Web Directories

Paul L.

Paul L.

We use social media to stay in touch without the burden of having to send huge number of individual messages.

The average Brit spends one hour and 41 minutes a day browsing social media, which is about a third of all the time that we spend online.

If it is an addiction, it’s an efficient one – social media lets us communicate on the go. And thanks to BT’s role in doubling UK broadband speeds over the past three years, social media is a quick and convenient form of communication, too.

Each year, the average person sends more than 6,000 WhatsApp messages and nearly 11,200 picture messages. Evidently, we love to communicate using social media and through our phones, so it’s important we take care and stay safe online.

If it is an addiction, it’s an efficient one – social media lets us communicate on the go

Parents, grandparents, guardians – if you’re worried about the impact of social media on your children, then use BT Parental Controls to make sure you control what type of sites they can access. The controls can be customised for different users and different times of day, with filters available for all manner of websites, from dating to fashion to media streaming.

Here are some guidelines for negotiating social media without compromising your security or online identity:

Be selective when saying yes to friend requests. Unless you recognise the name, there is no reason why you should say yes. Writer Chloe says: “I always get people trying to add me to ask about tips to get into my industry. I made a clear line that Facebook is for friends, and Twitter for work.”

Be conscious of known Wi-Fi networks and don’t automatically connect to them. Darran Rolls, CTO, SailPoint, says: “Bad guys now put out their own public Wi-Fi hotspots specifically to catch the unaware.” Luckily, BT has more than five million free Wi-Fi hotspots across the country in which you can trust.

It sounds obvious, but manage your privacy settings. Did you know, for example, that Instagram owns all rights to photos posted on the social media network? Be careful and only share what you’re happy for other people to see. The best advice is to only share information with friends – make sure your privacy settings are ticked to share with friends and family only, otherwise anyone could view your pictures.

Social media page
Be selective: only share what you're happy for others to see CREDIT: GETTY

Identity theft isn’t unheard of so don’t let yourself be taken advantage of. There have been well-documented cases – like the story of Leah Palmer – where whole social media profiles have been lifted and lives lived through the lens of somebody else’s existence.

You can make it a lot more difficult for potential hackers by setting your profile to private and changing your password every few months.

If you’re worried your details might have been leaked in a hack, Matt Powell, editor at Broadband Genie, suggests regularly checking haveibeenpwnd.com to see if your information is listed.

It’s also important to bear in mind that some people make their career from hacking, so stay alert. “Cybercriminals have something we don’t have – they have time. They will spend hours trawling social media sites to find out personal information and use this to send you a very believable email citing information – perhaps about your children or a recent purchase – trying to encourage you to click on a hostile link. Think very carefully about emails which just don’t look or feel ‘right’ – question everything,” says Andy Taylor, lead assessor at APMG.

In a similar vein, keep certain personal information off social media, such as your address, pet’s name, family names, and exact date of birth. Stephen Trenery, digital marketing manager at Majenta Solutions, explains: “This kind of information can be used as security questions to get access to your other accounts, emails and your bank accounts.”

Never share payment information. The main social media sites – Instagram, Facebook, Twitter, and Snapchat – are free, and will never ask for your personal payment information. The only social media account that costs money is LinkedIn Premium, and this is a legitimate enterprise.

Make sure your privacy settings are ticked to share with friends and family only, otherwise anyone could view your pictures

Take care of what you photograph. You may never decide to post your full address or credit card details as your social media status, but did you know that the pictures you’re sharing could lead to your identity being stolen? Post a picture of your boarding pass on the way to skiing holiday, and a fraudster could type in your surname and flight number to find out personal details. It’s better to be safe than sorry.

Be careful when clicking on links. Even if they’re links shared by friends, you never know for sure what will pop up on the other side. The worst culprits are clickbait links – the ones that suggest weight loss tips and the like – and any link purporting to want to give you free money.

Brian Kinch, senior partner and fraud expert at FICO, says: “If [a link] appears, it may have come from a legitimate source. Reach out to the sender directly through a different, trusted channel to see if they have indeed sent it. You wouldn’t open a mystery package through the post with ‘OPEN ME’ emblazoned all over it – be as cautious online.”

Check your financial statements really carefully. “Bank statements should be checked regularly and any anomalies should be investigated and raised with the bank as soon as possible. As with all sensitive information, invoices and bank statements should not be left lying around,” advises Vocalink, a secure payment agency for businesses.

Source : telegraph.co.uk

Sergey Alakov spotted another change to the Google local pack, this one is where Google is removing the city name from the local pack results when the results are nearby your current location. So either it will show you the street address OR if you search for a specific city that is not near you, it will remove the street address and show just the city name.

Got it? If the results are nearby, it just shows the street address with no city name BUT if the listings are far from you, it shows just the city name and not the address.

Here are screen shots:


[plumber atlanta] which is far from me:

Makes logical sense to me to do this. Nice job Google.

Forum discussion at Twitter.

Author : Barry Schwartz

Source : seroundtable.com

If you’re a hypochondriac and are looking for a quick and non-invasive way to detect diseases early, doctors in Israel say the technology they’ve developed might be right for you. Their breath test device can diagnose up to 17 diseases, including cancer and Parkinson’s, researchers say.

It’s called the “NaNose” device that can in the figurative sense, “smell” from a breath sample, certain kinds of diseases a patient may have. The device — developed by the Technion-Israel Institute of Technology — works by having a patient breathe into a tube. Sensors inside then analyze more than 1,000 different kinds of “smelly compounds” to detect if anything is wrong.

Breathtec Biomedical, Inc., a private Israeli company recently entered into a license agreement with the makers.

