IT Support and Hardware for Clinics
38.4K views | +3 today
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...!

What Is "the Cloud" — and Where Is It?

What Is "the Cloud" — and Where Is It? | IT Support and Hardware for Clinics |
There's at least one funny joke in Sex Tape. While frantically trying to cut off access to the amateur porn vid he accidentally uploaded to iCloud, Jason Segel tries to explain why deleting the file won't work. "Nobody understands the cloud," he says. "It's a fucking mystery!" He's kind of right.

"Cloud" is a buzzword that vaguely suggests the promise and convenience of being able to access files from anywhere. But the reality is that the cloud is hardly floating like mist above our heads — it's a physical infrastructure, its many computers housed in massive warehouses all over the world. And yet as long as it's easy read email on our phones and watch movies on our laptops, we generally don't take the time to wonder where our data actually goes, how it gets there, and what happens to on its way.

What is actually happening when you punt your files, photos, and videos up to servers owned by Apple, Google, and Amazon? Let's peek behind the cloud, and face reality.
Origins of Cloud Computing

While the term "cloud computing" has only entered the public's lexicon in the past 10 years or so, the idea's been around for decades. Cloud computing basically refers to a process of sharing resources to optimize performance. Practically speaking, that means using a network of computers to store and process information, rather than a single machine.

The early days of computing actually leaned heavily on a pretty similar concept. Back in the 1950s, when computer mainframes were the size of a room, users would log on to a dumb terminal to take advantage of the machine's processing power. (They're called dumb terminals because they can't really do much of anything without the mainframe.) This time-sharing model is pretty analogous to the way cloud computing works on the internet today. But instead of one massive mainframe in the middle of a room, we rely on a global infrastructure of servers and data centers to do the heavy lifting.

By the time the 90s rolled around, it was pretty clear to the cyber-prophets of days gone by that the future would enable the whole world to share resources. Engineers started using a drawing of a cloud to refer to this network in patent drawings in the mid-90s. Compaq engineers coined the term "cloud computing" in late 1996, and less than a year later, Steve Jobs described a proto-iCloud at WWDC:

It was pretty revolutionary at the time. You store your files one place and you can access them from any device. Fast forward to the iPhone era, and it's easy to forget the dark ages, when you actually had to burn CDs and tote around external hard drives. Now you start watching a movie on your laptop, switch to your tablet, and finish it on your phone without missing a scene.

Let's back up for a second, though. The idea of cloud computing is almost metaphysical. In more practical terms, however, the applications of cloud computing tend to revolve around one key feature: storage.
Life Without a Hard Drive

A wonderful thing happened about a decade ago. Thanks to a confluence of factors, lots of computers started getting persistent, high speed internet connections. Not long thereafter, mobile devices started getting the same thing. So if devices are always online, and data transfer speeds aren't abysmal, why not just store all the software and storage online?

That's essentially where we're headed with the 21st century notion of cloud computing. Cloud computing means that your laptop works less like a standalone computer and more like a dumb terminal. Ever used a Chromebook?

From a technical point of view, leaning on the larger network of computers in the cloud makes great sense. Suddenly, you don't need to worry as much about hardware specifications, like RAM or hard drive space, because the network can do the heavy lifting.

Distributing the load across lots of powerful servers means web-based applications can run more dependably and efficiently. These servers are constantly updating, and those web apps more or less always work. If one server crashes, there are others to pick up the slack. Your IT department at work probably loves this idea.

Those are the broad strokes of cloud computing. What people sometimes blindly refer to as "the cloud" is something a little bit different.
The Truth About "the Cloud"

Cloud computing is wildly popular at the enterprise level, where IT managers are focused on maintaining stable systems that are used by hundreds or thousands of employees. Most consumers encounter the cloud on an individual basis, however, with cloud storage. Where's that sex tape? It's in the cloud. But wait, what's the cloud? It is not a giant hard drive in the sky.

When you store something "in the cloud," you're actually storing it in a very physical space. That file slides across the wire and then lives on a physical server—usually more than one—in some far flung place. And depending on which cloud storage service you use, that file is now in the possession of a giant corporation to whom you probably pay a monthly fee. Anybody who's ever used Dropbox knows that this makes it incredibly convenient to access files or to share files from any computer with an internet connection.

In the past, you just bought a computer with a hard drive inside and stored your files there. Now, you pay a company like Apple or Google to store the file remotely and provide you with access when you ask for it.

If your data lives "in the cloud," it actually lives on a company's server, and you more or less pay a membership fee to work in that company's sandbox. Depending on that company's terms of service, you may or may not actually own or control that data once it lives in cloud storage. This raises a few glaring concerns in terms of security and privacy.
Storms Ahead

The Sex Tape example is a terrific analogy for how helpless you can be once you've uploaded something to the cloud—terrible movie, terrific analogy. Once your data's in the cloud, you've lost some basic control over it. If you upload a file to a cloud storage service like iCloud, Google Drive, or Amazon CloudDrive, you're actually making copies of that file. The file likely lives on several servers in case Godzilla attacks one of the data center or something, so if you want to delete that file, you're trusting the company to delete all of the copies.

