My computer almost carked it

The unthinkable happened to my business: a vicious virus almost killed my main computer. Not just one virus, but 43 simultaneously wreaking havoc.

 

When I woke early to print a boarding pass, the computer screen was purple. No software icons, log-ins or files. Just purple. Several reboots later, a screen appeared saying Windows had not reloaded properly and another restart was needed. Half asleep, I hit okay – only to restart the virus and help it spread.

 

Rushing to the airport, I wondered if the computer could be saved, how much work was lost, and which clients needed the “dog-ate-my-homework” excuse. I guessed the worst-case scenario was a week of lost work, given the previous back-up.

 

What’s your view?

 

  • Has your business ever had a computer virus?
  • If so, how disruptive was it?
  • What are your best tips to avoid and recover from a computer virus?

Later that day, the emergency geek who fixed the computer (my new hero) said it was a “code red” – tech speak, I gather – for telling clients their PC is stuffed. Thankfully, killing the virus became his crusade, although at $150 an hour I feared it would cost more than the computer.

 

Two days later, the PC was clean, healthy and back on my desk. All files recovered. No major damage done. Then the real work started: downloading software, remembering passwords, and resetting email accounts. It took the best part of a day to restore the PC to its pre-virus state.

 

I know what you’re thinking: where was the seamless, automated, daily computer back-up to the cloud? And the neatly organised drawer of software and other PC tools? It was on the To-Do List, along with 2,000 other things busy home-based owners neglect.

 

Seven years of virus-free computing and a top-of-the-range virus scanner made me complacent. So complacent that I was still on a manual back-up form of PC recovery, like so many other small businessmen who never think about a virus until it is too late.

 

A friend who rarely backs up was not so lucky. He lost three months of work this year because of a nasty virus. After multiple PC interventions, fragments of data were recovered – just enough to tease and torment him. It’s no overstatement to say the virus cost his business thousands of dollars in lost work.

 

As you can tell, I am no computer expert. But perhaps my experience can help small business owners who are not tech savvy, and who think computer viruses happen to other firms, or that viruses have been crushed by all-conquering software.

 

My biggest lesson was data back-up. No more manual, USB-stick back-ups for me: I need multiple back-ups, including cloud-based ones. I never want that awful feeling again of wondering when I last backed up half the business.

 

The next lesson was: only use the main work PC for work-related matters. It’s too easy to mix work and life when running a home-based business. Store the music, movies, photos and other entertainment on a separate PC, and avoid websites that are not work-related (even football ones, as hard as that is).

 

Lesson three: have several back-up devices. Fortunately, I have two laptops that receive my emails and have the same software as the main PC. One is used while travelling; the other stays in the same spot each day, downloading emails and holding files. I was able to move from the damaged PC straight to the laptop without much lost time.

 

Lesson four is critical: keep a track of software downloads and store passwords securely. The same goes for internet server information and passwords. It seems obvious, but years without a technology problem, and a few house moves, can disorganise your technology records. Dealing with the internet service provider and their call centre in India, to recover an old email account password, was painful.

The fifth lesson is have a recovery plan. Mine was being able to move straight to a PC and access  backed-up data via USB devices. Not enough, I know, but it got me through that awful day when the main PC was pulled part.

 

The sixth lesson is having good technology support. Even a tiny home-based business can build relationships with an IT support services provider and have it on hand in emergencies. Mine came to the business within hours of the virus outbreak, and things were under control within a day. How would your business respond to a deadly computer virus?

 

The final lesson is paper. Yes, good, old-fashioned paper. Printing important documents, filing them away, and having a paper trail of key information. It’s last century, I know, but so are my computer skills.

Source: http://www.brisbanetimes.com.au/small-business/managing/blogs/the-venture/my-computer-almost-carked-it-20141015-3i2pg.html

The New Superheroes of the Enterprise

Meet the Crusaders of the Cloud

Brancho Libre, Aegis of EFSS, Optimization Overlord, Storage Steamroller, and Roamin’ Centurion.

Brancho Libre

Brancho Libre helps save money while modernizing branch offices by replacing legacy file servers with centrally managed and efficient cloud storage gateways, leveraging all-in-on solutions that integrate NAS, backup and de-duplication, and enabling data replication to cloud storage.

Aegis of EFSS

Aegis of EFSS helps obliterate unsanctioned file sharing and secures files by enabling file sync across any device, PC or server, eliminating data loss and data sovereignty risks, and governing file sharing with tight IT controls.

Roamin’ Centurion

Roamin’ Centurion backs up endpoint devices to the cloud, giving the enterprise the freedom to roam> This superhero seamlessly protects laptop, desktop and branch office server data and deploys secure backup solutions to cloud storage while users roam.

Storage Steamroller

Storage Steamroller leverages public cloud and object storage for scaling and savings by introducing on-premise, virtual private or hybrid clouds, making use of commodity hardware or public services, and employing tiered storage for maximum storage flexibility.