“Indeed, what we have found in our most recent research in this regard, that 17 types of disease have 13 common compounds that are found in all different types of disease, but the mixture of the compounds and the composition of these compounds changes from one disease to another disease,” Prof. Hossam Haick said.

“And this is what is really unique and what really we expect to see and utilize in order to make the diagnosis from exhaled breath.”

The NaNose uses an advanced technology called “artificial intelligent nanoarray.” It involves sensors that analyze data obtained from receptors that “smell” a patient’s breath. The team tested breath samples of more than 1,400 patients and was reportedly accurate 86 per cent of the time.

“So our main idea is to try an imitate what’s going on in nature. So like we can take a canine, a dog and train it to sense the smell of drugs, of explosives or a missing person, we are trying to do it artificially. And we can do that by using these nano-materials,” Dr. Yoav Broza, from the Technion-Israel Institute of Technology, said.

Although the device cannot replace traditional diagnostic methods, developers hope the technology can pave an easier way for affordable and earlier detection of diseases such as multiple sclerosis, Parkinson’s and different types of cancers like breast, prostate and gastric.

At the moment, detecting a disease like lung cancer involves imaging technologies such as CT scans, which are ordered when patients are showing or complaining about certain symptoms. Researchers say sometimes a disease is only detected once it is too late. They hope the device will spearhead the vigorous testing process earlier.

Many companies are now trying to commercialize the technology, the researchers said. They say the future of early diagnosis of disease could be simple and hope health-care systems around the world will integrate their technology.

Author : Emanuela Campanella
Source : globalnews.ca

Last month cybersecurity firm Nuix released The Black Report, a white paper that contains specific tactics used by hackers, cybersecurity experts, and CISO and CSOs to attack and defend systems. The report, dissected extensively by ZDNet, found that some widely used defensive tactics are unreliable and that 60% of hackers are able to infiltrate targets within 12 hours. An additional 81% were able to identify and exfiltrate sensitive data in 24 hours. The research also found that it can take days, weeks, and sometimes months for organizations to detect a discreet intrusion. The current average response time is between 250 and 300 days.

The report was created to highlight the magnitude of modern cyber attacks. "When we decided to write our own threat report we looked at as many other reports as we could," said Nuix's CISO Chris Pogue, "and tried to identify the commonalities that made them look and feel so similar. What we found was that most were limited by the client base of the publishing organization, and all of them looked at the threat landscape from one specific perspective, that of the victim. While this information is useful, it only provides one facet of a multi-dimensional issue. We saw this as an opportunity to provide the market with a different perspective—that of the attacker."

The hacker perspective is critically important, agreed Nuix's Principal Security Consultant of Advanced Threats and Countermeasures Thomas McCarthy. "It very much is a cat and mouse game where the attacks try to stay one step ahead," he said.

Pogue and McCarthy spoke with TechRepublic about the The Black Report, effective cybersecurity countermeasures, and the tools hackers use to exploit systems.

Image: Nuix

What are the key takeaways of The Black Report?

The key takeaways are:

  • An amazing 69% of attackers report that they are almost never caught by security teams during their testing. This staggering number is the result of several key failures.
  • The inability [of organizations] to see certain types of attacks. This is due mainly to the failure of security vendors to perform threat modeling and fully understand the stages of an attack—from reconnaissance to final exfiltration.
  • [Organizations are challenged by] a lack of experienced staff tasked with monitoring alerts. In many breaches we have investigated, the security detection technologies properly identified the attack but the human beings whose job it was to act on those alerts failed to recognize them and take action.
  • Most security vendors do not continually analyze attack patterns. Because attack patterns change regularly, [vendors] don't adequately understand the dynamic threat landscape. Meanwhile, attackers regularly identify and use new vulnerabilities, exploits, and malware variants.
  • For security vendors to remain on the bleeding edge of threat detection, they need to research and analyze attack patterns regularly. Nuix does these things every day, thereby enhancing our detection and investigative capabilities. Nuix also conducts regular attack detection and fine tuning exercises to make sure our customers are getting the most out of our products and enabling their security teams to constantly improve their response capabilities. It is only through this marriage of people and technology that companies can hope to defend what is most valuable to them—their data!
  • 50% of attackers change their methodologies with every target. Many security technologies base their detection of breaches around indicators of compromise (IOC). These are sets of behaviors and trails of evidence left behind by previous attacks that the security community has detected and analyzed. When attackers change up their methodologies, it means the evidence generated by those attacks also changes. So, if a security solution only identifies static IOCs—a specific set of unchanging identifiers—our research indicates that they are missing at least half of the attacks.

What are the most effective penetration test countermeasures?

Penetration tests should mimic real world attacks. So, the question should be, "What is the best countermeasure against all attacks?" Talented, knowledgeable, and well-supported staff is the best defense. Many attacks are direct copies, or slight variations of pre-existing attack patterns - the old adage of, "if it ain't broke don't fix it applies here. If you want to protect your organization, you need to know your enemy, know your environment in and out and tailor your defenses to compensate for both. This approach is far more effective than blindly spending millions on products. It's true that people need products to help them scale, and to integrate actionable intelligence into their defensive strategy, but the key is that both are needed. Either one by themselves have proven themselves to be inadequate.

What are the most effective social engineering tactics?

The most effective social engineering tactic is the one that works. Attackers have unlimited time to try and can always call more people, send more phishing emails. Phishing is overwhelmingly the most common we see because of ease of creation and use. You can send thousands upon thousands of automated phishing emails and wait for people to open them. With these sorts of attacks, just one person clicking on a link or opening an attachment can provide the hackers with the access they need to establish a beachhead.