As we've seen in the past, this doesn't always happen like it's supposed to. So you're not really in control of your data if you're not in possession of it. You're just not.

Let's say the police want to have a look. Depending on its particular privacy policies, the company you picked for your cloud storage can actually hand over your data whenever the authorities ask them. Sometimes, the cops don't even need a warrant. Companies like Google publish transparency reports on a regular basis that show how many hundreds of times this happens every year.

So just keep that in mind next time you're uploading something to Google Drive instead of storing it locally. The cops would need a warrant to break down your door and go searching through your personal hard drive. The process of getting information from Google is somewhat more streamlined.

Once you're at the stage where you're uploading files to Apple's servers, you've already agreed to the company's terms of service. (By the way, those terms of service probably failed to clarify who actually owns the data in the cloud.) The shitty part about this concern is that you can't do much about it, except trust the company storing your data and hope nothing bad happens.

Granted, tracking down deleted files and worrying about warrantless police searches don't necessarily affect the average person on a daily basis. However, the concern that a hacker could get ahold of sensitive information should be. Look no further than the catastrophic iCloud hack to understand how this is a very real concern.

What you can do is encrypt data before you upload it to the cloud. Here's how.
What's Next

The cloud is convenient. That fantasy that Steve Jobs described in 1997 is now a reality for a lot of people, and that's awesome. The cloud so awesome that the world's biggest technology companies are scrambling to find out how to make the most money they can off of it.

For now, the monthly fees you pay for cloud storage are comparable to what you'd pay for an external hard drive back in the day. The advantage is that you can access the data from anywhere and never have to worry about the data disappearing—probably. The disadvantage is that you don't have as much control over the data and never really know what's being done with it, and could be hard-pressed to make it disappear if you want it to go away.

Google was already talking about how to put advertising on the cloud nearly a decade ago. The dystopian future in which you'd have to watch pre-roll ads just to update your resume is not as dystopian as you might think.

Cloud storage is just one aspect of cloud computing, though. While the promise of this very 21st century technology is exciting, the reality of living in a world where we all carry around dumb terminals and depend on a for-profit entity to manage our data is sobering. This doesn't mean you should use iCloud or Google Drive or Dropbox or OneDrive or CloudDrive. It just means you should know what you're really doing when you're using them.

The cloud isn't magic. It's a business.
No comment yet.!

How NSA Hacked North Korean Hackers

How NSA Hacked North Korean Hackers | IT Support and Hardware for Clinics |

The U.S. government's attribution of the Sony Pictures Entertainment hack attack to North Korea stems, in part, from the U.S. National Security Agency having infected a significant number of North Korean PCs with malware, which the intelligence agency has been using to monitor the country's hacking force.

So says The New York Times, which bases its report, in part, on interviews with unnamed former U.S. and foreign officials, as well as a newly leaked NSA document. The document, published Jan. 17 by German newsmagazine Der Spiegel - and obtained via former NSA contractor Edward Snowden - details how the NSA worked with South Korea - and other allies - to infiltrate North Korea. The agency reportedly infiltrated at least some of these computers by first exploiting systems in China and Malaysia that help manage and administer North Korea's connection to the Internet.

According to the Times report, the hacked computers have given the NSA an "early warning radar" against attacks launched by the Pyongyang-based government of North Korea. Related intelligence gathered by the NSA also reportedly helped convince President Obama that North Korea was behind the Sony Pictures hack.

North Korea's Reconnaissance General Bureau intelligence service, as well as its Bureau 121 hacking unit, control the vast majority of the country's 6,000-strong hacking force, some of which operates from China, according to news reports.

Fourth Party Collection

Some of the evidence of the NSA's ability to monitor North Korean systems comes from a leaked NSA document, which appears to be a transcript of an internal NSA question-and-answer discussion that's marked "top secret" and is restricted to the U.S. and its Five Eyes spying program partners: Australia, Canada, New Zealand and the United Kingdom. The document refers to the NSA's practice of "fourth party collection," which involves hacking into someone else's hack, according to a Der Spiegel report.

The document relays an episode that involves North Korea: "We found a few instances where there were NK [North Korea] officials with SK [South Korea] implants [malware] on their boxes, so we got on the exfil [data exfiltration] points, and sucked back the data," the document reads.

Der Spiegel reports that this practice, which is employed by the NSA's Tailored Access Operations team, has been used extensively to undermine many hack attacks emanating from Russia and China and has allowed the NSA to obtain the source code for some Chinese malware tools.

