backup via iCloud or iTunes. Even though you won’t be able to use this data on iOS 8, it’s always better to have a backup than not. Then go to Settings: iCloud: Find My iPhone and turn off Find My iPhone.

Then follow these instructions to put the iPhone into DFU mode: Turn off the iPhone and plug it into your computer. Hold the Home button down while powering on the phone, and hold both until you see the Apple logo disappear. You can release the power button, but continuing holding down the Home button until you see the iPhone’s screen display instructions to plug the device into an iTunes-compatible computer. When prompted on your computer, click on the option to Restore, and iTunes will download the latest released version of iOS for your device.

If you’re a developer, log into the Apple Developer portal (after you turn off Find My iPhone), click on the section for iOS and download the latest officially released build. As of now, that’s iOS 8.4. Once the software is downloaded, open iTunes and click on the iPhone/iPad/iDevice tab. Within the Info tab, there are two buttons: Update and Restore. Hold down the Option button on the keyboard while clicking Restore. Navigate to the file that was just downloaded and select it. The software will then erase the iPhone or iPad of its contents and install that previous version of iOS.

Note: When downgrading to the previous version, make sure to option-click Restore; do not choose Update. Doing that will lead to a loop in which the iPhone is placed in Recovery mode, iTunes attempts to download and install the latest official build, runs into errors, and then attempts to download another copy of the official build. It will do that until you break the cycle and choose to Restore the device. So again, don’t select Update.

Given that Apple software upgrades now routinely roll out in the fall, upgrading your devices to unstable software isn’t a good way to spend the summer. For most people, I’d recommend waiting. The latest features are really only worth having when your device is stable, especially if it’s something you rely on day in and day out. But if running the latest software is your thing, then by all means, have at it. And at least if you run into problems on your iDevice, you now know how to get out of trouble.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at



Endpoint protection technology is making strides and may soon be touted as anti-virus

Rather than looking for signatures of known malware as traditional anti-virus software does, next-generation endpoint protection platforms analyze processes, changes and connections in order to spot activity that indicates foul play and while that approach is better at catching zero-day exploits, issues remain.

For instance, intelligence about what devices are doing can be gathered with or without client software. So businesses are faced with the choice of either going without a client and gathering less detailed threat information or collecting a wealth of detail but facing the deployment, management and updating issues that comes with installing agents.

Then comes the choice of how to tease out evidence that incursions are unfolding and to do so without being overwhelmed by the flood of data being collected. Once attacks are discovered, businesses have to figure out how to shut them down as quickly as possible.

Vendors trying to deal with these problems include those with broad product lines such as Cisco and EMC, established security vendors such as Bit9+Carbon Black FireEye, ForeScout, Guidance Software and Trend Micro, and newer companies focused on endpoint security such as Cylance, Light Cyber, Outlier Security and Tanium. That’s just a minute sampling; the field is crowded, and the competitors are coming up with varying ways to handle these issues.

The value of endpoint protection platforms is that they can identify specific attacks and speed the response to them once they are detected. They do this by gathering information about communications that go on among endpoints and other devices on the network, as well as changes made to the endpoint itself that may indicate compromise. The database of this endpoint telemetry then becomes a forensic tool for investigating attacks, mapping how they unfolded, discovering what devices need remediation and perhaps predicting what threat might arise next.

Agent or not?
The main aversion to agents in general is that they are one more piece of software to deploy, manage and update. In the case of next-gen endpoint protection, they do provide vast amounts of otherwise uncollectable data about endpoints, but that can also be a downside.

Endpoint agents gather so much information that it may be difficult to sort out the attacks from the background noise, so it’s important that the agents are backed by an analysis engine that can handle the volume of data being thrown at it, says Gartner analyst Lawrence Pingree. The amount of data generated varies depending on the agent and the type of endpoint.
security questions

Pingree and the NSS researchers
Without an agent, endpoint protection platforms can still gather valuable data about what machines are doing by tapping into switch and router data and monitoring Windows Network Services and Windows Management Instrumentation. This information can include who’s logged in to the machine, what the user does, patch levels, whether other security agents are running, whether USB devices are attached, what processes are running, etc.

Analysis can reveal whether devices are creating connections outside what they would be expected to make, a possible sign of lateral movement by attackers seeking ways to victimize other machines and escalate privileges.

