Sherman's Security Blog

Make Free VoIP Calls from Google Voice

2012-01-28T13:00:00.017-05:00

Google Voice is great, but it isn't an entirely free voice-over-internet service if you have to pay a phone bill to use it. With a few tweaks, though, you can make completely free internet phone calls with Google Voice. Here's how.

Note: Gizmo5's desktop software once offered great free VoIP calling through Google Voice. So great, in fact, that Google bought the maker, closed sign-ups, and now sits on it. Here's the new, up-to-date, and completely free way to make free internet calls with Google Voice.

When you've got Sipgate set up as one of your Google Voice numbers, you can, basically make and receive calls from your computer as if it were just a large and awkwardly designed cellphone. You can still pick up calls to your main number on your cellphone or other lines, or just pick it up on your laptop or desktop, with a good headset or just your built-in mic and speakers. You'll save yourself cellular minutes, possibly experience better call quality, and record calls with ease.

Not quite sure what Google Voice does, or why you'd want it? We've been there ourselves. Simply skim through Google's comprehensive video guide.

When you're done setting up a free VoIP service through Google Voice, you'll be able to pull off the same kind of free calling from your desktop as you could once do with Gizmo5—but with Gizmo5 closed to sign-ups at the moment, and no word from Google on future digital calling, this is the cheap and easy way to go, for the time being.

What You'll Need

Google Voice account: Google Voice is a free service that, as of June 22nd (today if you're reading this when it published), is available for everyone in the U.S. and Canada. All you need to use it is your Google account, so head to the Google Voice homepage and sign on in to get started (if you haven't already).

Sipgate account & phone number: Both are free—even the real phone number that folks can call you on all they want. Sipgate has many neat services to recommend it beyond its free Sipgate One service-with some cheap hardware, you could set up what amounts to a very cheap digital phone network, in your house or with a small telecommuting team. For now, though, we're just going to hook up a Sipgate One phone account and number up to Google Voice.

Audio tools for computer calls: You can make and take phone calls using your laptop's microphone and speakers, but if you're going to be talking regularly, you'll probably want to upgrade to a decent USB headset with microphone.

Cellphone with text messaging: Just for a verification code that Sipgate sends. You won't need the cellphone to actually use your free VoIP setup.

Step 1: Set Up Sipgate

Setting up a Sipgate account is a pretty familiar process, and less intensive then, say, Google Voice. Here's the abbreviated walkthrough:

Head to the Sipgate One site and click the "Sign up now" button. You'll be asked to provide your cellphone number and carrier, then get a text message with a short verification code.

After filling it in, you'll be asked to provide some information: name, address, email, and a password. The email must be real and used, because you'll use it to verify your account further. The address, if you don't love the idea of giving it away, can be relative—it's used primarily to pin down your location and figure out which area codes you'd want.

About those area codes—Sipgate doesn't offer all of them. In fact, in upstate New York, Sipgate only offered 518 and 845, and after selecting 518, it turns out Sipgate plum ran out. I had to pretend like I lived in San Diego (good people live there!) to pin down a number, but since this is a software phone and I'm connecting through my proper Google Voice number, it didn't really matter to me. Your mileage may vary, but your friends and contacts are only calling your Google Voice number, which then rings you on your computer, so the actual number doesn't matter all that much.

Once you've picked out and confirmed your number, you'll be asked to download and install the software. I'd recommend just downloading, but not yet installing and launching the Sipgate desktop software. Respond to your email activation message, and keep moving through the setup process.

You'll eventually arrive at a screen where you'll have to pin down an exact address, for what I've reasoned is the inclusion of E-911 data with the phone number Sipgate is issuing you. Depending on the area you're trying to obtain a phone number in, you may end up with a failure message indicating that there are no numbers available for the address and area code you picked out. This is how I ended up virtually moving to San Diego. Be sure to pick out the options indicated for a free, single number.

Head into your Sipgate settings by signing in (upper right corner) at Sipgate.com, then clicking "Settings" in the upper-right corner. In the default "Phone" section, you'll likely see the cellphone you provided as linked to your account. Mouse over that cellphone, and select either "Delete device" (which most of us can safely do), or "Deactivate" (if you think you might pull off some fancy VoIP-to-cell tricks in the future). Either way, you want "Phone of (Your Name)" to be the primary call taker, since that's your Sipgate number. If Sipgate bugs you to set up routing to your phone, go ahead and click the link to do so. Your Sipgate routing setup should, in the end, be very simple—one phone number rings one (virtual) phone.

There's one last area to address inside Sipgate, because the service tends to capture its incoming calls with its own voicemail system, rather than letting Google Voice pick up the unanswered call. Head into Sipgate's voicemail, call forwarding and hunting rules.

To put it simply, you're going to clear out everything—any forwarding rules, the basic voicemail condition, all of it. When you're done, this settings area should look like the example at left, with Sipgate indicating "You have not set up voicemail or call forwarding" for either your number or your account.

Once that's done, you could log into your Sipgate software and test it out by calling your new number from a cellphone or landline, but you don't need to—we're going to have Google Voice call you anyways, to connect your number.

Step 2: Connecting to Google Voice.

Head to your Google Voice "Phones" settings and click the "Add another phone" link at the bottom of your list. Enter a name (maybe "Sipgate") and the phone number Sipgate assigned you, with area code, along with picking a phone type ("Home" or "Work" should play) and un-checking the "Receive text messages" option, then hit "Save." Google Voice will now ask to call that number and have you punch in a two-digit code to verify it's yours.

Make sure your Sipgate software is running, and that you're signed in, and then go ahead and authorize Google Voice to call. When the call comes through, switch over to the "Dialpad" tab on your Sipgate window, type in the code provided at the Google Voice site, and you'll hear Voice congratulate you on hooking the two together. You can now head back to your Phones settings at Google Voice, choose Advanced Settings, and detail exactly when your Sipgate number should ring.

Step 3: Using Sipgate from Your Computer

On both Windows and Mac, Sipgate's software is fairly minimalist—if you're used to Skype's mannerisms, it'll seem nearly invisible. It's a rectangular box with just four tabs, and its main purpose is to sit there and wait for you to dial a number or receive a call. That's fine for accepting calls—when you want to make a call, you're going to use Google Voice tools.

ipgate gives you 60 free outbound call minutes with your phone number, but you don't really need to use them. Google Voice is a pretty ubiquitous service, at least where internet service is available. From a laptop or desktop, you can use a few tools to place an outgoing call—which will technically call you on your Sipgate number, then connect the call when you pick up.

Browser extensions: Google has an official Chrome extension that's pretty nifty, and Chad Smith regularly patches up an unofficial, experimental Firefox add-on that offers similar capabilities: click-to-call, call logs, SMS, and the like.

Google Voice web site: Keep it open in a tab, or maybe as a stand-alone browser app, and learn the basic shortcuts—specifically, "c" to make a call. There are, of course, many others to master.

Desktop tools: In addition to the single-site browser tools that would work great with Google Voice, a few tools have been put together to tuck Google Voice calling onto your taskbar or system tray: Google Voice for Adobe AIR (all platforms), and Voice Mac (Mac only).

One final note on a little side-benefit of Sipgate—the software can natively record calls. Google Voice can record calls, too—but only on an incoming call, and you have to pull up the dialpad and press "4." Sipgate's desktop software simply records your call and offers it up as an MP3 when you're done. Like Google Voice, Sipgate will make a very obvious announcement that it's recording the call, to comply with the many different call-recording laws, but it's a pretty nice feature on the whole.

via: lifehacker

Find a Tool-Lending Library to Borrow Free Tools for DIY and Home Maintenance Projects

2012-01-27T13:00:00.009-05:00

Your public library is a great source for free books, movies, and other information and entertainment, but it's not the only place you can go to borrow free stuff. Tool-lending libraries now exist all over the United States and allow their members to borrow tools, equipment, and how-to manuals free of charge.

Wikipedia offers a long list of these tool-lending libraries across the United States. They're not as numerous as the public libraries we're all familiar with, but there are multiple locations in most states. This is an excellent resource for those who are looking to save a little money on home repairs. It's also great if you want to tackle a DIY project but don't have the tools you need. Signing up for a membership will vary by location, but for the most part you just sign up and borrow what you need for however long the library allows. If you've been to any type of library before this isn't a new concept, but rather a wonderful resource for saving money on tools you may not use very often.

List of Tool-lending Libraries | Wikipedia via Wise Bread

via: lifehacker

Supreme Court Rules that Warrants are Required to Track Suspects Via GPS

2012-01-27T09:00:00.004-05:00

The Supreme Court on Monday ruled that the government must obtain a warrant before using GPS to track suspected criminals.

Attaching such a device to a suspect's car and tracking them after a warrant has expired is a violation of that person's Fourth Amendment rights, which guards against unreasonable search and seizure.

At issue is the case of Antoine Jones, which dates back to 2004. The D.C. nightclub owner was suspected of drug trafficking, prompting a joint FBI-D.C. police investigation. In 2005, a D.C. district court authorized investigators to install a GPS device on Jones' Jeep Grand Cherokee within 10 days in the District of Columbia. They did not install it, however, until the eleventh day—and they did so in Maryland. For the next 28 days, investigators gathered data about Jones' whereabouts and used it against him in court.

During trial, Jones filed a motion to suppress the information gathered from the GPS device, but the District Court only threw out data that was obtained when Jones' car was parked in his garage. A "person traveling in an automobile on public thoroughfares has no reasonable expectation of privacy in his movements from one place to another," the court found.

Ultimately, Jones was convicted and sentenced to life in prison. But the U.S. Court of Appeals overturned his conviction based on the way the GPS tracking was handled, and the case made its way to the Supreme Court, which today upheld that ruling.

"By attaching the device to the Jeep, officers encroached on a protected area," Justice Antonin Scalia wrote today, delivering the opinion of the Court. " The Government's attachment of the GPS device to the vehicle, and its use of that device to monitor the vehicle's movements, constitutes a search under the Fourth Amendment."

via: pcmag

Air Media Center Serves Up Virtually Any Media to Your iPhone and Transcodes Incompatible Formats on the Fly

2012-01-26T13:00:00.002-05:00

Air Media Center is media streaming and live conversion app for iOS (and, strangely, just the Samsung Wave). It's a lot like Air Video, a favorite iOS app in that category, but it's $2 cheaper and can serve up more than just your video collection.

Air Media Center isn't alone in its ability to stream more than video. StreamToMe ($3) can do it too, but at a higher cost. It also doesn't stream your photo collection. But side from a cheaper price tag and the ability to view photos, Air Media Center actually has a number of other distinct advantages.

It provides the option to just stream a video as-is if it doesn't require conversion, which is nice if you want to maintain the highest quality possible. It also sets up authentication for you automatically, so you can use the user accounts already present on your system to log in. The app also promises apps for Android and Smart TVs in the near future, making it great for people who use multiple platforms (like me!).

From tests, it seems to work just as well as Air Video and StreamToMe, and the server software (available for both Mac OS X and Windows) is super simple to use. While Air Video and StreamToMe are both great apps, there are plenty of reasons Air Media Center might be your best option.

Air Media Center ($1) | iTunes App Store

via: lifehacker

Google revamps its myriad of privacy guidelines into one document

2012-01-26T09:00:00.011-05:00

Google is clear cutting its current forest of privacy policies.

The search giant currently has more than 70 documents covering privacy policies--and that's after it trimmed them significantly in 2010. It now plans on consolidating them all into a single, general use document by March 1.

By the reduction, Google hopes to not only reduce word counts for readers, make explanations clearer and eliminate legal "gloop," but to also unify a user's information across all its products, it said in a video on the policy changes. Whether you're in YouTube, Gmail, Google Docs, or any other product offered by Big G, you'll be treated as a single user.

Here's what Google said in its video.

Benefits/Downsides to Users

If you're Google, the single-user treatment can have some benefits to you. For example, if you have an appointment in Google Calendar, when the app alerts you about it, it can also tell you if you're going to be late for the meeting based on location and traffic information it gathers from other Google apps.

On the other hand, some people may find it creepy that Google is keeping tabs on their locations and appointments.

Google also maintains the single-user approach will allow it to deliver better search results to you. The more it knows about you, it reasons, the more likely it will know that when you type something like "jaguar" into a search, you're looking for a car, not a cat, or vice versa.

And of course, the more Google knows about you, the better it will know what you want to buy, so the search giant won't waste your time placing ads on a search results page for things you're not interested in purchasing.

Facebook: The Elephant in Google's Living Room?

In announcing the new policy changes, Google didn't mention Facebook, but, like the proverbial elephant in the room, the social network was there between the lines.

"We remain committed to data liberation so if you want to take your information elsewhere, you can," Google Product and Engineering Director of Privacy Alma Whitten wrote in a company blog. Facebook has had trouble in the past over its claims to own all its users' information.

"We don't sell your personal information, nor do we share it externally without your permission except in very limited circumstances like a valid court order," Whitten said. Facebook is known for its generous data-sharing policies.

"We try hard to be transparent about the information we collect, and to give you meaningful choices about how it is used," Whitten added. That statement is a slap at Facebook's penchant for using its users' names and images to promote any product they "endorse" on the service.

via: itworld

Amazon Sued Over Zappos Hack Attack

2012-01-25T09:00:00.001-05:00

Well, that didn't take long. According to a report from Bloomberg, a customer has decided to file a class-action lawsuit against Amazon over the Zappos hacking attack that took place recently.

Bloomberg names Theresa Stevens, from Beaumont, Texas, as the person behind the lawsuit. As for the specifics of the legal complaint, filed on Jan. 16 in federal court in Louisville, Kentucky, Stevens claims that because of the Zappos security breach, she and other users "are more likely to receive e-mails from spoof websites and unknowingly give away personal information to hackers." The class-action lawsuit seeks unspecified damages for all of Zappos' 24 million customers.

The actual court document (link below), posted by PaidContent, offers interesting details into the strategy of what will likely become an increasingly common legal skirmish for online retail companies.

The crux of the complaint appears to rest on the fact that users will have to change their passwords across the Web and that the hack will put them at greater risk for identity theft and phishing scams.

And while some may regard this swift lawsuit, filed just days after the incident, as an example of an overly litigious society, the legal action does point out some very serious concerns and responsibilities related to maintaining an e-commerce platform and securing the personal details of millions of customers. As of this writing, Zappos and Amazon have not publicly responded to the lawsuit. If you're a Zappos customer and somehow missed the security update, you can access the company's password reset page, with associated details and information, on Zappos.com.

Amazon purchased Zappos in 2009.

Zappos class action

Here is the response from the class action attorneys behind the Amazon / Zappos lawsuit http://www.grayandwhitelaw.com.

via: pcmag

Canadian resident sentenced to death for writing a computer program

2012-01-24T17:00:00.012-05:00

Last week, the Iranian Supreme Court confirmed the death sentence for computer programmer Saeed Malekpour, whose photography program was used without his knowledge, to upload pornography to the internet.

Canadian resident Mr Malekpour was arrested while visiting his dying father in Iran during October 2008. He was held in solitary confinement in Tehran's Evin Prison for a year without charge, according to Amnesty.

He made confessions, which were later televised, to his charges, which according to the EFF include "acting against national security through propaganda" and "production and publication of obscene materials through computer systems".

However, in a letter sent from the prison in March 2010, Mr Malekpour states, he retracted these confessions, stating they had been given under duress after prolonged interrogation and torture by the "Revolutionary Guards Cyber Counterattack" team. He also wrote that he still not been allowed to visit his lawyer.

A Revolutionary Court sentenced him to death in October 2010 for his alleged confessions but the Supreme Court later overturned the sentence. When referred back to the same Revolutionary Court for reassessment, the death sentence was reinstated.

Last week, the Supreme Court approved this execution.

The Canadian Foreign Minister John Baird is reported to have condemned the Supreme Court's decision, but there is little practical means of challenging this order outside Iran.

This is not the first death sentence for an internet-related crime in Iran. Iranian blogger Vahid Asghari was sentenced to death for allegedly hosting a pornography network.

A Revolutionary Court sentenced him to death in October 2010 for his alleged confessions but the Supreme Court later overturned the sentence. When referred back to the same Revolutionary Court for reassessment, the death sentence was reinstated.

The recent OpenNet Initiative (ONI) Report "In the Name of God" and ONI Iran profile both provide necessary context to the broader approach of internet control in Iran.

A broader question that could be drawn from Mr Malekpour's case is to what extent should software creators have control over end use of their programs?

Software designers could retain greater control and lock down end use to prescribed functions, preventing their software being used outside its intended purpose.

Of course, in this context it could prove complicated to implement. For Mr Malekpour, he would have had to invest in image recognition capabilities and impose restrictions if the images were deemed inappropriate. This would move the original program beyond its modest remit.

Importantly, requiring restrictions and lockdown of software might stifle innovation. New ideas and applications are often realized by allowing the end user to tinker. Oxford and Harvard Law Professor Jonathan Zittrain is a proponent of the 'generativity' of technologies that maintain openness and allow modification.

Professor Zittrain accredits the creation of the internet as spawning from such an ideology, but 'generativity' is a double-edged sword and innovation of destructive applications also occurs, with malware being a key example.

All this debate, however, is of little consolation to Saeed Malekpour who is facing a bleak future. He can't have imagined that when he started writing a photography program, his code would put his life in peril.

via: sophos

Malwarebytes Anti-Malware Free Edition

2012-01-24T13:00:00.001-05:00

Malware scanner and removal tool.

This is one of the first tools and ongoing tools I always use.

From the developers, “Malwarebytes Anti-Malware combines powerful new technologies designed to seek out, destroy, and prevent malware infections.

Malwarebytes Anti-Malware is an easy-to-use anti-malware application. The Free version is well-known for its detection and removal capabilities, and the PRO version uses advanced protection technologies to proactively stop malware infections.

Additionally, Malwarebytes offers a host of extra utilities as well as an approachable forum community to help you combat any piece of malware that exists in the wild.

New Features:
* Malwarebytes Chameleon technology gets Malwarebytes Anti-Malware running even when blocked by infection.
Improvements:
* Improved reliability and performance of the update process.
* Detection and removal engine enhancements.
* System tray icon now dynamically displays selected language”

Editor’s note : The free edition offers users the option of installing a trial version of Malwarebytes Anti-Malware Pro.”

Using the free edition requires you to manually update the software. A small price to pay for free.

Malwarebytes Anti-Malware Free Edition
Version 1.60.1800
Added January 22, 2012
Homepage/developer
Compatibility : Windows 2000/XP/Vista/7
File size : 10.5 Mb
Download

via: freewareasylum

Anonymous dupes users into joining Megaupload attack

2012-01-24T09:00:00.001-05:00

The Anonymous hacking group recruited unwitting accomplices in the attacks against U.S. government sites.

The distributed denial-of-service (DDoS) attacks began just hours after the U.S. Department of Justice announced arrests of four men associated with the popular Megaupload "cyberlocker" site on charges of copyright infringement, money laundering and racketeering.

Federal authorities shuttered Megaupload.com and other sites, and seized assets belonging to the company, including hundreds of servers. Three of the seven men indicted remain at large, but four were arrested in New Zealand by local authorities and face extradition to the U.S.

Almost immediately, Anonymous retaliated with DDoS attacks against Justice's website, and those operated by Universal Music, the Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA), and others. Some of those sites were inaccessible during parts of Thursday.

In a message on Twitter and in a blog post, Anonymous claimed Thursday's DDoS attacks were its largest ever, and said that 5,600 people collaborated in the assaults.

Previously, Anonymous had said that its followers were using the Low Orbit Ion Cannon (LOIC) tool, a favorite of the group since its first widespread DDoS attacks in December 2010.

But some of the 5,600 who participated may have done so unwittingly.

Members of Anonymous distributed links via Twitter and elsewhere that when clicked automatically launched a Web version of LOIC. The links pointed to a page on PasteHTML.com, a free HTML code-hosting site, which in turn executed some JavaScript to fire LOIC at Anonymous-designated targets.

Many of those messages said nothing about LOIC or that clicking the link shanghaied the user into the DDoS attack.

While the links were launching LOIC against more than one website, It's clear that justice.gov is getting a lot of attention.

The Department of Justice's website was operating normally early Friday.

Anonymous is still recruiting people to its campaign. A quick search of Twitter using a string published on Gawker.com indicated that the link was being shared at the rate of about 10 to 18 times per minute on the micro-blogging site.

On a Sophos blog, Cluley reminded readers that DDoS attacks were illegal, and cautioned users to be wary of clicking links.

"Anonymous might be hoping that participants could argue that they did not knowingly assist in the DDoS attack, and clicked on the link in innocence without realizing what it would do," said Cluley.

via: networkworld

FreeOCR.net: free optical character recognition program converts images to text in multiple languages

2012-01-23T13:00:00.016-05:00

Have you ever faced a situation where you needed to obtain editable text out of an image or a PDF file created from a scanned document? What you need in this case is "Optical Character Recognition" (OCR) software that will literally "read" the document and try to identify characters and words visually, and FreeOCR.net is just such a program.

FreeOCR.net performs optical character recognition on images or PDF files that have a scanned origin. It can process PDF, TIF, BMP, JPG, and PNG files and provides an acquire function for running documents through a scanner. The simple user interface allows you to exclude non text elements (such as images or tables), although this has to be done manually.

For documents with multiple pages, each individual page has to be processed by the user separately, although FreeOCR will "pool" the output into a single text. FreeOCR.net is based on the open source Tesseract OCR engine and comes pre-installed with English support, although many other languages can be downloaded and added (including non latin character based languages such as Japanese, Korean, Indonesian, etc.)

This is an excellent basic OCR app that can get the job done. It works really well for use on the occasional document, or at least short documents. It is possible to process long documents (ebooks, etc), but in this case you would be better off with some of the more professional (and paid) apps that are out there.

PROS:

Powerful engine: produces excellent results in general, at least for English which I tested. Note that images are recommended to be scanned at 200 dpi or more.

Supported formats: processes PDF and most image filetypes (and will not restrict you to TIF as some others do).

Supports a wide range of languages: English comes pre-installed, but other languages can be installed separately (see here). Languages include French, Italian, German/Fraktur, Spanish, Dutch, Vietnamese, Bangla, Czech, Catalan, Polish, Lithuanian, Latvian, Bulgarian, Russian, Greek, Korean, Slovakian, Ukranian, Japanese, Indonesian, Norwegian, Hungarian, Serbian, Turkish, Tagalog, Romanian, Chinese (traditional & simplified), and Swedish.

Simple interface: allows for selecting chunks of text to process, such as to circumvent pictures and other elements.

CONS:

Does not process pages in batch: as it is designed to do one page at a time, which limits its usefulness for large documents.

No post-OCR processing: such as spellchecking for example.

No user-assisted "learning": such as employed by some other commercial OCR packages.

The verdict: an excellent free OCR solution. If you need to convert the occasional scanned document to editable text this will do the job. However, if you need to process hundreds of pages it can do the job in theory but is likely to be too labor intensive (much less labor intensive that re-typing though!).

Although I only tested English, the multi language support is quite noteworthy. If you do use for other language (esp. non latin) please post on your experience in the comments section. Thanks.

Version Tested: 3.0

Compatibility: Windows 2000, 2003, XP, Vista, Windows 7.

Go to the program home page to download the latest version (approx 156K).

via: freewaregenius

Mozilla pushes browser-based alternative to passwords

2012-01-23T09:00:00.001-05:00

Mozilla is promoting a browser-based alternative to usernames and passwords for website logins.

Browser ID offers a decentralized system for user identification and authentication along the same lines as OpenID. To use BrowserID users first have to create an account with Mozilla. After this users would be able to use the technology to enter websites that support BrowserID simply by entering their email address.

Developers can add support to the technology by adding links to a JavaScript library and hooks into a JavaScript API and verification service, as explained in a blog post by Mozilla here.

The technology competes with OpenID, which is already used by prominent sites such as Twitter and Facebook. Mozilla is pushing BrowserID as a more secure and privacy-sensitive method than its competitors.

BrowserID was first released by Mozilla back in July 2011 as a prototype. Mozilla only finished deploying the technology across its own sites earlier this month.

In a blog post, Mozilla's identity-tech chief Ben Adida signalled plans to push for a wider public release this year and opened a consultation programme. Mozilla is keen to nip any potential concerns about user tracking and online privacy in the bud.