But some attacks against U.S. systems did succeed, and one leaked NSA document says that as of several years ago, 30,000 separate attacks had been detected against U.S. Defense Department systems, 1,600 systems had been hacked, and related "damage assessment and network repair" costs had exceeded $100 million.

The NSA document also discloses that South Korea in recent years has begun attempting to hack into some U.S. government systems.

The FBI has previously said that its attribution of the Sony Pictures hack was based in part on intelligence shared by the NSA, although that attribution did not single out the North Korean government, thus leaving open the possibility that pro-Pyongyang hackers or even mercenaries may have also been involved.

The Role of Botnets

On the attribution front, meanwhile, documents newly published by Der Spiegel - and leaked by Snowden - have detailed an NSA program, code-named "Defiantwarrior," which involves the NSA using infected nodes - or zombies - in a botnet. When such nodes are traced to U.S. computers, the FBI reportedly uses the information to help shut down those parts of the botnet. But when nodes are discovered on computers in countries outside the Five Eyes program, the NSA - according to the leaked documents - may use these to launch attacks against targets. While such attacks might be traced back to the botnet node, this practice reportedly helps the agency launch attacks that are difficult - if not impossible - to attribute back to the NSA.

Did NSA Keep Quiet?

The report that the NSA had hacked into many of the systems employed by the North Korean military, and was monitoring them, has prompted information security experts to question whether the agency knew about the Sony Pictures hack and failed to stop it.

"If the NSA were secretly spying so comprehensively on the networks used by North Korea's hackers, how come they didn't warn Sony Pictures?" asks independent security expert Graham Cluley in a blog post.

If the NSA did detect signs of the Sony hack planning, reconnaissance and actual attack unfolding, however, then it might have declined to warn the television and movie studio to avoid compromising that monitoring ability, says Europol cybersecurity adviser Alan Woodward, who's a visiting computing professor at the University of Surrey in England. Similar questions have been raised in the past, for example, over the World War II bombing of Coventry, England, by the Germans, and why - if the British had cracked the Nazis' secret Enigma codes - the U.K. government didn't evacuate the city.

Another outstanding question is the extent to which the leadership of North Korea suspected - or knew - that their computer systems may have been infiltrated by foreign intelligence services. "Presumably, the cat is now out of the bag," Cluley says. "These news stories may take some of the heat off the [United] States from some of those in the IT security world who were skeptical about the claims of North Korean involvement, but it also tips off North Korea that it may want to be a little more careful about its own computer security."

Szymon Mantey's curator insight, January 19, 2015 2:28 PM

Poradnik w jak łatwy sposób zostac shakowanym przez skośnookich  w ktorym to kradną nasze dane osobowe a NSA nie ejst wstanie nic z tym zrobić...!

Throwing Gadgets In the Trash Will Be Illegal in New York Starting 2015 

Throwing Gadgets In the Trash Will Be Illegal in New York Starting 2015  | IT Support and Hardware for Clinics |

Throwing away a dusty, broken printer or a intensely cracked old iPhone will be against the law in New York starting in 2015. A new "e-waste" ban goes into effect in the new year, making it illegal to put your discarded VCRs and underused iPods in the garbage. People who do can get fined $100 per item.

This isn't the only law against putting old electronics in the trash. There are 20 states with disposal or landfill bans for electronics. The specifics vary from state to state, but generally anything with a circuit board that has come to the end of its lifespan as a usable product fits under the umbrella. California has some of the strictest regulations on e-waste, and considers old electronics in the same category as hazardous waste. The cathode ray tubes in old TVs and monitors contain lead, cadmium, silver, and gold, all varying degrees of bad to put into the ground.

Whether or not you're legally obligated to keep your ancient Zune out of the trash, there are plenty of opportunities to get rid of old gadgets in better ways. People can use manufacturers' take back programs to get rid of old electronics and avoid a fat fine (and, you know, not further pollute). In many cases, that means you can drop electronics off at Best Buy. You can also often mail them back to companies like Dell and Apple. There are also drop-off centers in many major cities. In New York, for instance, you can bring your old gadgets to the Lower East Side Ecology Center. In California, many campuses offer electronic drop-offs, including Stanford.

Still, many manufacturers and sellers of electronics remain apathetic. Target, unlike Best Buy and Walmart, doesn't have a take back program. Even companies with programs often use recyclers that are not certified to the e-steward standard. This lack of accountability has already led to "recycling" programs that do little more than roundup old electronics in the U.S. and dump them in places like Guiyu, China.

Even the most advanced, beautifully crafted products degrade over time. As long as there are phones and computers and monitors and any other gizmo with a circuit board, there will be phones and computers and monitors that people want to abandon for something newer and faster. Making it easier to do so in a way that doesn't trash the planet even more is something that should be encouraged, and then forced if encouragement doesn't cut it.

