Protect Your Phone from Secret Spyware

For millions of Americans, the smartphone has become one of the most important tools in their lives. Your phone tracks your movements, absorbs emails and text messages and notifies you of every birthday and appointment. Every second, information floods your smartphone. Unless you switch them off, your apps are working round the clock, obeying your every setting and preference.

All day long your phone is churning private data through its circuitry, and if criminals can break into your phone, they can steal all kinds of things, from banking details to compromising photos and video. These thieves don’t have to steal your actual phone. They may not even be located in the same country.

How do they do it? Spyware, which is kind of like a computer virus, except instead of messing up your hard drive, it enables strangers to snoop on you. Skilled hackers can install spyware on your phone without you even realizing it.

Once it’s on your phone, spyware can record everything you do, from sending text messages to shooting video of your family reunion. Hackers may break into private accounts, commandeer email and even blackmail their victims.

Keep in mind, “spyware” is a vague and multi-faceted term, and it’s not always malevolent. Some parents install a kind of spyware on their kids’ smartphones in order to keep track of their activities. Managers sometimes keep tabs on their employees by watching what they do on their company computers. I don’t endorse this behavior, and I think there are much healthier ways of watching kids and employees, but this kind of spyware isn’t intended to ruin your life.

Don’t click strange links. The easiest way to avoid contracting spyware is this: Don’t click strange links. If you receive an email from a suspicious stranger, don’t open it. If you receive an email or text from someone you do know but the message seems peculiar, contact your friend by phone or social media to see whether the message was intended.

This might sound obvious, but sometimes our curiosity gets the better of us. When a link appears, some of us struggle to avoid clicking it, just because we want to know where it leads. Other times, an authentic-looking email is actually a phishing scam in disguise. If you’re the least bit doubtful, don’t click.

Lock your phone. Some types of phones are more susceptible to spyware than others. (More about this below). But owners can dramatically reduce their chances of infection by locking their phones. A simple PIN will deter most hackers.

Also avoid lending your phone to strangers. Yes, some people honestly forget their chargers at home and urgently need to call their spouses. But a clever con artist only needs your unlocked phone for a minute to cause a lot of damage. In this case, being a Good Samaritan is risky business.

Androids and spyware. The bad news is this: Android phones are particularly vulnerable to spyware. It’s simple to install a spying app on any Android gadget, but only once you get past the lock screen.

To protect yourself, make sure you have the lock screen turned on and no one knows the PIN, password or pattern. You can make it even harder by blocking the installation of third-party apps. To do this, go to Settings; Security and uncheck the Unknown Sources option. It won’t stop a really knowledgeable snoop, but it could stump less-savvy ones.

iPhones and spyware. Apple users can get pretty smarmy about their products. If you own an iPhone, you probably already know that your phone is far safer from malware than Android gadgets. A recent “Forbes” study showed that nearly 97 percent of all known malware threats only affect Android devices.

That’s good news for Mac addicts, but it can also make owners overconfident. Last August, Apple had to release an extremely critical iOS update to patch a security threat. Before the update, an attacker could take over and fully control an iPhone remotely just by clicking the right link.

Investigators learned that this kind of attack was called Trident, and the spyware was called Pegasus. The latest iOS was partly designed to prevent these exploits from damaging your iPhone. This is just one reason you should keep your iPhone up to date.

To get the latest version of iOS, go to Settings; General; Software Update. Your device will then automatically check for the latest version of the Apple operating system.

Secondhand smartphones. Beware the secondhand smartphone. Sometimes they’re handy, because a jail-broken phone is cheap and disposable and may work with many service providers. But they may also come with spyware already installed.

Buying a secondhand phone is a common practice, especially if you’re traveling in a foreign country or you’re between contracts and just need something for the short-term. If you have any suspicions about your phone, your best tactic is to reset factory settings. It’s inconvenient, but it might save you a lot of heartache down the line.


via:  enterprise-security-today

Save pagePDF pageEmail pagePrint page

Microsoft launches StaffHub, a new Office 365 app aimed at shift workers

Microsoft today unveiled the newest addition to its Office 365 suite with the debut of an application for shift workers and management, called StaffHub. The program is aimed at those who don’t tend to work from desktop computers and have different schedules from week to week, such as in retail, hospitality, restaurants and other industries.

The program was originally introduced in “preview” last fall, with the goal of collecting user feedback ahead of its public launch. Since then, more than 1,000 businesses have signed up for the service, including a large winery in California and a hospitality company that uses it to staff their hotels.

Explains Office 365 General Manager Bryan Goode, Microsoft believes that addressing the needs of shift workers with a software platform like StaffHub is an untapped market.