Adida's blog post on "new user-centric services" also trails plans for Mozilla to introduce a mobile web-based operating system (codenamed B2G) and an app store later this year.

via: theregister

10 open source shopping carts to run your ecommerce business

2012-01-20T17:00:00.000-05:00

More and more companies have turned to the Web to transact business. And, of course, if you are going to sell on the Web, the right shopping cart can mean the difference between red and black ink. When shopping for your own ecommerce shopping cart software the most important aspect to consider is how well the cart software meets your business objectives. An ecommerce shopping cart has to be customizable to fit your business needs and branding, be flexible enough to scale as your business grows, be secure and support industry standards and provide solid integrate with payment gateways.

Open source shopping cart software is an attractive option. Storeowners might look to open source ecommerce software because it will typically deliver the features and tools to manage a product catalog on a website without the hefty licensing fees that come with proprietary or off-the-shelf packages.

Open source shopping cart software also provides access to communities of users including developers, storeowners and enthusiasts who freely offer community-based support and add-ons to enhance the open source software package.

Storeowners who decide to use open source shopping cart software can always pay for additional support and service through qualified third parties if they find the community-based support is not enough.

Top 10 Free and Open Source Ecommerce Solutions

Here are ten options if you plan to invest in open source shopping cart software for your ecommerce business.

1. Agora Shopping Cart: Lots of Features and Back-End Management Options

AgoraCart is a customizable and secure open source ecommerce shopping cart that you can install on an existing website. With AgoraCart, you can expect the typical features such as customizable templates for setting-up your store, support for different product categories, options for different tax rates in addition to back-end store management tools. On the upscale side of ecommerce, AgoraCart is PA-DSS Complaint (PCI-DSS) and supports more than 10 payment gateways.

The free community edition (5.2.x) is supported only though online community forums. AgoraCart version 6.x Gold is available for $49.95 and offers storeowners additional license, features and support options.

2. Broadleaf Commerce: An Open Source Enterprise Ecommerce Platform

The Broadleaf Commerce solution is an open source alternative for enterprise ecommerce companies. It offers an enterprise-level platform that (built on Java integration technologies) and can be customized to specific business needs.

With Broadleaf Commerce, retailers can manage customer accounts, upsell, create promotions and manage email marketing. The platform supports social integration, catalog browsing, search engine optimization (SEO) and integrates with Google Analytics and any existing business database and fulfillment system. The newest release (Broadleaf Commerce Version 1.5) offers enhanced administration and promotion capability over previous versions.

The Broadleaf Commerce community provides an online forum for discussion and contributions, articles, development guides, and project API documentation. Broadleaf Commerce uses the Apache license.

3. Commerce.CGI: A Free Perl Shopping Cart

Commerce.CGI's claim to fame is being the first free Perl shopping cart on the web. First released in 1998, it is a fully featured shopping cart for Unix-based servers, although it can run on Windows NT with minor code adjustment. Commerce.CGI can be an add-on to an existing web site or installed and configured to manage a new product website.

Commerce.CGI offers the standard shopping cart features you would expect -- it's template-driven and provides tools to configure email management, product search and payment methods. It supports sales tax, multiple shipping options, discount calculations and other options for customer check out.

Commerce.CGI is free and supported through the Commerce.CGI mailing list or BBS. Paid member features ($49.99) include wish lists, product reviews, coupon support and other customizable shopping cart enhancements. The Commerce.CGI site offers user-contributed modifications that are freely distributed. The current version, V.4.6.1, is available in zip or tar formats.

4. Loaded Commerce: A Highly Customizable Cart

Loaded Commerce is the 6.5 release of the software developed by the CRE Loaded team. Loaded Commerce, based on the popular CRE Loaded program, includes security modifications. The Loaded Commerce Community Edition (CE) is a shopping cart designed for the small office, home office (SOHO) storeowner who wants to add transaction capabilities to an existing website.

This ecommerce solution offers a number of features for product, customer, order and content management. It is highly customizable so you can change your site design choosing from hundreds of templates, edit customer information, orders, invoices and more.

The CE is the free edition of the ecommerce shopping cart software and supported by the Loaded Commerce community. A customer account is required to download Loaded Commerce.

5. Magento: Hosted or Deployed Solutions for Small to Enterprise Businesses

Magento offers an enterprise-class ecommerce platform, supported by a global ecosystem of solution partners and third-party developers. Acquired by eBay in 2011, Magento is part of eBay's X.commerce business unit.

Magento ecommerce gives merchants scalability and features for presentation, content and functionality. The platform offers marketing tools, search engine optimization, product catalog management and browsing, one-page checkout and a number of standard tools such as those used to manage shipping, tax and customer service.

The latest stable release of Magento Community Edition (version 1.6.1.0) was released on October 19, 2011. This free version is available under the open source OSL 3.0 license. Merchants looking for a more mission-critical ecommerce platform can upgrade the Enterprise Edition.

6. OpenCart: Manage Multiple Stores with One Admin Interface

The OpenCart shopping cart helps storeowners to quickly and easily install, select a template, add products and start taking online orders. The built-in template system lets you switch between different templates or migrate your site's current design into OpenCart.

Other cart features include a multi-store capability to manage multiple stores from one admin interface, tax zones, shipping methods, back-end store administration, and support for a number of payment gateways and languages.

OpenCart is free open source software published under the GNU GPL License and both free community and commercial support is offered. OpenCart server requirements include Web Server (preferably Apache), PHP (at least 5.2), MySQL, Curl and Fsock.

7. osCommerce Online Merchant: Provides Front and Back-End Tools For Store Owners

The osCommerce Online Merchant ecommerce solution is a free offering that comes with features and tools to help storeowners manage the front-end catalog and back-end administration.

Released under the GNU General Public License, osCommerce Online Merchant v2.3.1 provides a basic template layout structure to customize the catalog front-end. The Administration Tool lets merchants configure the online store, insert products for sale, manage customers and process orders.

There is a large community of more than 256,000 storeowners, developers, service providers and enthusiasts contributing to the help, support and development of osCommerce. Other support options include mailing lists and the osCommerce Newsletter for storeowners. Server requirements include PHP v4+ (PHP v5+ recommended) and MySQL v3+ (MySQL v5+ recommended).

8. PrestaShop Features Multiple Languages and Localization Options

PrestaShop is a customizable, PCI-DSS compliant, ecommerce solution that will handle everything from Web store set-up to managing customers and orders. Storeowners can create and manage the front-end catalog and marketing, customize orders and change shipping options and localization to suit their business. PrestaShop is available in three languages (English, French and Spanish) with an additional 41 translations available.

PrestaShop v.1.4.6.2 (stable) is the current version published under the Open Software License (OSL) v3.0. Server requirements include Linux, UNIX, or Windows, Web Server (Apache 1.3 or later, IIS 6 or later), PHP 5.0 or later and MySQL 5 or later.

9. Zen Cart Requires Only Basic Skills to Install and Configure

Zen Cart is a free and open source shopping cart designed by a group of shop owners, programmers, designers and consultants.

Zen Cart offers a number of options to customize the cart using a template system to select a design and configure product categories, sales discounts, and shipping and payment options. The cart incorporates a WYSIWYG page editor for modifying non-database pages, and nearly every piece of information about your products is customized and managed within the Zen Cart Admin area.

Zen Cart provides community contributed additions for your shop and documentation and the community forum for support is available on the Zen Cart website.

10. Zeuscart Offers Web 2.0 Features

ZeusCart is a web-based PHP/My SQL shopping cart that boasts a rich user interface and a highly usable shopping cart that meets the demands of Web 2.0.

The cart is primarily for small and medium storeowners and offers inventory management, attribute-driven product catalog, category management, a built-in CMS and SEO-friendly URLs. Standard features such as discounts, taxation, shipping options, integration with multiple payment gateways and email templates are also included.

ZeusCart 3.0, licensed under GPL 2, can be installed on any server where a PHP interpreter, MySQL database server and a web server is present.

via: itworld

Megaupload rises again as Anonymous knocks out SOPA supporters' sites

2012-01-20T15:00:00.008-05:00

In the wake of the shutdown of content-sharing site Megaupload for alleged copyright infringement, hacker group Anonymous has taken credit for knocking out the websites of the U.S. Department of Justice, the Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA), Warner Music Group, BMI, and Universal Music, all supporters of the Stop Online Piracy Act (SOPA) and the Protect Intellectual Property Act (PIPA) now being considered by Congress -- while crowing that the Megaupload service is up and running via a new website.

This flurry of events stands in stark contrast to recent relatively quiet yet effective protest of SOPA and demonstrates just how significant a challenge supporters of antipiracy legislation face: They need to contend with behemoths such as Google and Wikipedia that are capable of generating enough sympathy for their cause to worry politicians, while also contending with Internet denizens who can quickly launch disruptive Web-based attacks. Add in the fact that sites such as Megaupload can be resurrected quickly, making them all the more difficult to shut down permanently.

Earlier in the day, the FBI and the Justice Department announced that seven individuals and two corporations had been charged with running an international organized criminal enterprise allegedly responsible for online piracy of numerous types of copyrighted works -- from movies and music to e-books and software -- through Megaupload.com and others sites. Megaupload purports to have more than 1 billion visits to the site, more than 150 million registered users, and 50 million daily visitors. The site accounts for 4 percent of the total traffic on the Internet, according to the release.

Hacker group Anonymous reacted swiftly to the news, knocking out several websites using denial-of-service attacks and taking credit via Twitter. "The government takes down Megaupload? 15 minutes later Anonymous takes down government and record label sites," the Anonymous tweet read.

The group also tweeted a note in opposition of SOPA: "Megaupload was taken down w/out SOPA being law. Now imagine what will happen if it passes. The Internet as we know it will end. FIGHT BACK."

Further stymying the efforts of the FBI and the Justice Department, a new website for the Megaupload service is reportedly up and running, according to an Anonymous tweet: "✹BREAKING✹ -- MEGAUPLOAD IS BACK, NEW #MEGAUPLOADSITE -- http://megavideo.bz/"

via: infoworld

imTranslator speaks your language, and everyone else’s too!

2012-01-20T13:00:00.001-05:00

imTranslator is a free website that lets you use powerful interpretation software, and will even speak for you in other languages. With support for more than fifty different languages, tons of TTS (Text To Speech) options, and downloadable widgets and plug-ins imTranslator is one of the best ways to quickly and easily handle your everyday translation and interpretation needs.

Years ago, I remember visiting a site called Babelfish that would translate my text into other languages like Spanish, French and Italian and allow me to copy and paste the results into whatever window or document I needed. Electronic translation has a come a long way since then and imTranslator is one of the newest and best options on the net. Even better than that, it’s totally free!

imTranslator supports a myriad of different languages including (but not limited to) such un-common ones as Icelandic, Vietnamese, and Yiddish. It even has support for both traditional and simple Chinese! Of course, it also has support for the more common ones like English, French and Italian. It will translate anything you input from any of the fifty plus languages it supports into your choice of Chinese, French, German, Italian, Japanese, Korean, Portuguese, Russian, Spanish, or English speech. If you have a block of text you want to translate and don’t know what the language is, imTranslator will even detect the language for you and if it is supported and recognized, will translate it automatically.

Additionally, imTranslator uses a very sophisticated bit of code to not only recognize and translate text but to actually interpret the meaning of the text and attempt to put it into the desired language’s idiom. This means that, unlike some other translation programs or pages, even colloquialisms (slang or local sayings) can be translated with a fair degree of success at conveying the original idea, and not just the literal word for word replacement. That’s one of the biggest things that has set computer translation apart from real human interpretation in the past, so it’s nice to see the 21st century finally arriving.

Of course, just translating and interpreting language would be fairly impressive all by itself, but imTranslator takes it to the next level by actually running a pretty decent Text To Speech (TTS) engine to actually speak the results of your translation request. For translation to English, there is a male and female voice option, but the other languages are limited to one gender. This will probably change in the future, as imTranslator promises to expand the available voices. Options for the TTS engine also include the ability to choose one of seven different speeds for the TTS engine to speak at. Some languages require a slower or faster voice to sound correct or make sense to the native ear and imTranslator evidently knows this and offers the speed options to compensate. They have plans to automatically detect the right speeds per language or meaning in the future but for now, allowing the user to choose the speed is a nice workaround for that issue. The TTS engine sounds pretty darn good, if not 100% life-like just yet, and having this option available means that you never have to feel lost again in a room of people speaking a language you don’t know.

At the very least, if you have your laptop with you, you can make yourself understood by typing in your words and having the computer speak them. Business meetings come to mind as the best and most obvious use for this but there are tons of other situations where it can be useful, both personal and professional.

Another very handy feature of imTranslator’s free service is that you can actually get code to embed a given black of TTS translation on a website. That means you can have your page greet visitors in their own language, or read instructions to them. Additionally, imTranslator offers free widgets you can add to your website to allow others to easily translate anything they type in to the widget. There are also browser extensions or plug-ins for Internet Explorer and Firefox (Chrome coming soon) and an online dictionary if you’d rather do some parts of the translation yourself or just want to double-check something.

All in all, imTranslator offers a fairly comprehensive solution for your translation needs at a price of zero. This means that decent translation isn’t just the sole province of live interpreters anymore. You’ve got one right there in your home computer or laptop. There are plans in the works for mobile applications but the developers state that they want to be sure they have done everything possible to make the core service on the internet as great as possible before expanding to new platforms. Personally, I have to admire that dedication to quality rather than quantity.

Visit imTranslator here.

via: freewaregenius

Guilty Until Proven Innocent: The MegaUpload Closure Leaves Users Unable To Access Their Files

2012-01-20T09:00:00.001-05:00

Alright, Feds. You’ve had your fun. You’ve arrested some people you deem bad and seized their Mercedes-Benz collection. Great. So how about turning MegaUpload back on for a quick minute?

The United States Department of Justice seized and shut down MegaUpload yesterday in an impressive (and scary) show of force. The site is effectively nuked, which is bad news bears for its zillions of users. Sure, the site was infamous for hosting illegal files, but it was also one of the best ways to share large files online. The closure leaves users unable to access their files. Those using MegaUpload for legitimate reasons are the real victims.

Don’t think for a minute that MegaUpload was used exclusively for trading of copy-written material. MegaUpload made sharing large files easy. Simply upload a file 2GB or smaller and the service popped-out a unique URL for sharing. Files stayed on MegaUpload servers for 90 days or forever if the user paid for a premium account. But now those files are inaccessible. They’re seemingly gone forever.

Users of course took to Twitter to vent their frustration. Hopefully these users had local copies.

Suzanne Barbieri @PolarKoala

We need to get #Megaupload trending. I'm vehemently against copyright infringement: the files I lost were created & owned by me for my job.
20 Jan 12

MegaUpload’s fate will hopefully cause many of these users to rethink their sharing and backup methods. It’s not the best practice to hand over your data to a 3rd party for safe keeping. Products like iTwin, Pogoplug and services from Western Digital and Seagate will all allow users to share locally-stored files over the Internet. The files are stored on a local hard drive or flash drives while still allowing remote access. With SOPA and PIPA looming, these devices might see an uptick in sales as file lockers like MegaUpload get shut down.

via: techcrunch

How to use Send to Kindle for Windows

2012-01-19T13:00:00.004-05:00

Amazon recently released a Windows application called Send to Kindle, which allows you to send personal documents to your Kindle device from your PC.

In the past, you could send documents to your Kindle by e-mailing it to a personalized Kindle e-mail address or by connecting your Kindle to your PC via a USB cable. The Send to Kindle program makes sending your documents even easier by allowing you to right-click on them from Windows Explorer. With Send to Kindle, you can also send documents from any Windows program by choosing to print it, then selecting Send to Kindle as the printer.

Here's how to use Send to Kindle for Windows:

Installation

Step 1: Download and install the Send to Kindle program on your PC.

Step 2: When asked to register Send to Kindle, enter your Amazon account e-mail address and password, then click the "Register" button.

Send to Kindle from Windows Explorer

Step 1: In Windows Explorer, right-click on a document you want to send to your Kindle, then select "Send to Kindle." To select more than one document, press the Ctrl key while selecting your documents.

Step 2: When the Send to Kindle window pops up, choose your delivery options, then click the "Send" button.

Step 3: After a few minutes, check your Kindle to see if your document has been delivered. If it doesn't show up automatically, you may need to sync your Kindle to initiate the download.

Send to Kindle from a print dialog

Step 1: From within any Windows program, select "Print," then choose "Send to Kindle" as your printer.

Step 2: When the Send to Kindle window pops up, select your delivery options, then click the "Send" button.

Step 3: After a few minutes, check your Kindle to see if your document has been delivered. If it doesn't show up automatically, you may need to sync your Kindle to initiate the download.

A few things to consider when using the Send to Kindle program for Windows:

The following file types are supported: .doc, .docx, .txt, .rtf, .jpeg, .jpg, .gif, .png, .bmp, .pdf.
Each document must be less than 50MB.

Send to Kindle only supports Kindle devices and reading apps for iOS devices.

All documents, except for PDFs, are converted to Kindle format.

If you choose to archive your documents to Amazon Cloud, you have 5GB of storage space.

That's it. Now you know how to send documents to your Kindle with Send to Kindle in Windows. A Mac version is in the works as well, so Mac users should look out for it soon.

via: cnet

6 things every IT person should know

2012-01-19T09:00:00.001-05:00

A solid IT generalist has to know a little bit of everything. Here are 6 skills you should master, no matter where your life in IT leads.

Anyone who's been in IT for more than 10 minutes knows that troubleshooting is a huge part of the job. Some item -- it doesn't matter what -- breaks in a new and entirely unexpected way, and by default, it's up to you to get it fixed. It doesn't matter how many books you've read, how well you know the user guide, or what you ate for breakfast. What matters is how quickly you can connect the dots and wiggle your way out of the problem.

No book or teacher can magically pour deductive problem-solving skills into your head. What works is lots of experience falling flat on your face -- and lots of pounding your head on a desk until you solve a particularly intractable problem. I've learned the most from incidents during which I've broken something so thoroughly that I have absolutely no idea how to put it back together again. That's a gauntlet no one wants to walk, but everyone does. The more painful the experience, the more likely you are to get wiser.

Nonetheless, received wisdom has its place -- especially if you work in a siloed IT environment or specialize in a particular domain and need to broaden your knowledge. You'll thank yourself the next time you're so lost and alone in the weeds even Google can't help you.

How to use a protocol analyzer

If you haven't used a protocol analyzer before, it may sound like a tool that only a specialized network engineer would need. Because literally everything is networked in some fashion, knowing what actually makes networks tick -- what's in a packet and how to see what's really happening when a networked application says, "Sorry, I can't do that, Dave" -- can be amazingly useful for just about anyone.

In fact, being able to understand what's going over the wire is arguably much more useful for programmers or analysts than it is for network engineers. Plus, it's actually fun. If you haven't tried it before, get Wireshark and mess around with it. Telnet into something and replay the telnet session. (See that password? That's why we use encryption.)

If you have a VoIP phone system, mirror the port on a phone and play back the audio of a phone call from the raw packet stream. Or if you want to be shocked and saddened, see how incredibly chatty your PC and home network are -- especially if a few game systems or a networked TV are kicking around.

If you keep at it long enough that you have a rough understanding of most of what you're looking at, troubleshooting the next weird network problem will be that much easier.

How to pick apart a Web application

Of all of the problem descriptions I get, my least favorite is "It's slow!!" This can apply to any type of application, but it's particularly infuriating with Web apps. You can go down the line from the network engineers to the server admins to the database admins to the application developers, and every one of them will say everything is fine. But that doesn't help those poor users staring at a blank screen for five seconds every time they click a link.

There are many tools that can help with this kind of problem, but a few stand out, including Fiddler, the Web Developer plug-in for Firefox, and the Developer Tools functionality built into Chrome. Next time you run into a Web app performance problem, fire up the timeline functionality in Fiddler or the Chrome Developer Tools, set it to record, and click your way through the page. You may be surprised by the cause of the slowdown.

How cabling and power works

This is a skill that every IT generalist ends up having to know. Whether it's being able to tell the difference between a straight-through and a crossover Ethernet cable, knowing the difference between an L5-30 and an L6-30 power receptacle, or just being able to make an Ethernet cable that's the right length to reach your entertainment center, knowing how network cabling and electrical power work can be indispensable.

How virtualization works under the hood

Virtualization is a fact of life in IT. Businesses of all shapes and sizes have implemented it, and just about every cloud offering is built on it. For the most part, a virtual machine looks, acts, and feels just like a physical one. That's the point. But it's important to realize what's happening under the hood in your hypervisor and how that may change the way you troubleshoot performance problems. Gone are the days when simply opening Task Manager and seeing how busy the server is will tell you what's actually happening.

You need to experiment with your virtualized infrastructure and learn how resource scheduling works -- that is, how the hypervisor divvies up physical resources. Create a process that will nail the processor within a VM (here's a script that will do it if you need one), then place different CPU performance limits on the VM and see how the performance is affected. You'll be surprised by what you find -- and be better prepared if you run into resource contention issues in the wild.

If you lack hands-on experience with virtualization, it's easy to experiment with it: VMware offers a free trial of VMware Workstation that can teach you a lot right off the bat.

How to write useful scripts

Simply put, programming is not just for developers. Knowing a scripting language like Perl or Python, no matter how you decide to use it, can be enormously useful.

The next time you find yourself confronted by a boring, repetitive task, find a way to do what you're trying to do with a script. Chances are, the first few times you do it, you'll take more time to solve the problem than if you had just done it manually. However, before long, you'll have a skill that will grow to become a massively useful asset.

That's just the beginning

Whether you've done all or none of these things, the best step you can possibly take to ensure a happy life in IT is pick something you don't know about and learn it. You may never apply it hands-on, but when you expand your horizons to include stuff you've never worked with before, you'll give yourself an edge you couldn't get any other way. Hey, it's a new year. Why not make it a resolution?

via: infoworld

How to try the Windows 8 Metro interface free

2012-01-18T13:00:00.001-05:00

Windows 8 is still just a promise, except for a few folks with developer's builds. If you want to try out the fabled Metro interface on your computer, there's now a solution. The metro7 app changes the Windows 7 interface to make it look and feel like Metro. Here's how to use it:

Download and install the app here.

Start it up. You should see a tiled interface, though it is separate from your desktop.

Click the arrow in the upper right to set your options, pin programs or Web sites to the tile screen, and more. Experiment! The built-in apps are minimal, but you can get more or add any apps or bookmarks you like.

You can drag tiles to rearrange them, or drag down to the bottom to trash them.

The app comes loaded with caveats. It's not from Microsoft, so it's all reverse-engineered, which means that the final product is likely to be fairly different. It's also in beta, and while I only experienced one bug (it crashed when I tried to back out of a Facebook screen), it's not perfect. Still, it delivers on its promise, and it's definitely fun to play around with the interface we're all likely to be using in a year or so!

via: cnet

Quick link-- Best Firefox Addons

2012-01-18T11:00:00.002-05:00

On this page, you will find the best 50+ Firefox plugins for all your browsing needs.

Check them out.

Best 50+ Firefox plugins

Malware found in children's gaming web sites

2012-01-18T09:00:00.001-05:00

Czech security vendor Avast Software is warning users to be on their guard after spotting increasing numbers of children's gaming sites, which have been infected with malware.

The firm said that over the past 30 days it has observed more than 60 sites featuring "game" or "arcade" in the URL which contain malware.

The most visited site was cutearcade.com, which has managed to infect more than 12,600 users as of 10 January with a malicious Trojan that redirects visitors to linuxstabs.com, a known distribution point for malware, according to Avast.

"Games like these require clicking and children don't think much about what they are clicking on," said Ondrej Vlcek, chief technology officer of Avast.

"This makes them – or their parents' computer – quite susceptible to malware. If there is something dangerous, a child will find it. But, moving between sites is normal behaviour for most people, regardless of age."

According to the firm, many of the sites in question appear legitimate, but have been infected by malware writers hoping to score a 'drive-by-download' attack, while others may have been specially crafted to distribute malware.

The discovery can be seen as yet another attempt by cyber criminals to expand the potential distribution channels for their malware.

Email borne malware in the form of malicious attachments, however, is still believed to be the most common route of infection.

via: v3

I Lost My Bag Full Of Cash, Man Is Nice Enough To Return It Three Years Later

2012-01-17T19:00:00.000-05:00

There are still good people in this world.

Check out this story:

Rebecca lost a bag chock full of cash, credit cards and camera equipment on a dirt road in Mississippi three years ago. So she was figuring she probably wouldn't be getting that back, ever — after all, who finds a bag of cash and returns it to the rightful owner years after they find it? Turns out one man is just that kind of good Samaritan.