Igor Stevanovic, Getty Images/iStockphoto

What tools do modern hackers rely on?

There are many tools out there, such as Metasploit, Cobalt Strike, Core Impact, BeEF, and the Burp Suite, just to name a few. Some of these tools are free, and some have a hefty price tag. For the most part, the most popular tools are the ones that are publicly available that hackers use and know well. The good hackers don't need to rely on tools; there are always other methods or techniques that can be used to accomplish similar goals.

What is the state of the cyber-weapon ecosystem?

This is a bit of a difficult question to answer, as it really depends on what you mean by a "cyber-weapon." In the historical sense, this would mean the use of technical means of capabilities to target enemy systems to elicit some sort of desired outcome. This could be anything from malware like Stuxnet to controlling critical infrastructure to disrupting emergency management systems. To hackers, the technical aspects of these sorts of attacks are really no different than harvesting credit card numbers or stealing intellectual property, like drug formulas. There may be some subtle nuances based on the technology of the target systems, but the theory and methodologies used in the attack are no different. This is really more a factor of source and motivation than it is technology.

What does the cutting-edge of malicious code tech look like?

There are no such things as "weapons" per se, although it makes for good media. There are exploits and payloads. Exploits are bought and sold often and payloads are created all the time. [Threat actors have] both of these. Most people can buy either. The only such thing as cutting edge is using ones that haven't been seen or detected before. [Buying and selling occurs] through private contracts between organizations and governments, or simply through the Dark Web that pretty much anyone can get to. It is really only a matter of money.

The game of cat and mouse will continue and techniques and attacks will change with the landscape.

Author : Dan Patterson

Source : http://www.techrepublic.com/article/the-black-report-attacking-your-system-from-the-hacker-perspective/

Google Assistant can now tell you more about what it means to “get lit” while drinking “small batch IPAs” and wearing the hottest in men’s fashion.

The Verge reports around 20 conversation actions or services were added to Google Assistant over the past few weeks. Notably, the virtual assistant has been enhanced with a beer guide, a slang dictionary, and information about men’s fashion.

The latest additions seem to be centered around fun, The Verge believes, providing further examples of what Google Assistant is now able to do:

”Narwhal Bacon will serve up random facts and posts shared on Reddit, while Able Style will tell you men’s fashion tips. Hop over to the Able Style website while Google Assistant is talking to you and you can see suggested wardrobe visuals live onscreen. Wardrobe recommendations are made based on local weather, and in the future will be based on your preferences.”

Also in this update are controllers for more Internet of Things (IoT) devices from Home Bond, Quick Remote, and Stringify.

Though Google Assistant is available on a slew of new Android Devices, the Allo messaging app, and several Android Wear devices — the third-party actions mentioned in this post are only available on Google Home.

This latest update sees Google Assistant’s conversation actions exceeding the 100 mark, making it possible to speak with around 105 third-party services. For a complete list of Google Assistant actions, go to “More settings” in the Google Home app and click on “Services.”

Author : Matt Southern

Source : https://www.searchenginejournal.com/google-assistant-can-now-tell-slang-beer-mens-fashion/187745/

Think about everything that lives on your phone: personal messages and emails, photos of your friends and family, social media posts, phone numbers, maybe work emails or dating apps. And then there’s your search history and bookmarks, location history, passwords, calendar, call logs … basically, your entire life.

Your phone is designed to invisibly communicate everywhere, all the time, with a number of different infrastructures, and it’s this functionality that enables you to make calls, send messages, and use the internet while on the move. It’s also what makes your phone a fundamentally insecure device.

Still, there are lots of small things you can do to mitigate your security risks. In a few minutes you can, for example, make it near impossible for anyone to get into your phone if you lose it or if it’s stolen. And in less than an hour, you can drastically reduce the dust storm of personal information that’s constantly being vacuumed up by corporations and institutions through your phone.

The nine points below give you some key things to start with. Some are simply technical, but others involve changing habits and making choices: What are the trade-offs involved? What works best for you and your own situation?

Get Future Tense in your inbox.

Depending on your phone model and operating system version, your settings may look a little different. If you can’t find what you need, dig around a bit—sites like Tactical Tech’s Me and My Shadow project, the Electronic Frontier Foundation’s Surveillance Self-Defense guide, and the Guardian Project can help. (Disclosure: We both work with Tactical Tech.)

1. Strengthen Your Password Settings

The first thing to do is make sure you have a strong password or passphrase for your phone. You want something that can withstand attempts (by either humans or computers) to crack it. IPhone and Android both give you the option of setting a longer password than the one you initially chose at setup. For maximum protection, create a password that’s long and complex, and includes different types of characters. Make sure it’s unique (i.e, not a password you’ve already used for something else) and not personal—your birthday definitely doesn’t count, and the names of your pets aren’t any good, either.

  • Set a time period for how long your phone waits before auto-locking. “Immediately” is the safest option. It might be mildly annoying now, but it will be worth it if your phone is ever lost or stolen. It will also prevent anyone being able to take a peek inside if you leave your phone unguarded, even if only for a few minutes.
  • Control which of your apps have permission to show notifications on the home screen when your phone is locked. This can be done on a per app basis, or universally.

For extra protection:

  • Put a PIN lock on your SIM card. This will prevent anyone else from being able to use your SIM in a different phone. On iPhone you can do this in Settings > Phone > SIM PIN. On Android you’ll likely find this in your Security settings.
  • Where possible, put passwords on individual apps. Many apps don’t offer this option, but some, like the secure messaging app Signal, do. This allows you to log out when you’re done using the app. Make sure your passwords are also disabled from being visible!