“There’s half a billion frontline staff workers in the world,” he says. “Most companies, though, haven’t actually provided digital tools for these folks…but companies are starting to recognize the benefits of moving some of these offline processes and taking them online.”


However, what StaffHub is really up against is the old way of doing things: paper schedules, bulletin boards, phone calls and other manual processes, Goode notes.

To address the needs of this different kind of work environment, StaffHub takes schedules and puts them online. But it’s more than just another calendaring application.

Managers, who may have access to desktop or laptop computers, may use the web version of StaffHub to create the staff schedules in the program, but employees will likely only use StaffHub from their mobile phones.


When adding shifts, managers can take advantage of a variety of features to differentiate the types of shifts, ranging from custom labels (like “day,” “opening,” “night,” etc.) to color coding, and they can also enter in notes about the work that needs to be done during the shift in question.

The program also makes it simple to update shifts from week to week, by offering a “Copy last schedule” feature that lets managers use the prior week’s shift as a starting point before making changes.

Schedules can be viewed by day, week or month, as needed, and the program has tools for handling common requests, like time off, vacations, sick leave and more.



Where StaffHub becomes more interesting is on mobile devices.

Here, there are comparisons that can be made with Slack, though Microsoft, when asked, dismissed the idea that Slack was a competitor.

However, there are many overlapping features between the two programs — staff can privately chat, one on one, with one another in the app, and the app can host multiple group chats, too.

For example, managers could use their team chat to make informal announcements or share files. The chats support photo sharing, as well, which could be useful for showing the manager something out on the floor that needs their input.

Plus, the app can be used for sharing internal resources — like an employee handbook hosted on SharePoint, a file uploaded from a computer, a video or a file stored on another cloud service like Dropbox. Files will display inline when clicked, making it easy for staff to view them on their phone.

Plus, Microsoft envisions StaffHub as an app platform of sorts, another similarity with Slack. However, Microsoft’s focus is on connecting with line-of-business apps, like a time-clock application, for example. (So it’s like Slack, but without the GIFs — something that may appeal to the target market.)


Staff can swap shifts with other workers in the mobile app and request time off — requests that get routed to a manager for approval. Push notifications are used to alert users of these requests and approvals along with other updates, private notes, chats and more.

The software is available starting now as a part of Office 365 commercial plans. (K1-E5, for those who know the lingo — or entry-level through enterprise, for those who don’t.)

StaffHub is available for web, iOS and Android in Chinese (Simplified), English, Spanish, Russian, Japanese, French, Brazilian-Portuguese, German, Korean, Italian, Chinese (Traditional), Dutch, Turkish, Swedish and Danish.


via:  techcrunch

Save pagePDF pageEmail pagePrint page

Ransomware Isn’t Slowing Down for a Simple Reason — It Works



It’s a story that’s been told thousands, if not millions of times, already.

One wrong click and bam! Files taken hostage by unbreakable encryption and there’s nothing you can do but give up — or pay the ransom.

There’s a reason that cyber criminals who run ransomware offer customer support and are raking in cash in numbers that need to measured in billions. And it’s the same reason that 193 different ransomware families were discovered between May 2012 and May 2016, with an average of 15 new families identified each month during Q3 of 2016.

The reason is simple: It works.

So we’re likely to see new iterations of the same threat adapted to spread more easily until it stops being so effective.

One of the keys to slowing this epidemic is… you. If you and the people around you are easy targets, criminals will keep cashing in on the same trick.

As Melissa explained earlier this year, there are five ways to fight back against ransomware threats — and they just happen to protect you from most online scams — so let’s review how to fight ransomware like your files depend on it, because they do:

  1. Change your mind.
  2. Fight forward — with backups.
    The fight against ransomware begins, with reliable backups of your files.
  3. Keep all software up to date.
    Ransomware often exploits flaws in old software to edge in and take control of your files.
  4. Beware of email, especially attachments.
    Be suspicious of links and attachments in emails. Remember, the post office and the IRS don’t send ZIP files. And a document telling you to “Enable Content” is likely a trap. So:
  5. Run reliable security software.
    Use software with a layered approach that can block known ransomware variants and new threats —
    software like F-Secure SAFE, which you can try for free.

If you’re reading this and you’re already infected, F-Secure Labs has some recovery tips. But we’re very sorry; there is no recovery process for ransomware that’s as effective as prevention.



via:  f-secure

Save pagePDF pageEmail pagePrint page

RIG EK Exploits Outdated Popular Apps, Spreads Cerber Ransomware

This attack requires no clicks and takes advantage of your outdated apps.