Agents can mean one more management console, which means more complexity and potentially more cost, says Randy Abrams, a research director at NSS Labs who researches next-gen EPP platforms. “At some point that’s going to be a difference in head count,” he says, with more staff being required to handle all the consoles and that translates into more cost.

It’s also a matter of compatibility, says Rob Ayoub, also a research director at NSS Labs. “How do you insure any two agents – of McAfee and Bromium or Cylance – work together and who do you call if they don’t?”

Security of the management and administration of these platforms should be reviewed as well, Pingree says, to minimize insider threat to the platforms themselves. Businesses should look for EPP with tools that allow different levels of access for IT staff performing different roles. It would be useful, for example, if to authorize limited access for admins while incident-response engineers get greater access, he says.

Analysis engines
Analysis is essential but also complex, so much so that it can be a standalone service such as the one offered by Red Canary. Rather than gather endpoint data with its own agents, it employs sensors provided by Bit9+CarbonBlack. Red Canary supplements that data with threat intelligence gathered from a variety of other commercial security firms, analyzes it all and generates alerts about intrusion it finds on customers’ networks.

The analysis engine flags potential trouble, but human analysts check out flagged events to verify they are real threats. This helps corporate security analysts by cutting down on the number of alerts they have to respond to.

Startup Barkly says it’s working on an endpoint agent that locally analyzes what each endpoint is up to and automatically blocks malicious activity. It also notifies admins about actions it takes.

These engines need to be tied into larger threat-intelligence sources that characterize attacks by how they unfold, revealing activity that leads to a breach without using code that can be tagged as malware, says Abrams.

Most of what is known about endpoint detection and response tools is what the people who make them say they can do. So if possible businesses should run trials to determine first-hand features and effectiveness before buying. “The downside of emerging technologies is there’s very little on the testing side,” Pingree says.

Endpoint detection tools gather an enormous amount of data that can be used tactically to stop attacks but also to support forensic investigations into how incursions progressed to the point of becoming exploits. This can help identify what devices need remediation, and some vendors are looking to automating that process.

For example Triumfant offers Resolution Manager that can restore endpoints to known good states after detecting malicious activity. Other vendors offer remediation features or say they are working on them, but the trend is toward using the same platforms to fix the problems they find.

The problem businesses face is that endpoints remain vulnerable despite the efforts of traditional endpoint security, which has evolved into security suites – anti-virus, anti-malware, intrusion detection, intrusion prevention, etc. While progressively working on the problem it leads to another problem.

“They have actually just added more products to the endpoint portfolio, thus taking us full circle back to bloated end points,” says Larry Whiteside, the CSO for the Lower Colorado River Authority. “Luckily, memory and disk speed (SSD) have kept that bulk from crippling endpoint performance.”

As a result he is looking at next-generation endpoint protection from SentinelOne. Security based on what endpoints are doing as opposed to seeking signatures of known malicious behavior is an improvement over traditional endpoint protection, he says. “Not saying signatures are totally bad, but that being a primary or only decision point is horrible. Therefore, adding behavior based detection capabilities adds value.”

So much value that he is more concerned about that than he is about whether there is a hard return on investment. “The reality is that I am more concerned about detection than I am ROI, so I may not even perform that analysis. I can say that getting into a next-gen at the right stage can be beneficial to an organization,” he says.

Anti-virus replacement?
So far vendors of next-generation endpoint protection have steered clear of claiming their products can replace anti-virus software, despite impressive test results. But that could be changing. Within a year, regulatory hurdles that these vendors face may disappear, says George Kurtz, CEO of CrowdStrike.

Within a year rules that require use of anti-virus in order to pass compliance tests will allow next-generation endpoint protection as well, he says. “That’s really our goal,” he says. “From the beginning we thought we could do that.”

He says everyone is focused on malware, but that represents just 40% of attacks. The rest he calls “malware-less intrusions” such as insider theft where attackers with credentials steal information without use of malware.

Until regulations are rewritten, it’s important for regulated businesses to meet the anti-virus requirement, Abrams says, even though other platforms may offer better protection. “It some cases that’s actually more important than the ability to protect because you won’t be protected from legal liabilities.”

Meanwhile having overlapping anti-virus and next-gen endpoint protection means larger enterprises are likely customers for now vs. smaller businesses with fewer resources, he says. But even for smaller businesses the cost may be worth it.