2. Encrypt It!

Encryption scrambles the contents of your phone, making everything unreadable to anyone who doesn’t have the passcode or password to decrypt it.

  • Encrypting your iPhone: If you have an iPhone (4 and up) you’re in luck: Encryption was enabled automatically when you set up your passcode. As long as your phone is locked, your phone is encrypted.
  • Encrypting your Android: Most Android phones need to be encrypted manually. Before starting the process, it’s important to create a strong password and make sure you can remember it (otherwise you’ll be locked out of your phone, permanently!), back up important data, and charge your phone or plug it in, so as not to break the encryption process. To get started, go to your phone’s settings.

3. Find Your Phone’s Unique Numbers

(EMEI, SIM, etc.) in your settings, and write them down. These numbers are how your phone identifies itself on the network so can help in tracking the phone down if it’s stolen.

4. Consider Disabling Cloud Backups

Both iPhone and Android give you the option of not backing up to Apple’s iCloud or Google’s servers. Instead, you can back up some content manually and store it on your computer or external hard drive. IPhone also allows you to make encrypted backup files using iTunes. Backing up your content locally comes with multiple benefits: It doesn’t have to travel over the internet, and it remains in your hands rather than those of a commercial company. If anyone wanted to get hold of it, they’d basically have to be able to access your device itself.

5. Limit Location Tracking

Location logs alone can tell an incredibly detailed story about your life—where you live and work, what you do in your free time, which doctors you visit, which bars you go to. They show your routines andwhen you break them—both of which can be incredibly revealing. Taken together with other people’s locations, they can show who you are meeting, how often and for how long, and from that, what kind of relationships you have with those people. Your phone can be tracked in a few different ways, so it’s difficult to keep your location information completelyprivate. But there are some steps you can take to make sure fewer parties can collect it.

  • Turn off your phone’s “location” function. Your location gets logged by your device through GPS and Wi-Fi, and this data can be collected by apps with the right access permissions. Turning off Location in your settings will disable certain app functions—particularly when it comes to maps. You can always turn it on again when you really need it.  (This won’t completelystop others tracking your phone’s whereabouts—more on that below.)
  • Turn off Wi-Fi and Bluetooth when you’re not using them. Your phone uses Wi-Fi and Bluetooth to announce itself to networks and devices in its vicinity. And when networks stretch across large areas—an office building, conference center, or even an entire country—your movements within this zone can be tracked.
  • When you want to be 100 percent sure your location isn’t being recorded, just leave your phone at home, or switch it off and take the battery out (if your phone allows this). Another option is to buy or make a Faraday bag or cage, which blocks all signals. There’s no other failsafe way to prevent your phone communicating with the cell towers around it, which it normally does constantly, enabling your mobile network operator to keep detailed records on where you’ve been. Mobile operators are often required by law to store this information for a certain amount of time. The next best thing is to turn off your phone when you don’t need to be connected, or put it in flight mode.

6. Change Your Phone’s Name

If your device’s name is “Bob Smith’s Phone,” well, that’s what’s being announced to devices and Wi-Fi networks in the vicinity, if your Wi-Fi and Bluetooth settings have not been turned off. You might want to change it to something less personally identifying, like “Hello, World.”

7. Minimize Browser Leakage

All those searches, all those website visits … many browsers and search engines collect and save your browsing history by default, not to mention all the trackers that follow you around the internet.

  • To reduce the leakage, use a “private browsing” mode. This option is available with Firefox, Safari, Chrome, and Chromium (which browsers you can do this with depends on whether you’re using iPhone or Android)
  • Change your default search engine to something like DuckDuckGo or StartPage. These privacy-protecting search engines are noncommercial—they don’t track you or collect personal information or search history.
  • Clear your browsing history regularly. If your browsing history is stored in your browser (which in most browsers is the default), it can be collected by a variety of companies as you browse the web. This includes the companies behind certain types of web trackers. Though “Private Browsing” modes are usually set to clear your history automatically, be aware that this normally only happens when you close the browser window, so remember to do this regularly. For added privacy-protection, clear your history as you go.
  • Opt out of Google and Apple showing you “personalized ads”: On Android you can find the opt-out in the Ads Settings; on iPhone, scroll down to the bottom of your Privacy settings to Advertising > Limit Ad Tracking.

8. Choose Your Apps, and Manage Their Permissions, Wisely

There’s a lot to say about apps, but in short: All apps are not equal. Some have data collection as their primary raison d’être—that’s how they make their money. Some apps, on the other hand, collect almost no data at all.

  • Evaluate your apps: Before you install an app, you should investigate it. What information can it collect? What permissions does it ask for, and why? Which company or group is behind it, and can you trust it? Are you using too many apps owned by a single company? If you use an Android phone, swear by your Gmail account, etc., then Google knows an awful lot about you. You might decide to delete some of your apps, or replace them with better alternatives.
  • Control app permissions: For the apps you decide are worth keeping, make sure you control their permissions. Does that maps app really need access to your contacts to function? On both iPhone and later versions of Android, you can control permissions either per app or by type of permission (photos, contacts, etc.).

9. Above All, Keep in Mind:

Getting to know your tech is a long game and tends to happen in stages, bit by bit. The important thing is to get started. You might just find that each bit of control you gain is motivation enough for taking the next step.

This article is part of the cybersecurity self-defense installment of Futurography, a series in which Future Tense introduces readers to the technologies that will define tomorrow. Each month, we’ll choose a new technology and break it down. Future Tense is a collaboration among Arizona State UniversityNew America, and Slate.

Fieke Jansen works on the politics of data with the Tactical Technology Collective, where she researches, writes, and trains around data, privacy, and profiling.