Cybersecurity experts obsessively repeat two types of advice:

  1. Use stronger passwords.
  2. Update your software.

Today’s security alert is all about the importance of applying software updates as soon as possible after they’re released.

At the moment, cybercriminals are using a swarm of malicious domains to launch drive-by attacks against unsuspecting users.

The campaign works by injecting malicious scripts into insecure or compromised systems. Victims can get infected simply by browsing the compromised or infected websites, without clicking on anything. What exposes them to this attack are outdated versions of the following apps: Flash Player, Silverlight, Internet Explorer or Edge.

This is the short version of how it happens:

How Rig Exploit Kit Works

A total of 8 vulnerabilities scattered over several product versions might cause serious trouble for many users. That’s because RIG exploit kit will detect these unpatched vulnerabilities and then download Cerber ransomware by taking advantage of them.

Antivirus detection for this malicious campaign is low, as you’ll see in the details below.


Vulnerabilities exploited in the attack


The following apps – which you may also be using – can expose your system to a costly ransomware attack.

Affected software: Adobe Air, Adobe Air Sdk, Air Sdk Compiler, Adobe Flash Player

Vulnerability:CVE-2015-8651; can Execute Code, Overflow
CVSS Score: 9.1
This vulnerability includes 11 security holes in 4 products (see CVE link for details).
Patched on December 28, 2015.

Affected software: Adobe Flash Player, 99 vulnerable versions, see CVE link below for details.
Vulnerability:CVE-2015-5122; can cause Denial of Service, Execute Code, Memory corruption
CVSS Score: 10
Patched on July 10, 2015.

Affected software: Adobe Flash Player version
Vulnerability:CVE-2016-4117; can Execute Code
CVSS Score: 10
Patched on May 12, 2016.

Affected software: Adobe Flash Player, 14 vulnerable versions, see CVE link below for details.
Vulnerability:CVE-2016-1019; can cause Denial of Service, Execute Code
CVSS Score: 10
Patched on April 5, 2016.

USEFUL TIP: If you need a quick way to check what Flash version your system is running, go to this link provided by Adobe and find out. Flash is a notorious source of vulnerabilities for its users, so reading this guide we put together may help you understand why and what you can do about it.

Affected software: Microsoft Edge
CVE-2016-7200; can cause Denial of Service, Execute Code, Overflow, Memory corruption
CVSS Score: 7.6
Patched on November 8, 2016.

Affected software: Microsoft Edge
Vulnerability:CVE-2016-7201; can cause can cause Denial of Service, Execute Code, Overflow, Memory corruption
CVSS Score: 7.6
Patched on November 8, 2016.

Affected software: Internet Explorer versions 9, 10, 11
CVE-2016-3298;  can obtain information
CVSS Score: 3.6
Patched on October 11, 2016.

Affected software: Silverlight version 5.0
CVE-2016-0034; can cause Denial of Service, Execute Code
CVSS Score: 9.3
Patched in January 12, 2016.

To give you an example about what could happen if an attacker successfully exploits this vulnerability, here are some details shared by Microsoft last year:

In a web-browsing scenario, an attacker who successfully exploited this vulnerability could obtain the same permissions as the currently logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This last bit is another good reminder to use a standard account on a daily basis, instead of using an administrator account.

The current drive-by campaign uses the following domains (sanitized for your protection):

mind.pci [.] news – Detection: 4/69 on VirusTotal

fun.rum [.] news – Detection: 5/68 on VirusTotal

open.oral [.] news – Detection: 4/69 on VirusTotal

one.pinot [.] news – Detection: 2/68 on VirusTotal

top.penile [.] news – Detection: 4/68 on VirusTotal

end.prayer [.] news – Detection: 5/68 on VirusTotal

top.rvlife [.] news – Detection: 2/68 on VirusTotal

old.prepaid [.] news – Detection: 2/68 on VirusTotal

see.pancreatic [.] news – Detection: 4/69 on VirusTotal

one.salesforce [.] news – Detection: 5/68 on VirusTotal

new.phonesystem [.] news – Detection: 2/68 on VirusTotal

All these domains are part of the so-called Pseudo-Darkleech gateway, which was also used in distributing Cerber ransomware in December 2016 and CrypMIC ransomware earlier, in September 2016.

The RIG exploit kit used in this malicious campaign is the Empire Pack version (RIG-E). This is what the Empire Pack panel looks like:


If this hasn’t persuaded you to automate your updates, maybe cyber security experts and their stories will convince you.

As you can see, cybercriminals often use vulnerabilities already patched by the software developer in their attacks, because they know that most users fail to apply updates when they’re released.