Optimization Overlord

Optimization Overlord enables greater enterprise mobility by reducing excessive use of flash storage and leveraging sync tools to expose files across mobile devices, physical desktops and virtual desktops.


 

They appear to be mild-mannered members of the IT team, but underneath their jeans and collared shirts beat the hearts of the unsung enterprise heroes. Today’s IT department is quietly transforming into a strategic business enabler via the cloud. In this slideshow, CTERA has identified five new IT superheroes.

CTERA Networks bridges the gap between cloud storage and local storage, providing optimized performance and end-to-end security. Its solutions accelerate deployment of cloud services and eliminate the costs associated with file servers, backup servers and tape drives. Service providers and enterprises use CTERA to deliver services such as backup, file sync and share, mobile collaboration, managed NAS and cloud on-ramping, based on the cloud infrastructure of their choice.

 

Source: http://www.itbusinessedge.com/slideshows/the-new-superheroes-of-the-enterprise.html?utm_campaign=ITBEVDC_20141015_STR3L1&utm_medium=email&dni=180229965&rni=13501729

Most Dangerous Cyber Celebrities of 2014

Dangerously Funny Men and Women

In addition to Jimmy Kimmel (No. 1), Chelsea Handler (No. 9), Jimmy Fallon (No. 12), Adam Sandler (No. 14), Jason Segel (No. 19), Wee Man (No. 35), and Cameron Diaz (No. 41) all rank in the top 50.

Country and EDM Artists Dance to the Top

Representing popular music genres on the rise, country music stars and electric dance music (EDM) artists pump up the top 50 list. Four musicians make the top 50, with two of them landing within the top 10: Armin van Buuren (No.2) and Blake Shelton (No.6). Other musicians at play include: Calvin Harris (No. 17) and Carrie Underwood (No.47).

Chart Toppers Rock Out to the Danger Zone

This year, several rap, hip hop and R&B hit makers are in the top 20: Ciara (No. 3), Flo Rida (No. 4), 50 Cent (No. 13), Cheryl Cole (No. 16) and Iggy Azalea (No. 20). Additional superstars heating up the top 50 are Jason Derulo (No. 24), Jay Z (No. 26), Chris Brown (No. 28), Paul McCartney (No.29), Jennifer Lopez (No. 31), Pitbull (No. 34), Jessie J (No.44), Rihanna (No.45), Justin Timberlake (No.46), and Pharrell Williams (No. 49).

The Garden State

This year, four native New Jerseyians are in the top 25: Bruce Springsteen (No. 5), Bon Jovi (No. 8), Chelsea Handler (No. 9), and JWoww (No.23).

Romantic Comedy’s Leading Ladies

Several of America’s sweethearts are in the top 50 this year, including: Jessica Alba (No. 14), Kate Winslet (No. 18), Jennifer Lopez (No. 31), Jessica Biel (No. 33), Jennifer Aniston (No.37), Jennifer Garner (No.38), and Cameron Diaz (No.41).

Where Have the Kardashians Gone?

Last year, searching for downloads of Kanye West, Kourtney Kardashian, Kim Kardashian, Khloe Kardashian and Kris Jenner was popular among Americans. This year, the Kardashian clan is nowhere to be found. Instead, Jersey Shore star JWoww (No. 23) and celebrity mogul Jay Z (No. 26) claim spots on the list.

How You Can Stay Protected

  • Beware of clicking on third-party links.You should access content directly from official websites of content providers. For example, visit ABC.com to find Jimmy Kimmel’s latest episodes.
  • Ensure you use Web protectionthat will notify you of risky sites or links before you visit them. Stick to official news sites for breaking news.
  • Don’t download videos from suspect sites.This should be common sense, but it bears repeating: Don’t download anything from a website you don’t trust — especially video. Most news clips you’d want to see can easily be found on official video sites and don’t require you to download anything.
  • “Free downloads” is by far the highest virus-prone search term.Anyone searching for videos or files to download should be careful not to unleash unsafe content such as malware onto their computers.
  • Always use password protection on your phone and other mobile devices.If you don’t and your phone is lost or stolen, anyone who picks up the device could have access to your personal information online.
  • Don’t “log in” or provide other information:If you receive a message, text or email or visit a third-party website that asks for your information — credit card, email, home address, Facebook login or other information — to grant access to an exclusive story, don’t give it out. Such requests are a common tactic for phishing that could lead to identity theft.

 


 

McAfee recently released its eighth annual study revealing the most dangerous celebrities to search for online. The study found a mix of comedians and musicians among the most dangerous, with Jimmy Kimmel, comedian and late night host ofJimmy Kimmel Live, replacing Lily Collins (Mirror, Mirror) as McAfee’s most dangerous celebrity in search. When searching for videos and downloads of Kimmel, McAfee reports that you have a 1 in 5 chance of clicking on a page that tests positive for viruses and other malware.