Laws like the New York will incentivize people to not dispose of their old gadgets the easy and bad way by dangling a punishment, but that's only half the solution. It's important that manufacturers actively work to make choosing the ecologically friendly option more appealing than risking a fine, and that the rest of the country steps up to the plate in the meantime.

No comment yet.!

Uh-Oh, Microsoft: Chromebooks Were The Best-Selling Computers On Amazon For The Second Holiday In A Row

Uh-Oh, Microsoft: Chromebooks Were The Best-Selling Computers On Amazon For The Second Holiday In A Row | IT Support and Hardware for Clinics |

For the second holiday shopping season in a row, Chromebooks were the top-selling computers on Amazon, Amazon reported Friday.

That's bad news for Microsoft and its hardware partners, which have shifted their Windows 8 computer strategy this year by offering cheaper models. For example, the HP Stream laptop, which got pretty good reviews, only costs $200 and comes with a lot of free software like Microsoft Office.

Amazon reported that the top-selling computers were the Acer C720 Chromebook ($228), ASUS 13-inch Chromebook ($220), and the HP 11-2010nr Chromebook ($198).

Chromebooks are computers that run Chrome OS, which is essentially just the Chrome web browser with a few extras. They're typically very cheap, around $200 or $300, and only good for basic computing like browsing the web, watching YouTube videos, and emailing. 

Last year, Chromebooks made up two of the top three selling laptops on Amazon during the holiday shopping season.

Of course, there some caveats. Amazon didn't give the specific number of laptops sold. Plus, Windows devices still make up the bulk of the PC market. Chromebooks are only a tiny sliver of the market.

Finally, Microsoft is getting ready to release a new version of Windows called Windows 10, which is supposed to fix a lot of the gripes people have with Windows 8. Now that Microsoft has stopped support for Windows XP, Windows 10 has the potential to kick off a massive upgrade cycle and reinvigorate the PC market a bit. Microsoft is holding an event on January 21 to unveil even more features in Windows 10.

At the same time, Amazon's stats point to a real trend in personal computing these days. We use phones and tablets for a large portion of our activities. There's little need for a lot of people to spend $1,000 on a computer when all they want to do is surf the web and check Facebook. A $200 Chromebook is good enough.

No comment yet.!

The Hackers' Shocking, Pointless Defeat of 'The Interview'

The Hackers' Shocking, Pointless Defeat of 'The Interview' | IT Support and Hardware for Clinics |

The latest, strangest turn in the Sony hack saga, an ongoing sequence of cyber-attacks seemingly motivated by Seth Rogen and James Franco's "assassination of Kim Jong-un" comedy The Interview, has a film studio taking a seemingly unprecedented step: letting movie theaters pull the movie entirely in the wake of terrorist threats. The film was due for release on Christmas Day and now may not be shown in any theater—certainly not the major chains (AMC, Regal, Cinemark, Cineplex) that most Americans attend. It's a shocking turn, especially since it's motivated by extremely vague threats ("The world will be full of fear…remember the 11th of September 2001…we recommend you to keep yourself distant from the places at that time.").

In one obvious sense, then, the terrorists have won. But if their goal really was to prevent people from seeing Kim Jong Un’s fictional assassination, then it may turn out to be a pointless victory.

It remains to be seen how this situation will play out exactly—but it’s easy to guess. Within hours of The Interview getting yanked from theaters, news hit that Sony is apparently considering a premium online release for the film. That seems like the most logical step—both from a profit standpoint and a safety one. Sony stands to lose millions in this whole affair, not to mention whatever penalties they might owe the film’s creative personnel, so any money that could be recouped on VOD would help offset that. It also makes a certain sense that theaters are acting in unison on this—as vague as the threat might be, it would take just one incident to create enormous liability for them. The New York Times pointed out that shopping malls, in which many theaters reside, helped lobby for the decision to avoid screening The Interview.

The Interview could very well benefit, in a cruel and unusual sort of way, from all this bizarre publicity.

Still, many are pointing out the scary precedent of Sony bowing to unspecified threats, especially when the Department of Homeland Security said the threats were not credible. Say someone disagrees with the premise of an upcoming film—one that deals with a hot-button issue like abortion or race, for example. If a terror threat gets called in, would theaters be compelled to make the same decision they made here? Though the Sony hackers have displayed their might in a sense—by ripping hundreds of terrabytes of information from its private servers to publicly embarrass the company—they haven’t demonstrated the capability to make good on the more horrifying threat they made Tuesday.

The Internet has enabled the hackers’ power, but it has also neutered them: The Interview will almost certainly be seen, whether in theaters or not. In 1990, a similar situation would have doomed a film to utter obscurity. Even in 2001, the Arnold Schwarzenegger action vehicle Collateral Damage, which was due for release on October 5, 2001 and was pushed to the next February because it depicted a bomb attack in the U.S., was basically forgotten outside of that pop-culture history footnote. But because of on-demand technology, The Interview could very well benefit, in a cruel and unusual sort of way, from all this bizarre publicity. Were the situation not so financially harmful and publicly embarrassing for Sony, it’d be easy to conspiratorially regard it as some kind of high-concept publicity stunt to convince us of The Interview’s political bravery.