Rebecca wrote in with her extraordinary tale, which starts in November 2008 while she was working for an outdoor active travel company as a trip leader. She explains that she's often in a hurry, trying to pack up a van full of cyclists or hikers to get to the next activity. On the day in question, they'd had along 75-mile ride, heading toward a historic plantation.

I had been riding on a bike with our guests that day while my friend, Courtney, supported us in the van. We got to our final shuttle stop about 20 miles outside of town. It was getting dark and anyone still behind this point was not going to make it in. We hurriedly stripped my and the other riders' bikes of all bags and water bottles. We threw the bikes on the roof, hopped in the van, and hurried to beat the front riders into the hotel. It was a day we were proud to have finished without a hitch.

As we got to the manor we redistributed all of our guest's belongings and I noticed that my bags were missing. My heart sunk into the pit of my stomach as I recalled carelessly throwing them off of my bike and onto the ground behind the van.

Living a life on the road I carry very few material possessions, and I had just lost them all. In my Camelback was my wallet: IDs, personal credit/debit cards, corporate credit card, business cards of vendors, petty cash receipts, and about $800 in cash. The bike bag held my other most valuable possessions — my bike tools and my camera with irreplaceable pictures from the last few months. Needless to say, tears began to sting my eyes and my chest grew tight as I fought to hold them back.

I jumped into the van and drove back to our spot trying to hold in the tears by reassuring myself that it would all be there. The bags were gone, I called Courtney and couldn't hold it in anymore, I lost it. I allowed myself to be upset the entire van ride back to the hotel. The next day I filed a report with the park and with the Natchez police. There was nothing else I could do.

On the morning of January 10, 2012 I heard my phone ringing from far away. I chose to ignore it since if it had been someone I knew, my phone speaks the caller's name. The message was from Mr. D.T. of Natchez, Miss., something about a package. Having blocked the incident out of my memory, I did not immediately make the connection. After being reminded of it by my boyfriend I anxiously dialed the number. He was right. D.T. had both of my bags.

D.T. had driven by them that evening and threw them into his pick-up truck. He knew they must have belonged to "the people driving around with all those bikes on the roof" and figured he would see us around town. One would assume in a town as small as Natchez you could locate a 15-passenger van hauling a large trailer with room for 12 bikes on each, but our season was over and we were off to Salt Lake City two days later.

Also living in a small town D.T. figured he would read about it in the police reports. He hadn't found anything of use in the bag (I kept my wallet crammed at the bottom of the camelback underneath my coat and my hydration pack), so he threw it in his "utility" (storage unit) and forgot about it. On the 10th he came across it again and was about to throw it out, but luckily decided he would look inside one last time. With more digging he found my wallet, inside of that he found my business card, and with that my cell phone number.

I faxed D.T. a letter with my current address and asked that he also include his so that I could thank him properly and reimburse him for shipping. My package arrived less than a week later with a note from DT apologizing for not finding me sooner. What an amazingly sweet man, with a good heart.

I have not decided how to thank D.T. for returning my bags. Money seems to be the easiest and most obvious answer and from the few conversations I have had with him he does not strike me as the type to expect or possible even accept a reward. To be honest a check feels somewhat cheap compared to the kindness, honesty, and pure heartedness he has shown me.

Doing someone else a great kindness can be a reward in itself, and from the sound of it, D.T. is just the kind of person who would only expect the same treatment in a similar situation.

via: consumerist

Try-Before-You-Buy Gadget Site YBUY Launches

2012-01-17T15:00:00.000-05:00

Good news, gadget hounds! The new “try before you buy” subscription service called YBUY is exiting its public beta, backed by $750,000 in seed funding. The concept is simple, and should have major appeal for the gadget-obsessed: for just $24.95 per month, you can test drive the latest electronics, home and kitchen gadgets for 30 days before deciding to purchase or return the items.

At launch, the site is serving up highly sought-after gadgets like the iPad 2, Dyson heaters, Jawbone headsets, iRobot Roombas and more.

The gadgets are shipped to customers for free, and also include a return label for free shipping on the way back to YBUY if you decide you’re not interested in purchasing. However, if find that you can’t bear to part with your shiny new iPad 2 (as is the exception, of course), you can proceed to purchase the item minus the $24.95 you already paid.

The company says it will also discount items under regular retail prices, too, to make buying through YBUY more compelling. This isn’t always the case, though. For example, YBUY lists the iPad 2 for $499.99 and the Jawbone Jambox for $199.99 – those are the going rates. Explains CEO Stephen Svajian, “for manufacturers, we provide an easy-to-use sales channel that allows them to offer refurbished products to consumers without the added cost of marketing and sales.” In other words, not all the gadgets are the cheaper (but manufacturer-certified) refurbs.

The Manhattan Beach, Ca.-based startup was founded by serial entrepreneur Stephen Svajian and Kevin Wall, a Managing Partner at Craton Equity Partners and CEO of Live Earth, among other things. The company’s $750,000 in seed funding comes from the founders themselves and other angels.

via: techcrunch

StartWire Automatically Updates You on the Status of Your Job Applications

2012-01-17T13:00:00.003-05:00

StartWire is designed to solve one of the most frustrating problems for job seekers: Spending countless hours sending out applications and customizing cover letters then following-up only to never hear back. StartWire tracks your applications so you're not in the dark.

The free service works by delivering daily status updates (via email and text message) on your job applications from over 5,400 companies currently signed up with StartWire. You track your applications by forwarding your confirmation email to apps@startwire.com or logging into the site and adding your application there. In your applications summary page on StartWire, you can see in one place, all your applications, whether they're active, stalled, or no longer in the running.

If you wish, you can also connect your LinkedIn and Facebook accounts to the service to find "hidden insider connections" of people who might be able to help your application along, as well as similar jobs matching your recent applications.

StartWire has been compared to TripIt.com—but instead of organizing your travel plans, it organizes your job search, which can make looking for a new job much less stressful.

StartWire

via: lifehacker

Zappos coughs to HUGE data breach

2012-01-17T09:00:00.002-05:00

Online shoe and apparel outlet Zappos.com has apologized over a massive data breach that exposed the personal details of millions.

Up to 24 million customers of the Amazon subsidiary may have been affected by the breach, which exposed names, email addresses, addresses, phone numbers, and password hashes. Zappos stressed that credit card data was not exposed. Hackers may have been able to lift the last four digits of credit card numbers but nothing beyond this, according to the e-tailer.

Accounts or passwords maintained with parent firm Amazon.com are not affected by the problem.

At the time of writing on Monday morning, Zappos is blocking international traffic to its blog, so customers outside the US are unable to see chief exec Tony Hsieh's explanation on how the breach happened, which was posted late on Sunday night.

Hsieh said hackers “gained access to parts of our internal network and systems” through one of the firm’s servers in Kentucky, The New York Times reports. Zappos has reset passwords and is in the process of notifying customers about the breach. In the aftermath of the data spillage, Zappos has suspended its telephone support operation, asking customers to contact it only via email.

Surfers who made the mistake of using the same account login credentials at Zappos and other sites would be advised to change their passwords pronto, Hsieh said. The breach can be expected to result in an increase of regular spam and is likely to spawn phishing attacks, so even more security-conscious users ought to be wary.

via: theregister

Use Your iPad or Android Tablet as a Second Monitor for Your Computer

2012-01-16T13:00:00.001-05:00

Want to eke out a little more value out of that tablet? Turn it into a second monitor for your PC or Mac and extend your screen real estate. This is especially handy for laptop users.

Several apps are available to extend your desktop onto your tablet. How-To Geek offers a tutorial on setting up Air Display, which is $9.99 for the iPad app in the App Store, but most of the apps seem to work similarly: Install the server software on your Windows or Mac computer, then run the app on your tablet.

How-To Geek notes some added functionality in Air Display, including the ability to mirror your desktop rather than extend it—useful for when you want to show someone what you're doing on your computer for teaching purposes, for example. Two other neat tips are using the iPad as a form filler (drag the form to the iPad, hand it to a client and have them fill it out with the onscreen keyboard) and using the iPad's touch capabilities:

You could, for example, drag a Photoshop window onto the extended iPad desktop and then use a stylus to draw on it or place the calculator app on the iPad screen and use your finger instead of the mouse to punch the keys.

A similar, less expensive app for both iPad and Android is iDisplay. It's $4.99 at the App Store as well as on Android Market. iDisplay works with both Mac and Windows and got fair reviews for the iOS version.

Because of some reviewers citing lag issues with iDisplay on Android (iOS users seem to like it well enough), Android users might want to look at newer and much less expensive ($0.99 for a limited time; normally $1.99) ScreenSlider. The downside is it only works with Windows PCs.

Whichever app you try, using your iPad or Android tablet to extend your screen might boost your productivity.

How To Use Your iPad as a Second Monitor for Your PC or Mac | How-To Geek

via: lifehacker

Cloud SWAT teams

2012-01-16T09:00:00.001-05:00

Cloud computing poses unique security challenges for organizations, and multiple industry surveys have shown that security and privacy are among the key concerns of executives considering the cloud.

To address the challenges of securing the cloud, the Cloud Security Alliance (CSA), a not-for-profit organization made up of cloud vendors, user organizations and other key stakeholders, is developing the concept of cloud-specific "security incident-response teams" (CloudSIRT). Security executives and industry analysts say the initiative is a good move and should help bolster security in the cloud.

For many, the threat of security breaches is the biggest reason why they're reluctant to embrace cloud computing. IT and security executives still aren't convinced that service providers can adequately safeguard their data, particularly when it comes to using public cloud services for business transactions.

Some of this apprehension might be justified. In one of the latest industry surveys on cloud computing, conducted by security services provider Trend Micro in June, 43% of the respondents said their enterprises had experienced a security "lapse" or other problem with their cloud vendors within the past 12 months.

The company queried 1,200 IT decision-makers in the U.S., the U.K., Germany, India, Canada and Japan. According to the survey, respondents said the top barriers to adopting cloud computing are concerns about the security of data or the cloud infrastructure (50%), and concerns about performance and the availability of cloud services (48%).

Another report, released in June by research firm 451 Group, venture capital firm North Bridge Venture Partners and research firm GigaOM Pro, shows that many organizations are still in the early stages of cloud adoption or are taking a wait-and-see approach.

In that survey, 40% of the 413 respondents, including both IT professionals and vendor personnel, said they are only beginning to experiment with a move to the cloud. Another 26% said they are awaiting market maturity before adopting a formal cloud strategy.

Taking a Team Approach

CSA is aiming to quell many of the concerns about cloud security and privacy by promoting the use of best practices for cloud security and providing education on using the cloud to help secure other forms of computing.

In January, the organization began pushing the idea of CloudSIRT, an initiative in which major cloud providers are working to address the future of collaborative incident response and information sharing in the cloud.

The CSA's premise is that SIRTs form the cornerstone of coordinated incident response and security information sharing for government agencies and enterprises, and that the model has worked well for handling malicious activity on the Internet.

But the organization says the advent of cloud computing has created a new set of challenges. The characteristics of cloud computing, such as multitenancy, resource sharing and on-demand provisioning, have the potential to complicate traditional response team operations. As a result, new types of teams are needed, it says.

"Most incident-response teams are focused [on] more traditional, on-premises computing infrastructure belonging to enterprises, governments and education institutions, and the threats to them from malware, spam, DDoS attacks and hackers," says John Howie, who heads the CSA working group for the CloudSIRT initiative. He is also senior director of technical security services for the online services security and compliance team at Microsoft Global Foundation Services.

"With public and off-premises private cloud computing, organizations of all types no longer have computing infrastructure, or have a much reduced attack surface," Howie says. "Cloud providers are managing the computing infrastructure. Incident response now has to cross not just boundaries within an organization, but across organizations."

What's more, the concentration of information assets from multiple user organizations creates the real possibility that the consequences of security breaches in the cloud will be much more severe than those of traditional incidents.

"An attack against a cloud provider, successful or not, can impact many organizations," Howie says. "Complicating the situation, organizations might contract service with many cloud providers. As hackers develop new attacks, cloud providers and consumers need a new breed of team to coordinate incident response effectively."

Cloud providers present a rich target for hackers, Howie adds. "Instead of compromising a single organization, a hacker can attack a cloud provider and can potentially gain access to the data belonging to several organizations," he says. Because of this, they're willing to devote much time and resources to attacking a cloud provider.

A cloud incident-response team that includes cloud vendors can share operational threat information to coordinate defenses against potential attackers as they're identified, Howie says, helping to ensure the security and privacy of customer data.

The goal of the CSA working group is to bring together cloud service providers, telecommunications and Internet service providers, established computer emergency response teams (CERT) and other qualified parties to establish an industrywide CloudSIRT.

"Since the initial working group was brought together at the beginning of the year, we have developed a charter, membership criteria, information exchange protocols and other collateral that will be necessary to bootstrap CloudSIRT," says Howie.

CloudSIRT has been formally incorporated, and the group is working toward establishing a memorandum of understanding with the CSA and registering as a nonprofit with the Internal Revenue Service.

CloudSIRT will officially launch at the CSA Congress in November. The group will initially consist mainly of cloud vendors and related service providers and established CERTs. Members will be expected to share information in a trusted fashion, and they must feel comfortable sharing information, Howie says.

To accomplish these goals, the working group has drawn up strict membership criteria and will publish details of who is eligible to join CloudSIRT and how they can join in the coming weeks. Howie wouldn't say whether users would be included, but he did indicate that the working group is exploring "many more opportunities."

Security experts say the CSA effort is a good step toward addressing cloud security.

"I'm positive on CSA and the CloudSIRT initiative, because appropriate forms of information sharing are very important in incident response and threat assessment," says Dan Blum, a security analyst at Gartner.

"The CSA has been an excellent focal point for the industry to collaborate on cloud computing security issues and has developed useful guidance," he says. "The CSA has also done well on coordinating with other organizations, such as standards bodies."

Blum agrees with the premise that cloud computing requires a different type of response team. "A serious incident in the cloud may affect multiple [cloud service providers] and enterprise customers," he says. "Each enterprise must have its own [incident-response] team to deal with a variety of issues, including legal and PR. But the enterprise IR team may be completely dependent on [cloud provider response] teams for information about the incident and some aspects of operational response."

Today, Blum says, cloud customers likely aren't being notified of all incidents their cloud service providers detect, and what information they do receive might be inconsistent, untimely or insufficient.

"Cloud-specific IR teams may help customer confidence to the extent they're actually able to do [something] to resolve incidents or facilitate information exchange," he says. "But cloud service providers and legal or regulatory bodies may first need to develop uniform codes of conduct that allow greater transparency and reduction of liability."

As hybrid clouds evolve and organizations are linked more closely to cloud service providers and the providers are linked to one another at an operational level, Blum says, "IT's world will become increasingly interdependent, and the effectiveness of incident-response processes and risk management in general will be even more critical. This will require CERT-level IR teams, much like incidents affecting multiple ISPs. It will also require teams that can work across [cloud service providers] on issues affecting a single customer or multiple customers."

Internal Cloud Teams

Some organizations have created their own cloud incident-response teams or are planning to do so, and they will be looking to the CSA for guidance.

"It's exciting to see a [cloud] response team being formed," says Rosie Rivel, director of IT global risk and compliance at Kelly Services, a Troy, Mich., provider of workforce services.

"Our IT security group is always dealing with security-related issues, but in more of a traditional fashion," Rivel says. "As we're moving into the cloud, what we're trying to do is build a knowledge base internally, but we can't do that in a short period of time." Being involved in the CSA effort would help Kelly Services gain valuable knowledge about cloud security, she says.

The company began using cloud computing in 2004, when it adopted Salesforce.com as its customer relationship management platform. The cloud is now a major part of its IT strategy.

Bart Falzarano, chief information security officer at Walz Group, a Temecula, Calif., provider of communications and compliance technology services, has set up an internal cloud incident-response team that monitors its private cloud and SaaS services. Team members include senior managers, infrastructure engineers and technical operations support personnel.

For those looking to form their own teams, Blum says it's best to include people from various parts of the organization.

"In general, IR teams must be cross-functional to cover multiple types of incidents," Blum says. For example, human resources would get involved in incidents involving insiders, external security service providers might be needed for incidents involving hackers from the outside, operations would cover low-consequence incidents or those concerning availability, and legal might be drawn into incidents with regulatory compliance or public relations implications.

"Cloud technical specialists will be needed on the team for organizations using public cloud services for real business," Blum says.

Howie, who is responsible for the incident-response function at Microsoft in addition to leading the CloudSIRT working group, wouldn't discuss Microsoft's efforts regarding cloud incident response. But he says for organizations that are adopting cloud computing and want to establish a cloud security team, the best place to start is with an existing CERT.

"There are plenty of excellent resources that an organization can leverage," such as information and tips about security incident-response teams provided by the Software Engineering Institute, Howie says.

An organization looking to create a cloud response team has to "take into account the unique characteristics of cloud computing, establish lines of communication with its cloud providers, and draw up standard operating procedures for a range of potential incidents, [from] service outages all the way up to breach notifications," Howie says.

via: computerworld

How to Investigate Your Elected Officials

2012-01-15T17:00:00.009-05:00

With the Iowa Caucuses in the United States, we're starting the long haul to November's election day where we'll be inundated by hundreds of advertisements and speeches filled with all kinds of promises. But how do you know whether those promises will be kept, or what the your member of Congress is really about? The truth is, a candidate can tell you a lot more about what they're going to do via their actions and their associations than their advertisements and speeches. And thanks to the work of a lot of great watchdog groups, a lot of that information is now publicly available online.

So how do you get started digging underneath the rhetoric and into the good stuff?

First, let's figure out who all your representatives are. Project VoteSmart makes this easy just type in your zip code, and they'll tell you who all your representatives are from the state level on up. If you live in a relatively dense area, chances are you live in a five digit zip code that has more than one legislative district in it, so the chances are that you'll need to know your Zip+4— you can figure that out courtesy of the USPS.

Now that you know who your rep is, it's time to put on your private investigator hat on. Start local! — but I think that's a much better place to start. Your local city council and state representatives impact your daily life far more frequently than your representative or even the president. If you live in California, Texas, Louisiana, Wisconsin, Maryland or Minnesota, you're really in luck, because OpenGovernment.org is pulling together a great website for you to see what's happening in your area. For everyone else, Google for your state's state legislative website, or if you're a developer, check out the Sunlight Foundation's OpenStates project, which has bulk data available for 44 states.

We're still a little behind with county and municipality votes and websites. But search for yours, you may have something useful out there. The most important thing about local candidates is that they're accessible. While you can (and should) try and meet with your federal representatives, sometimes the travel to Washington can be too burdensome. But local candidates are there and waiting for you to call them. Call their office, and ask for a meeting, and ask them what they're about. You'll be amazed at the reception you get.

There are two great tools for researching federal (President, Congress) office-holders: GovTrack.us and OpenCongress.org. If you live in the 7th Congressional District of Virginia, for instance, here's Eric Cantor's page in on GovTrack, and on OpenCongress. Take a look at the bills they've sponsored and co-sponsored, and what they've voted on, and see if they align with your issues. And if they don't — well, you know what to do.

As important as the voting record is the company your member keeps. InfluenceExplorer.com, from the Sunlight Foundation is a great place to start. If you're interested in Ron Paul for instance, you can see how much money he's raised, as well as what his top Earmark requests are. Over on OpenSecrets.org you're able to see what industries have Ron Paul as a top recipient of money, and even sort donors by zip code. At the state level, the National Institute on Money in State Politics offers the same service on FollowTheMoney.org.

Another interesting thing to look at is how politicians invest their money. OpenSecrets also has the neat feature of being able to see the kinds of investments that your member of Congress makes — they've catalogued each member of Congress' "Personal Financial Disclosure" form — the form all high-level government employees have to fill out when they get their job. What's the top asset held by a member of Congress you ask? That'd be the Milwaukee Bucks, owned entirely by U.S. Senator Herb Kohl.

If you want to dig deeper, *all* of this data is generally a hard-working non-profit compiling and delivering government data in a usable format. The federal financial contribution stuff comes from fec.gov, laws come from Thomas.gov (which celebrates its 17th birthday this week), and state official information comes from elections, ethics, and secretaries of state websites across the country. With a little sleuthing, you can figure out whether or not your politicians are right for you and make a little more sense out of how your government works.

In 2012, don't just listen to what the candidates have to say, or even listen to what everybody else has to say about them. Part of a healthy information diet means getting closer to the source: watch what they do, instead. If you can, meet directly with them, too. In my 10 years working in Washington, I've yet to hear a scheduler complain that their member has too many meetings with their constituents. Book some travel to Washington (April is a great time to visit, for the Cherry Blossoms), meet with your member of Congress, and participate in democracy.

via: lifehacker

Free open source Video and music player

2012-01-15T13:00:00.010-05:00

What Makes Miro So Amazing?

Works with your current music library

It's very easy to switch from iTunes to Miro -- without any copying. Just point Miro to your music and video folders and those files will appear. If you don't like Miro (impossible!), nothing's changed.

Converts and syncs to Android & Kindle Fire

You'd have to be crazy to use a music player that doesn't sync to your phone. Miro is simply the best music and video player for Android phones and tablets.

Buy Music and Apps inside Miro

The Amazon MP3 store is built-in to Miro. Buy, download, and listen, seamlessly. Buy Android apps from the Amazon or Google app stores and they will sync to your device.

Download and play almost any video

Do you still use separate programs to download, play music, play videos, and sync to your phone? Miro plays almost any video or music format and downloads from YouTube, podcasts, Amazon, and bittorrent.

Convert any video

You can convert almost any video with Miro into mp4/h264, with presets for almost any device you can think of (including iPhones, iPods, iPads, Android phones, and more).

Share Your Media on your Network

When two Miro's are on the same wifi network, they can stream and transfer music and videos to each other. It's the easiest way to watch a video or play music upstairs if the file is downstairs.

Open-source - don't lock yourself in!

Unlike some other media players, Miro is not trying to run your life! Not only is Miro 100% free and open-source, it's made by a non-profit organization. You don't need to be locked down by one corporation to have a great media experience.

Ultra-fast torrent downloading

Miro has some of the fastest bittorrent downloading in the world, built in. Try us head-to-head with any bittorrent application!

But it's not about the features!

Miro has a lot of features, but that's not what matters-- it's the experience. Miro is a simple, beautiful, unified way to download, organize, and watch videos and listen to music. And it's totally free.

Download miro here.

via: getmiro

Text-Only Reading Service Readability Updates, Offers Free Users Unlimited Access to All Premium Features

2012-01-14T17:00:00.008-05:00

Readability, one of the first services on the web to take ad-ridden and difficult to navigate web pages and present their content in plain text so you can read and enjoy them, announced this morning they were taking down the barriers between their free and paid versions, and now offer free users all of the benefits of premium accounts. Now all Readability users will get unlimited access to their reading lists, favorites, archives, and more.

Readability has always been a great way to cut through the bloat of the web and get right to the content that interests you most, much like similar services Read It Later and Instapaper. The update brings all Readability features to all users, including the ability to send any article you like to your Kindle and get a digest of your reading list on your Kindle every day.

The service will still offer users the ability to donate to support the project and the writers the service aggregates, and their upcoming iPhone and iPad app will likely cost a few dollars, but the service is worth another look now if you haven't been using it, or if you have a free account and want to make more use of it.

via: lifehacker

Six Hotel Giants Team Up To Launch Hotel Search Engine Roomkey.com

2012-01-13T17:00:00.002-05:00

In an unexpected move, six of the largest hotel companies in the world have partnered to launch a hotel search engine of their own, dubbed Roomkey.com. The hotel companies hope that offering a ‘personalized experience’ and ‘accurate information’ will make travelers choose for them when they search for accommodation.

Choice Hotels International, Hilton Worldwide, Hyatt Hotels Corporation, InterContinental Hotels Group, Marriott International and Wyndham Hotel Group teamed up to start Roomkey.com to, in their own words, “provide travelers a search and book experience tailored for ease of hotel shopping through an uncluttered and trustworthy site”.

Roomkey.com users can look for and book properties at all – but only those – six hotel chains involved, including their affiliates. Later on, the hotel companies say, the site will also offer independent reviews, and the ability to compare, plan and share with friends and family.

The site is not just limited in scope, but also up against a plethora of hotel search websites and aggregators, so it remains to be seen if it will get any traction. For now, it’s focused on serving travelers in the United States, but it should be expanded to include other English-speaking regions soon.