Jimmy Kimmel is the second male to find his way to the No. 1 spot (moving up from No. 39), following Brad Pitt in 2008. DJ Armin van Buuren takes the number-two spot behind Kimmel, and Ciara, the third. Additional celebrities in the top 10 include Blake Shelton, Britney Spears (holding her place at No.7), and three New Jersey natives: Bruce Springsteen, Jon Bon Jovi and Chelsea Handler.

Cybercriminals are constantly trying to find ways to take advantage of consumer interests, be it celebrities or other high-profile events. It’s important to educate users on the security risks that exist when searching for such news and media events, in order to keep their devices and personal data safe.

Source: http://www.itbusinessedge.com/slideshows/most-dangerous-cyber-celebrities-of-2014.html?utm_campaign=ITBEVDC_20141015_STR4L1&utm_medium=email&dni=180229965&rni=13501729

Ten Tips to Help You Give Better Presentations

Great Preparation

Good presentations require great preparation, but do not start by writing your presentation out like an essay. Caroline Goyder, a former acting coach at the Central School of Speech and Drama who helps business leaders to communicate effectively says, “Writing it down tempts you to just read it out, which gives a dead, impersonal delivery.”

Focus on Your Audience

When thinking about what you want to say, turn your attention away from yourself and to your audience. What problem do they want you to help them solve? Then consider how you overcame that problem yourself and describe how you did it. This results in a more personalized presentation and builds a link between you and the audience.

Use Sticky Notes

Note the points you want to make on sticky notes, in the form of pictures, if you like. “Many actors use this trick to learn scripts as the brain remembers pictures for longer than words,” says Goyder. It leads to a more fluid and personal delivery than reading out a pre-written script, and you can easily swap the notes around to try out different structures for your presentation.

Know Your Points

Know all the points in your presentation inside out, but feel free to improvise when it comes to making them. This keeps your delivery fresh, however many times you have made the same presentation. Ed Brodow, a former actor who is now a professional speaker and negotiator, says improvisation led to one of his signature stories, about how he knocked his grandfather’s false teeth down the toilet. “It succeeds in getting the point across with warmth and humour,” says Brodow.

Practice

Practice. Deliver your presentation into an audio or video recorder so you get used to what you sound and look like to an audience. Then deliver it to a live audience of colleagues, friends or family. Ask for constructive feedback.

Personalization

Make like Anthony Hopkins. Use what actors call personalization. When Hopkins was playing serial killer Hannibal Lecter in “Silence of the Lambs,” he helped convey the inner anger of Lecter by reaching into his own experience of being so angry that he felt like killing someone. You can use this technique of tapping into your own emotional experiences to bring the impact of emotions such as joy, surprise or fear into your presentations.

Use Visuals

Find a visual way to back up your points, but try to be original rather than just using Powerpoint with words and graphs. Ed Brodow once beat up a rubber chicken as part of a presentation. It’s off the wall, but people remembered it.

Take Your Time

When it comes to delivery, take it slowly. Goyder cites a technique used by actor Ewan McGregor: deliver one thought at a time. Putting pauses between each thought helps you slow down. This is useful as nerves tend to speed up speech. Imagine you are delivering each point to one member of the audience and wait until you can see from their face that they have got it. This is a technique used by stand-up comedians.

Close Friends

Take a tip from George Clooney and think of the audience as close friends. “It makes you warm up and smile,” says Goyder.

A Presentation Secret

Finally, you can try out one tip right now. Many television and radio professionals use this technique to ensure that they come across as twinkling, charming and friendly. Think to yourself, “I’m beautiful; someone loves me; I have a secret.” Keeping that in mind, say what you have to say. Try it now with the next person you speak to. It really works.

 


 

In a recent post, Don Tennant discussed results from a survey commissioned by Prtzi, a cloud-based presentation platform, in collaboration with Carmine Gallo, a former broadcast journalist who now is widely known as a presentation coach and speaker. The survey found that many employees would rather call in sick than have to give a presentation, yet 70 percent of those surveyed said presentations were critical to their career success.

 

With presentation skills being seen as so critical to a person’s career, it’s essential to find ways to deal with the fear and overcome the obstacle. Writing for Glassdoor, Linda Whiney has identified 10 tips actors use that can help you give better presentations.

 

According to Whitney, actors can teach you a lot about making presentations. Whether you have to present during an interview or as a regular part of your job, the techniques used by movie and TV stars can help you perform more effectively. Here are 10 techniques gleaned from actors and the coaches who train them, to help you overcome your nerves and deliver better presentations

 

Source: http://www.itbusinessedge.com/slideshows/ten-tips-to-help-you-give-better-presentations.html?utm_campaign=ITBEVDC_20141015_STR2L1&utm_medium=email&dni=180229965&rni=13501729

Top 25 Crowd2Shelf Contestants

EVA BR30

Designed by LEDified, the EVA BR30 is the world’s friendliest BR30 bulb. The company combined the most efficient LED technology with an everyday practical element of a home: the remote control. Homeowners can now change the brightness and color of their lighting with the click of a button.