Still, who knows if that will translate into online viewings—or what Sony will even charge for the privilege of watching it in one’s own home, free of a terrorist threat. That’s how precedent-setting this is: Nothing like this has ever happened before. Three years ago Universal weighed releasing its comedy Tower Heist on VOD three weeks after it hit theaters, at $60 a pop, to generate public interest. Theaters threatened to boycott and the decision was scrapped. We lived in strange times then—but stranger times now.

Paul Gill's curator insight, December 25, 2014 3:37 PM

Dear Kim Jong-un and everyone else - Merry Christmas - um, regarding The Interview - What was the Point?!

How a small business can profit from big data

How a small business can profit from big data | IT Support and Hardware for Clinics |

Is Big Data – the science of extracting useful business insights from large, disparate information stores – only for large companies with hefty IT staffs? Not at all. 

Chances are your business already collects significant amounts of data every day. It may be in spreadsheets, accounting programs, or word processing documents. Until fairly recently, mining that data required too much investment in software and highly skilled staffers for smaller businesses.

But the price of analytical tools is lower than ever, and while trained staff is a must, you don’t have to hire a PhD-sporting data scientist to get started on a big data project. "The history of information systems and business is that the rich tend to get richer," Tom Davenport, a professor at Babson College and a pioneer in helping companies understand Big Data, said during an interview with Inc. magazine. "There are big companies that could afford it, and so prospered more than the smaller ones." But now, he adds, "there's nothing that says you can't do this as a small business, too."

Consider the experience of Twiddy & Company, a family-owned business that manages 998 homes on the coast of North Carolina. Twiddy had amassed years of operational data inside spreadsheets, but suspected it could do more with it.

Twiddy settled on SAS's business analytics tools, which distilled the company's spreadsheets into a customizable format it could share with homeowners and contractors. That enabled the company to offer pricing recommendations pinpointed down to the week, on the basis of market conditions, seasonal trends, the size and location of a home, and more. Not only did Twiddy increase sales, it cut costs by 15 percent by eliminating invoice processing errors and automating service schedules, according to the article in Inc.

And there are many other ways that data can be funneled down from the arcane to the actionable with very approachable methods. Swipely, for instance, is often used in restaurants to help servers remember what a particular customer enjoys and make recommendations. The software drills down into individual orders and makes the information easily accessible when the same customer returns. Employees can also see in real time if an item has been selling especially well and recommend it to a customer, without having to wait for an end-of-week meeting to find out what’s hot. There are services like this for every aspect of business, including LogMeIn Rescue, which keeps a meticulous record of customer support sessions to help you track and study customer need.

If you’re planning on seeking out some help with implementing systems like these, it’s important to realize that “big data” isn’t necessarily a single skill or job title., a large job board for IT professionals, recently published a report on big data jobs, listing a number of key skills. They include analysis tools such as MapReduce, Hadoop, Cloudera, IBM Big Insights, Hortonworks or MapR, andprogramming skills in languages including Java, Scala, and Ruby, C++, to name a few.

As the U.S. economy continues to grow, it has gotten harder to find IT employees with exactly the right combination of skills. You might try working with the head of your IT group or an outside consultant to identify those employees who already have some big data skills, and encourage them to deepen their existing experience.

Luca Salzano's curator insight, December 18, 2014 5:08 AM

#BigData is not reserved to large companies. #SMEs can also take advantage of it, with the proper tools and #strategy!

Dell XPS 13 review: Meet the world's smallest 13-inch laptop

Dell XPS 13 review: Meet the world's smallest 13-inch laptop | IT Support and Hardware for Clinics |

CES has come and gone; the holidays are long past; and now all we're left with are a few months of dreary weather. No fun, right? Right. Except if you're a tech writer. Now that most major companies have revealed their new lineups, we have the exciting job of testing all this stuff; seeing how it holds up in real life. The first product of the year to cross my desk: none other than the Dell XPS 13, a compact 13-inch laptop that ranked as a finalist for our annual Best of CES awards. In addition to being the first system we've tested with Intel's new fifth-generation Core processor, the redesigned XPS is notable for its nearly bezel-less display -- a design feat that allows it to have the footprint of an 11-inch machine. Particularly with a starting price of $800 (pretty reasonable for a flagship laptop), it seemed poised to become one of our new favorite Ultrabooks. And you know what? It actually is.

No comment yet.!

Samsung Is Launching A New MacBook Air Competitor With A Sharper Screen And Super-Long Battery Life

Samsung Is Launching A New MacBook Air Competitor With A Sharper Screen And Super-Long Battery Life | IT Support and Hardware for Clinics |

Apple's MacBook Air might have some tough competition come January.