Roomkey.com will be led by John F. Davis III, most recently CEO of BirchStreet, and founder of hotel distribution switch technology company Pegasus and floral ordering company 1-800 Flowers.

Interestingly, Roomkey.com says it acquired its technology platform from hotelicopter in an asset deal that closed in 2011.

Terms of the acquisition were not disclosed, but it was likely small in size.

More background information about the deal is available on industry news site Tnooz.

via: techcrunch

How to Turn Off Google’s Annoying New Personal Search Results

2012-01-13T13:00:00.013-05:00

Google announced they were integrating Google+ into your search results, and this morning, you may have noticed the change. The problem: It's cluttered, not useful for the bulk of searches you do every day, and enabled by default for all results. Even if you choose to hide personal results, they're turned back on by default with each fresh search. It's annoying, user unfriendly, and you should turn it off. Here's how.

First of all, the "search plus your world" feature is still rolling out, so you might not see this yourself yet. It's definitely starting to do so en masse, however. When you're signed into Google and if you use Google+ or Picasa sharing, you'll see personal results at the top of the web search results page, on the right side, and in the search listings, marked with a blue person icon.

You can toggle the personal results off by clicking the globe icon on the top right of the page, but this can be a pain to keep doing over and over again with each search.

Thankfully, it's easy to disable* the personal results:

Click on the settings cog at the top right of the Google page, then click Search settings.

Under "Personal results" select "Do not use personal results."

Selecting "Do not user personal results" actually doesn't disable personal search results—you can still toggle to show personal results any time. It just makes "hide personal results" the default.

The decision to bury this toggle in the settings rather than making your decision sticky, if anything, indicates how aggressively Google is pushing Google+ into their various products, and I, for one, don't like it. It's hostile to the user for the benefit of G+. I'm not under the illusion that Google is always focused on you—they're a massively profitable corporation in the business of making money—but the honor of being your default search engine isn't fixed in stone, and moves like this can easily push users in other directions.

I don't think it's a useless feature, but for the majority of my searches, it is, and forcing it as a default is a misstep.

via: lifehacker

Carrier IQ detection tool converted to premium SMS Trojan

2012-01-13T09:00:00.001-05:00

Android malware writers are taking advantage of the controversy surrounding Carrier IQ's smartphone tracking software in order to distribute a premium SMS Trojan, security researchers from Symantec warn.

"Android.Qicsomos is a modified version of an open source project meant to detect Carrier IQ on a device, with additional code to dial a premium SMS number," said Symantec malware analyst Irfan Asrar in a blog post on Tuesday.

The Carrier IQ controversy began in November 2011, when security researcher Trevor Eckhart published a detailed analysis of a monitoring agent developed by the company and preloaded by many mobile carriers on devices sold to customers.

The Carrier IQ software is designed to collect usage data from smartphone devices in order to provide carriers with statistics about dropped calls, service interruptions, battery usage and similar information.

However, Eckhart claimed that the software can also be used for more privacy-intrusive purposes, leading some users to look for ways to remove it from their devices.

The premium SMS Trojan detected by Symantec masquerades as a tool for detecting the presence of the Carrier IQ agent, which some people are considering a rootkit, a surreptitious application with low-level system access.

The version analyzed by the security vendor's researchers was localized in French and its icon was similar to the logo used by Orange, one of Europe's largest telecom operators.

The Trojan does not appear to be spread from the Android Market, so distribution is most likely done through some form of spam messages that claim to originate from mobile operators, Asrar said.

Upon installation, the rogue software displays a window that contains some information about the device and claims that the Carrier IQ rootkit was not found. Users are then presented with a button to uninstall the app.

However, when this button is pressed, the Trojan sends an unauthorized SMS message to a premium-rate number registered by the malware's creators, earning them money in the process.

An interesting aspect of this Trojan is that its code is signed with a certificate obtained from the Android Open Source Project (AOSP). While the majority of manufacturer-supplied Android builds don't trust this certificate by default, some older community-built versions might. Because the code is signed with a trusted certificate, users of such unofficial versions might not even see the permissions notification prompt when the Trojan is installed.

Some users might be understandably skeptical of the bleak predictions regarding mobile threats that were put forth in recent months by security vendors. "But to any skeptics out there, I can assure you some concerns, such as this threat, are not without merit," Asrar said.

via: computerworld

Indiana, Enjoy Your Final Two Years Of "Tax-Free" Amazon Purchases

2012-01-12T17:00:00.001-05:00

Add Indiana to the list of states in which Amazon customers will pay sales tax when they buy something, as state officials have reached a deal that will require the online retailer to start collecting the state's 7% tax on purchases.

The AP reports the deal doesn't take effect until 2014. Indiana expects to haul in $20 million in extra annual revenue.

Physical retailers push for arrangements such as this, because they help level the playing field against Amazon's usually tough-to-undercut prices. You can forgive customers for being less than enthused, being that they'll be the ones sticking that extra $20 million into the state's coffers.

If you're curious about the way your state handles income tax with Amazon, check out this Amazon help page.

Indiana officials reach deal with Amazon.com to start collecting state's sales tax in 2014.

via: consumerist

Fixing Virtual Memory Issues

2012-01-12T13:00:00.002-05:00

What is Virtual Memory?

When you run a program on your computer, you use physical memory (RAM) to run it. You tell the computer to run the program and the processor pulls it from the hard drive and loads it into RAM so it can be worked with. You can only open so many programs until all of your RAM is being used. In order to open another program, you'd have to close one of the ones you have open in order to free up some space in RAM. Not with virtual memory!

Virtual memory is a technique utilized by your operating system in which it takes a chunk of your hard drive and uses it as memory. The programs you are running don't know the difference between physical memory and virtual memory, so it doesn't really matter that you run out of RAM, so long as you have some hard drive space as a backup for workspace. Essentially, you can choose to allocate as much free disk space as you have to be used for virtual memory. However, a hard drive is much, much slower than physical memory; therefore, it's not as reliable a place to run applications as physical memory, but it's a cost effective way to increase your workload without purchasing additional RAM.

If your virtual memory isn't configured appropriately to match your workload, you may receive an error from Windows saying that you have too little virtual memory or that your virtual memory is too low. This is often accompanied by a blue screen or can result in all of your programs being closed down and all of your work lost.

Virtual Memory Issues and How They Occur

Your operating system should be configured, by default, to allocate a certain size of the hard drive (typically 1.5 times the amount of RAM) to use as virtual memory when it is needed. The part of the hard drive that is used for virtual memory is called a page file or a swap file. You can increase or decrease the size of the page file in order to achieve a special result. Increasing the page file size will give you more virtual memory and thus more space to run programs but will decrease speed and performance, because the operating system will have to jump back and forth between physical memory and virtual memory to run the program.

Remember, your hard drive is slower than RAM, relying on the hard drive as virtual memory too much decreases performance. Alternatively, if you have a surplus of RAM to run applications you can decrease the page file size to prevent applications from using the hard drive as virtual memory. You don't want to completely disable the page file, because many programs, the operating system included, expect that virtual memory to be there. Some programs even load several of their components into virtual memory but never access them.

Occasionally, you may give your computer more work than it can handle. You may unknowingly load more applications into your physical and virtual memory combined that there is simply no more room to work with and Windows will give you a virtual memory error. This error isn't fatal, it simply means you ran out of virtual memory. Other times, there may be errors in your system's configuration that cause virtual memory overload.

A virtual memory error doesn't necessarily mean something is broken, it means that you are out of memory. You may be able to prevent this buy doing one or both of these things: Add more RAM to your computer or increase the page file size, thus increasing your virtual memory pool. Here are some manual steps to take to solving virtual memory problems. You may already have the maximum amount of RAM that your motherboard and/or operating system will allow. In this case, your only options are to run less applications, which hardly anyone is willing to accept, or you can increase the page file size.

How to Easily Fix Virtual Memory Issues

Virtual memory problems, such as "low virtual memory", are not commonly caused by errors with your RAM or hard-drive themselves. Rather, these errors spring up because of system misconfiguration. A misconfiguration can range from something as simple as a number setting being too low, to random, seemingly unrelated errors in your system's registry. The bottom line is that it takes a proper diagnosis to determine how to fix a virtual memory problems.

via: windowsanswers

Feds Refine Cloud Security Standards

2012-01-12T09:00:00.001-05:00

he federal CIO Council has released security controls for the new agency-wide program that standardizes security requirements for cloud-computing products and services, a key move in setting standards for cloud security across the federal government.

More than 150 security controls in 16 categories have now been defined for the Federal Risk Assessment Program (FedRAMP), which provides common security requirements for cloud implementation on specific types of systems.

FedRAMP also provides ongoing risk assessments and continuous monitoring, and carries out government-wide security authorizations for vendors providing cloud services and infrastructure that will be posted on a public website.

The release of these controls "is the critical first step that to successfully launching FedRAMP," as they are the basis for the program's standardized approach to the security authorization process for cloud products and services, according to a blog post on CIO.gov, the website for the CIO Council.

The FedRAMP Joint Authorization Board (JAB) went through an "extensive vetting process" to approve the controls since the initial release of FedRAMP documentation last year, according to the post. Indeed, FedRAMP has been in the planning stages for about two years but only was formally unveiled by U.S. CIO Steven Van Roekel in December.

The JAB also used feedback from those in both industry and government to create the controls so they "properly address the unique elements of authorizing cloud products and services, including multi-tenancy, control of an infrastructure, and shared resource pooling," according to the post.

To receive authorization from the federal government, agencies must implement the controls within a cloud service provider environment.

The categories cover comprehensive areas of security concern for IT systems. They are: access control; awareness and training; audit and accountability; assessment and authorization; configuration management; contingency planning, identification and authentication; incident response; maintenance; media protection; physical and environmental protection; planning; personnel safety; risk assessment; system and services acquisition; system and communications protection; and system and information integrity.

Each control covers a very specific area in a category that agencies must define for cloud-computing implementations. For example, controls under Access Control include account management, access enforcement, information flow enforcement, and separation of duties. Some of the requirements under personnel safety include individual controls for personnel screening, termination, and transfer, while controls under the incident response category include specific ones for incident response training, handling, monitoring, and reporting.

The systems and communications protection category--which covers many of the standard security procedures for system, such as public key infrastructure certificates, denial of service protection and use of cryptography--has the most controls, a total of 32. The awareness and training category has only four.

FedRAMP is a multiagency effort, with the Department of Homeland Security (DHS), the National Institute for Standards and Technology (NIST), and the General Services Administration (GSA) all playing key roles.

In fact, the new security controls are in line with NIST Special Publication 800-53, Revision 3, which provides recommended security controls for federal IT systems and organizations for low and moderate impact systems, according to the CIO.gov blog post.

via: informationweek

Hyundai offers 'lifetime battery replacement guarantee' for Sonata Hybrid

2012-01-11T17:00:00.004-05:00

Hyundai is complementing its standard 10-year, 100,000-mile warranty by adding a "lifetime battery replacement guarantee" for the Sonata Hybrid, the only hybrid the South Korean automaker sells.

Hyundai said Monday that, in the event of breakdown of the Sonata Hybrid's lithium polymer battery, the company will replace the battery free of charge and pay for its recycling costs. Hyundai, which co-developed the lithium polymer battery with LG Chem, says the Sonata Hybrid's drivetrain can hold up under more than 300,000 miles of driving with "minimal degradation."

Hyundai continues to pitch its cars' reliability and fuel efficiency as a way to boost U.S. sales. For the model year 2010, the most recent year the U.S. Environmental Protection Agency tracked fleetwide fuel efficiency, Hyundai achieved a fleetwide fuel-economy level of 25.9 miles per gallon, best among the 14 largest automakers. Hyundai boosted U.S. sales by 20 percent last year to a record 645,691 vehicles, with the Sonata as its best-selling line. The company doesn't break out sales numbers specifically for the Sonata Hybrid, which is rated by the EPA to get 37 miles per gallon combined.

Hyundai has been offering a 10-year, 100,000-mile warranty on all of its vehicles since 1999.

Here is the press release:

YUNDAI FIRST AUTOMAKER TO OFFER HYBRID LIFETIME BATTERY REPLACEMENT GUARANTEE

Lifetime Battery Replacement Guarantee covers 2012 Hyundai Sonata Hybrid Batteries Far Beyond Hyundai's Industry Leading 10-Year, 100,000-mile Warranty

COSTA MESA, Calif., Jan. 9, 2012 – Hyundai today added to its Sonata Hybrid coverage a Lifetime Battery Replacement Guarantee to expand the benefits of Hyundai Assurance, the industry's most comprehensive warranty program. The coverage applies to all 2012 model year Sonata Hybrid models over the life expectancy of the vehicle and thousands of miles beyond the average duration of new-car ownership. The first-of-its-kind protection ensures that if the Sonata Hybrid lithium polymer battery technology failes, Hyundai will replace the battery and cover recycling costs for the old powerplant free of charge to the owner.

Hyundai tested Sonata Hybrid and its Blue Drive hybrid drivetrain for more than 300,000 miles with minimal degradation of its output or duration of operation, providing Sonata Hybrid owners with confidence that their investment will continue to pay dividends well into the future.

"The Hyundai brand was built on outstanding quality backed by the industry's best protection program which we call Hyundai Assurance," said Michael O'Brien, vice president, Corporate and Product Planning. "Expanding Hyundai Assurance to include Lifetime Battery Replacement Guarantee was another opportunity for us to demonstrate our confidence in the durability of our product, and pass that peace-of-mind on to our owners."

The heart of Hyundai's breakthrough Hybrid Blue Drive technology is its remarkable lithium polymer batter pack. Hyundai is the first automaker in the world to incorporate this remarkably efficient battery technology into production vehicles. Automotive duty cycles, with temperature ranges from -40 to 120+ degrees Fahrenheit, and 10-year-and-beyond longevity requirements render the lithium ion batteries used in consumer devices unsuitable. Lithium polymer is the next generation of lithium ion technology and is ideally suited to automotive applications thanks to a robust and reliable chemistry.

The lithium polymers cells, developed with our partner LG Chem, use a manganese spinel chemistry that provides an excellent balance between power delivery, energy density and thermal stability. Thermal stability is critical to ensuring durability eliminating the need to replace the battery pack during the normal lifespan of the vehicle. The electrodes in older lithium ion chemistries expand and contract with the heating and cooling that occurs during charging and discharging. This thermal expansion causes cracks in the electrodes which ultimately reduces the cell's ability to hold a charge. Manganese spinel lithium polymer cells have much lower expansion rates and are thus able to go through tens of thousands of charge cycles even without having to use a heavier, liquid cooling system.
HYUNDAI MOTOR AMERICA
Hyundai Motor America, headquartered in Costa Mesa, Calif., is a subsidiary of Hyundai Motor Co. of Korea. Hyundai vehicles are distributed throughout the United States by Hyundai Motor America and are sold and serviced through more than 800 dealerships nationwide. All Hyundai vehicles sold in the U.S. are covered by the Hyundai Assurance program, which includes the 5-year/60,000-mile fully transferable new vehicle warranty, Hyundai's 10-year/100,000-mile powertrain warranty, and five years of complimentary Roadside Assistance.

For more details on Hyundai Assurance, please visit www.HyundaiAssurance.com

via: green.autoblog

Easy ways to protect your privacy and data

2012-01-11T13:00:00.016-05:00

In spite of one high profile computer security breach after another, many people are still not employing even the most basic safeguards to protect their privacy and their data. Defense Intelligence has created the following seven computer security resolutions to help people protect their privacy, their data, and their wallets.

Stay up to date

Keep everything updated. Your operating system, your web browser, anti-virus, Acrobat, Java, everything.

Set programs to automatically update so it’s not as annoying.

Before randomly clicking the “update” button, be sure you recognize the program and it looks legitimate. If in doubt about an update pop up, open the program itself and update from there.

Improve your passwords

Stop using the same password in multiple places. Unless it’s a throwaway account that you care nothing about, have a unique password for everything you do.

Strengthen your passwords by adding numbers, symbols and capital letters. Try using phrases instead of a single word.

Do not store your passwords in your browser.

Check your messages

If you don’t know who the email is from, don’t open it.

Turn off the preview feature in your email program. Some malware can be executed simply by being opened in the preview pane.

Don’t click on links in received emails. These can be faked and may lead you to bad places. Copy the address and then paste it in your browser instead.

Don’t open any attachments that you aren’t expecting. If it’s from a friend, check with them to verify that they sent it.

Don’t forward forwards.

Know your friends

Don’t add “friends” that you don’t know.

Keep your friend list up to date. If you’re not sure who the “friends” on your contact list are, delete them.

Before clicking on any links or files sent to you, verify that your friend intended to send them to you.

Secure your mobile devices

Require a password to unlock your phone or tablet and keep it locked when not in use.

Don’t store anything on your mobile that you aren’t comfortable losing.

Ensure that your device does not connect automatically to open Wi-Fi networks.

Install an application capable of locking down and erasing your device in the event it is lost or stolen.

Watch what you click

Be wary of third party applications available for your phone, facebook, etc. If you don’t need it, don’t install it.

Don’t click on shortened links on Twitter or elsewhere. You have no idea where you might end up. To see where these links lead to, use a service like http://www.longurl.com or http://www.unfurlr.com.

Share with care

Whatever you share online will remain online. Once it’s out there, there is no way to remove it.

Treat email like a postcard - potentially visible to all.

Don’t insert random USB keys into your computer - you don’t know where they’ve been or what they may contain.

via: net-security

Microsoft patches critical Windows drive-by bug

2012-01-11T09:00:00.001-05:00

Microsoft shipped seven security updates that patched eight vulnerabilities in Windows and a code library used to protect Web applications from cross-site scripting attacks.

As experts expected, yesterday Microsoft issued the patch it pulled at the last minute in December 2011.

Only one of the seven updates was labeled "critical," Microsoft's highest threat ranking; the others were marked "important." Of the eight vulnerabilities, Microsoft classified seven as important, one as critical.

MS12-004 , which plugs two holes in Windows Media Player, was the unanimous choice of security experts as the first update to deploy.

"It's a drive-by," noted Andrew Storms, director of security operations at nCircle Security, referring to attacks triggered when users simply browse to a malicious site. The bug, which is within Media Player's parsing of MIDI-formatted files, exists within Windows XP, Vista, Server 2003 and Server 2008, but not the newest editions, Windows 7 and Server 2008 R2.

"It looks like the Windows 7 guys fixed it already," said Storms.

Others also tagged MS12-004 as the update to apply pronto.

The second of the two bugs patched by MS12-004, said Wolfgang Kandek, chief technology officer at Qualys, is within the closed captioning feature of Windows Media Player. Kandek guessed that Microsoft rated that flaw as important -- rather than critical, as it did the MIDI file format vulnerability -- "because most people don't have it on by default."

"I'm sticking with MS12-004, too," said Jason Miller, manager of research and development at VMware.

Kandek and Miller named MS12-005 as another update to install as soon as possible.

That update patches a single vulnerability in the ClickOnce feature of Microsoft Office documents. Microsoft gave the bug an exploitability index rating of "1," meaning the company expects reliable exploit code to appear in the wild in the next 30 days.

Kandek noted that Microsoft pegged MS12-005 as important, not critical, even though it could be used to plant malware on a machine. "They did that because there is some user intervention required," said Kandek. "A user would have to open an Office file and then click on something."

Miller also found MS12-005 interesting, but argued against Microsoft's exploitability rating, downplaying the likelihood that attackers would actually leverage the bug.

"Some will probably figure it out, but I'm guessing that the ClickOnce technology isn't something most attackers are very well versed with," said Miller. To exploit the vulnerability on an unpatched PC, hackers would have to know -- or learn -- how to create a ClickOnce application, then embed it in, say, a Word or PowerPoint document.

Other bulletins that drew experts' eyes included MS12-006 and MS12-001 that patched Windows to block attacks using an available hacking tool and to stymie assaults against older Web apps.

MS12-006 fixed a long-standing issue in SSL (secure socket layer) 3.0 and TLS (transport layer security) 1.0 within Windows that was publicized last September by a pair of researchers who built BEAST, or "Browser Exploit Against SSL/TLS," a hacking tool and the first-ever practical exploit of an flaw known since 2003.

Microsoft was set to quash the bug exploited by BEAST last month, but scratched the release just before December's Patch Tuesday because German enterprise developer SAP reported compatibility problems.

Although Microsoft would not confirm last week that the BEAST bug would be on today's slate, most researchers put their money on its release.

MS12-001 was also out of the ordinary: It was the first that Microsoft branded as a "security feature bypass" vulnerability.

As several experts guessed last week, today's MS12-001 patched Windows to ensure an anti-exploit technology dubbed "SafeSEH" cannot be bypassed by attackers targeting older applications created with Visual C++ .Net 2003, a developer toolset that shipped in April 2003.

Applications built with later versions of C++ .Net are immune to the vulnerability.

Rather than require application developers to recompile their work, said Storms, Microsoft has instead tweaked Windows. "Windows now knows how to correctly read the metadata," Storms said.

Windows XP Service Pack 3 (SP3), the only currently-supported version of the decade-old OS, isn't vulnerable to the bug, Microsoft said. But newer editions, including Windows Vista, Windows 7, Server 2008 and Server 2008 R2, are.

Miller was pessimistic about hackers' chances exploiting this vulnerability, too.

"They're going to have to find an application [written with C++ .Net 2003], then package this with another vulnerability," Miller said. "They'll have to hunt and peck to find [a target], which are rare," he added, because of the age of that language, and thus the age of the applications written with it.

Microsoft published additional information about MS12-001 on its Security Research & Defense blog.

December's security patches -- with the exception of MS12-007 -- can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.

The MS12-007 update, which affects a library used by third-party developers to deflect cross-site scripting (XSS) attacks, is currently available only as a manual download from Microsoft's download center.

"The update will also be provided through our other standard distribution methods once testing has been completed to ensure distribution will be successful through these channels," Microsoft said in the accompanying write-up of the vulnerability.

Miller was dubious.

"They've said this before," Miller said, "but I haven't seen them pop up on Windows Update. These are the kind that can easily get by customers."

via: networkworld

Five free Windows Registry Cleaners to keep your system running smoothly

2012-01-10T13:00:00.003-05:00

If you decide to use a registry cleaner, make sure you choose one that’s reliable and safe. Here are some excellent options.

Along with viruses and malware, the registry is the Achilles Heel of Windows. From within that hierarchical database, the operating system can be rendered unbootable, slow, or problematic. So it behooves the admin (or the user) to keep the registry as clear of errors as possible.

Here’s the problem. With rampant and careless software installation, the registry gets mucked up quickly. And when the registry gets mucked up, bad things happen. Aside from being fastidious with your software management, you can use various tools to help keep the registry clean and free from errors. There are tons of registry cleaners out there, some of which do what they promise. Others are snake oil or worse. Here are a few apps you can trust to handle the job and keep your registry as clean as possible (without manually running a fine comb through every entry).

1: CCleaner

CCleaner is my go-to cleaner. I know it gets a lot of flack for having to be run multiple times (to fully clean the registry), but it always does the job, and never have I seen CCleaner render a system unbootable or worse for wear. One of the things I like most about CCleaner (aside from the fact that it will also rid your machine of temporary Internet files) is that it will always prompt you to back up your registry before you run the cleaning tool. CCleaner is also a mid-level cleaner, in that it does not go too deeply into the registry, so you don’t run the risk of breaking your machine.

2: Comodo System Utilities

Comodo System Utilities is another product with more features than just registry cleaning. This tool will dig a bit deeper than CCleaner but is just as safe. Comodo is one of those companies that’s not nearly as well known as it should be. Its products are always topnotch and affordable. The System Utilities tool is free, so you can’t go wrong. This registry cleaner should be considered more of a deep cleaner. Once you’ve run it, you should experience a much-improved system. And like CCleaner, I’ve never seen Comodo System Utilities brick a PC.

3: TweakNow RegCleaner

TweakNow RegCleaner works with Windows XP, Vista, and 7 and does a fantastic job of removing obsolete registry entries. Although not as deep a cleaner as Comodo, TweakNow RegCleaner is one of the fastest registry cleaners you will ever use. If you’re looking for a mid-level cleaner and speed is the name of the game, TweakNow is what you want. TweakNow RegCleaner will also clean up traces from Web browsing, clean Windows temporary files, compact Google Chrome and Firefox database files, optimize Windows settings, and optimize network settings.