 

nHand

nHand is a new patent-pending product that makes your iPad or smart tablet a truly handheld device. nHand is a convenient, removable handle made from high-grade billet aluminum that securely attaches to the back of any iPad, smart tablet, or even your laptop using the powerful 3M Dual Lock re-closeable fastening system.

 

StickNFind

StickNFind is an ultra small sticker with built-in, low-energy Bluetooth capabilities and a range of 100 feet.  Each sticker is about the size of a U.S. quarter with a battery life that lasts for over a year. You can stick it on your keys, TV remote, kids, cat, dog, iPod, tablet, phone, wallet, purse, passport, laptop, backpack, etc. StickNFind stickers have a buzzer and light, so that you can even find your valuables in the dark.

 

HearNotes

HearNotes were built from the ground up, using KLEER technology. Engineered to deliver lossless, CD-quality audio with less power consumption, KLEER outperforms current industry standards like Bluetooth in audio quality and clarity, range and battery life.

 

You-Noticed Announcement Board

The You-Noticed Announcement Board is a unique “cork board” that doesn’t use cork. Instead of fasteners, flyers are dropped in each slot and held in place behind acrylic. In the event a small piece of paper is dropped into a slot, a patented system of springs was integrated and hidden inside the board so a user can lift the acrylic pane upward to retrieve the item without disassembling the board or having to take it off the wall.

 

NVBOTS 3D Printing

With NVBOTS, 3D printing is coming out of the lab and into offices, factories and schools across the United States and around the world. It’s the beginning of a brave new era of creation, collaboration, invention and innovation, where the next great idea can be dreamed — and then built — by anyone, anywhere.

 

Tempo

CarePredict’s state-of-the-art Tempo monitoring and alert system uses innovative sensor technology to noninvasively track and record seniors’ day-to-day activities of life and let their children, loved ones and caregivers know when those patterns change. Tempo empowers seniors to stay safe and comfortable in their own homes, and gives their loved ones the peace of mind of knowing help is always just a push notification away.

 

Plum

Plum makes lighting and appliance control easy and affordable.  The Wi-Fi-enabled lightpad is the first product of its kind.  Competitively priced and easy to install, it provides the incredible convenience of controlling your lights from your smartphone from anywhere in the world.

 

PLUG RADIO

A stationary radio? A mobile Bluetooth speaker? A speakerphone? A phone charger?  Yes. Yes. Yes. Yes. The PLUG RADIO allows you to stream music from your smartphone or any Bluetooth player to this little sound speaker, listen to finest FM radio sound and charge your smartphone on the go. It plugs DIRECTLY into the wall outlet without cables or clutter.

 

Letterforms

Meet Letterforms: the dry erase notebook that can be re-used millions of times without wasting a single sheet of paper. Whether you’re working out a simple math problem or sketching out the details of the next great product innovation, let Letterforms dry erase notebooks be home to your next big breakthrough.

 

Garageio

Garageio is a garage door management solution that has been designed with you in mind, from the start. Garageio consists of two main components: the Garageio Blackbox, a small piece of hardware you install in your garage; and the Garageio mobile app, for both Android and iPhone. This simple, seamless solution enables you to take unprecedented control of your garage.

 

InSite GPS Tags

A unique first, the InSite GPS Tag is a small, coin-sized GPS tracker that uses five kinds of technology to ensure it works everywhere it goes — even indoors. It comes equipped with tons of intuitive features, such as Geo-Fencing, where you can draw virtual perimeters around areas such as school zones, neighborhoods, workplaces, etc., and receive notifications anytime your device leaves the zone, in which direction and how fast it’s travelling – all in real time and with centimeter-level accuracy.

 

Sun LifeLight

Sun LifeLight has taken 30 years of light therapy science for seasonal affective disorder (SAD) and revolutionized it for use by computer-using office professionals. Now individuals and enterprises can bring the productivity-boosting effects of sunlight into the office. The LifeLight is the first and only product that packages the energizing colors of a bright sunlit sky into a portable and stylish desk lamp controlled and monitored by a learning app that customizes the sunlight delivered for each user’s maximum benefit.

 

SOScharger

The SOScharger produces power when you need it and wherever you need it. It also features an integrated, rechargeable lithium-polymer battery, providing you with extra, rechargeable power you carry every day. The charger works with all smartphones, including Apple iPhone, Nokia Lumia and Samsung Galaxy, as well as basic/feature phones.

 

PowerBee

The patent-pending Hydrobee is a USB battery pack that is charged by multiple free natural energy sources, including water from a faucet, hose or pipe, streams and rivers, bicycles and carts, hand-cranks, belt drive pulleys, solar panels and thermal energy. Anyone with the right natural energy source can charge this battery pack, and then use the battery to charge their cell phone or to power LED lights all night.  It’s better than solar; it’s never without a power source, even if it’s your own muscles.