Samsung will be launching a new super-slim laptop at the Consumer Electronics Showcase early next month that will supposedly be able to last 12 hours on a single charge.

Samsung made the announcement on its Korean-language blog Monday (via ZDNet). 

Its Series 9 2015 Edition notebook will be about half an inch thin, a bit slimmer than Apple's 0.68-inch MacBook Air.

Samsung's new notebook will be a bit lighter than Apple's laptop, too, as it weighs about 2.1 pounds versus the smaller 11-inch 2.38-pound MacBook Air.

The edge of Samsung's notebook where the ports are located sort of bulge out, however, which makes it look a bit bulky. The MacBook Air's teardrop design is much more elegant. 

Samsung says its new laptop, as with the MacBook Air, will last 12 hours on a single charge, which is pretty impressive. The Series 9 will borrow some of the battery-saving technology from Samsung's Galaxy S5 to squeeze out that much power. 

The screen on Samsung's coming laptop sounds as if it will be incredibly sharp, too. It will feature a 12.2-inch 2560 x 1600 display, which should be much sharper than the 1440 x 900 resolution screen on Apple's 13-inch MacBook Pro. 

No comment yet.!

The Big Future: What does the future of interaction look like?

The Big Future: What does the future of interaction look like? | IT Support and Hardware for Clinics |
The rise of smartphones has left us tapping away at touchscreens. In this week's Big Future, we look at what comes after the glass. Will we all be speaking to our devices? Are augmented reality glasses and contacts going to feed us information all day? Or does touch interaction work so well that we'll never really replace it?

The Big Future interaction 1

Touch has dominated for a long time

We've accessed and manipulated information with our hands and fingers for decades. Whether we recognize it or not, our brains are constantly processing information afforded by what we hold and telling our hands how to respond. What we've lost over the years as we swapped mouse and keyboard for glass touchscreens, though, is feedback. Our phones and tablets demand our attention in part because we have no sure way of knowing what we're tapping when we look away.

The Big Future interaction 2

Augmented reality is one possibility, and it's almost here

The technology that is perhaps the closest to replacing touch interaction is augmented reality. The idea of overlaying information on the things we see is attractive to many people, but the application of it is still clumsy. Google Glass is too expensive and limited, and more miniaturized versions (like electronic contacts) are still a bit of a pipe dream. Removing touch in this way begets other problems like needing to use voice control or eye tracking — both of which still have their own unique issues.

The Big Future interaction 3

Faking touch

Maybe we have a way to bring this all together. In the future, it could be possible to use implants or nano-technology to let us feel things that aren't there. While a digital display makes it look like a button is hovering in the air in front of you, the next breakthrough would let you feel like you were pressing it, providing haptic feedback for a gesture control system. We're still a long way for making that system work, but a lot of people are trying.
No comment yet.!

Three Tips For Password Security That Actually Work - HITECH AnswersHITECH Answers

Three Tips For Password Security That Actually Work - HITECH AnswersHITECH Answers | IT Support and Hardware for Clinics |

Someone once told me that developing a usable and secure password management system isn’t rocket science…it’s much more difficult than that. Naturally, I disagree as I have witnessed numerous implementations of password management solutions that were a major success in a very short period of time. Plus, “success” of these implementations can be measured financially, through improved operations and through improved security.

An organizational password management implementation involves a number of key elements consisting of a blend of technology and internal business processes including:

  • the use and misuse of multiple passwords
  • composing hard-to-guess passwords
  • changing and reusing passwords
  • the art and science of keeping passwords secret
  • intruder detection and lockout
  • encrypting passwords in storage and transit
  • synchronizing passwords and the latest in single sign-on
  • user authentication for self-service capabilities
  • IT support for forgotten and locked out passwords.

However, introducing password management best practices is not a daunting task, and I am certain almost every organization has the main concepts already defined (although possibly not matured). Here are three tips to help in your management.

Tip #1: Multiple Passwords Can Be Inhumane

The problem with passwords in a large enterprise is that people generally require so many different accounts and corresponding passwords to access the expansive list of both cloud and on-premise systems and applications, that sometimes it feels humanly impossible to remember them all. And just about the time you feel you have them all memorized, they then need to be changed. So what is the natural reaction of a worker who needs to efficiently accomplish all their tasks across a number of different systems? They start to develop a host of insecure behaviors around password management including:

    • writing passwords down and supporting 3M PostIt Notes sales
    • using passwords that are simple and easily compromised
    • contacting the Help Desk constantly when they forget their password (contributing to 30 percent of All Help Desk calls)
    • reusing old passwords as often as possible

These behaviors creep into the workplace because workers want to avoid downtime and the hassles that go along with it.  The solution to the entire password management problem incorporates three critical components: an easy self-service password reset capability to ensure people can reset their own passwords, a synchronization solution that changes passwords across all of a user’s systems and a single sign-on solution to limit the number of sign-ons required.