4: Wise Registry Cleaner Free

Wise Registry Cleaner Free offers a unique restore feature that most other registry cleaners don’t have. With this feature, you can restore back to the previous registry state with the click of a button. Wise Registry Cleaner also offers registry defrag, scheduling of tasks, registry backup, and free technical support. Of all the free registry cleaners, Wise Registry Cleaner Free should be considered the Mac Daddy of them all. One nifty feature: If you double-click a registry entry (after scanning), Wise Registry Cleaner will open that entry up in the Registry Editor, where you can manually edit or delete it.

5: AML Registry Cleaner

AML Registry Cleaner is more of a power-user registry cleaner (though not to the level of manual editing) and offers added features, like keyword search, the ability to add your own junk file removal, and the ability to see all startup applications. AML Registry Cleaner finds quite a lot more keys for removal than most other cleaners. This, of course, can be considered both good and bad. For me, this is one of those tools I use when low- and mid-level cleaners can’t find junk entries causing problems with the registry. But beware: With the power this tool offers, you can run the risk of breaking the registry. So as you would do with all registry cleaners… back up your registry before you do anything to it or with it!

Your favorite?

There are plenty more registry cleaners available. But these are the tools I used more often than not and they’ve always been a huge help in getting a system running in a much faster, more reliable state. Which ones do you like?

via: techrepublic

Cloud-Based Video Editor WeVideo Launches To Public

2012-01-10T09:00:00.001-05:00

WeVideo, the cloud-based collaborative video editing platform which announced integration with YouTube in October, is today exiting its beta period and launching commercially. The service now has over 125,000 users creating more than 1,000 video projects per day using the online platform.

Sunnyvale, Calif.-based WeVideo, which launched in fall 2011, is actually a spinoff from a European venture called Creaza, which offers a similar, but education-focused, movie editor to a quarter million students across Europe. As opposed to desktop editing software, which is restricted by the computer hardware, WeVideo’s online video editing solution can scale up processing speeds on demand, based on the end user’s needs. As users move up through the company’s paid tiers, speeds increase, as does the available storage space and video resolution.

In addition, videographers can collaborate on projects together, where all project members can share their video clips via a single interface. (This feature is available to paid users only).

As it enters its General Availability status, WeVideo has settled on pricing for its freemium service. The free version offers 1 GB of workspace and scales up to offerings that range from $6.99 to $79.99 per month for 10 to 100 GB of workspace, as well as varying export qualities and additional features. An enterprise version will also be available (pricing available upon request), which will allow organizations to integrate WeVideo into their existing products or services.

The enterprise version includes a configuration layer that allows companies to add their own branding, full API level support, a centralized shared storage architecture and advanced administrative controls for collaboration, editing, management review and video export options.

Says CEO Jostein Svendsen, the company expects that it will amass over a million users by the end of 2012.

via: techcrunch

The Best System Monitor for Windows

2012-01-09T13:00:00.001-05:00

While Windows' built-in Task Manager is great for the occasional resource check, it's not something you can easily monitor all day long. For that, we recommend Rainmeter, the best darn system monitor around.

Features

Displays statistics for CPU, disk, memory, network, system temperature, and more anywhere on your desktop
Can also display text-based notes, email notifications, RSS feeds, weather, and virtually anything else you could want on your desktop
Tons of third party themes allow for complete customization of how system information is displayed
Very light on system resources

What good:

While Rainmeter's feature list doesn't seem very long, it's impossible to nail down everything it does—because it does whatever you want. Rainmeter is the most customizable desktop tool around: you can choose from tons of different looks, even more different informational widgets, and drag each widget around to arrange them however you want. It has plugins that allow it to display regular system stats like CPU usage, CPU temperature, RAM usage, disk usage, network usage, your IP address, currently playing track in your music player, weather forecasts, a clock, RSS feeds, email notifications, notes, and much more. Depending on the "skin suite" you choose, you could have even more options, like showing the temperature of each CPU core, as well as variants on each widget so you can choose from a number of different looks. No matter what you want your desktop system monitor to look like, you can probably do it with Rainmeter.

What's not so good:

Rainmeter's only downside is that, because it's so customizable, it takes a bit of work to set up. It's also a bit confusing for beginners, mostly because of the awfully chosen terminology they use for each aspect of the interface (a "widget" is called a "skin", what we normally call "skins" are "skin suites", and "themes" are something else entirely). Here's a tutorial that should help you through the process of setting it up if you get confused.

Others like it:

If you don't like Rainmeter, you can go with the slightly simpler Samurize. Samurize is similar, but without all the flashy looks—it just places your basic system stats on your desktop, in a simple little overlay. You can edit the text-based config file to customize it, but if you're going to go through that trouble you might as well try Rainmeter first. Samurize also hasn't been updated in a few years, so you'll need to run the installer in compatibility mode for Windows XP. It'll still work, though some features might be glitchy, and it could stop working at any time—it doesn't look like the developer plans on upgrading.

SysTrayMeter is an even simpler (and portable) program—it just puts an icon in your system tray that shows you how much CPU and RAM you are using. That's it. It changes color as your usage changes—yellow if you're using a lot of resources and red if you're running out—but other than that, it doesn't do much. It's dead simple though, so if all you want is to keep an eye on those two stats, it's perfect. Note that its homepage is also down, so we assume it's no longer in development and could die just as easily as Samurize.

Strangely, there aren't a ton of great system monitors that are still in development. If you prefer your monitor in the taskbar, you can check out Taskbar Meters, and if you just want to monitor your CPU temperature, something like Core Temp will suit you just fine. You can also use Windows' built-in Desktop Gadgets, which have a myriad of options to choose from.

Platform: Windows
Price: Free
Download Page

via: lifehacker

Initiative to Protect the Electric Grid from Cyber Threats

2012-01-09T09:00:00.001-05:00

As part of the Obama Administration’s efforts to enhance the security and reliability of the nation’s electrical grid, U.S. Energy Secretary Steven Chu today announced an initiative to further protect the electrical grid from cyber attacks.

The “Electric Sector Cybersecurity Risk Management Maturity” project, a White House initiative led by the Department of Energy in partnership with the Department of Homeland Security (DHS), will leverage the insight of private industry and public sector experts to build on existing cybersecurity measures and strategies to create a more comprehensive and consistent approach to protecting the nation’s energy delivery system.

“This initiative is another important step forward in improving the security of the Nation’s energy infrastructure and ensuring that the country’s electrical systems remain secure, reliable and resilient,” said Secretary Chu.

“Establishing a comprehensive cybersecurity approach will give utility companies and grid operators another important tool to improve the grid’s ability to respond to cybersecurity risks.”

“This effort will be focused on performance-based strategies and concrete steps to measure progress of cybersecurity in the electric sector,” said White House Cybersecurity Coordinator Howard A. Schmidt.

“It is important to understand the sector’s strengths and remaining gaps across the grid to inform investment planning and research and development, and enhance our public-private partnership efforts.”

This newest initiative, which will build on existing cybersecurity efforts by the Obama Administration and industry, will develop a “maturity model” that allows utility companies and grid operators to measure their current capabilities and analyze gaps in their cyber defenses. Maturity models, which rely on best practices to identify an organization’s strengths and weaknesses, are widely used by other sectors to improve performance, efficiency and quality.

To launch the initiative, officials from the Energy Department, the White House and DHS met earlier with more than two dozen senior leaders from across the electric sector. Over the next several months, the Department will host a series of workshops with the private sector to draft a maturity model that can be used throughout the electric sector.

More than a dozen electric utilities and grid operators are expected to participate in the pilot program to test the maturity model, assess its effectiveness and validate results. This public-private partnership and pilot program will help develop a risk management maturity model that is expected to be made available to the electric sector later this summer.

As cyber threats to the nation’s electrical grid become increasingly sophisticated and dynamic, the Department of Energy is continuing to work closely with DHS, other government agencies, and industry to reduce the risk of energy disruptions due to cyber incidents.

For example, in September, the Department released both the Roadmap to Achieve Energy Delivery Systems Cybersecurity and a Cybersecurity Risk Management Process Guideline that establish frameworks and processes to help the electricity sector manage cybersecurity risk. The initiative launched today builds on these existing efforts by taking a more tactical approach that works well for the entire electric sector.

For more information about the Department's efforts to strengthen cybersecurity for energy systems and activities to modernize the electric grid, visit the Office of Electricity Delivery and Energy Reliability's website.

Source: http://energy.gov/articles/department-energy-launches-initiative-industry-better-protect-nation-s-electric-grid-cyber

via: infosecisland

Seven Alternate Web Browsers for Kindle Fire; Amazon Silk Needs Work

2012-01-08T13:00:00.001-05:00

I don’t know about you guys, but I’m really liking the Kindle Fire and I haven’t even rooted it or installed any ROMs yet. But one thing I don’t like is the web browser.

The Kindle Fire comes with its own special web browser called Amazon Silk that was developed by Amazon’s engineers. It is supposed to be awesome and fast and revolutionary—that’s what Amazon wants you to think—but I don’t like it. For one, the viewing area is way too small. There’s about a half an inch of wasted space at the top and another half an inch of wasted space at the bottom.

In portrait mode it’s not so bad if you don’t mind zooming all the time, but I mostly prefer landscape mode for web browsing and with all the wasted space there’s only about 2.5″ tall of visible area.

What I find truly odd is all the pictures of the Silk web browser on the Kindle Fire description page at Amazon show the bar at the bottom of the screen closed. What a great concept. Maybe they should actually implement that idea so we can make use of it—right now it’s basically false advertising because there is no way to get rid of the menu bar in the web browser.

Another thing with the Silk web browser is that it is supposed to be really fast because it is a “cloud-accelerated” browser that uses Amazon’s servers to speed up loading times. A lot of folks have found that going into settings and turning off accelerated page loading actually increasing the Silk web browser’s speed. I just did a quick test and would have to agree.

To make matters worse, Amazon is forcing Kindle Fire owners to use the Amazon Silk web browser. Like with ereading apps, they’ve removed all the 3rd party web browsers from showing up on the Kindle Fire when searching the Amazon appstore—Amazon can be so frustratingly annoying sometimes; what difference does it make which web browser we use (before the conspiracy theories start, Amazon claims they don’t associate the Silk’s web browsing with individual persons, so they aren’t trying to learn what to sell us from using the Silk browser).

So if you are like me and don’t like the Silk web browser, you have to find somewhere other than Amazon to download alternate web browsers. Here’s a list of seven Android web browsers and where to download them. All of these except Firefox have the option to go fullscreen or minimize the annoying status bar at the bottom of the screen.

Before you can install any of these, you have to enable 3rd party installs on the Kindle Fire by going to Settings > Device > Allow Installation of Applications.

Seven Kindle Fire Alternate Web Browsers

Dolphin Browser HD

Dolphin Browser Mini

Opera Mini – This link will only work properly on phones and tablets. Make sure to select “Other download options” and then the direct link downloads.

Opera Mobile – This link will only work properly on phones and tablets. Make sure to select “Other download options” and then the direct link downloads.

Firefox

SkyFire

Maxthon Browser

via: the-ebook-reader

Sony website defaced / owned by second hacker

2012-01-08T09:00:00.006-05:00

A defacer affiliated with Anonymous vandalised Sony's online front door this week over the corporate behemoth's support of SOPA, a hated anti-piracy law proposed in the US.

The Sony Picture's website was defaced and clearly unauthorised comments were posted on the media giant's Facebook page. The digital graffiti was scribbled by a hacker who uses the Twitter handle s3rver_exe. Both acts of vandalism were rapidly purged, while the YouTube video illustrating the hack was quickly pulled.

Neither cyber-assault was significant as the perp readily concedes. Even so, the latest security breach doesn't reflect well on Sony's much vaunted efforts to bolster its electronic defences following last year's PlayStation Network hack, which forced Sony to take down its gaming platform for weeks.

In an ironic twist, the Twitter account of @s3rver_exe was hacked on Friday in the wake of the #OpSony pawnage.

"Sony was hacked because the admin panel was not encrypted ROFL. And I have got my account back," s3rver_exe said. "I don't know why the hacker hacked me. I think he did it for the lulz."

"The hack wasn't big but still the servers were vulnerable and I got access to the admin too," he later added.

via: theregister

Want your Certification exam paid by someone else - limited time offer

2012-01-07T17:00:00.004-05:00

Here is a limited time offer that could help you with this.

LearnSmart would like to earn your trust for training.

They want to give you a free exam voucher when you buy one of their practice exams for just $99.00.

It is a very big list and worth checking out if your close to exam time.

Learnsmartsystems practice-exams-plus-free-voucher

via: learnsmartsystems

Download “New Year Skin Pack” for Windows 7 to Celebrate 2012

2012-01-07T13:00:00.001-05:00

NOTE: This skin pack also comes with a 3rd party browser toolbar. If you don't want to install the toolbar, select "Custom Installation (Advanced)" type and uncheck all options given at the time of installation.

Year 2012 has arrived and everyone is celebrating the new year with friends or family members. We wish everyone a happy new year.

To celebrate the new year, we are sharing a new year skin pack for Windows 7 users.

"New Year 2012 Skin Pack" is an awesome transformation pack created by "hameddanger" @ DA which provides a refreshing feeling to your Windows Desktop.

This new skin pack comes with a new year theme, icons, login screen, boot screen, wallpapers, cursors, dock utility and 3rd party utilities.

It can be installed in Windows 7 with or without SP1. It supports both 32-bit and 64-bit versions.

You can download it using following links:

Download Link (32-bit)

Download Link (64-bit)

NOTE: Please create a system restore point before installing this skin pack so that you can restore default Windows look in case you don't like the new look or face any problem.

via: askvg

Murder retrial ordered after court records destroyed by virus

2012-01-06T18:00:00.000-05:00

A convicted murderer has been granted a retrial after a stenographer’s backup record of his trial was apparently destroyed by a malware infection.

The possibly unique sequence of events came to a head when Randy Chaviano, 26, appealed against his 2009 conviction in a Florida court for shooting Charles Acosta during an alleged drug deal.

When the Appeal Court discovered that almost no records of the trial still existed, the judge the struck down the conviction and ordered a retrial.

According to Florida press sources, the stenographer tasked to record the trial had deleted primary records held on a ‘memory disc’ used in the stenography process before the electronic backup made to a PC was also destroyed after an unspecified malware infection.

All that survived were some pre-trial notes and closing arguments made by the defence and prosecution. The paper records that are usually made by stenography machines were apparently not made in full, which means that the legal recording process failed in three separate media.

“The overturning of a murder conviction always means terrible pain for the victim’s family and frustration for prosecutors and police officers,” Ed Griffith of the Miami-Dade Attorney’s Office was reported as saying.

“Overturning a murder conviction because of a court reporter’s problem creates a brand new level of pain and frustration,” he said.

Exactly what went wrong with the stenographer’s PC is a mystery. Normally, even data from a non-functioning hard disk can be recovered at relatively low cost using a specialized service.

via: techworld

Tweet Speaker Reads Your Tweets to You

2012-01-06T13:00:00.002-05:00

If you're a Twitter fan looking for a way to keep up with your tweets while driving or exercising, Tweet Speaker will read your tweets out loud. You can hear your regular timeline, mentions, or any of your lists; hit play and you'll hear your tweets.

The interface is great and the app works more intuitively than you'd probably expect, but at $2.99 it should be polished. You can hit play to begin reciting your tweets, or turn the dial back to a specific time; this seems like a great way to catch up on missed tweets when you get back into town from a vacation. Other notable features include the ability to adjust the reading speed and syncing with other Twitter apps so you can automatically catch up where you left off with HootSuite, TweetDeck, etc.

With the abundance of useful free apps it takes either unique functionality or an extremely polished interface to shell out money, but I think Tweet Speaker delivers on both of these criteria. Give it a shot if missing tweets gives you the willies.

Tweet Speaker | iTunes App Store via The Next Web

via: lifehacker

Increase the Speed of Kindle Fire’s Silk Browser

2012-01-05T13:00:00.008-05:00

Many Kindle reviews noted the sluggish performance of the Silk browser, but you can quickly increase the speed by changing a few settings. In addition to turning off Flash and changing the browser from desktop to mobile view, turning of Silk's touted acceleration feature will all make Silk faster.

Here’s how to fix it.

What’s the problem?

The browser, in the default settings, is essentially attempting to be a desktop browser on a little 7” screen that doesn’t exactly use your screen space very well. As part of this silliness, the browser is set to “Desktop” mode, and Flash is enabled by default. Because of this, the browser stutters, dies, chokes, skips, and is generally a pain to deal with. Oh yeah, and there’s that “Silk” optimization that hasn’t lived up to the hype.

That’s all a thing of the past.

How to Make the Kindle Browser Actually Fast

Here’s what we’re going to do, and as usual, it’s a matter of disabling Flash. While we’re at it, we’re going to disable the page “accelerate” feature, and change the browser to mobile mode. There’s no reason to access sites in the desktop interface when it’s a little 7” screen—you just end up trying to zoom on every single page load, so what’s the point? Finally, the optimization is hardly necessary when you’re on a fast home Wi-Fi connection, so we’re going to turn that off too. I’m sure it’s useful for some people on some networks, but in our testing it was slow.

To do this, just open up the browser, hit the menu button at the bottom of the screen, hit the Settings button, and then find the following options:

Enable plug-ins: off
Accelerate page loading: Unchecked
Desktop or mobile view: Mobile

You don’t have to change the browser into Mobile view, though we do recommend it. Just disabling Flash and the “accelerate page loading” made a big difference while browsing. You can also change the plug-ins to allow them on demand, but that usually ends up with a lot of annoying prompts, so it’s not usually worth it—it’s worth noting that YouTube still works just fine without the Flash plugin enabled.

Once you make these changes, your browser will suddenly be very fast. You’ll start seeing the mobile versions of most sites, which is not a bad thing, since everything will be speedy.

via: howtogeek

Boost Your Internet Connection Speed With Internet Optimizer

2012-01-04T13:00:00.000-05:00

Many users find it hard to understand the necessary settings to optimize their internet connection speed. This is particularly true for novice users and people with little knowledge of networking concepts. Auslogics Internet Optimizer is a comprehensive internet connection optimization tweak, which makes it easy to optimize your internet connection. It works in two modes, i.e., the Auto Optimization and the Manual Optimization mode, the latter of which has been designed to give a chance to advanced users for manually tweaking their internet connection. The Auto Optimization feature, however, is meant for novice users.

To get started, select your internet speed and click Analyze.

This will start an analysis of your connection to identify areas which can be improved for enhancing the internet speed.

After the analysis is complete, you will be displayed with a list of settings that can be optimized for optimizing your internet connection. Select some or all of the available options and click Optimize.

This will tweak your internet connection for optimum performance. Please note that all changes will only be applied after a system reboot.

You can also click the View detailed report option to see the changes that have been applied to your internet connection. The log file will be displayed in your default internet browser.

If you wish to take a hands-on approach for optimizing your internet connection, then head over to the Manual Optimization section. Here, you can select each available setting and select an action to be applied against it.

Please note that Internet optimizer currently does not seem to have a product page. You can download this tool from the direct link given below.

Auslogics Internet Optimizer [Home Page]

Download Auslogics Internet Optimizer [Direct Download Link]

via: addictivetips

Early reviews of avast! Free Mobile Security

2012-01-04T09:00:00.003-05:00

On 21 December, 2011, AVAST launched their Android antivirus/anti-theft solution.

The beta version, released a few weeks earlier, was well received, and generated a lot of initial buzz in the Android community. What follows are quotes from early reviews, many of which were written about the beta version. Because of the feedback from users a few days ago AVAST CTO Ondrej Vlcek responded to 10 frequently asked questions about avast! Free Mobile Security.

Here is some of the initial praise from the Android community:

“It has the potential to overshadow just about all of the apps in our Mobile Security App Shootout.”
“A strong contender for the best overall security app on Android.”
“Extremely sophisticated security solution accessible to everyone.”
– Android Police (product review, 7 December 2011)

“I’ve tested the app on my rooted Samsung Galaxy S II on Android 2.3.3 Gingerbread and can confirm that it works as advertised.”
– RedmondPie (product review, 8 December 2011)

“Avast provides one-tap fixes for any detected malware threats.”
– ZDNet (product review, 21 December 2011)

“It looks like Avast is determined to sink its teeth into a huge chunk of market share of mobile security, as it released more like a security suite for Android than a simple antivirus.”
– Softpedia (product review, 22 December 2011)

“After you set things up, the thief won’t stand a chance.”
– TechHamlet (product review, 22 December 2011)

“After testing the application for almost a week, it didn’t affected the smartphone’s battery at all.”
– NeverDC (product review, 23 December 2011)

“Best Free Android Security Software: Avast Antivirus”
– TheHackerNews (product review, 24 December 2011)

As you can see, people like it. In fact, in monitoring media coverage I remember only one complaint, and that is the lack of web console – which they will be offering in coming months.

If you’d like to try it on your Android phone, visit the avast! Free Mobile Security product page for more info and DOWNLOAD options.

via: avast

Mitini Is A Siri Like Virtual Personal Assistant For Windows

2012-01-03T13:00:00.010-05:00

As most of us know, Siri is apple’s latest brainchild, a personal (virtual) assistant that acts as a knowledge navigator, and provides information regarding voice queries made by the user. Unfortunately, since long, there has been no application for Windows users that can provide Siri like functionality. Recently, Mitini was launched, which is a portable, Siri-like application for Windows users. This third-party application uses Microsoft’s speech engine to recognize your voice and to reply to your queries.

To use Mitini, click the “m” icon and speak in your microphone. This will enable Mitini to detect your query and to fetch relevant information about it.

The current version of Mitini seems to provide a reasonable result, considering that this is an initial release. During testing, we were able to get correct answers for some queries, whereas the application seemed quite redundant (if not retarded), at other instances. While the iOS Siri has been criticized for not being accurate many a times, Mitini might become more accurate with the passage of time, as new versions are released. One of the major issues with Mitini, for now, seem to be the lack of backend resources that it uses for fetching information. This is because, it does detect many voice queries, but fails to provide a result for it. For example, it does recognize words like MS Office, but is unable to provide any results for it.

While Mitini is currently not as feature rich as Siri, or other voice assistant application available on mobile platforms like Android, it is certainly fun to use, and works reasonably well for some queries.

Let’s hope that Mitini grows into a more robust Windows application with upcoming versions, and provides many options available in the mobile voice assistants, such as scheduling of meetings, launching applications and sending messages via voice commands. Mitini works on Windows XP, Windows Vista and Windows 7.

Download Mitini

via: addictivetips

Still Looking For A New Year’s Resolution? How About Learning To Code

2012-01-03T09:00:00.009-05:00

Many of you are probably still trying to figure out your New Year’s resolutions. Well, here’s a good one (especially considering that the tech sector seems to be the only bright spot in a sort of lackluster economy) … Learn to code.

The folks at Codecademy have teamed up with a number of partners like Girl Develop It, Techstars and YCombinator to help make coding skills a reality for those that wish they had them, with Code Year, a program designed specifically for those that want to make 2012 the year they build technical skills.

Signing up for the free service will hook you up with a new programming course each week. Codecademy co-founder Zach Sims tells me that the courses will be a mix of everything so people have “well-rounded basics,” beginning with Javascript and then continuing to server-side languages like Ruby and Python. He hopes that the curriculum will turn people into competent developers by the end of the year.

“People should make their New Year’s resolution something that can improve their quality of life,” says Sims, “We’re giving them new skills and actually helping them keep their resolutions. This is just the beginning of our big effort to get lots of people to recognize the importance of learning to code. I think 2012 can be the year we finally get programming to start entering the mainstream.”

*Signs up for Code Year*

via: techcrunch

Dropbox Automator Is Like IFTTT For Dropbox

2012-01-02T13:00:00.005-05:00

software development firm Wappwolf launched Dropbox Automator, which is sort of like an IFTTT for Dropbox. IFTTT, for those of you not up to speed on the latest Internet trends (where have you been?!), is a pretty amazing online tool that automates tasks to trigger when a particular action has occurred. For example: when my Facebook profile picture changes, update my Twitter profile pic too; email me when Amazon posts its free Android app of the day; text me when a get a new email; etc.

Like IFTTT, Dropbox Automator is capable of triggering a similar series of actions, based on what kind of files have been added to your Dropbox folders.

In IFTTT, these actions are called “Recipes,” but in Dropbox Automator, they’re called “automations.” Not only are they trigged by file type (e.g. a photo, a .doc, a PDF, etc.), they’re also triggered based on which Dropbox folder the file has been placed into.