 

HOLDITS

The current HOLDITS model easily organizes almost a 2-foot row of items, from the size of paper clips, business cards, eyeglasses (without scratching), pens, markers, nail clippers, rulers and tools, to items as large as a full-size TV remote control.

 

Smart Outlet

Smart Outlet is a Wi-Fi outlet that you can control from anywhere via your smartphone. You can program up to 60 automatic switch settings to account for different schedules during the week. It also has a built-in dimmer that allows you to dim bulbs.

 

MoveEye

MoveEye is silicon-embedded eyewear that allows you to interact with your TV using intuitive hand gestures, enabling you to operate your TV like a giant touchscreen — that you don’t even have to touch. Just point at what you want, from your own perspective, and MoveEye serves it up.

 

WigWag

WigWag is offering a colorable, dimmable LED bulb, a powerful communication hub, and an environmental sensor block. When paired together, WigWag devices can communicate with other brands of IP/WiFi-enabled devices to create a unified smart home of the future.

 

SeeSpace InAiR

InAiR takes the two most powerful media in the world—Internet and television—and combines them into a single, streamlined viewing interface, revolutionizing the way people engage with media forever.

 

HIDDEN

The HiddenRadio2 speakers have been reengineered to deliver best-in-class sound, introduce a new multi-point feature so you can hook up two speakers at once, and debut the new intelligent capacitive touch sensor in the cap that allows you to control your sound with just a tap or a swipe, either in the app, on your phone, or on the cap itself.

 

Bindle

Bindle is a connected device that converts any surface into a digital whiteboard. It seamlessly captures everything you write using a whiteboard marker synchronized with your voice, so you can replay the session as animation on the cloud.

 

Helios

Solar-powered Wi-Fi-enabled bags made out of recycled material.

Jorno

Pocketable, folding, Bluetooth keyboard.

Soap

One device to rule them all.

 


 

Staples and crowdsourcing platform Fundable recently teamed up to launch the first Crowd2Shelf Contest. The contest provides startups the opportunity to compete for a chance to sell their products in Staples’ stores. While the ultimate goal is to land a coveted spot in Staples’ inventory, all contestants selected for the crowdfunding phase have the opportunity to be winners, as they will be able to keep pre-orders and pledges from funded projects.

As you might expect, the contest drew thousands of entrants from across the country, and a panel of experts has now selected the top 25 finalists that will continue to the next stage. These contestants will be judged on their number of votes, success of their crowdfunding campaign, and judges’ recommendations. So the race is on.

Source: http://www.itbusinessedge.com/slideshows/top-25-crowd2shelf-contestants.html?utm_campaign=ITBEVDC_20141015_STR1L1&utm_medium=email&dni=180229965&rni=13501729

How to Ease the Pain of slow Wi-Fi

Putting the Super in Information Superhighway Click through for more on the current state of Wi-Fi and how 802.11ac can help, as identified by WildPackets.

Wireless steps on the gas Enterprise class 802.11ac access point shipments are spiking. In 2013, there were 250,000 access points. By the end of 2014, it is expected that there will be more than 1,600,000, a more than 6x increase over 2013.

Looking toward 2018 Current 802.11ac adoption rates are at about 40 percent, but by 2018, 802.11ac technology is expected to completely replace 802.11n.

As fast as wired networks It’s no wonder that 802. 11ac is eclipsing 802.11n. With speeds as high as 1.3Gbps, 201.11ac access is as fast as weird networks, which come in at about 1 Gbps.

802.11ac versus 802.11n Given that 801.11ac is as fast as wired networks, it’s not surprising to see that it’s leaving 802.11n in the dust. With speeds 3x faster (1.3 Gbps vs. 0.45 Gbps), finding the information you’re looking for is easier and significantly faster. Additionally, an 801.11ac access point nearly triples capacity, allowing more users per access point.

802.11ac versus 802.11n 802.11ac also has a distinct advantage when it comes to signal strength and data range. 802.11ac provides 400 Mbsp at 75 feet, while 802.11n provides only 200 Mbsp at the same distance. Additionally, 802.11ac has eight multi-input multi-output (MIMO) antennas or spatial streams at 80 MHz, which allows for a significant increase in user bandwidth.

Avoiding the speed bumps Thinking of moving to 802.11ac? Make sure your monitoring solution provides the following: Portable analysis: Directly access network segments that are difficult to reach but are in need of network troubleshooting. Remote analysis: Anytime and anywhere data capture from commercial enterprise APs leveraging their full capabilities. Distributed analysis: Simultaneously capture and analyze 802.11ac traffic for capacity planning, operations management, and troubleshooting across multiple data centers, branch offices, and campuses. Wireless forensics: Capture, store and analyze all WLAN traffic to pinpoint performance issues and conduct investigations. Wired + wireless monitoring: Reduce overhead by monitoring wireless and wired network analysis simultaneously in the same solution.