Helen Kilbey works with the Tactical Technology Collective as a coordinator, editor, writer, and trainer for the Me and My Shadow project.

Author : Fieke Jansen and Helen Kilbey

Source: http://www.slate.com/articles/technology/future_tense/2017/02/cybersecurity_self_defense_how_to_increase_security_on_your_smartphone.html

You work hard day after day, but never see any long-term improvement. You feel trapped at your current level, unable to move forward or progress. You see friends and colleagues moving on and getting promoted, and wonder what’s different about you.

If this sounds like you, then you need to start using the 5-hour rule. Followed by successful people around the world, including Bill Gates, Oprah Winfrey, and Mark Zuckerberg, this simple rule can help you transform from ordinary to successful.[1]

Read on to find out exactly what the rule involves and how you can implement it in your own life.

Spend 5 Hours A Week On Deliberate Learning

The 5-hour rule involves spending five hours a week, or one hour each working day, focused on deliberate learning. This means setting aside time to give your full attention to learning and development, without getting distracted by other work. This learning can take different forms and a mix of these will give you the most well-rounded experience.


Reading is a habit of many highly successful people and is an easy and convenient way to learn. Try keeping a book in your bag at all times and setting yourself up with reading goals each week. You could aim to read a chapter a day or a certain number of books each month. The wide availability of eBooks makes reading on almost any topic possible wherever you are. Bill Gates is a famous advocate of reading and reads around 50 books each year, crediting it as one of the main ways that he learns.[2]


Reflection is a key part of learning. Trying to consume too much information without reflecting on it can lead you to feel overwhelmed and prevents you from picking up new skills. It’s important that your reflection time is structured, or you could get distracted. Try keeping a journal, which will allow you to reflect on what you’ve learned through reading. It will also give you the chance to think about lessons you’ve recently learned during work and develop ideas you have for the future.


Experimentation is essential if you want to progress in life. Set aside some time each week to test out new theories or ideas, no matter how crazy they are. Some of the most successful products in the world have come about as a result of experimentation. Innovation never comes from doing the same thing over and over. Even if your experiment fails, you’ll have learned valuable lessons.

Don’t Confuse Working With Learning

It’s easy to confuse working with learning, and this is how you can end up feeling stuck. You might think that working for 40 hours a week should be enough for you to see improvement, but that’s rarely the case. While you’re focused on day-to-day problems, you’re not giving yourself time to develop and grow. The 5-hour rule is about deliberate learning, not about going to work everyday and hoping you might learn something. Set yourself specific learning goals and give yourself time to achieve them, and you’ll see a vast amount of improvement.

Focus On Improvement, Not Just Productivity

You might believe that the more productive you are, the more successful you’ll be. Productivity plays a role in success, but it’s nothing without lifelong learning. If you’re constantly focused on your current work, rather than on long-term self-improvement, you’ll never see much development. It can be hard to allow yourself five hours a week for learning that doesn’t come with an immediate reward, but you’ll thank yourself for it in the long run. Try to look beyond your daily paycheck and dedicate time to becoming the best possible version of yourself instead.

Take inspiration from some of the world’s most successful entrepreneurs and spend 5-hours a week on deliberate learning. You’ll soon be light years ahead of your friends and colleagues, and well on your way to success.

Author : Eloise Best

Source : http://www.lifehack.org/538067/the-5-hour-rule-that-turns-ordinary-people-into-successful-ones

What happens if a bad actor turns off your heat in the middle of winter, then demands $1,000 to turn it back on? Or even holds a small city’s power for ransom? Those kinds of attacks to personal, corporate, and infrastructure technology were among the top concerns for security experts from the SANS Institute, who spoke Wednesday during the RSA conference in San Francisco.

Some of these threats target consumers directly, but even the ones that target corporations could eventually “filter down” to consumers, though the effects might not be felt for some time.

The seven deadly attacks

Here are the seven most dangerous attack vectors, according to SANS, and what, if anything, you can do about them:

1. Ransomware: Ransomware surfaced more than 20 years ago, but it has since evolved into a seriously scary form of malware: crypto-ransomware, which encrypts your files and demands payment to unlock them. It’s an ideal way for bad guys to attack: Ransomware spreads like a virus, locks up your data independently, and forces you to contact the criminals for payment and recovery, according to Ed Skoudis, an instructor at the SANS Institute.

What you can do: Practice “network hygiene:” patching your system, using antimalware, and setting permissions and network-access controls to limit exposure—once a PC is infected, you don’t want the infection spreading to other PCs on the network. Remember that ransomware is being monitored by actual people, with whom you can negotiate: “Your best bet is to appear small and poor,” Skoudis said, to try to reduce the amount you’ll pay.

2. The Internet of Things. The next stage of the evolution in consumer products is connectedness: Everything from baby cameras to toothbrushes are using wireless protocols to connect to each other and the internet. That, in turn, has left them vulnerable to hacks. Worse still, IoT devices are now attack platforms, as the Mirai worm demonstrated.

What you can do: Change the default passwords. If your smart-home gadget doesn’t allow it, either return it or wait (or petition the manufacturer) for firmware that allows a custom password. You can also take further steps to insulate connected devices by disabling remote access, using a separate dedicated home LAN for IoT devices, as well as a dedicated cloud account for controlling them, Skoudis said.

3. The intersection of ransomware and IoT. Last year, an Austrian hotel was hacked, disrupting its keycard system. Such attacks could eventually migrate to your home, holding your smart thermostat hostage (and set at 40 degrees, say) until you pay up.