For documents, you can choose from actions like convert to PDF, convert PDF to text, summarize, translate, upload to Google Docs, upload to Slideshare and more. Photos can be uploaded to Facebook, Flickr, rotated, annotated with text, a map or a logo, have effects applied, and downscaled.

Any file can be emailed, zipped, renamed, FTP’d, encrypted or decrypted, saved to another Dropbox, tweeted, or set as a Facebook status.

The only problem I had with the service is that the results were not immediate, as I expected. It took a good ten minutes for photos to show up on Flickr, for example. The speed of other actions may vary based on the processing speed required and the current server load. (The company says its new and improved server engine will be ready next week.)

If speed is of a concern, then, this service is not ideal…at least not in its present form. But if you’re simply automating stuff that you don’t want to forget to do later on (e.g. put photos on Flickr, upload to Google Docs), then Dropbox Automator could be quite the useful tool.

Since its launch barely two days ago, the company has signed up 1,500 users on the platform. Given Dropbox’s popularity and the loyal, nerdy following of IFTTT, my guess is they’re about to get a bunch more.

You can try out Dropbox Auotmator for yourself from here.

via: techcrunch

Most Wi-Fi routers susceptible to hacking through security feature

2012-01-02T09:00:00.001-05:00

Stefan Viehböck, an independent security researcher, published a paper on Boxing Day titled "Brute forcing Wi-Fi Protected Setup" to his WordPress blog disclosing a weakness in the configuration of most consumer/SoHo Wi-Fi routers.

As we all know the state of security for most home Wi-Fi networks was nearly non-existent only a few years ago.

This prompted the Wi-Fi Alliance to establish a new simple method for consumers to enable and configure WPA2 on their routers without knowledge of encryption, keys or how it all works.

The standard is called Wi-Fi Protected Setup (WPS) and is enabled by default on nearly all consumer Wi-Fi access points, including those sold by Cisco/Linksys, Netgear, Belkin, Buffalo, D-Link and Netgear.

It has three methods of simplifying the connection of wireless devices to WPA2 protected access points:

Push Button Connect (PBC) requires the user to push a button on the router which allows it to communicate with a client needing configuration. The client attempts to connect and the router simply sends it the security configuration required to communicate.

Client PIN mode is where the client device supports WPS and has a PIN assigned by the manufacturer. You then login to the router's management interface and enter the PIN to authorize that client to obtain the encryption configuration.

Router PIN mode allows a client to connect by entering a secret PIN from a label on the router, or from its management interface which authorizes the client to obtain the security configuration details.

The first method requires physical access, while the second requires administrative access, both of these pass muster. The third however, can be accomplished only through the use of the Wi-Fi radio.

The PIN used for authentication is only eight digits which would give the appearance of 108 (100,000,000) possibilities. It turns out the last digit is just a checksum, which takes us down to 107 (10,000,000) combinations.

Worse yet the protocol is designed where the first half and second half are sent separately and the protocol will confirm if only one half is correct.

So you have now reduced the difficulty of brute forcing the PIN down to 104 (10,000) plus 103 (1,000) or 11,000 possibilities.

Some of the routers Viehböck tested did seem to implement a mechanism to slow down the brute forcing, but the worst case scenario allowed him to acquire the keys within 44 hours.

Compared with attempting to attack WPA2-PSK directly, this is a cheap and effective attack.

As the sub-title of Viehböck's paper states "When poor design meets poor implementation" security is the loser.

If you own a reasonably modern Wi-Fi router you are at risk (unless you have installed some sort of alternative firmware like OpenWRT or Tomato Router).

If possible disable the WPS support on your router and contact your manufacturer for updated firmware which may provide a fix or mitigation against this attack.

Another researcher independently discovered the same issue and has published a tool called Reaver that implements this attack.

Similar to the Firesheep tool, this will likely light a fire under the butts of the Wi-Fi Alliance and manufacturers to quickly resolve these issues.

via: sophos

Insync (“Dropbox For Google Users”) Gets Major Revamp, Goes Free

2012-01-01T13:00:00.006-05:00

File synchronization and sharing platform Insync has been around for over a year now, and today, the eponymous startup has rolled out a totally revamped version of its “Dropbox for Google users”. Insync 2.0, so t speak, is more focused on Google Docs as ever, removed registration and sync limits, streamlined the user experience, and is now free to use.

The main target group here are GDocs users who want Dropbox-like functionality when it comes to handling files (the more Google accounts, the more useful Insync should become). In a nutshell, Insync allows you to automatically sync, update, manage, and share files stored on GDocs on your Mac or Windows desktop (in Finder or Explorer).

For example, nested or individual sharing of files is possible (Dropbox only supports sharing of folders), as is assigning read/write or read only permissions to others. All file formats, including MP3, exe, dmg, MS Office documents, etc. are supported.

Insync doesn’t require a sign-up anymore: just visit the site, sign in with your existing Google account, download and install the client, link the account with your PC or Mac, and you’ll find all files synced on your computer’s desktop. (According to the company, Insync’s now simpler web app is currently in the process of getting another “facelift”, too.)

Insync co-founder and CEO Terence Pua says a key bullet point is price: while his service now went free (existing users can ask for a refund or credit), Dropbox loses the price comparison with Google’s storage offering by 1:8. For example, US$100 a year gets you 50GB at Dropbox but a whopping 400GB at big G (overview). For its own platform, Insync removed syncing limits entirely.

via: techcrunch

Scan Suspicious Files With 31 Different Virus Scanners Using X-Ray

2012-01-01T09:00:00.001-05:00

Sometimes, even an anti-virus application cannot detect malware, as the virus definition files for a new threat may not have become available. In such a case, one can use web services like VirusTotal to scan for suspicious files. X-Ray is a portable application that allows scanning suspicious files using 31 different anti-virus scanners. The scanners used for checking specified files include Avast, AVG, Avira, Bitdefender, ClamAV, Comodo, Symantec, etc. Using this application you can either send the file to VirusTotal or to individual anti-virus scanners (e.g. AVG). The virus scan result can be acquired via email by each anti-virus service providers. This delivers exclusive anti-virus results from reliable sources, which enables better analysis of the scanned file.

To get started, drag and drop the respective file to X-Ray, and select the anti-virus services that you wish to scan the file with. Alternatively, click Send to VirusTotal.

This will send the file for analysis, and get it scanned with different anti-virus scanners via the cloud. You can click get Recent VirusTotal Report option to extract the VT report.

You can also change the mechanism for getting information about the analyzed files, i.e., via email or by entering the VirusTotal API key. You can get your very own VirusTotal API key by signing up for a VirusTotal account. The key is available from the VirusTotal Inbox after you have activated your account.

You can also check out the JottiQ virus scanning application, which provides similar functionality to X-Ray. However, unlike X-Ray, JottiQ does not provide the option to send a file directly to an anti-virus company for getting it exclusively scanned. It rather relies on the current virus definition updates of numerous anti-virus applications for scanning the selected file. In case you would like to scan entire websites for malware, then, other than using the VirusTotal scanner, you can also opt for URLVoid web service. X-Ray works on Windows XP, Windows Vista and Windows 7.

Download X-Ray

via: addictivetips

Happy new year - 2012

2012-01-01T00:00:00.000-05:00

Happy new year.

Hope everything goes as you want it to this year.

Can you cure a hangover?

2011-12-31T17:00:00.000-05:00

Ringing in the New Year with too much bubbly might make for a rough start to 2012. But a new wave of hangover-fighting pills and patches, plus a handful of old standbys, claim to spare you the headache, fatigue and upset stomach brought on by booze.

The latest concoction, “Blowfish,” combines aspirin, caffeine and an antacid into an Alka-Seltzer-like effervescent tablet. When dropped into a glass of water, it fizzes up a lemony brew that packs the hangover-fighting power of two extra-strength aspirins, three espressos and a greasy breakfast.

“It’s the only over-the-counter drug that’s specifically hangover-related,” Blowfish creator Brenna Haysom told ABC News. “The [Food and Drug Administration] has specifically said our formula is effective for treating hangover symptoms.”

A hangover is a collection of symptoms that emerge as alcohol’s intoxicating effects wear off. Alcohol is thought to trigger an inflammatory response — a process blocked by non-steroidal anti-inflammatory drugs like aspirin. The inflammatory response is similar to the body’s defense against flu, and is linked to lethargy — an energy lull boosted by caffeine. Finally, the chemicals produced by the body to break alcohol down are hard on the stomach — collateral damage tempered by an antacid.

Aspirin and caffeine are already FDA-approved, so Blowfish can be sold over-the-counter without being itself FDA-approved.

Because hangovers are so poorly understood, the jury’s still out on how best to treat them. And it’s unclear whether Blowfish, which contains acetylsalicylic acid and citric acid at doses likely to cancel out its stomach-soothing effects, is better than the age-old hangover remedy: aspirin and a cup of coffee.

“Almost no research at all has been done on the hangover state,” said Dr. Timothy Collins, associate professor of medicine and neurology at Duke University Medical Center’s Pain and Palliative Care Clinic. “Without any clinical trial data, it’s hard to really talk about how well any treatment’s going to work.”

Personal anecdotes, however, support Blowfish and a host of other hangover remedies — from banana smoothies to pickle juice — in preventing or at least minimizing hangovers. But when it comes to hangover hearsay, experts urge caution.

“One of the things we know from headache clinical trials is that at least 25 percent of patients getting a placebo say it worked really well for them,” said Collins. “One in four people are going to say this helps, but we just don’t know.”

A two-tablet dose of Blowfish (which is what the makers recommend for a typical hangover) contains 1,000 milligrams of aspirin, 120 milligrams of caffeine, 816 milligrams of sodium and 25.2 milligrams of phenylalanine. The makers, West Village-based Rally Labs, are so convinced of their product’s hangover-quashing effects they offer a money-back guarantee.

“People are skeptical because there have been so many weird hangover cures over the years,” said Haysom, describing herbal hangover remedies that skirt FDA regulation because they’re sold as supplements. “Word of mouth is really important for us.”

“Bytox,” another hangover remedy sold as a skin patch, claims to prevent hangovers by replenishing nutrients lost while drinking. But unlike Blowfish, it has to be used before the heavy drinking starts — a tall order on a night out.

Despite questions surrounding their effectiveness, Blowfish and other purported hangover treatments have sparked worries that people might intentionally drink too much.

“Anything you advertise as being effective is going to be seen in some areas as promoting the overindulgence,” said Collins. “There’s this perception that if you drink too much and have a hangover, you deserve it.”

via: ABC News

Top Free Online File Storage Sites

2011-12-31T13:00:00.002-05:00

Here are free online storage sites which you can use for storing, sharing and backing up your important files.

4shared

A big online storage where Internet users store their text, audio, video, photo, and other files and share them, if they wish, with other people. Offers 5GB of free storage for document files (doc, txt, pdf, rtf, xls), music file (mp3, ogg, wav, mid), video file (avi, mpg, mpeg), image file (jpg, gif, bmp, png).

Snapdrive

Offers up to 5GB of file storage, mobile file upload through Snapit.mobi, share your photos, add music & videos, create direct links to download and access files to email, IM, web pages, and forum.

Dropboks

Allows you to store files online securely and offers 1GB of storage space. Uploading/Downloading of files is limited to 50MB.

Humyo

Offers simple drag and drop file management system; lets you synchronize your Humyo folder to your PC; secured file management vault. It’s a file management in the cloud as you can access your file anywhere, using any PC or even your mobile phone. It also allows you to share files with your friends and family.

ADrive

ADrive is a feature-rich online storage solution offering up to 50GB free storage for a 14-day trial. It’s a cloud storage system that let you access files anywhere, share files, edit documents online, and FTP file transfer. The basic plan states it is free even beyond the 14 day trial.

Freedrive

A personal storage and file sharing site geared for members of social networks including Facebook, MySpace and Bebo. Allows you to access your files and your friends’ files from within the said social networks. Offers 1GB of free online storage.

FileQube

Offers an easy-to-use, feature-packed file sharing service that is completely free. Allows you to upload up to 150MB of file per upload. Upgrade features lets you upload 500MB.

Flipdrive

Offers a virtual online storage space for storing, accessing, sharing, and backing up your data. Offers a free 30-day trial for up to 30GB storage.

Fileden

Offers both free and paid account for storing your files. The free Fileden account gives you 1GB of storage space, 50MB maximum file size limit, 50GB of monthly bandwidth, and hot linking of files.

Skydrive

Microsoft Live’s online file storage could possibly your best bet for online storage. Why? It’s from Microsoft, so it must be pretty solid. Offers 25GB of free storage, access anywhere and secure password protection features. It ties up with other Windows Live services as well.

LiveDrive

Although LiveDrive is currently in beta mode, that should not stop you from trying out their services. It offers unlimited storage for free, works like a normal PC hard drive minus the hardware, synchronizes files on your PC, access your files on your mobile phone, PDA and other devices, and share your files.

FileGenie

A web-based file storage system that offers 20MB free account. If you need more storage, you have to upgrade to a paid account. The site lets you upload, download, and manage files online, access your files from any Internet connected PC.

Orbitfiles

Offers 6GB of free online storage. It lets you access your files from any location, share files and collaborate with friends. And if you want unlimited storage, it would only costs you $5.

MyOtherDrive

Offers tools for managing and sharing your data online. Allows private sharing of files to select group of people. Its privacy security prevents sharing your files to other people that you don’t share the files with. The site also lets you create photo albums as well as hot linking to your social networking profiles.

Box.net

Box is a simple, scalable and affordable solution to manage documents, media and all your content online. Share files as a link. Sync files on the desktop. It’s file sharing, reinvented. Free account gives you 5G of space.

Minus

Minus is the fun, simple way to share your files. Free and unlimited file sharing for your images, videos, music and documents. A universal file sharing platform that lets you share, explore and connect.

Jumbofiles

Free 500 GB account to store files,videos,music, etc. 1GB max per file. Download accelerators allowed and fully supported.

Opendrive

Store, Backup, Sync and Share your documents, music and pictures. Play music and videos online and hotlink your files on websites and blogs. Basic 5GB free plan.

Mydiskonline

Online storage so you can upload all of your info and have available any time you need it.Free 2GB storage. The maximum file size for upload is 2GB.

Mediafire

MediaFire is a simple way for businesses, professionals, and individuals to host files and images to share them with others. The free account has unlimited storage space but for a limited time frame. 200 MB max file size.

zenok

Zenok online backup provides 21GB free, besides its very easy to store files and to recover.

Be sure to check out all the rules for site.

Share if you know of other sites.

Comcast Kills Internet2Go Wireless On Heels of New Deal With Verizon Wireless

2011-12-31T09:00:00.020-05:00

Not too surprisingly, a Comcast insider tells Broadband Reports that the company will be phasing out their Comcast "Internet2Go" wireless broadband service over the next six months. The move comes on the heel of a new Comcast deal with Verizon to bundle Verizon LTE services, with Comcast saying they'll start offering the service in four markets early next year. Indeed, Comcast's website confirms that Internet2Go is no longer available, but existing users are still being supported for now.

Comcast's Xfinity Internet2Go service was simply re-branded Sprint and Clearwire service, operating over both the company's Mobile WiMax and EVDO networks at a variety of fairly stale price points. Despite having been in operation for more than a year, Comcast has stated the service only has about 30,000 active customers, who'll be nudged in Verizon's direction.

Sprint's relationship with the cable industry has quickly gone from cozy to contentious. Shortly after Verizon's deal with the cable industry, Sprint turned around and quickly sued several cable operators including Comcast for violation of VoIP patents. Given they won a similar suit in 2007 against Vonage this is a case Sprint could have launched at any time, but chose to do so immediately following the announcement of the Verizon deal.

Just as with Internet2Go, the question remains why exactly users will want to buy Verizon LTE service from Comcast instead of directly from Verizon. With the exception of a unified bill, the perks and cost savings aren't substantive -- though Verizon insists they're working on cross-platform content integration offerings they hope will make bundled LTE more interesting to wireless shoppers.

via: dslreports

Five Resolutions for Aspiring Leaders

2011-12-30T17:00:00.007-05:00

As the New Year approaches, people will be making resolutions to eat better, exercise more, get that promotion at work, or spend more time with their families. While these are worthwhile goals, we have a more important challenge for young people: Think seriously about your development as a leader.

These are tough times. Many leaders of the baby boomer generation have failed in their responsibilities by placing their self-interest ahead of their organizations. In so doing, they have failed to serve society's best interests. As a result, more young leaders from Gen X and the Millennials are being asked to take on major leadership responsibilities. To be prepared for the challenges you will face, we propose the following resolutions this New Year's:

Find a trustworthy mentor: Mentorship is a critical component of your development as a leader. A 2004 study showed that young leaders with mentors were more likely succeed professionally and experience career satisfaction. The essence of effective mentoring is developing a trusting relationship between the mentor and mentee. Identify someone with whom you have a genuine chemistry and who is committed to your development. Although many mentees do not realize it, a sound relationship is a two-way street that benefits both parties — not just the mentee. We suggest looking for mentors whom you admire for their values and character more than their success.

Form a leadership development group: Most of us have little time to reflect on the values and characteristics we want to define us as leaders, the difficulties we're facing, or the long-term impact we hope to have. Forming a leadership development group can give you the space you need to think deeply about these subjects. Leadership development groups are groups of six to eight people who meet to share their personal challenges and discuss the most important questions in their lives. Find people you can trust, and make a commitment to be one another's confidential counselors. Meet regularly, and share openly your life stories, crucibles, passions and fears, while offering each other honest feedback.

Volunteer in a civic or service organization: Have you served your community this year? In the Facebook era it's easy to lose touch with our real-world neighbors. Long hours often cause us to avoid volunteer opportunities. Participating in local organizations — from religious organizations to civic groups — can give you early leadership experiences, provide real connection to your neighbors, and offer opportunities to serve others. It adds a dimension to your life that work can't, and helps you develop and solidify your character while giving back to the community. You will find your time serving a community organization is highly rewarding while broadening your outlook on people and life.

Work in or travel to one new country: "The world is flat," as Tom Friedman puts it, so it has never been more important to get global experience. In the future cultural sensitivity will be a more important characteristic for leaders than pure intellectual ability. John's survey of more than 500 top MBAs found that on average they had worked in four countries prior to entering graduate school and expect to work in five more in the next ten years. Having a global mindset and the ability to collaborate effectively across cultures are essential qualities for aspiring leaders of global organizations.

Finally, ask more questions than you answer: With the high velocity of change in the world, it is impossible to have answers to all the important questions. Much more important is a deep curiosity about the world and the ability to frame the right questions in profound ways. The world's toughest problems cannot be solved by you or any one organization. Your role will be to bring the right people together to address the challenging issues you raise. Our research demonstrates that the biggest mistakes result from decisions made by people without deep consideration of thoughtful questions.

Young leaders will soon be asked to take on major leadership responsibilities in their organizations and their communities. We believe it is essential that they take steps like these in order to be prepared for the difficult leadership challenges they will face. There's no better time to get started than the coming year.

via: hbr

How to Transfer Videos to Kindle Fire

2011-12-30T13:00:00.014-05:00

With Miro 4.0.4, released today, you can automatically convert and copy videos and music to Kindle Fire. Here’s how:

1. Open Miro. (Download Miro here if you don’t have it.)

2. Connect your Kindle Fire with a USB cable to your computer and it will appear in the ‘Connect’ tab in Miro.

3. Drag any videos or music to the Kindle Fire in the Miro sidebar and they will automatically convert to the right size and format and sync.

That’s it!

Note that videos that aren’t purchased from Amazon will be viewable in the ‘Gallery’ app on your Kindle Fire, not in the ‘Video’ tab.

This works like it states, but I find the time it takes can be several hours for converting and even to move to the Kindle.

For just the conversion I found using another program: Freemake Video Converter goes much faster.

Freemake Video Converter lets you Convert video free to AVI, MP4, WMV, MKV, MPEG, 3GP, DVD, MP3, iPod, iPhone, PSP, Android, rip & burn DVD, convert to Flash FLV & SWF, burn Blu-ray, and upload to YouTube with our free video converter!

via: getmiro,Free Video Converter

Bitdefender's cloud-based security tools worth investigating for small and medium businesses (SMBs)

2011-12-30T09:00:00.014-05:00

Bitdefender, like many other service providers, has taken the big step into bringing advanced products to the cloud. Their Cloud Security for Endpoints protects systems remotely and employs the same enterprise-class security technologies as their on-site solutions. Cloud Security for Email provides aggressive cloud-based security tools to scan for malware and spam prior to it being delivered and after it’s sent. Their services provide full antivirus, antispyware, antiphishing, trojan/rootkit detection, and a two-way personal Firewall with intrusion detection. They also provide remotely configurable security policies that can control user access to local applications, block specified websites, or set time limits for Internet usage.

Cloud Security for Endpoints

Bitdefender’s offering is a cloud-enabled security solution for small and medium businesses looking to get advanced security that is highly scalable and flexible. It’s a great product for those that have systems in many different locations, or have frequent travelers to secure. It offers robust antimalware protection for both clients and server endpoints. Additionally, it has the ability to protect remote users’ Internet access by employing a personal two-way intrusion detection firewall. They also offer a solution for larger deployments using the Gravity Architecture for Very Large Enterprises (VLEs).

Here are some of the highlights, inner workings and things to consider.

Scalability is a major benefit of the Bitdefender cloud security model. The ability to easily expand protection based on current needs is built-in. There is no software to install or extensive downloads before protection, and policies are active. As soon as the client is added, it’s protected.

There is no hardware or software required on-site, eliminating the need for management or maintenance of security products. For companies that don’t have large IT staffs, this can be a great solution to secure multiple systems as management requirements are way less intensive.

Statistics and an overall status of endpoint client security are provided by the Cloud Security Console dashboard. It also provides a unified place for all security configurations. This allows for enterprise security management anywhere you have internet access.

Bitdefender boasts that it is quiet and non-intrusive in the way that it protects systems.

Independent tests performed by AV-Test give Bitdefender high marks for its protection, repair, and usability. This is mainly due to its heuristic detection engine called B-HAVE. It sandboxes all programs that are executed to ensure they behave normally prior to completely starting them. It then uses Active Virus Control (AVC) to continually monitor running programs to ensure their behavior stays within normal parameters; if not, it takes action to stop the offending program.

Cloud Security Console dashboard

Looking at the capabilities of the dashboard provides a better insight into what Bitdefender cloud security is all about. It provides a window into the protection management functions and allows you to visually see how protection is configured across your enterprise. To keep your information private, connecting to the dashboard is made via an https browser session. The dashboard is composed of six main sections including Computers, Policies, Reports, Quarantines, Accounts, and Logs. This puts managing endpoint security in one easy location and makes it virtually painless to use. Here’s what they do.

The Computers section lists all detected endpoints. The intelligent network discovery feature ensures that all devices on the network are listed. No more unprotected clients sneaking on to the network. You can also group computers in areas for easier management. Lists include the computer name, current IP address, OS, date it was last updated, and when it was last connected. There are reports and tasks that can also be viewed from here. Some of the report types consist of update status, computer status, malware activity, and even the top 10 most infected users. This will allow you to zero in on areas to address to increase protection, even down to the user. Tasks include scanning, module configuration and deployment.

Under the Policies tab, you are able to define new policies as well as view and edit existing ones. This allows for straightforward security management of the endpoint clients and servers.

The Reports section of the dashboard allows you to create new reports, view existing reports, and even schedule reports to run automatically. They can be saved in a variety of file formats and directly emailed out.

The Quarantine section allows you to view threats by name and shows where they were located on the endpoints. This is great for trend analysis and protection breakdown examination.

Under the Accounts section you have complete control of Cloud Security for Endpoints rights. You can assign designated users the ability to manage specific security area functions as needed.

Logs have a variety of security records that can be used for analysis of system performance or other actions that have taken place during a specific period. These can be viewed from anywhere you have Internet connectivity.

Cloud Security for Email

Cloud security for email can also be integrated and managed by the Cloud Security Console. It contains antispam, antimalware, and powerful filtering capabilities. Again, there is no on-site security devices required for protection. Email is fed to the Bitdefender cloud for scanning first. It’s then delivered to the company’s email server once it passes a thorough screening. Email that is unsolicited, or scans as being malicious, never reaches the organization. Outgoing mail is directed to Bitdefender’s cloud security space before being forwarded to the recipient for delivery.

Bitdefender has not fully deployed the Cloud Security for Email service yet, but look for it in the near future as a viable email security solution.

Things to consider

Just two other items to consider when analyzing these products.