 

Source: http://mobile.itbusinessedge.com/slideshows/how-to-ease-the-pain-of-slow-wi-fi.html?utm_source=itbe&utm_medium=email&utm_campaign=MII&nr=MII&dni=159502826&rni=13501729

Ten Vulnerabilities that Impact Enterprise Cloud Apps

Third-Party Components

Vulnerabilities in third-party components: The widespread use of third-party and open source components in enterprise cloud apps can attract attackers and lead to data exposure. Recent examples include Heartbleed and OpenSSL CCS Injection. Attackers can take advantage this technology to steal enterprise data and read encrypted traffic.

 

SQL Injections

Vulnerabilities that enable attackers to inject SQL code into an app: Some apps contain vulnerabilities that let attackers inject malicious SQL statements into one of the app’s fields. A successful exploit can have a wide-ranging impact, from attackers being able to escalate privileges in the app to making the app host malware. A recent example of this was in AdRotate, a plugin to popular SaaS app, WordPress.

 

Database Injections

Vulnerabilities that enable attackers to inject other database code into an app: Even apps that don’t use SQL can suffer from injection attacks. An example of this is the MongoDB Hash Injection, in which the use of Web application framework Ruby on Rails in conjunction with MongoDB can lead to attackers bypassing authentication, exfiltrating data and even launch denial-of-service attacks.

 

Client-Side Script Injections

Vulnerabilities that enable attackers to inject client-side scripts into the app: Another class of vulnerabilities enables attackers to inject code that is used to lure users to malicious sites or distribute malware to user devices. Common exploits are cross-site scripting (XSS) and iFrame injection. An example of this is the recent XSS vulnerability discovered in Offiria, an open source enterprise social network, which let remote attackers place malicious links in the app.

 

URL Redirects

Vulnerabilities that lead to URL redirection: Some apps are designed in a way that enables an attacker to get in the middle of the URL path and redirect a user to a different URL. One example is the covert redirect vulnerability in OAuth 2.0 and OpenID, in which an attacker can use the authentication process to redirect users to malicious sites or steal their information.

 

Disclosure of shared documents

Vulnerabilities that lead to the disclosure of shared documents to unintended recipients: A well-publicized vulnerability involves the “share” function in some cloud storage apps. In it, a user can inadvertently disclose a document to unintended recipients. Major vendors like Dropbox have patched this vulnerability, but others remain unremediated. Given that other app categories like business intelligence, customer relationship management, and software development also enable sharing, this design vulnerability could impact more than just cloud storage apps.

Encrypted and Unencrypted Channels

Vulnerabilities involving the use of both encrypted and unencrypted channels for file movement: Some apps have made a design decision to use an encrypted channel to upload and an unencrypted channel to download files, which can lead to data leakage. An example is the cloud storage app JustCloud, which calls this design out in their terms and conditions. Another example is the use of unencrypted channels by native cloud storage applications in mobile devices such as iPhones and Android devices.

 

Misconfigured IaaS Access Settings

Vulnerabilities associated with the misconfiguration of infrastructure-as-a-service access settings:Misconfiguring infrastructure as a service can lead to data exposure. An example of this is the misconfiguration of Amazon S3 buckets. A user can easily overlook a key setting, the configuration of the bucket as “public,” which can lead to the public exposure of the contents in the logical container. Since the access configuration applies to the bucket and all of its contents, that exposure can lead to significant data leakage.

 

IaaS and PaaS Authentication

Vulnerabilities resulting from under-configuring infrastructure- and platform-as-a-service authentication: Organizations that do not take advantage of multi-factor authentication in their infrastructure as a service (IaaS) and platform as a service (Paas) can expose their administration console. An attacker can hijack credentials, which happened to source code hosting provider Code Spaces, ultimately putting the company out of business.

 

Weak Cryptography

Vulnerabilities resulting from the use of weak cryptography: Most cloud apps use the secure socket layer (SSL) protocol to encrypt communication between user devices and servers. Servers configured with weak encryption can leave apps vulnerable to brute force decryption attacks and data leakage. An example of this is the stream cipher RC4, which can make SSL vulnerable to stream cipher or bit-flipping attacks.


 

On August 6, Russian hackers announced they had stolen more than one billion usernames and password combinations, along with accompanying email addresses — a big grab, considering that there are nearly three billion Internet users. By that estimation, up to one-third of Internet users may be vulnerable to data loss. The breach is a poignant reminder for individual users and enterprises alike to take a look at how they’re protecting their personally identifiable information (more commonly referred to as PII).

Cisco recently predicted that there will be 21 billion Internet devices in use by 2018, and a recent survey from Netskope  shows that most enterprises use an average of 508 cloud apps across an average of three devices per user. Both of these statistics underscore the dizzying number of usernames, passwords, and email addresses that are used across a myriad of devices and apps, a trend that only looks to continue for the foreseeable future. Organizations today are already relying heavily on cloud apps to help improve productivity and reduce operating costs, and as security standards continue to improve, businesses are becoming increasingly comfortable storing business-critical data in the cloud.