Tip #2: Compose Passwords That Are Difficult To Crack

All it takes to understand the glaring issue of password strength is to see the 25 worst passwords and their current ranking based on use (thanks to Splashdata who measures them):

1. 123456 (up 1 and taking the top spot from “password” for the first time
2. password (down 1)
3. 12345678 (unchanged)
4. qwerty (up 1)
5. abc123 (down 1)
6. 123456789 (new)
7. 111111 (up 2)
8. 1234567 (up 5)
9. iloveyou (up 2)
10. adobe123 (new)
11. 123123 (up 5)
12. Admin (new…you know who you are…)
13. 1234567890 (new)
14. letmein (down 7)
15. photoshop (new)
16. 1234 (new)
17. monkey (down 11)
18. shadow (unchanged)
19. sunshine (unchanged)
20. 12345 (new)
21. password1 (up 4)
22. princess (new)
23. azerty (new)
24. trustno1(down 12)
25. 000000 (new)

But hey, at least “password” is no longer #1!  The solution to this overly simple problem:  prevent your users from being able to use simple, easy-to-guess passwords!  Controls around password strength have been around for a long time, and most software and operating systems provide a way to prevent weak passwords from being used if configured correctly.  Unfortunately, some organizational legacy system baggage prevents setting stringent controls holistically at the target system, so software solutions have been created to help enforce password policies and prevent poor password decisions at the time the password is set and then synchronized across systems.

Tip #3: Change every password but the kitchen sync.

Password synchronization can solve so many issues around password management, so I am amazed when organizations choose a password management solution that only changes the core Active Directory or LDAP password without being able to sync to all the other systems a worker uses on a regular basis. Syncing passwords ensures users only need to remember one core password when logging into corporate systems, and this ultimately helps prevent the problem of workers writing down their passwords. It also helps solve the password expiration problem since the passwords will all be changed at the same time.

The latest solutions can map usernames across systems and still sync passwords successfully. For instance, my AD account may be RYANW, but my AIX Unix password is WARDR. The password management solution keeps track of those mappings and automatically knows to change my password for both AD\RYANW and AIX\WARDR. Synchronization can now also work with cloud-based applications such as, Google or Office365, so security is strengthened by regularly changing cloud-based applications that in the past were typically left unchanged or had longer expiration windows.

Hopefully, you will find these tips easy to implement. In my experience both in-house and as a member of an IT Consulting firm, these simple additions, if you are not already employing them, will go a long way in keeping your passwords secure and your chances of a breach considerably lower.

No comment yet.!

Sony Hacking Scandal -- Execs Convinced It's an Inside Job

Sony Hacking Scandal -- Execs Convinced It's an Inside Job | IT Support and Hardware for Clinics |

Sony execs are now convinced someone who worked for the studio is behind the massive hacking ... because no one from the outside could so precisely target the compromising information.

Multiple sources connected to the studio tell TMZ ... the strong, prevailing view is that the North Koreans are probably involved, but they used someone with intimate knowledge of the Sony email system to laser in on the most embarrassing information.

We're told the people at Sony who are investigating believe the hackers had intimate knowledge of mail systems and their configurations. They also believe the hackers have knowledge of the internal media distribution systems and the internal IT systems, including human resources and payroll.

Several people suggested a possible link between the hackers and Sony layoffs, which included a large number of IT employees.

Via Roger Smith, Paulo Félix
Roger Smith's curator insight, December 17, 2014 4:43 PM

Insider job or very precise social engineering, either way not understanding the threat is the biggest problem for an organisation.

Mcol's curator insight, December 19, 2014 9:46 AM

Exemple de SONY!

Sony Suffers Further Attacks

Sony Suffers Further Attacks | IT Support and Hardware for Clinics |

Sony has been attacked again, with a distributed-denial-of-service attack gang claiming credit for knocking the company's PlayStation Network and related store offline.

Visitors to the PSN sites - which support multiplayer gaming and distributes Sony's movies and games - have instead been seeing the following error message: "Page Not Found! It's not you, it's the Internet's fault."

Sony says via Twitter that it's aware of the outages: "We are aware that users are having issues connecting to PSN. Thanks for your patience as we investigate."

A hacker or gang called Lizard Squad claimed credit for the attacks in a Dec. 8 message posted to Twitter at 12:29 a.m. GMT. The disruption follows the group in recent days claiming that it disrupted other gaming networks, including Valve's Steam, and Microsoft's Xbox Live. And Lizard Squad says the disruptions are just a "small dose" of what it has planned for December. "Unlike Santa, we don't like giving all of our Christmas presents out on one day. This entire month will be entertaining," the group tweets. The gang previously claimed credit for a series of August DDoS attacks against Sony, as well as for a tweet about explosives being aboard an American Airlines flight on which Sony president John Smedley was traveling, which caused authorities to divert the flight. No explosives were found; the FBI launched a related investigation.