What you can do: Right now, this sort of attack is more theoretical than anything else. But it’s something to think about as you start building out your home: How much automation is too much? “You have to ask yourself, what is the right balance between man and machine?” said Michael Assante, director of industrials and infrastructure for SANS.

A summary of the 2015 attack on then Ukraine power stations, as provided by the SANS Institute.

4. Attacks against the industrial Internet of Things. In 2015 and again in 2016, unknown hackers took down power stations in the Ukraine, leveraging the growing trend of automated, distributed systems against the power company. Fortunately, first responders were quickly able to manually flip the breakers and restore power. But there’s no guarantee that will always be the case—and what happens if Pacific Gas & Electric or Con Edison’s infrastructure is hacked?

What you can do: As consumers, not much. Infrastructure organizations are going to have to decide whether to operate with intelligent systems, or shut them down. Scaling up with increased automation can help lower your power costs—but the penalty may be increased vulnerability to outside attacks, Assante warned.

A summary of the 2015 attack on Ukraine power stations, as provided by the SANS Institute.

5. Weak random number generators. Truly random numbers are the basis of good encryption, securing Wi-Fi and a broad range of security algorithms, according to Johannes Ulrich, the director of the SANS Internet Storm Center. But  “random” number generators aren’t truly random, which makes the encryption they’re based upon easier to crack. This gives an edge to criminals, who may exploit this and unlock “secure” encrypted connections.

What you can do: This is a problem for device manufacturers to solve. Just keep in mind that your “secure” network may in fact be weaker than you think.

6. An over-reliance on web services. More and more, apps and software are talking to and incorporating third-party services, such as Docker or Azure. But there’s no real certainty that those apps are connecting to the expected entity, or whether an attacker is stepping in, stealing data, and returning false information.

What you can do: Again, this is a problem for developers. But Ulrich warned that mobile apps are becoming increasingly vulnerable—so even if an app isn’t trying to steal your data, the “service” that it thinks it’s connecting to may be.

7. SoQL Attacks against NoSQL databases. This is another developer problem, but it could affect data collected about you. For years, SQL injections, where executable code was forced inside of a SQL database entry field, were one of the scourges of the internet. Now, as developers move away from SQL to NoSQL databases like MongoDB, they’re finding that those databases aren’t as secure as they should be. 

Author : Mark Hachman

Source : http://www.pcworld.com/article/3170201/security/what-happens-if-your-thermostat-is-hacked-researchers-name-the-top-7-security-threats.html

Google launched the cloud search feature for the business customers on 8th February. The new Google Cloud Search feature will allow its customers who use the G-suite products. These products include Google Drive, Gmail, Sites, Docs, Calendar, Contacts and much more. The service was available in a limited preview. Previously it was known as the Springboard. The Springboard described something like Google Now for the enterprise workers.

The Springboard is now known as the Google Search. The larger companies were able to use the Springboard. The search service offers file sharing permissions, and this helps the users to access that is available for them. That can include companywide resources like the policy manuals, team projects or documents that only they can see.

How does Google Cloud Search facility work?

Along with adding to surface work documents, the Google Cloud Search facility will work as the directory service. It will allow the users to check out information about colleagues, view events, and files that they have in common. While viewing info within search results, the users will also have the option to click start emails, phone calls or hangout. The new feature has got more intelligence than you can imagine.

Along with the G-Suite rebranding, the company also announced machine powered intelligence. It includes “Quick Access” in Google Drive. It is a new feature that predicts which file you need just before you begin typing. Google Cloud Search can translate to help you in predictive search. The goal is to offer increased productivity to G-suite users.

A major issue at present

Google claims that right now it is taking 50% more of regular time to pull up the correct file in predictive search. But the company will soon reduce this figure. The feature is similar to Google Now. The cloud search facility uses a card style design for presenting information to you. It doesn’t matter whether you access the search service with phone or laptop. Like Google now, the Google Cloud Search facility uses machine intelligence for highlighting information that you will read.

These cards are called “Assist cards.” The cards pop up things like recently accessed files reminders, notes and much more. The Google Cloud Search is rolling out right now for customers who use G-Suite business and the enterprise editions. Google says it will introduce more features in future and chances are it will also integrate it with third party apps.

Source : https://technewsinc.com/google-cloud-search-offers-smart-search-engine-g-suite-745854/

Reporters wrangle all sorts of data, from analyzing property tax valuations to mapping fatal accidents -- and, here at Computerworld, for stories about IT salaries and H-1B visas. In fact, tools used by data-crunching journalists are generally useful for a wide range of other, non-journalistic tasks -- and that includes software that's been specifically designed for newsroom use. And, given the generally thrifty culture of your average newsroom, these tools often have the added appeal of little or no cost.

I came back from last year's National Institute for Computer-Assisted Reporting (NICAR) conference with 22 free tools for data visualization and analysis -- most of which are still popular and worth a look. At this year's conference, I learned about other free (or at least inexpensive) tools for data analysis and presentation.

Want to see all the tools from last year and 2012?

For quick reference, check out our chart listing all 30 free data visualization and analysis tools.

Like that previous group of 22 tools, these range from easy enough for a beginner (i.e., anyone who can do rudimentary spreadsheet data entry) to expert (requiring hands-on coding). Here are eight of the best:


What it does: This utility suite available from Christopher Groskopf's GitHub account has a host of Unix-like command-line tools for importing, analyzing and reformatting comma-separated data files.

What's cool: Sure, you could pull your file into Excel to examine it, but CSVKit makes it quick and easy to preview, slice and summarize.