However, with increased popularity comes more attention from malicious hackers trying to access PII and other sensitive data. It’s more critical than ever before to understand how — and where — you’re storing your data, and the variety of vulnerabilities that can exist in the apps in your network.

There are four broad categories of vulnerabilities in cloud apps: components, code, design, and configuration. This slideshow features 10 types of vulnerabilities, identified by Ravi Balupari, senior manager, Cloud Security Research and Content Development at Netskope, that fall into these respective categories, and a brief overview of how they impact enterprise cloud apps.


Source: http://www.itbusinessedge.com/slideshows/ten-vulnerabilities-that-impact-enterprise-cloud-apps.html

 

How Poor Website Performance Impacts Revenue E-commerce Performance Matters

Abandoned Shopping Carts

If your website takes too long to load, your customers will abandon their shopping carts. In fact, with anything that exceeds six seconds of page load time, you start losing 90 percent of your visitors. Especially in today’s competitive market with customers expecting instantaneous page-load time, your business will truly suffer if your website has slow load time.

Website Crashes

Without a scale-out, fault-tolerant database, your website will not only be unable to handle peaks in traffic, it runs the risk of crashing altogether. If this happens, your customers will surely look elsewhere. Research shows that if your system goes offline, even momentarily, you run the risk of losing them to another vendor.

Loss of Loyal Customers

It’s a simple concept — repeated poor performance leads to customer loss. Even worse than an abandoned shopping cart, lost customer loyalty can really impact the bottom line. Don’t let a faulty database ruin your reputation and ultimately your business.

Unsuccessful Marketing Campaigns

If your website performance is lackluster, then your marketing campaigns cannot be successfully executed. Why? You need customer data to power campaigns. Without customer data for analytics or targeting, customer conversion and new customer acquisition will be nearly impossible, further hurting your bottom line.

Closed Shop

Worst-case scenario — if your website can’t keep up with demand during peak times, then your biggest sales day could become your last. Bottom line, invest in a 100 percent fault-tolerant, scale-out database that will ensure zero downtime and provide your customers with a seamless shopping experience.


Consumer shopping trends are shifting. Online shopping has seen such explosive growth over the last several years that e-commerce is now outpacing the growth of brick-and-mortar businesses. This has fundamentally changed the way that businesses think about performance, both business and website.

In the always-on world of e-commerce, companies pay the price for latency. Amazon found that every 100 milliseconds of downtime cost them one percent in sales and Google found that an extra .5 seconds in search page generation time dropped site traffic by 20 percent. Slow performance affects everything from individual transactions, to customer retention and ultimately revenue. E-commerce businesses simply cannot afford to suffer a slip in performance.

This slideshow features five ways, identified by Clustrix, that performance affects the bottom line, as well as tips on how to ensure they don’t happen to you


Source: http://www.itbusinessedge.com/slideshows/how-poor-website-performance-impacts-revenue.html

Calculating the ROI of IT Asset Management

Initial data collection

The cost for manual data center audits can be high (as much as $15 per asset), even for “readily available” data, which includes equipment manufacturer, model, serial number, name, and location.

Data accuracy

A hidden cost here is the unreliable rate of manual data collection, often between 10 to 15 percent. This affects the audit and can often result in re-audits.

Tracking changes

A large percentage of data center outages, unauthorized changes and mean time to repair (MTTR) data center assets comes from the inability to properly record and track changes manually in the data center – leading to higher audit costs.

Repeat data audits

A similar cost and effort is involved with repeated manual data audits (such as semi-annual or on-demand audits) as with initial data collection efforts.

High cost: Based on these factors and assumptions, it is not unreasonable for data center operators to see costs of up to $60,000 or 20 man weeks around manual data center audits. And, these are proven to be inaccurate.

Lower cost alternative: Based upon the current cost of implementing a typical passive RFID solution in this scenario, the return on investment would be less than 12 months. And, these are proven to be 99.5 percent accurate.


 

Every data center conducts some type of regular audit. But IT professionals and data center managers may not be aware of the high – and often hidden – costs associated with their manual audits.

The key to the effective and efficient management of an organization’s data center lies with the ability to capture and comprehend a comprehensive picture of what data center assets exists, where each asset is located and how each individual asset is connected to other assets.

As the complexity of a given data center increases – multiple aisles, multiple high-density cabinets, 2- and 4-post racks containing thousands of individual servers and storage devices – the task of capturing asset information becomes increasingly complex. Simple solutions, such as noting serial numbers in static spreadsheets, become less reliable and costly as hundreds of man-hours are spent wandering a data center looking for asset tags.

Data center IT professionals need holistic data center tools that are designed to track infrastructure assets and facilities assets as well. Some examples are RPDUs, PDUs, CRAHs and UPS. Although these items rarely if ever move, they must also be audited and maintained. IT asset management (ITAM) tools must be able to help users to automate and streamline this process. Ultimately, a programmatic approach based in science and using reliable, repeatable and cost-effective tools and systems is the best solution.