Speed of service is a concern and should be analyzed prior to full scale enterprise deployment. Bitdefender currently offers a 30 day trial for evaluation which would provide a great opportunity to evaluate and address any issues before deploying it throughout the enterprise.

The one downside is the lack of protection outside of Microsoft products. This may change in the future, so check back if you have other operating systems you’re responsible for.

via: techrepublic

“Soda 3D PDF Reader” adds a nice ‘page flipping’ effect to your PDF reading experience

2011-12-29T13:00:00.000-05:00

What does “3D PDF” mean? A PDF reader that can ‘flip’ pages visually in 3D as if reading a real book. Soda 3D PDF a free PDF reader that can do this for PDFs as well as CBR and CBZ comic book formats. Additionally, it can also convert just about any document type into PDF. It does this by bundling it’s own virtual PDF printer into the installation as well as adding ‘export to PDF’ extensions to MS Office applications and Internet Explorer.

Soda 3D is a well rounded PDF reader with nice functions, but lacking PDF annotation and editing functions in the free version.

Soda 3D PDF is a well rounded PDF viewer, and looks and feels like a professional PDF viewer that can compete with other well established PDF readers. But is it worth keeping?

The most notable feature about this software: aside from the animated flipping effect, is the fact that it combines a PDF reader with PDF creation functions, including the bundling of it’s own virtual PDF printer into the install as well as MS Office and Internet Explorer plugins for exporting to PDF.

Other features: a nice search function, support for CBZ and CBR comic book formats, form filling.

What is lacking: annotation and editing functions, such as a typewriter tool for example or the ability to create and use stamps.

The verdict: a nice PDF reader overall. I like the page flipping animation effect, and the bundling of PDF creation functions can be a good thing if you do not want to bother with installing your own PDF virtual printer and/or you have a pre 2007 version of office.

But I cannot give this too enthusiastic an endorsement. This is because (a) it lacks any annotation and editing functions (available in PDF X-Change Viewer), but also because (b) I do not care to install it’s PDF printer when there are many excellent free PDF printers out there that are more powerful and have more features than the the one bundled here. Similarly, you do not need it’s MS Office plugins if you have Office 2007 or above as these have built in export-to-PDF capability without the need for the extra addons.

But I really like the full-screen reading experience with Soda 3D reader; if you just want a free PDF reader with a high coolness factor then Soda 3D PDF Reader will not disappoint.

Version tested: 1.0.145.2482

Compatibility: Windows XP, Vista, Windows 7; 32bit and 64 bit

Go to the program page to download (~4.14 megs). Note that you will have to go through registration with a valid email address in order to receive a key that will unlock some features.

via: freewaregenius

Why businesses should care about proposed Protect IP, SOPA pirating laws

2011-12-29T09:00:00.007-05:00

The Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA), two pieces of legislation with close ties, have come under intense fire from security professionals and other high-tech executives who say that if the bills are signed into law, they could weaken the Internet and limit the ability of security researchers to trace cybercriminals.

The two proposed pirating laws, which aim to crack down on piracy, could force tech companies to monitor user content, limiting the use of pictures and other media used on many social networks. The bills could also prompt costly compliance mandates, hampering small businesses and startups and creating a barrier to expansion and potentially hindering innovation, said Markham C. Erickson, executive director of the Open Internet Coalition, which lobbies for Google, Yahoo and other Silicon Valley tech giants.

“Once a user or a network engineer attempts to get visibility into the network, they won’t be able to tell if an ISP is disrupting that connection pursuant to court order or if a cybercriminal is creating the disruption in advance of a cyberattack,” Erickson said. “You would also have to create a compliance strategy to make sure your users aren’t using your network to reach a site deemed to be illegal.”

A vote on whether to bring the PIPA Act to the floor of the Senate for debate is expected Jan. 24. PIPA gives the U.S. Department of Justice the power to seek a court order to shut down a website that hosts suspected pirated content. The law would force Domain Name System (DNS) providers and search engines to remove the website from search results and block users from accessing it on the Internet. The bill is sponsored by Senate Judiciary Committee Chairman Patrick Leahy, a Vermont Democrat.

Protect IP has exemptions in place for some businesses, focusing primarily on DNS providers and the ad networks connected to rogue websites selling access to pirated material. The SOPA Act is broader in its reach and would force nearly all businesses to monitor Internet access. SOPA is currently being debated by members of the U.S. House of Representatives Judiciary Committee. Debate has been postponed until after Congress' holiday break. SOPA is sponsored by Texas Congressman Lamar Smith.

A group of security experts and other Internet pioneers wrote a letter to Congress opposing SOPA and PIPA. The group, which included network security luminaries Dan Kaminsky and Paul Vixie, said if enacted, the legislation could “seriously harm the credibility of the United States in its role as a steward of key Internet infrastructure.”

“Censorship of Internet infrastructure will inevitably cause network errors and security problems,” according to the opposition letter. “This is true in China, Iran and other countries that censor the network today; it will be just as true of American censorship. It is also true regardless of whether censorship is implemented via the DNS, proxies, firewalls, or any other method. Types of network errors and insecurity that we wrestle with today will become more widespread, and will affect sites other than those blacklisted by the American government.”

The bills are aimed at blacklisting “rogue” sites that host pirated content, but the proposed legislation could have a major impact on file-hosting websites, social networks that host user-generated content and a number of Web forums. For example, Twitter would have to figure out a way to prescreen user messages to filter links, pictures and other media against sites of domains that are deemed to be illegal. DNS filtering can also be costly to small ISPs, according to some estimates, adding more than $11 million in expenses each year.

Kaminsky, Vixie and other experts believe the DNS filtering enacted in the legislation could undermine the integrity of the DNS system and challenge the broader use of DNSSEC, an improved protocol that adds a cryptographic layer to DNS communication exchanges. Vixie is one of five researchers who issued a report analyzing the impact the two bills could have on DNSSEC (.pdf).

“It attempts to do something noble, but it doesn’t take into account how the Internet works,” said malware and vulnerability expert HD Moore, creator of Metasploit and CTO of Rapid7. “What they are debating is so far beyond sanity that it’s almost ridiculous.”

In a letter to Congress, David Ulevitch, founder and CEO of OpenDNS, said the two bills could be devastating to the economy and send jobs overseas if passed. Ulevitch said there is no way to censor illegal content without harming uses on websites as well.

“It’s likely that if SOPA and PIPA existed when I started my company, we would have incorporated outside of the United States and all of the jobs and investment that I have put into the economy would have been taken elsewhere,” Ulevitch wrote. “I expect many businesses will make the decision to incorporate elsewhere should this legislation pass, and it’s possible that existing corporations will relocate to more entrepreneur-friendly countries.”

Supporters of the two bills, mainly the U.S. Chamber of Commerce and the Motion Picture Association of America (MPAA), say the aim is to block access to rogue websites that share pirated movies, songs and other media.

“Rogue sites legislation will give our law enforcement the necessary legal tools to go after these online criminals who abuse the Internet from beyond our borders, and therefore, beyond the reach of our enforcement agencies,” said Mark Elliot, executive vice president for the Global Intellectual Property Center at the U.S. Chamber of Commerce. In an op-ed in The Hill, Elliot defended the bills and said opponents have gone too far with the technical issues that the bills would pose. “The techniques put forth to block these illegal enterprises are by no means new and are already in use to combat the likes of child pornography and malware or spammers.”

via: techtarget

Blip.Me turns your Smartphone into a walkie-talkie for free!

2011-12-28T13:00:00.001-05:00

Blip.me is a fun and free way to turn your Android or iOS device into a virtual walkie-talkie. You can send voice messages with it, even to people who don’t have an Android or iPhone, and even to people that don’t have the app. It also allows you to send voice messages using your data plan, rather than your texting plan, and it takes up hardly any space on your Smartphone’s internal memory.

Blip.me is a two part system that lets you send and get voice messages in the same way you would via a walkie-talkie system, but over your Smartphone’s data network instead of the standard voice minutes. Part one is the send interface, and part two is the receiving interface. Both are very similar, but they do work in very different ways. Put them together and you’ve got a nice innovation in instant messaging that could potentially save you a lot of headaches and eye-strain. It can also save you from nit-picky English Lit majors who are your friends but just can’t stop correcting your texts. I speak from experience!

Setup and sign up for blip.me is very easy and painless. Just download the app, install it, and go through a short registration that asks for your name and already has your phone number. Then, they send you a text message with your access code and you’re all set. Using blip.me is just as easy and simple as the setup process. You have the option to send the app via sms to anyone you’d like, or you can jump right in and start using it to send voice messages to anyone on your contacts list.

Once you choose a contact, there’s a very large button at the bottom of the screen that says “Hold and Speak” and it works just like that. As if you had a walkie-talkie in your hand. When you press the button, (the PTT or push to talk button), a cute, old-style Marconi microphone image swoops onto the screen and stays there as long as the button is held, to let you know that recording is in process. Hold the button down, speak your message, and let go. The message is automatically sent to the contact or contacts you chose. That’s pretty quick and easy, if I do say so.

I wanted to see what it was like from the receiving end so I sent myself a message using the blip.me app. It arrived almost instantly, and showed in my blip.me messaging window with a little black arrow indicating that it was a voice message instead of text. Pressing the ‘play’ arrow starts the message and that’s all there is to it. Fast, simple, effective. These are the marks of a good app and blip.me has them all. There are always new updates coming out, as well, offering new features and options.

But, you ask, why would anyone want to use this app? Well, to begin with, there are lots of times when I want to send a message by voice instead of text. Either because text can’t convey subtle meanings, or because I just want someone to hear my voice. Conversely, it’s always nice to hear someone’s voice instead of getting a text from them. Emotions often do not come through well in text. Additionally, looking at the current generation of Smartphone users, it has to be said that spelling and grammar, not to mention punctuation, are often thrown to the wind and you wind up getting messages that can be tough to decipher, written in “text-speak”. With blip.me, you don’t have that issue, because you can hear your friend’s words and you won’t have to guess what they meant to type. Now, it certainly is possible to call your friend and leave a message via voicemail, so the question is, why is blip.me better or different than that? First, blip.me will allow you to send longer messages than some voicemail boxes. Very few things can be as frustrating as being cut off by a voicemail box right in the middle of leaving your message. Second, the “blip”, as these voice messages are commonly called, will show up on their phone as a message immediately, instead of waiting for them to check their voicemail. They don’t have to call their voicemail box and enter their passcode and wade through all the voice prompts and other messages to get yours, and you don’t have to sit through 20 rings and the annoying message they have on their voicemail either. It’s a time saver, as well as removing many annoyances. Finally, using your Smartphone as a walkie-talkie is, for lack of a better term, just plain fun!

Since it is totally free to download, install and use, there’s no reason not to give it a try. Who knows, maybe blips are the next big thing and will replace texting in situations where it’s possible. Granted, the kids in school will still have to hide their phone under the desk to send text messages during class (not recommended, but we know it happens) but for other situations it will be easier. In the car, for example, you may want to send a message but texting and driving has been said by some experts to be even more dangerous than drinking and driving. Whether that is true or not, it sure is a lot easier to send a blip from your Bluetooth earpiece while driving than it is to type a message on your touch screen, and that has to be worth something.

So, give it a shot. The app has a very small footprint of around 4 MB, which is a boon since it has to be run from the phone instead of your SD card or other external storage device. For those of us that have little in the way of internal memory, this is a great thing. So get out there, get blipping, and you may find yourself saying ‘blip me!’ at social functions instead of ‘text me’.

Get blip.me here. Read the Frequently Asked Questions here.

via: freewaregenius

The Legitimacy of Android Apps and how to Check

2011-12-28T09:00:00.000-05:00

The Android Market was once again infiltrated by malware, as a handful of premium service abusers (which we detect as ANDROIDOS_RUFRAUD.A) posed as legitimate apps were uploaded to the site. A few users were able to install the malicious apps before Google took them down– a fast reaction due to the quick responses from vigilant users and security firms.

Although the malicious apps are now off the Android Market, we must all be consistently on guard for malicious apps that may be able to find their way there in the future. Especially with Android offering their 10-cent sale to celebrate their 10 billion downloads, users are more likely to install offered apps to take advantage of the apps’ low cost.

To help users keep their Android device malware-free as they load them with more cool apps, in this post we will point out some key items to keep in mind before installing apps:

Be familiar with the developer/s behind popular apps

Cybercriminals regularly leverage certain apps’ popularity and attempt to do so by imitating the popular apps. But since they can not pose as the original developers, the developer’s name can be a good indicator for legitimacy. For example, the real Android Market page for the game Angry Birds shows that it was developed by Rovio Mobile, while the malicious one was developed by a user named Logastrod.

Users can also check the developer’s profile for other apps. Google also offers developer ratings, as well as the status “Editor’s Choice” that can further validate the developer’s legitimacy.

The same goes for other information on the app’s web page, such as the app’s icon and name. If something’s seems amiss, then it’s probably better to skip downloading it.

Check the ratings and the number of reviews

It is also a good practice to check app ratings and user feedback for more verification. The user rating and feedback feature give people a more accurate view of the experiences users have when using or installing the app. You can find it just below the app icon.

Apart from the quality of the ratings and the feedback, the number of ratings or feedback themselves can also be a good measure. Popular apps tend to generate more ratings and feedback, so if a post for a popular app has very few ratings or feedback, it’s likely that it isn’t the real thing. This was the case with the recent fake apps found in the Android Market.

Do more research

Aside from the Android Market, there are also other sites that offer reviews of Android apps which can help users gauge the legitimacy of an application. Getting more feedback, preferably from different sources will definitely help verify the app’s quality.

This is very important especially since cybercriminals will also most likely try to fool users through feedback. They can post misleading reviews and give inaccurate ratings to trick the users into thinking that a particular app is legitimate. In the screenshot above, the review circled in red shows a false review for the malicious app, calling it “a good simulator” while the one circled in blue shows a real review from a real user.

These are just a few of the ways users can check if an app is legitimate or not. We think it is critical for users to have some sort of checking process before installing applications, especially since these apps gain access to phones’ resources, including stored user information.

Aside from following the guide above, users can also check other ways to keep their Android-based devices secure, as well as further understand the implications of certain permissions requested by Android applications.

via: trendmicro

Preview the New Dropbox App for Android with Bulk Uploads, Quick Access to Files Offline, and More

2011-12-27T13:00:00.003-05:00

Dropbox has released a preview build of its new Ice Cream Sandwich optimized Android app. The update packs in a user interface overhaul along with several new features.

The biggest new feature on top of the ICS support is the ability to upload photos and videos in bulk, but the new app also gets access to a favorites menu with offline access to files. The interface itself is streamlined with single-tap access to file and folder actions, an improved gallery view, and an option to rename files. It's still a preview build, but it's available now if you want to check it out for yourself.

Android Forum Build | Dropbox Forums via Droid Life

via: lifehacker

Fake Cops Hijack Computers, Demand Ransom for Locked Files

2011-12-27T09:00:00.006-05:00

Online crooks are spreading a nasty Trojan that spoofs the long arm of the law to trick victims into believing child pornography has been found on their computers.

When a victim receives a corrupt email containing the Trojan, or lands on a compromised Web page set up by the perpetrators, the worm exploits a vulnerability on the victim's system and then burrows its way into their computers and immediately goes to work, locking the computer and encrypting or deleting data stored on the hard drive, according to Microsoft researchers.

A banner then pops up — in the language of the victims — informing them that child pornography has been found on their computer, and that in order to clean up their system and unlock it, they need to wire money to the "supposed authorities," as Microsoft called the scammers.

While ransomware plots like this — malware that hijacks a computer, encrypts the files and demands a ransom to fix the problem — are nothing new, Microsoft researchers who detected this new Trojan say it's particularly dangerous because not only does it use the threat of child pornography to scare victims, but it is also designed to look as if it's backed by a federal police agency.

The Trojan that impersonates the Swiss Federal Department of Justice and Police is identified as Trojan:Win32/Ransom.FS, and presents a message that reads: "Attention! Illegal activity was detected. The operating system was locked for infringement against the laws of Switzerland … From this IP address, sites containing pornography, child pornography, bestiality and violence against children were browsed. Your computer also has video files with pornographic content, elements of violence and child pornography. Emails with terrorist background were also spammed. This serves to lock the computer to stop your illegal activities."

Microsoft also spotted emails that spoof the German Federal Police, the United Kingdom's Metropolitan Police, and the Spanish, Dutch and French police.

This sophisticated, serious scam is almost identical to one that appeared in early September, in which Russian cybercriminals deployed a Trojan threatened to turn victims in to the police unless they paid about $17 to rid their computers of nonexistent child pornography.

Researchers at Bitdefender pointed out that a similar scam that offers a "free trial" of a $69 recovery tool that will supposedly unlock all the encrypted, hijacked files. The free tool actually unencrypts three files, making it look like a viable solution and getting the scammers one step closer to victims' wallets.

via: securitynewsdaily

Old spam trick used to send Dusty old Malware

2011-12-27T04:00:00.000-05:00

“Your message could not be delivered”. It’s one of the oldest methods in the social-engineering-for spam-and malware-emails handbook. You are receiving notice that an email you sent has not reached its recipient – so sad.

And of course the attachment must contain the mysterious email. But it doesn’t. It contains a zipped variant of MyDoom malware. (First variants of MyDoom were sited on the 26th January 2004). The attachment has wall-to-wall VirusTotal coverage of nearly 98% (42 out of 43 engines).

Email Text:

Your message was undeliverable due to the following reason(s):

Your message could not be delivered because the destination computer was not reachable within the allowed queue period. The amount of time a message is queued before it is returned depends on local configura- tion parameters.

Most likely there is a network problem that prevented delivery, but it is also possible that the computer is turned off, or does not have a mail system running right now.

Your message could not be delivered within 6 days:

Host —– is not responding.

The following recipients could not receive this message:

via: commtouch

Free eBook Management with Calibre

2011-12-26T21:00:00.001-05:00

If you haven’t yet started using Calibre (pronounced Caliber) for managing your ebook collection, now is a good time to learn how to get started. Calibre is undisputedly the best ebook managing tool on the planet. And the best part is, it’s free.

Calibre can do everything from displaying ebooks in its ebook viewer to converting formats into something more compatible for a specific ereader. With it you can organize your entire ebook library any way that you choose, and sync all your content with your favorite reading devices. You can easliy edit all your ebooks’ metadata and descriptions. And Calibre can even search the internet and download metadata and book covers at the click of a button.

Additionally, you can set up Calibre to fetch RSS news feeds from around the web and automatically convert them into an ebook to be sent to your device, no subscription fee required. The news feeds are setup for many of the popular news sources like Newsweek, The Wall Street Journal, BBC news, and 100′s of others—or you can create a new recipe to collect an RSS news feed that’s currently not supported.

To get started, download Calibre from http://calibre-ebook.com/download. It’s available for Windows, OS X (Mac), and Linux.

Free Kindle eBooks for Christmas

2011-12-26T17:00:00.002-05:00

Below you’ll find a list of ebooks from the Kindle store that are temporarily free. There are tons of free Kindle ebooks available once again so I decided to hand-pick some of the better ones. These all have 4 stars and up.

Like always, these ebooks are free for a limited time and are likely free for US residents only. Kindle ebooks are compatible with all Kindle devices and Kindle apps for Android, iPad, iPhone, Blackberry, PC, Mac, Windows Phone 7, and the Kindle Cloud Reader.

17 Free Kindle Books

The Wedding Gift by Kathleen McKenna – 4.5 stars, 39 reviews, Mystery & Thrillers

Twice Dead by Kalayna Price – 4.5 stars, 33 reviews, Contemporary Fiction

Blood Rock by Anthony Francis – 4.5 stars, 22 reviews, Contemporary

Eleven Twenty-Three by Jason S. Hornsby – 4 stars, 11 reviews, Science Fiction

To Love Anew (Sydney Cove Series #1) by Bonnie Leon – 4.5 stars, 10 reviews, Historical

Faith (Brides of the West #1) by Lori Copeland – 4 stars, 25 reviews, Historical

My Lady Gisborne: A Love Story (The Gisbornes, Book 2) by Charlotte Hawkins – 4.5 stars, 12 reviews, Historical Romance

Napoleon’s Pyramids by William Dietrich – 4 stars, 58 reviews, Historical

Swallow by Tonya Plank – 4 stars, 47 reviews, Mystery & Thrillers

The List by J.A. Konrath – 4 stars, 173 reviews, Mystery & Thrillers

Finding Kate Huntley by Theresa Ragan – 4.5 stars, 18 reviews, Romantic Suspense

The Year She Fell by Alicia Rasley – 4 stars, 136 reviews, Contemporary Fiction

Borrowed Time by CJ Lyons – 4 stars, 54 reviews, Romantic Suspense

LATITUDE 38 by Ron Hutchison – 5 stars, 9 reviews, Social Sciences

Flee – A Thriller (Chandler Series #1) by Jack Kilborn, Ann Voss Peterson, J.A. Konrath – 4.5 stars, 63 reviews, Mystery & Thrillers

Throne by Philip Tucker – 5 stars, 7 reviews, Genre Fiction

White As Snow : A Christmas Story (Mysterious Ways #1) by Donna Westover Gallup – 4.5 stars, 7 reviews

via: the-ebook-reader

Re-gift Unwanted Presents and Recycle Goods

2011-12-26T13:00:00.000-05:00

Here's a great story that makes since during the Holidays from the treehugger Blog:

Not everyone puts as much thought and care into gift giving. So it’s likely you’ll get some clunkers for presents that miss the mark this holiday. Re-gifting is totally permissible, with some guidelines. My family and friends avoid the whole problem with a tradition of gifting “consumables” for the holidays instead of collecting more stuff. Spices and a recipe for Mulligatawny soup, persimmons from the bounty off the tree in my yard with a persimmon nut bread, soy candles, organic catnip and botanical hand balm – all from local artisans. Homemade treats are as old a tradition as bringing cookies to your neighbors.

But it doesn’t have to be just edible gifts. And now I follow a theme. Last year it was salt: Himalayan salt, flavored salts, bath salts and salted chocolate caramels. This year I was inspired by my fig tree (shown above with a Western bluebird) and made a batch of fig spread. I also included fig crackers, fig mustard in my "baskets," and I even found handcrafted fig soap.

An annual tradition are the delicious chili nuts my friend roasts which I share at the family dinner. But what about that ornament I was given for a tree I don’t have? Or the book I already read? The pink crocheted pillow? Another pair of gloves? The too-big earrings, too-sweet incense, the Christmas-themed scarf I’ll never wear, the sweater that doesn’t fit and I can’t return, that wallet I don’t need? Secret Santa gifts are notorious for wrapping up the $10 version of unnecessary stuff.

Wait for the Right Recipient and Recycle Wrapping, Too

I’ll find the perfect person for it and pass it on. There is some etiquette for this: you don’t want to hurt the gifter’s feelings, since most people don’t really want to know you didn’t like/want/need it. Wait to match items with the right recipient and appropriate occasion. And keep it in the original packaging. I also recycle gift wrap, make my own or have fun with recycled ribbons.

You could throw a white elephant party on New Year’s Eve where everyone brings one item and exchanges gifts. Maybe someone you know really could use a pen and pencil set. Just be sure the gift-giver isn’t attending and you’re not passing off more stuff no one will want. Gifts can be donated, too, as a form of recycling.

Re-gifting let's the gift keep giving. Perhaps you want to start a new tradition among your family and friends and let everyone know there’s no more room for stuff. There are more creative and fun ways to give.

via: treehugger

Security skills gap to become crucial in 2012

2011-12-26T09:00:00.012-05:00

The emerging threat in the developing cybersecurity skills gap is an issue (ISC)2 has highlighted throughout 2011, and 2012 will be the year when industry really begins to feel it, particularly in London with the Olympic Games coming to town, writes John Colley, CISSP, managing director EMEA, (ISC)2.

Research shows the average age of people in security is 40, with less than 10% under the age of 29. Looking back to 2008, 17% were under the age of 29. Further, we are expecting the workforce to nearly double by 2015. Where are the people going to come from?

Beyond the numbers, the demands on professionals are changing significantly. Chief information security officers today are at risk of losing insight into the systems that are driving business, with cloud computing, social networking, and numerous personal devices infiltrating the workplace, along with the easy-to-download applications these technology trends bring with them.

We have always managed technical change, but the current pace is unprecedented. These developments will ruthlessly expose the weaknesses in an organisation, while a skills disparity is sure to arise in a workforce experienced at securing corporate-driven systems. Here too, the ageing of our workforce is cause for concern, with a generation gap contributing to the challenge.