For example, you can see all your column headers in a list -- which is handy for super-wide, many-column files -- and then just pull data from a few of those columns. In addition to inputting CSV files, it can import several fixed-width file formats -- for example, there are libraries available for the specific fixed-width formats used by the Census Bureau and Federal Elections Commission.

Two simple commands will generate a data structure that can, in turn, be used by several SQL database formats (Mr. Data Converter handles only MySQL). The SQL code will create a table, inferring the proper data type for each field as well as the insert commands for adding data to the table.

CSVKitCSVKit offers Unix-like command-line tools for importing, analyzing and reformatting comma-separated data files.

The Unix-like interface will be familiar to anyone who has worked on a *nix system, and makes it easy to save multiple frequently used commands in a batch file.

Drawbacks: Working on a command line means learning new text commands (not to mention the likely risk of typing errors), which might not be worthwhile unless you work with CSV files fairly often. Also, be advised that this tool suite is written in Python, so Windows users will need that installed on their system as well.

Skill level: Expert

Runs on: Any Windows, Mac or Linux system with Python installed.

Learn more: The documentation includes an easy-to-follow tutorial. There's also a brief introductory slide presentation that was given at the NICAR conference last month.

Related tools: Google Refine is a desktop application that can do some rudimentary file analysis as well as its core task of data cleaning; and The R Project for Statistical Computing can do more powerful statistical analysis on CSV and other files.


What it does: This popular jQuery plug-in (which was designed and created by Allan Jardine) creates sortable, searchable HTML tables from a variety of data sources -- say, an existing, static HTML table, a JavaScript array, JSON or server-side SQL.

Apple device sales

Quarter endingUnit sales (millions)Device
2010-06 3.3 iPad
2010-09 4.2 iPad
2010-12 7.3 iPad
2010-12 16.2 iPhone
2010-12 4.1 Mac
2011-03 4.7 iPad
2011-03 18.6 iPhone
2011-03 3.8 Mac
2011-06 9.3 iPad
2011-06 20.3 iPhone
2011-06 4.0 Mac
2011-09 11.1 iPad
2011-09 17.0 iPhone
2011-09 4.9 Mac
2011-12 15.4 iPad
2011-12 37.0 iPhone
2011-12 5.2 Mac
Source: Apple earnings statements

What's cool: In addition to sortable tables, results can be searched in real time (results are narrowed further with each search-entry keystroke).

Drawbacks: Search capability is fairly basic and cannot be narrowed by column or by using wildcard or Boolean searches.

Skill level: Expert

Runs on: JavaScript-enabled Web browsers

Learn more: Numerous examples on the DataTables site show many ways to use this plug-in.


Editor's note: As of April 2015, the FreeDive project was no longer available at the Knight Digital Media Center site, but the source code is still up on GitHub.

What it does: This alpha project from the Knight Digital Media Center at UC Berkeley turns a Google Docs spreadsheet into an interactive, sortable database that can be posted on the Web.

What's cool: In addition to text searching, you can include numerical range-based sliders. Usage is free. End users can easily create their own databases from spreadsheets without writing code.

FreeDiveFreeDive turns a Google Docs spreadsheet into an interactive, sortable database

FreeDive's chief current attraction is the ability to create databases without programming; however, freeDive source code will be posted and available for use once the project is more mature. That could appeal to IT departments seeking a way to offer this type of service in-house, allowing end users to turn a Google Doc into a filterable, sortable Web database using the Google Visualization API, Google Query Language, JavaScript and jQuery -- without needing to manually generate that code.

Drawbacks: My test application ran into some intermittent problems; for example, it wouldn't display my data list when using the "show all records" button. This is an alpha project, and should be treated as such.

In addition, the current iteration limits spreadsheets to 10 columns and a single sheet. One column must have numbers, so this won't work for text-only information. The search widget is currently limited to a few specific choices of fields to search, although this might increase as the project matures. (A paid service like Caspio would offer more customization.) The nine-step wizard might get cumbersome after frequent use.

Skill level: Advanced beginner.

Runs on: Current Web browsers

Learn more: The freeDive site includes several video tutorials at the bottom of the home page as well as test data to try out the wizard.

Related tools: Caspio is a well-established commercial alternative. For a JavaScript alternative with more control over the table created from a Google Docs spreadsheet, you might want to investigate Tabletop, which makes a Google Docs spreadsheet accessible to JavaScript code.

Highcharts JS

What it does: This JavaScript library from Highsoft Solutions provides an easy way to create professional-looking interactive charts for the Web. JQueryMootools or Prototype required.

What's cool: With Highcharts, users can mouse over items for more details; they can also click on items in the chart legend to turn them on and off. There are many different chart types available, from basic line, bar, column and area charts to zoomable time series; each comes with six stylesheet options. Little customization is needed to get a sleek-looking chart -- and charts will display on iOS and Android devices as well as on desktop browsers.

Apple device sales(millions of units)iPad salesiPhone salesMac salesDec-10Mar-11Jun-11Sep-11Dec-11010203040

Highcharts example with data about Apple device sales. Mouse over the graph to see details; click items in the legend to turn them on or off.

Drawbacks: Highcharts, like Google Maps, does have a distinctive look, so you may want to customize the Highcharts stylesheets so your visualizations don't look like numerous other Highcharts on the Web. While charts displayed fine for me on an Android phone, they weren't interactive (they were on an iPad).

And unlike most JavaScript/jQuery libraries, Highcharts is free only for non-commercial use, although a site-wide license for many companies costs only $80. (The cost jumps to $300 per developer seat in some cases -- for example, if charts are customized for individual users.) Rendering can be slow in some older browsers (notably Internet Explorer 6 and 7).

Skill level: Intermediate to Expert.