In this slideshow, Asset Vue takes a look at four cost points organizations need to consider when determining the ROI of an IT asset management solution.


 

Source: http://www.itbusinessedge.com/slideshows/calculating-the-roi-of-it-asset-management.html

Holographs, Liquid-State and DNA: The Future of Data Storage

The Advancements

Storing important documents on your local PC has been common practice for years. We’ve seen the technology change drastically in a very short amount of time, and a lot of exciting innovations are on the way. Check out how far we’ve come since IBM first introduced the 960 bit punch card in 1928.

Datastickies

What will the future hold? One possibility is datastickies. Imagine storing your data on a set of sticky notes. The technology intends to replace USB-flash storage by offering something that is cheaper, more convenient and user-friendly.

Datastickies store data from 4 GB to 32 GB on a sliver of graphene between two protective layers. Graphene is a ground-breaking new material that is comprised of tightly packed carbon atoms in a two dimensional honeycomb lattice. It has a minimum thickness of just one atom.

Monitors will need to have a special surface that can interact with the datastickies. Simply stick the post-it note device to an area of the monitor and access the data.

DNA Storage

What started off as a joke turned into reality when two genomicists discussed how appropriate storing data on DNA could be.

Data files are converted into binary code and then into A, T, G, and C code, which stand for the four DNA bases. From these letters, blueprints for the DNA are drawn and the actual strands are created. To the human eye, the completed DNA fragments look like a tiny amount of dust at the bottom of a test tube.

Why is this a step forward? Well, data stored on DNA could be kept intact for thousands of years. Compare this to magnetic tape, which needs to be replaced every five years, and you can see the advantage.

Helium Drive Technology

In 2013, HGST created the first 6 TB 3.5-inch hard drive; apparently, this was made possible by sealing helium gas inside the device.

Helium has one-seventh the density of air, so it dramatically reduces the friction between the spinning disks in the device. As a result, it lowers the electrical power the hard drive consumes and allows more disks to be packed closer together, hence increasing the capacity.

SMR Drives

Seagate claims that Shingled Magnetic Recording (SMR) technology is the first step to reaching a 20 TB hard drive by 2020. SMR involves packing a disk’s tracks closer together; overlapping the tracks allows more data to be written on the same amount of space.

However, despite their larger capacity, SMR drivers suffer from slow data rewrites. As a result of the tracks overlapping, any data that’s already on the track has to be picked up and sequentially rewritten at a later point.

Multi-Cloud Storage

Researchers at IBM are working on a new technology that they like to call “the cloud-of-clouds.” They claim to have developed a service that allows you to move data between multiple cloud platforms in real time.

The multi-cloud distribution storage system links public and private cloud services and is intended to help avoid service outages from the separate providers.

Liquid-State Storage

Instead of storing information in a solid state, metal inside the hard drive is kept in its liquid state. However, the substance isn’t a true liquid metal like mercury or gallium; it’s actually a compound known as vanadium dioxide. It can be given a positive or negative charge and be manipulated to switch between conducting and insulating.

HAMR Drives

Another advancement in hard drive density is heat-assisted magnetic recording (HAMR). In these drives, a tiny laser blasts the surface of the disk platter and heats it up to change its magnetic properties. By doing this, more bits can be stored per square inch and the surface becomes easier to write to.

Seagate puts it in perspective like this: A digital library of all the books written in the world would be approximately 400 TB – in the near future, all these books could conceivably be stored on as few as 20 HAMR devices.

Holographic Storage

Holographic storage is another potential game changer in the world of data storage. Instead of storing the data on the surface of the disk, holographic storage works in three dimensions. DVDs may be able to use multiple layers, but the laser that reads them can only do so from one angle at a time. Holographic technology uses the full depth of the medium and can store data at multiple levels.

The technology offers long-term media stability and a more reliable alternative to discs and tape. Data can be stored securely for just over 50 years.

Cassette Tapes

Surely cassette tapes have had their day? Not according to Sony. The company has recently developed a new magnetic cassette tape that can hold 148 GB per square inch of tape. The new technique uses a type of vacuum-forming called sputter deposition; argon ions are shot at the polymer film to create a layer of fine magnetic crystals with an average size of 7.7 nanometers. However, the re-birth of cassettes isn’t intended to replace Blu-rays and CDs. The tapes are developed for long-term storage of industrial-sized data.


 

Last year, 2.4 billion people used the cloud for accessing email, social media, games, backup storage and apps. With this figure projected to reach 3.6 billion by 2018, it would appear that cloud computing is here to stay due to our need to store and access ever expanding amounts of data. But the cloud is just the beginning with exciting data storage developments on the horizon.

This slideshow, provided by Ebuyer, depicts how far data storage has evolved since the IBM punch card in 1928 and further analyzes the future of this innovative industry. Datastickies, DNA storage and helium drives are just some of the possibilities for the future of data storage.

 


 

Source: http://www.itbusinessedge.com/slideshows/holographs-liquid-state-and-dna-the-future-of-data-storage.html