Addressing the security skills gap

This skills gap is clearly an issue that cannot be resolved in its entirety in 2012, but there are some concrete steps that should be taken.

As a professional organisation, the (ISC)2 is working hard with partners such as Cyber Security Challenge UK to develop more interest and support to encourage young people to consider a career in this field.

More generally, organisations need to review their competencies in recruitment and the measurement of success – both continue to focus too heavily on the highly measureable technical elements of the job rather than the softer skills that are increasingly considered key.

The London 2012 Olympic Games will be an interesting test of the market. This coincides with government recognition for the need for cyber defences and the Olympics, which earlier this month saw its security budget double, should be a showcase of its commitment.

New systems for the games will clearly call on security know-how; while increased requirements on existing infrastructures, such as border control, will also have an effect. You could compare it to the Y2K issue when companies faced a shortage of competent developers with the correct skills.

via: computerweekly

Kickstarter project gives your iPhone solar power

2011-12-25T13:00:00.000-05:00

Let's face it: Not everyone is happy with the battery life on their iPhone. New York's Douglas Tam thinks he may be able to help not just keep your iPhone alive, but to keep it green: The Monster Watts Hybrid Solar Battery Case not only keeps your iPhone safe in a durable case, but it also charges its battery (which is used to charge your phone) using solar power.

Using the power of the sun (hence the word "solar", which you probably didn't need me to explain), this case with an extraordinarily long name claims to nearly double battery life. It also boasts a thinner profile than a lot of other cases, including those with batteries inside, and even a little style with a bumper you can exchange for other colors as you like.

Here's a bit of what it has to offer:

A 2400 mAh lithium polymer battery-back up or charge iPhone
Efficient solar charger-automatically charges the battery pack
Built-in micro USB port (charge and sync)
Access to all buttons and ports
Replaceable color bumper-protects and fits your mood
Available in black or white-match your iPhone

Don't go looking for the Monster Watts Hybrid Solar Battery Case just yet; it's a Kickstarter project that's looking for $15,000 by January 19 and, to date, has only $162 in pledges. Those who support this project through Kickstarter will get a discount on the final product (as well as extra bumpers), so this might be a good initiative to back with a few extra bucks.

[Kickstarter]

via: itworld

Happy Holidays to all

2011-12-25T09:00:00.000-05:00

Me and mine wish all of you a Happy Holiday season.

I hope everyone can take some time and enjoy yourself this Holiday season.

Happy Holidays to all.

BBB warns against e-mail ‘phishing’ scam

2011-12-24T21:00:00.000-05:00

An e-mail phishing scam has prompted the Better Business Bureau to release updated advice for recipients to avoid transmitted malware.

BBB members nationwide have received e-mails with the organization name and logo and a subject line that says, “Complaints from customers.” The messages have a link or attachment that contains phishing malware that steals information, such as bank numbers and passwords, from computers.

To combat the widespread problem, the BBB recommends its members:

• Do not open attachments or click on links;

• Delete the e-mail from an inbox and again from a trash folder; and

• Run a full system scan using reputable virus software.

Previously the BBB recommended recipients run a full system scan only if they had clicked on a link or opened an attachment.

“But due to the virulent nature of the virus, the new recommendation is for everyone who receives it to do the scan. In offices or homes that are networked, all computers should be scanned,” according to the BBB.

Members who receive an e-mail from the BBB can take several precautions to authenticate it:

• Look for spelling or grammatical errors;

• Check to make sure the e-mail comes from the local BBB, not the national headquarters;

• Copy and paste the link into Notepad, which does not support html. If the link is fake, it will show the real link in the text; and

• If unsure, send a new e-mail to the local BBB to confirm a complaint.

The organization also recommends that all domain owners set up a sender policy framework (SPF) and set their spam filter to use it.

“Using the SPF standard helps fight spam and phishing attacks by allowing your email servers to verify whether an email is legitimate … or not,” said Chris Garver, chief information officer for the Council of Better Business Bureaus.

via: bizjournals

2011-12-24T13:00:00.005-05:00

The chief executive of telecommunications giant Comcast has been fined $500,000 by the US Federal Trade Commission (FTC) for violating antitrust laws.

The FTC said that Brian Roberts would be paying the fine to settle charges of failing to report stock purchases. The commission alleges that between 2007 and 2009, Roberts did not report a series of Comcast stock purchases he made.

By not reporting the purchases, the commission said that Roberts was in violation of a 2002 agreement made during a merger between Comcast and AT&T. At the time, Roberts agreed to a five -year window in which he could purchase voting shares in the company without the need to notify the FTC.

The commission alleges that after the expiration of the agreement in October of 2007, Roberts received shares in the company and continued to do so until 2009. The commission charged Roberts with violating the Hart-Scott-Rodino Antitrust act.

The FTC noted that Roberts will see a reduced penalty because the violation was believed to be unintentional and did not result in any financial gain. Additionally, the commission noted that Roberts had received faulty advice prior to the transaction.

The Comcast chief is not the first prominent IT executive to be connected to a stock scandal.

A pair of Apple executives were implicated by the Securities and Exchange Commission in 2007 over charges of backdating stock options. Similar charges have in the past been filed against executives at McAfee and Research in Motion.

via: v3

7 Ways Email Etiquette Helps Get Your Messages Delivered

2011-12-24T09:00:00.012-05:00

Over the years, spam filters have become extremely adept at filtering out junk email messages from your inbox. Unfortunately, they do too good of a job sometimes. Every once in a while, we may find that someone we sent an email to never received the message because their spam filter sent it straight to their junk mailbox.

False positives, as this scenario is referred to, can be a problem for both business and personal emails alike. Unfortunately, most people are under the impression that there is nothing they can do to prevent their emails from being falsely labeled as spam. They couldn’t be more wrong.

Spam filters often employ Bayesian filtering to determine if a message should be allowed to pass through to the recipient’s inbox, or if it should be cast aside as spam.

The way this filter works is by scoring the content for the entire message. By looking for certain flags in an email message and assigning each a value, the spam filter can ascertain if a message is spam by totaling up the score and measuring it against a pre-set threshold. Emails that score too high are discarded while those that are considered legitimate safely find their way.

Email etiquette

Most organizations address email etiquette in their email policies to help protect the company’s image. A poorly written email can be embarrassing to a company. It looks unprofessional and it can cost a company money in lost accounts and lost respect.

But emails written with etiquette in mind can also help keep them in good graces with the spam filters as well.

When emails are written the right way, they wind up looking less like spam. The following rules of email etiquette will show you just how taking the time to write your messages properly will help get them delivered.

1. Clean up the spelling and grammar

Poorly written English is one of the first things a spam filter looks for. Excessive spelling, grammar and wrongly used words are clues that the content is not legitimate. Take the time to run your messages through a checker before you send them. If your email client does not offer this, write important emails in a word processor so they can be checked prior to your sending them.

2. Don’t over use the cc: and bcc: fields

At times it is important to include other recipients on an email message, but the more people that you include the more your message looks like spam. Remember, spammers would lose money if they had to send email messages one at a time so they send them in large batches.

3. Include an email signature

Most spammers don’t use an email signature. You should because the spam filters have the ability to read whether or not a signature file is used .

4. Avoid abbreviations that are unnecessary

If you are sending an important email message then you shouldn’t use abbreviations like LMAO or LOL. First of all if you are conducting business you don’t want to look like a gossiping teenager. Second of all, these abbreviations look like gibberish used to fool the spam filters so what do they do? Count this against the total spam score.

5. Avoid all caps in the email and the subject

Some emails are more important than others. Parts of your email may be more important than others as well. But there are better ways to show this than by using all caps.

We all know that writing in all caps is rude, but it also makes your message look like spam.

6. Avoid colored text

Professional emails don’t need fancy dressings like fonts that look like handwriting, animated gifs and certainly they don’t need colorful text. While colors, especially red, are often used to call attention to certain parts of email message, or even to responses, they also call attention to the message itself in the eyes of the spam filter.

7. Use punctuation properly

It is hard to show emotion when writing an email message. To compensate, we often overuse certain punctuation marks and symbols. Most commonly, the exclamation mark !!!, the question mark ??? and the dollar sign $$$. Overuse of these are as bad as using all caps in the eyes of the spam filters.

via: allspammedup

Prepare Your Smartphone and Laptop Travel Toolkit

2011-12-23T16:00:00.025-05:00

If you're setting off on a road trip or a flight this weekend, chances are you're frantically searching for ways to stay connected and limit your boredom and hassles while travelling. Whether it's sniffing out Wi-Fi passwords or checking flight information, we've got your travel toolkit covered for smartphones and laptops.

Trick Out Your Smartphone

Whether you're travelling to a brand new land or retreading the same highways you take every year, loading up your smartphone with apps is a great way to prevent anything horrible from happening along the way (like being bored or without internet).

Find free Wi-Fi: If you're in a new town, you might not feel like asking every clerk at every shop you pop into for the Wi-Fi password. On iOS, you can use 4sqwifi, which uses Foursquare's resource of Wi-Fi passwords to sniff out locations you can log into. For Android try Wifi Tracker to help find local and free Wi-Fi hotspots using Google Maps.

Track your trip: Regardless of whether you're flying or driving, keeping track of an itinerary can be hard. Tripit makes things a bit easier by consolidating your flight, hotel, and rental car information into one place. The suite of mobile apps makes it simple to check on the go, provided you're using an iPhone, Android, Blackberry, or Windows Phone 7. If you want to check on your flight's status, FlightStat's Mobile Site is your best free option.

If you're driving, you might want to pick up Fuel Finder for iOS or Gas Buddy for Android to help you get the cheapest gas along the way. It comes in handy when you one reststop's price is significantly higher than the others.

Figure out the weather: Swackett for iOS is a weather app that not just tells you the temperature, it also helps you get dressed. It's a little silly when you're in your home climate, but if you're traveling somewhere with a totally different winter, it can help you figure out what to wear.

Keep yourself safe and ready for disasters: If you're taking a long road trip, you're probably going to go through some nasty weather along the way, but having wikiHow: How to and Survival Kit for iOS loaded up on you phone ahead of time will ensure you now how to deal with everything from escaping a car on the edge of a cliff to starting a fire in a snow storm. Other smartphone users can use the webapp to track similar information.

You may also need help locating a bathroom in a pinch, and being in a city you're unfamiliar with doesn't make that easy. For iOS, you can load up Bestroom to help you find the closest public restroom, or for Android, use Toilet/Bathroom Finder.

Make an exit plan: No matter how much you love your family, you will probably want to skip out at some point. Even if you're visiting your old hometown, it doesn't mean you know what to do. Goby for Android and iOS is a recommendation engine that tells you everything that's going on around you, ensuring you'll have a place to skip off to if need be. Yelp, of course, is another option.

Tether: If you have a smartphone with a data plan, you might as well use it to let your laptop get an internet ride as well. PDANet for jailbroken iPhones and Android is our go-to for the best tethering app because it can hide the fact you're tethering. If you're not jailbroken, you don't have a lot of options, but the $20/month through your carrier might be worth it if you'll be nowhere near Wi-Fi for an extended period of time.

Prep Your Laptop for Travel

If you want to get a bit of work done while you're travelling, or you just want to keep your laptop handy to watch movies, you should load up a few programs before you leave the house.

Get your files synced: It's easy to forget that you might not have internet wherever you're going, so if you're using cloud storage service like Dropbox, remember to pop open the laptop and let it sync before you leave. If you're not, here's a brake down of the main contenders to help you choose the right service.

Find Wi-Fi: Skype is giving out free Wi-Fi at over 50 airports this holiday, but if you're not travelling on a plane or visiting one of the cities they're supporting, you might need to tap into free Wi-Fi at some point. iStumbler for Mac and WeFi for Windows can help you find an open Wi-Fi network wherever you are. Just be sure you prepare your computer for safely browsing on public Wi-Fi before you leave.

Get access to your home computer: There's always a good chance you'll forget something on your home computer, so it's not a bad idea to set up a remote login on your home computer and your laptop before you go. You have plenty of options out there, but LogMeIn is one of the simplest to use.

Don't Forget The Extra Gadgets

Depending on where you're heading, a few additional gadgets might also help you out along the way. That includes an emergency battery charger like the HyperJuice battery for your laptop or smartphone that can help prevent your tech from going dry while on the road or a plane.

If you're not comfortable or can't tether your laptop through to your phone for internet, MiFi works with most carriers and will do in a pinch. Just be aware you'll probably have some extra fees.

If you're hitting up airports or coffee shops in a new town, don't forget to load up a flash drive as privacy toolkit to keep you and your computer safe while you're jamming up the truck stop Wi-Fi trying to find new podcasts for the road.

With all of your gadgets properly loaded up, you should be able to spend less time dealing with setting things up and more time ignoring whatever family argument is going on at the moment.

via: lifehacker

Blockbuster Giving Away Free Batteries on Christmas Day

2011-12-23T13:00:00.007-05:00

Don't let a little thing like "batteries not included" ruin your Christmas cheer – on Christmas Day, Blockbuster L.L.C. will be giving away free batteries in all stores, while supplies last. Open from noon – 10 p.m., Blockbuster will power up those Christmas toys with two packs of either AA or AAA batteries. And for those with even more needs, additional battery packs will be available for only $0.99.

While in-store, customers can make use of their entertainment gifts immediately, whether it's picking up the latest movies for that new Blu-ray player, finding the perfect game for your new X360, PS3 and Wii, or hooking up your new HD device with HDMI cables for only $9.99.

"We know that 44 percent of consumers want the gift of entertainment, and that's why we are keeping our doors open on Christmas Day," said Kevin Lewis, chief marketing officer of Blockbuster. "Everyone is excited by their new toys and no one should have to put their fun on pause."

Still Need Gift Ideas?

Blockbuster has a variety of last-minute gifts available starting at $4.99. You can find gifts for everyone on your list, including the Blockbuster Kids Pass for unlimited in-store kids and family movie game rentals; Blockbuster By Mail subscriptions, where your friends and family can receive Blu-ray – at no additional charge – and DVD movies and video games; or the "Build Your Own Box Set" of 3- or 5-disc sets of new or previously viewed movies in a festive gift box that doesn't need wrapping.

For your Christmas Day batteries or last-minute shopping, visit http://www.blockbuster.com/stores/storelocator/findStoreResults to find a store near you.

Follow Blockbuster on Twitter (twitter.com/blockbuster) and Facebook (facebook.com/blockbuster) for new exciting deals or visit www.blockbuster.com/stores.

via: prnewswire

How SOPA could threaten Internet security

2011-12-23T09:00:00.014-05:00

The U.S. House of Representatives discussed the Stop Online Piracy Act (SOPA), a proposal that would give the U.S. Government new tools to fight the online sale of infringing or counterfeit goods.

We are aware of the ongoing legal and policy complexities involved in balancing protection of intellectual property rights with censorship concerns, and does not advocate a particular solution to that challenge. Yet, as a trusted security adviser and online crime fighter, there is needed a injection of some caution into the discussion.

SOPA has real and serious implications that could undermine the overall health and security of the Internet. It could actually make life easier for the criminals it is supposed to thwart.

This is because SOPA could negatively affect the Domain Name System (DNS), which is a fundamental building block of the Internet. Indeed, DNS is critical to everything that makes the Internet function.

DNS links numerical Internet addresses (such as 192.168.1.254) into friendly Uniform Resource Locator (URL) addresses that humans can easily use and understand.

A URL is certainly easier to remember than its numeric IP address.

Making changes to how DNS works, especially sudden changes, could inadvertently undermine everyone’s Internet security.

Here’s how:

First, the DNS filters that would be required to enforce SOPA could be easily defeated, rendering them useless. Criminals could develop ways to redirect users to DNS servers outside the U.S. and SOPA’s influence, and users may even look for these foreign and/or unregulated DNS servers if the sites they are trying to locate have been blocked in their ISP’s DNS as a consequence of SOPA.

Right now, Internet Service Providers are the primary providers of DNS services. Moving away from them to a greater number of private DNS servers could harm efforts that rely on DNS data to detect and mitigate security threats, and would fracture the global DNS hierarchy.

Many people who do not like SOPA -based access limitations will doubtless start using DNS servers outside the US, effectively bypassing SOPA. Predictable global DNS hierarchy benefits the totality of seamless Internet functionality and security, which SOPA could undercut.

The legislation as proposed could undermine the universality of domain names, endangering the basic functionality and ease-of-use of the Internet.

Existing dependencies within the DNS could be broken, posing significant risk of collateral damage to “innocent bystanders” such as legal sites and their users. Sites with no infringing content could be blocked with limited ability to be quickly unblocked.

If that happened on Cyber Monday, for example, an Internet retailer could potentially be forced out-of-business.

The U.S. Government and private industry have created new technology, called Domain Name System Security Extensions (DNSSEC), which play a key role in a wider cyber security strategy.

Many private enterprise and governmental networks have invested in DNSSEC deployment. The site redirection envisioned by the legislation is inconsistent with, and could undermine, DNSSEC security deployment altogether.

Bottom Line:

We all know the serious threats the Internet faces and work hard to fight them. We appreciate and welcome the interest government has shown in making the Internet a safer place.

However, if implemented as currently written, SOPA and its companion bills could encourage the same behavior that DNSSEC has been created to stop. And it does so with the force of law in the U.S, but is almost certain to be ignored elsewhere.

SOPA could expose networks and users to increased security and privacy risks. Certainly not the intent of its supporters.

The Internet’s Domain Name System is a key building block responsible for the Internet’s huge success. SOPA with well-meaning and unintended consequences could affect stability and security of the entire Internet and all its users.

References:

Experts Urge Congress to Reject DNS Filtering from PROTECT IP Act, Serious Technical Concerns Raised

Technical Comments on Mandated DNS Filtering Requirements of H. R. 3261 (“SOPA”)

Former DHS Assistant Secretary Stewart Baker On SOPA 2.0: Still A Disaster For Cybersecurity

via: trendmicro

Toys R Us Will Be Open For 112 Hours Straight Before Christmas

2011-12-22T16:00:00.000-05:00

Toys R Us is giving last minute holiday shoppers a break this year, thanks to round-the-clock shopping right up until Christmas.

Toys R Us stores nationwide will stay open for 112 hours straight starting at 6 a.m. Tuesday and continuing through 10 p.m. on Christmas Eve, the toy giant said Monday.

This is the second year in a row the retailer has remained open for 24-hour shopping in the days before Christmas.

"For the second consecutive year, our stores will remain open continuously during the days leading up to Christmas, allowing shoppers more time and more ways to shop with Toys R Us than ever before," Chief Marketing Officer Greg Ahearn said in a statement.

The toy retailer's flagship in Times Square is staying open even longer. That store has been open since 6 a.m. on Friday, Dec. 16 and will not close until Christmas Eve.

During that time, Toys R Us also said it there will be additional discounts on Tuesday and Wednesday.

The limited-time offerings include a free $35 gift card with the purchase of any Nintendo 3DS handheld system, half off Barbie beach dolls and buy one get one half off on Moxie Girlz Magic Hair, Sisterz and Dazzle Dance dolls. The same deals will also be available on Toysrus.com.

Fourteen Macy's stores, including its Herald Square flagship, will also stay open continuously from Wednesday until 6 p.m. on Christmas Eve and Target (TGT, Fortune 500) has extended store hours from 8 a.m. to 11 p.m. until Dec. 23. Other retailers were not immediately available for comment on their plans.

via: cnn

8 free Wi-Fi security tools

2011-12-22T13:00:00.000-05:00

Even if you have an enterprise-level Wi-Fi spectrum analyzer, like Wi-Spy or AirMagnet, free Wi-Fi tools can also come in handy. You might use them during the planning or installation stages of your wireless LAN, while troubleshooting, or when performing maintenance. They could even serve as your primarily tools in smaller and less-complex environments.

Here are several free programs you can use to do Wi-Fi stumbling and surveying on all the popular platforms -- Windows, Mac OS X, and Linux. You'll be able see all the nearby wireless access points and their details, including channels, signal levels, and MAC address.

NetStumbler

NetStumbler is one of the oldest and most known Wi-Fi stumblers and runs on Windows and Windows CE/Mobile. It lists nearby APs and displays their basic details: SSID, channel, speed, MAC address, vendor, and encryption. Unlike most other stumblers, it also shows the signal, noise, and signal-to-noise ratio levels. Additionally, it has GPS support to record AP locations when wardriving.

Keep in mind, NetStumbler hasn't been updated since 2004. It may not run well on Windows Vista or 7, or even 64-bit Windows XP. Additionally, it doesn't show the real encryption methods of APs. If an AP has encryption enabled it's always marked as WEP, regardless if it's WEP, WPA, or WPA2.

Vistumbler

Vistumbler is a newer open source stumbler first released in 2007 and updated as recently as 2010. It displays the basic AP details, including the exact authentication and encryption methods, and can even speak the SSID and RSSI of APs.

Similar to NetStumbler, you can view a list of all APs or drill down to those categorized by authentication, encryption, channel, network type, and SSID. You can also view graphs of the AP signals in addition to viewing text readouts. It's highly customizable and offers flexible configuration options. In addition to basic GPS support to record AP locations, it supports live tracking within the application using Google Earth. However unlike NetStumbler, Vistumbler only gives you the signal levels and doesn’t include the noise levels.

InSSIDer

InSSIDer is a relatively new open source Wi-Fi stumbler. It shows the usual list of AP details, but doesn't show the exact authentication method. Like most other stumblers, inSSIDer doesn’t include the noise or signal-to-noise (SNR) values; it just gives you the RSSI values.

However, it features very intuitive graphs. The time graph shows the signal levels (in dB values) of each AP for the past 5 minutes. Then there’s a graph for each 2.4GHz and 5GHz channel, showing the current signal levels and channel width usage of each AP. And you can filter out APs based upon the AP's band, channel, signal, security, and age status. It also features GPS support and lets you export to Google Earth.

NetSurveyor

NetSurveyor is a free but closed source Wi-Fi stumbler and basic analyzer last updated in 2009. It displays the basic AP details, but doesn't specify the exact authentication or encryption method (it just indicates Yes or No for encryption) and doesn't offer any customization.

Though NetSurveyor doesn’t report noise levels, it does offer more graphs than most other free stumblers, including AP Timecourse, AP Differential, Channel Usage, Channel Timecourse, Channel Heatmap, and Channel Spectrogram. It can also record data for extended periods and play it back in the future. You can create useful reports in Adobe PDF format, which includes a snapshot of the AP details and all the graphs.

Kismet

Kismet is a free and open Wi-Fi stumbler, packet sniffer, and intrusion detection system for Windows, Mac OS X, Linux, and BSD. It shows the AP details, including the SSID of "hidden" networks. Plus it reports the noise levels and gives you the signal-to-noise values. It can also capture the raw wireless packets to a PCAP file, so you can import into Wireshark, TCPdump, and other tools.

Kismet, however, in Windows only works with CACE AirPcap wireless adapters due to the limitation of Windows drivers, though it does support a variety of wireless adapters in Mac OS X and Linux.

Xirrus Wi-Fi Inspector

Xirrus Wi-Fi Inspector is a free but closed source Wi-Fi stumbler and basic analyzer. Along with displaying all the usual AP details, it shows a radar view and 8-mintue signal history graph. It also displays the signal and address info for any current connections. Additionally, it offers a simple tool to test connectivity of the main network components, and shortcuts to Web-based speed and connection quality tests. Its export feature lets you save a snapshot of the AP details to a CSV file.Though it doesn’t let you save AP names, it lets you customize some settings, such as the signal unit type (dBm or percentage), RSSI method, and polling interval.

Meraki WiFi Stumbler

This is a simple Web-based stumbler, freely available on the Meraki website. It runs in most browsers on Macs and PCs, and even works when offline. It displays most of the basic wireless details (with signal levels in percentages) and offers a bar graph of APs per channel.

It doesn't allow any customization and doesn't offer any additional functionality beyond displaying the network basics and letting you perform searches of the data. However, this stumbler is still useful if you want to check wireless signals from a computer that doesn't already have a stumbler installed.

f you're a Mac user, you might consider using the KisMAC stumbler and security tool, similar to Kismet. It also reveals "hidden" SSIDs. Along with the other basic details, it can show the AP's clients (with MAC Addresses, IP addresses and signal strengths). Plus it reports the noise levels and gives you the signal-to-noise values. It also supports GPS and mapping, and PCAP import and export. It even includes tools to attack Wi-Fi networks for penetration testing.

via: infoworld