Runs on: Web browsers

Learn more: The Highcharts demo gallery includes easy-to-view source code.

Related tools: Google Chart Tools create static image charts and graphs or more interactive JavaScript-based visualizations; there are also JavaScript libraries such as Protovis and the JavaScript InfoVis ToolkitExhibit is an MIT Simile Project spinoff designed for presenting data on the Web with filtering, sorting and interactive capabilities.

Mr. Data Converter

What it does: How often do you have data in one format -- while your application needs it in another? New York Times interactive graphics editor Shan Carter ran into this situation often enough that he coded a tool that converts comma- or tab-delimited data into nine different formats. It's available as either a service on the Web or an open source tool.

Mr. Data Converter

Mr. Data Converter can generate XML, JSON, ASP/VBScript or basic HTML table formatting.

What's cool: Mr. Data Converter can generate XML, JSON, ASP/VBScript or basic HTML table formatting as well as arrays in PHP, Python (as a dictionary) and Ruby. It will even generate MySQL code to create a table (guessing at field formats based on the data) and insert your data. If your data is in an Excel spreadsheet, you don't need to save it as a CSV or TSV; you can just copy and paste it into the tool.

Drawbacks: Only CSV or TSV formats can be input, as well as copying and pasting in data from Excel.

Skill level: Beginner

Runs on: JavaScript-enabled Web browsers

Learn more: You can follow Mr. Data Converter on Twitter at @mrdataconverter.

Related tools: Data Wrangler is a Web-based tool that reformats data to your specifications.

Panda Project

What it does: Panda is less about analyzing or presenting data than finding it amidst the pile of standalone spreadsheets scattered around an organization. It was specifically designed for newsrooms, but could be used by any organization where individuals collect information on their desktops that would be worth sharing. Billed as a "newsroom appliance," users can upload CSV or Excel files to Panda and then search across all available data sets or a within a single file.

PandaPanda makes it simple to give others access to information that's been sitting in different stand-alone spreadsheets.

What's cool: Panda makes it simple to give others access to information that's been sitting on individuals' hard drives in different stand-alone spreadsheets. Even non-technical users can easily upload and search data. Search is extremely fast, using ApacheSolr.

Drawbacks: Queries are basic -- you can't specify a particular column/field to search, so a search for "Washington" would bring back items containing both the place and a person's name. The required hosting platform is quite specific, requiring Ubuntu 11.1. (Panda's developers have created an Amazon Community Image with the required server setup for hosting on Amazon Web Services EC2.)

Skill level: Beginner (Advanced Beginner for administration)

Runs on: Must be hosted on Amazon EC2 or a server running Ubuntu 11.10. Clients can use any Web browser.

Learn more: Panda documentation, still in the works, gives basics on setup, configuration and use. Nieman Journalism Lab has some background on the project, which was funded by a $150,000 Knight News Challenge grant.


What it does: This free plugin from Microsoft allows Excel 2010 to handle massively large data sets much more efficiently than the basic version of Excel does. It also lets Excel act like a relational database by adding the capacity to truly join columns in different tables instead of relying on Excel's somewhat cumbersome VLOOKUP command. PowerPivot includes its own formula language, Data Analysis Expressions (DAX), which has a similar syntax to Excel's conventional formulas.


PowerPivot allows Excel 2010 to handle massively large data sets more efficiently.

What's cool: PowerPivot can handle millions of records -- data sets that would usually grind PowerPivot-less Excel to a halt. And by joining tables, you can make more "intelligent" pivot tables and charts to explore and visualize large data sets with Excel's point-and-click interface.

Drawbacks: This is limited to Excel 2010 on Windows systems. Also, SQL jocks might prefer using a true relational database for multi-table data in order to build complex data queries.

Skill level: Intermediate

Runs on: Excel 2010 on Windows only.

Learn more: There are links to demos and videos on the PowerPivot main page, as well as an introductory tutorial on Microsoft's TechNet.

Related tools: Zoho Reports can take data from various file formats and turn it into charts, tables and pivot tables.


What it does: This general-purpose visualization platform allows creation of interactive dashboards with multiple, related visualizations -- for example, a bar chart, scatter plot and map. The open-source project was created by the University of Massachusetts at Lowell in partnership with a consortium of government agencies and is still in beta.

Weave visualization

Weave demo visualization of foreclosures in Lowell, Mass. See the interactive version.

What's cool: The visualizations are slick and highly interactive; clicking an area in one visualization also affects others in the dashboard. The platform includes powerful statistical analysis capabilities. Users can create their own visualizations on a Weave-based Web system, or save and alter the tools and appearances of visualizations that have been publicly shared by others.

Drawbacks: Requires Flash for end-user viewing. It's currently somewhat difficult to install, although a one-click install is scheduled for this summer. And because it's so powerful, some users say that implementations must consider how to winnow down functionality so as not to overwhelm end users.

Skill level: Intermediate for those just creating visualizations; Expert for those implementing a Weave system.

Runs on: Flash-enabled browsers. Server requires a Java servlet container (Tomcat or GlassfishMySQL or PostgreSQL, Linux and Adobe Flex 3.6 SDK).

Author : Sharon Machlis

Source : http://www.computerworld.com/article/2502891/business-intelligence/business-intelligence-8-cool-tools-for-data-analysis-visualization-and-presentation.html?page=4

Page 2 of 8


World's leading professional association of Internet Research Specialists - We deliver Knowledge, Education, Training, and Certification in the field of Professional Online Research. The AOFIRS is considered a major contributor in improving Web Search Skills and recognizes Online Research work as a full-time occupation for those that use the Internet as their primary source of information.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.