Lizard Squad has been cagey about its motives and declined to say who's funding its DDoS attacks against gaming networks, saying only that they're "interested parties." But whoever's behind Lizard Squad claims that it previously sold "DDoS as a service" to the public, starting at about 300 euros ($370) per hour to disrupt a site.

Sony's Latest Security Setback

The PSN and Sony online store disruption is only the latest of many information security setbacks for Sony, following a massive hack attack against Sony Pictures Entertainment, which resulted in attackers obtaining what they claim are "tens of terabytes" of Sony corporate data and digital media, as well as using wiper malware to erase an unknown number of Sony employees' hard drives and "brick" their computers, which prevents them from booting.

Sony has not responded to repeated requests for comment about the hack, for which a group calling itself the Guardians of Peace - or G.O.P. - has claimed credit.

To date, G.O.P. has reportedly leaked about 40 GB of stolen Sony data, which remains in circulation on BitTorrent networks. The data includes exhaustive lists of Sony's passwords for social media networks, private details for 47,000 employees - including the Social Security numbers for Expendables star Sylvester Stallone and other actors - as well as other HR-related information, including copies of disciplinary letters and termination notices, Mashable reports.

Sony employees recently also received an e-mail, allegedly from G.O.P., warning them that "your family will be in danger" unless they signed their names to an e-mailed petition in support of the hacker's activities. The e-mail also stated that the attacks and leaks to date were "only [a] small part of [a] further plan"'. The attackers declined to elaborate on what that plan entailed.

'Unprecedented' Attack

In the wake of the attacks, many information security experts have been asking if Sony's defenses were sufficient, and whether it should have been able to rebuff attackers. Furthermore, much of the leaked data appeared to be stored in unencrypted format, and security experts say many of the passwords being used by Sony - which were also leaked - were weak.

But a report into the investigation from digital forensics investigations firm FireEye, which was hired by Sony to investigate the attack, suggests that the hack attack that victimized Sony Pictures Entertainment would have compromised most organizations. "The attack is unprecedented in nature," Kevin Mandia, chief operating officer of FireEye, says in a Dec. 6 report addressed to Sony Pictures Entertainment CEO Michael Lynton and also distributed to Sony employees, The Wall Street Journal reports. "This was an unparalleled and well-planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared," Mandia says.

One explanation for the Nov. 24 hack attack - and subsequent data leaks - is that it was commissioned by the government of North Korea, in retaliation for the forthcoming comedy The Interview, in which a tabloid TV reporting team, heading to Pyongyang to interview dictator Kim Jong-Un, are approached by the CIA to kill him instead.

While referring to the film as a "terrorist act," North Korean officials have denied having any ties to the Sony hack. But in a statement issued Dec. 7, a spokesman for the country's National Defense Commission referred to it as a "righteous deed" that may have been launched by its "supporters and sympathizers."

Still Suspected: North Korea

The FireEye investigation team, however, says North Korea is "likely linked" to the attack, three anonymous sources with knowledge of the FireEye investigation tell the Journal, citing as partial evidence the Korean-language and timing of builds - which correspond with working hours in North Korea. But other security experts have said those details could also be "false flags" planted by attackers to fool investigators.

New details about the attack continue to surface. Citing people with knowledge of the investigation - who spoke on condition of anonymity - Bloomberg reports that the Sony data was first leaked from an IP address tied to the five-star St. Regis Bangkok hotel, located in the capital of Thailand, at 12:25 a.m. local time on Dec. 2. But it's not clear if the attackers may have been working from the hotel, or merely routing their data via its systems.

Information security researcher Liam O Murchu at Symantec tells Bloomberg that at least one of the command-and-control servers used by attackers to communicate with the Sony PCs they'd infected with their malware - known as both Destover and Wipal - used an IP address in Bolivia that was also used in the 2013 Dark Seoul campaign that targeted South Korea banks and broadcasters. South Korea has attributed that attack to North Korea, although multiple security experts interviewed by Information Security Media Group have suggested those allegations have not been fully confirmed.

"This is the same group that was working in Korea a year ago," O Murchu says. "There are so many similarities - this must be the same people."

Anti-virus vendor Kaspersky Lab likewise reports seeing "extraordinary" similarities between the wiper attack against Sony, Dark Seoul, and the 2011 "Shamoon" attack against Saudi Arabia's national petroleum and natural gas company, Saudi Aramco.

Kyle Greene's curator insight, October 18, 2017 12:08 PM

This article addresses the hole in Sony's security covering the Playstation network. Sony has been on the receiving end of multiple attacks over the years, and it is because cyber security was never really prioritized in the past. Now Cyber Crime is on the rise and Sony need to find a way to prevent DDoS from occurring, because it has lost them a lot of revenue.