In spite of the wave of attacks, many Internet users still choose to ignore updates, but we hope that alerts such as this one will change their mind and make them more aware of the key security layer that updates represent.


via:  heimdalsecurity

Save pagePDF pageEmail pagePrint page

How does Encryption Work? (and Why it’s So Important)

If you’ve followed international news on business, tech or even politics lately, you’re likely to have seen the word “encryption” pop up all over the place. But while it’s often mentioned in the context of billion-dollar tech companies and superstar whistleblowers, it’s easy to forget that easy access to encryption greatly benefits even normal web users like you and me.


The History of Encryption

To understand encryption today, we must first look into the past. From around 1500 B.C. all the way to 40 years ago, encrypting text followed pretty much the same routine. People who wanted to pass encrypted messages to one another had to use something called symmetric encryption. This meant that there was one secret code (key), which would both to turn readable messages (plaintext) into an unreadable mess (ciphertext) and back to readable form.

This had two main problems: Firstly, all the communicating parties had to share copies of the secret key with each other. This meant either meeting to physically share the key or using a trusted courier. Secondly, keeping this communication private relied on all parties keeping the key to themselves.  If multiple people used the same key, everyone’s communication would be vulnerable if just one person was careless or compromised.

Public-Key Encryption

When  asymmetric encryption (more commonly known as public-key encryption) was invented and made public in 1976, it was a bigger deal than anyone could imagine. This system uses two keys instead of one. First there is the public key, the only purpose of which is to let the sender to encrypt plaintext into ciphertext. After the message has been encrypted, nobody (not even the sender) can open the message except for the person with the private key.

A simple way to understand this is to think of a post box with two keys to it. The public key lets you put letters in the box, but not look inside. The owner of the private key is the only one who has access to the contents of the box. The two keys are mathematically linked, but it’s not possible to use the readily available public key to get the private key. I know it sounds like magic, but it’s actually just an application of modular arithmetic.

Hard to Understand, Easy to Use

Now we know how encryption works, but what’s in it for the average person? You, like a lot of people, might be thinking “I have nothing to hide online, so why should I go through all the trouble of encrypting what I do?” First of all, there really is no hassle. The process of sending and receiving encrypted messages requires insanely complex equations, but machines do it for you. For instance, messages sent via services such as Whatsapp are automatically end-to-end encrypted so that nobody else except the people involved in the chat can see them, not even the service providers themselves.

A VPN app like our own Freedome also encrypts ALL your traffic automatically, protecting your information while hiding your tracks online.  As F-Secure researcher Christine Bejerasco puts it pretty brilliantly in the video below:

With VPN you become this online ninja, who is coming from somewhere and going somewhere else, but they don’t know exactly who you are or where you’re from”.

Why is Encryption So Important?

The average user should consider this: is your life really the open book you might think it is? If your web history, emails and instant messages contain no information you’d wouldn’t mind sharing with the world, then I applaud you. But the fact is, most of us do have secrets. Governments think they have the right to know them under the guise of security, criminals want to profit from them, and anyone who wishes you harm can intercept your online communications with increasing ease. Encryption doesn’t solve all of that, but it goes a long way towards keeping others out of your business.

The internet has given citizens of the world unprecedented power to communicate with each other, share ideas and together make this planet a better place to be on. Encryption lets us do this even in the face of censorship and repression, making its continued existence and legality all the more worth fighting for.

You might think that you have nothing to hide, but you have everything to protect”.
– Mikko Hyppönen, F-Secure CRO


via:  f-secure

Save pagePDF pageEmail pagePrint page

AirAsia is hosting its first hackthon

Budget airline AirAsia is the latest corporate to get into hackathons. The company just revealed plans to host its first-ever hack event on March 18 at its headquarters in Kuala Lumpur, Malaysia.

AIRVOLUTION 2017” — yes, all caps and a cheesy name  — is, as you’d expect, focused on air travel and related themes although the final challenge will be announced on the day of the event. The top prize RM 25,000 (around $5,600) in cash alongside five sets of return flights to any AirAsia destination, and 100,000 of the company’s “Big” loyalty points.

There’s space for 20 selected teams to compete, with the only stipulation being that they must be from one of the 26 countries covered by AirAsia flights. Applications are open from now until 19 February 2017. Selected teams will be notified 3 March and those based outside of Malaysia will have their flights covered by AirAsia.

The event, which includes Microsoft among its sponsors, is aimed at injecting fresh ideas and thinking into the 13-year-old airline, according to CEO Tony Fernandes, who last year said he wanted to make AirAsia a “digital airline.”

“This year marks the emergence of AirAsia as a digital airline, and I believe this event can spur the kind of radical, creative thinking that will ensure AirAsia remains on the leading edge,” he said in a statement.