“What do they have to lose and how much does it cost to lose this information vs how much does it cost to protect it?” Abrams says. “


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at


Top 10 job boards on Twitter

Written by admin
July 16th, 2015

Top 10 job boards on Twitter

Celebrities, politicians and companies all have a Twitter account today, so why not job boards? Here are 10 job boards that are using Twitter better than the competition.

Top job boards on Twitter
Twitter isn’t just for celebrities, companies and parody accounts. It’s now an outlet for job boards as well. Turning to Twitter in your job search might not feel natural, but Twitter is becoming a popular recruitment tool. As social media becomes a mainstay of our everyday lives, it’s also become a part of your job search as well.

Engagement Labs, creators of eValue, which rates how well companies use social media, rates successful uses of social media based on likes, follows and overall audience engagement. Here are 10 social job boards using Twitter better than the competition.

#1 Twitter: Monster
Monster’s main Twitter handle, where the company shares both unique and shared content, has over 150,000 followers. It’s eValue score was “20 percent higher than their nearest competitor,” according to Engagement Labs, along with the highest impact score, indicating their content is reaching a large — and interested — audience.

#2 Twitter: CareerOneStop
CareerOneStop is another socially successful government website, coming in second for its use of Twitter and its ability to engage with its audience of over 5,000 followers. The website is sponsored by the U.S. Department of Labor and offers a number of helpful resources for job seekers in every industry.

#3 Twitter: ZipRecruiter
ZipRecruiter may have a modest following of around 4,000 on Twitter, but the company has created a social outlet for its services and its followers are engaged in the experience. ZipRecruiter posts a number of job-seeker-related content, updates about the company, industry updates and, of course, job listings. The site pulls in jobs from other well-known job boards including Monster, Glassdoor and SimplyHired, just to name a few.

#4 Twitter: AOL Jobs
AOL has come a long way since it dominated the Internet back in the 90s, but the company has since moved on from dial-up tones and mailing out its latest software. The Internet company has now extended its reach into the job market, with AOL Jobs, and it’s getting the right feedback on Twitter to put it at number 4 on the list of job boards using Twitter. With over 13,000 followers, AOL Jobs’ twitter feed mostly features original – and interesting — job-seeker focused content that will draw you into the homepage for AOL Jobs.

#5 Twitter: FlexJobs
FlexJobs helps you find jobs that aren’t your typical 9-to-5 office roles. It includes remote opportunities, freelance work and other less conventional career listings on its jobs board. FlexJob’s Twitter account, with more than 8,000 followers, houses content related to flexible job schedules, remote work and telecommuting. Its number 5 on the list of companies with the most powerful social job boards, so if you’re looking for remote, part-time or freelance work, it might be the right account to follow.

#6 Twitter: CareerBuilder
CareerBuilder is a well-known career site and jobs board, but it also dominates the top 10 list for Twitter. At number 6, CareerBuilder uses its Twitter account to connect with nearly 150,000 followers and share content related to job searching, employment, recent college graduates and, of course, job postings.

#7 Twitter: Mediabistro
Mediabistro is more than a jobs board. The website also includes educational programs, articles and industry events in addition to job listings. Its Twitter account, with over 170,000 followers is no different. The social account features job listings, information for job seekers, tips and strategies for finding the right job and more. Mediabistro also poses questions to its followers as well as funny hashtags and memes, going the extra mile to connect with followers.

#8 Twitter: Glassdoor
Glassdoor was a pioneer for job seekers, bringing them reliable salary data and reviews from current and former employees a large number of companies. It’s now channeling its know-how and data into a well-rounded Twitter account with over 80,000 followers. The company features original content, shared articles and job search statistics on Twitter, making it another great option to follow if you are in the market for a new job.

#9 Twitter: Snagajob
Snagajob isn’t successful only on Facebook, it also makes the top 10 list for Twitter. It’s clear that Snagajob is trying to connect with its millennial followers, with its use of emojis and references to pop culture, and it seems to be working. The account has over 14,000 followers and scored high on the list of companies using Twitter effectively.

#10 Twitter: TheLadders
Similar to other jobs boards, TheLadders has a wealth of job-seeker related content on its Twitter account. With over 60,000 followers, TheLadders shares and posts content from its own site, articles from other sources and networking tips. It’s focused on connecting with driven job seekers who want to push their career onward and upward, and its Twitter efforts seem to be doing the trick.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at

Even as PC business contracts for 14th straight quarter, Mac sales surge 16%

Skittish about the impact of Windows 10, including the free upgrade-from-Windows-7-and-8.1 offer, computer makers drew down inventories and sent PC shipments plummeting in the June quarter, IDC said today.

The quarter was among the worst ever for personal computers, according to the research firm, which estimated the year-over-year contraction at 11.8%. That decline was bested only twice before in the two decades that IDC has tracked shipments: in early 2013, when the January quarter was off 13% and the September quarter of 2001, which posted a decline of 12%.

OEMs (original equipment manufacturers) shipped approximately 66 million systems in the three months that ended June 30, IDC said, down from the 75 million during the same stretch in 2014.

The dramatic downturn was due to several factors, said IDC analyst Loren Loverde, who runs IDC’s PC forecast team, including a tough comparative from last year as enterprises scrambled to replace obsolete Windows XP machines. The 2001 operating system was retired by Microsoft in April 2014.

But Windows 10 also played a part, Loverde contended. “We’ve heard from various parties, including ODMs [original device manufacturers], component makers and distributors, that they’ve reduced inventory as Windows 10 approached,” he said.

Although the industry is more bullish about Windows 10 than its predecessor, Windows 8, that’s not been reflected in larger shipments simply because OEMs aren’t sure how the new OS will play out in the coming quarter or two. To safeguard against overstocking the channel, and to some extent preparing for the launch of Windows 10, OEMs played it conservative and tightened inventories by building fewer PCs.

“Although it’s very difficult to quantify, I’d say that this inventory reduction is a little bit more dramatic than before Windows 8,” said Loverde.

Three years ago, inventories surged as PC makers cranked out devices — 85 million in the second quarter of 2012, 88 million in the third — figuring that Windows 8 was going to be a big hit and juice sales. That didn’t happen.

“There were a lot of [retail and distribution] customers buying additional inventory and promoting Windows 8,” Loverde said. “The [negative] impact on inventory is more substantial this time, and everyone is taking a wait-and-see approach, thinking that they’ll make decisions in the second half of the year.”

Some of the nervousness on the part of computer makers revolves around the upgrade offer Microsoft will extend to all consumers and many businesses with existing PCs running Windows 7 or Windows 8.1. Starting July 29, Microsoft will give those customers a free upgrade to Windows 10. The deal will expire a year later, on July 29, 2016.

Because Microsoft has never before offered a free upgrade of this magnitude, it’s uncharted territory for Windows OEMs. A host of unknowns, ranging from whether the free upgrade will keep significant numbers on old hardware to the eventual reaction to the new OS, have made computer makers edgy about committing to fully packing the channel.

“It’s even riskier when the market is declining,” Loverde said of carrying large inventories.

And the PC business has been in decline, and will continue to contract.

IDC has held to its prediction that for 2015, global PC shipments will be down 6.2% from last year’s 308 million, or to around 289 million. (That may change to an even more depressing number; Loverde said IDC had not yet adjusted the figure to account for the worse-than-expected second quarter.) In 2016, the industry will shrink by another 2%.

The brightest spot in the quarter’s forecast was again Apple, which IDC had in the OEM fourth spot with shipments of 5.1 million Macs, a year-over-year jump of 16%. Other manufacturers in the top five — Lenovo, HP, Dell and Acer — were pegged with declines of 8%, 10%, 9% and 27%, respectively.

“Apple’s a pretty unique company,” said Loverde. “They’ve cultivated their market position and product portfolio, and, of course, their positioning is towards more affluent buyers who are not as price sensitive.”

Loverde was convinced that some of the Mac’s strong sales in the June quarter benefited from uncertainties about Windows 10 on the part of consumers.

Unclear, said Loverde, is how the Mac will fare if, as IDC and others believe, Apple introduces a larger iPad later this year, a tablet better geared to the productivity chores typically handled by personal computers.

“I think there will be some impact on Mac shipments, but Apple is always willing to cannibalize its own products,” he said. “But the upside on tablets [generated by a larger iPad] and as a brand is bigger than the risk.”

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at