AirAsia is by no means the first travel company, or even airline, to embrace hackathons. Emirates, Singapore Airlines and Malaysia Airlines all run events, while British Airways has gone one step further with its own in-flight hackathon in 2013.


via:  techcrunch

Save pagePDF pageEmail pagePrint page

Hackers can access your data through your headphones

Mark Zuckerberg has a revealing routine he carries out on a regular basis which says as much about him as it does our current era of cyber-uncertainty. Every day when he’s finished talking to friends and business associates, he covers up his laptop’s webcam and microphone jack with a small piece of tape.

Is this simply the paranoia of a man who over the last two decades has had to deal with increasingly sensitive information as well as diminishing privacy in his personal life?

All we know is that many people are utilizing the simple hardware hack, in much the same way, as a cyber security precaution. Whilst those who promote the use of tape no doubt favor the method for its brilliant simplicity, we have worrying news for anyone that thinks this method has all bases covered.

Now even your headphones can spy on you

Your headphones, it has now emerged, can be repurposed from afar, turning them into a microphone capable of recording audio, all of this unbeknownst to the device’s user. A group of Israeli researchers has recently created a piece of malware in order to show how determined hackers could hijack your device and reconfigure it into sending them audio links.

The headphone technology

The researchers, based at Ben Gurion University, created a code aimed at testing their fears about headphone technology. The proof-of-concept code, titled “Speake(a)r,” proved that the very commonly used RealTek audio codec chips contain a vulnerability that allows them to be used to silently repurpose a computers output channel as an input channel.

As Wired magazine have noted, turning a pair of headphones into microphones is a fairly simple task. A quick search on Youtube reveals an abundance of simple hack videos demonstrating how to switch your music listening device into an audio recorder. So it’s the RealTek vulnerability that is the real worry. As the Israeli research team have found, the issue would allow a hacker to record audio if you’re using a mic-less pair of headphones, and even if your laptop or device’s microphone setting is disabled.

Privacy vulnerability

Mordechai Guri, part of Ben Gurion’s cyber security research team, spoke to Wired about the vulnerability they had discovered. “People don’t think about this privacy vulnerability. Even if you remove your computer’s microphone, if you use headphones you can be recorded.” He added that, “almost every computer today [is] vulnerable to this type of attack.”

The researchers tested their malware hack using Sennheiser headphones. “It’s very effective,” Guri said. “Your headphones do make a good quality microphone.” The team also detailed the extent of the malware’s capability, saying that a hacked pair of headphones could record audio as far as 20 feet away. The recorded file can even be compressed so it can easily be sent over the Internet.

As Guri says, the problem is not one that can receive a simple patch and the vulnerable audio chip may need to be redesigned and replaced in future computers. The full extent of the problem is also not known, as the Ben Gurion research team has so far focused only on RealTek audio chips. They are set to expand their research to determine which other codec chips and smart phones may be vulnerable.

So, if like an increasing amount of people in this era of cyber security, you feel vulnerable to eavesdropping, don’t only reach for the tape. Make sure those headphones are unplugged so as not to be the victim of a stealthy new form of malware.


via:  pandasecurity

Save pagePDF pageEmail pagePrint page

The Sorry State Of Cybersecurity Awareness Training

Rules aren’t really rules if breaking them has no consequences.

In today’s dangerous cyberworld, corporations often say that cybersecurity is now a top priority for them, especially after all the massive data breaches we’ve been hearing about on a day-to-day basis. But one has to wonder, if that’s case, why are so few companies doing cybersecurity training properly?

Sadly, the most common and detrimental thing that many companies are doing wrong when it comes to training employees on cybersecurity is a big one: they aren’t doing it all.

Regardless of industry or company size, I’ve seen way too many companies that aren’t implementing any sort of cybersecurity training, not even at employee orientation. It’s also important to note that the companies that do implement security training, but only conduct it at new-hire orientation and then never mention it again, are not much better. Many companies fall into this category.
While employees are getting some sense of what to look out for when they receive training, the threat landscape changes so quickly that the information becomes obsolete within weeks or months and, without regular reminders, it’s out of employees’ minds quickly. In other words, the information is no longer top of mind.

Finally, very few companies are having regular cybersecurity training programs and refresher courses. I recommend companies do training updates once a month throughout the entire year, and I only know of a handful of companies that are actually doing this.

The next step after implementing a regular cybersecurity training program is to put in place policies and procedures to enforce what’s learned. Again, I’m seeing almost no companies doing this, so employees aren’t being held accountable for skirting proper procedures that would normally protect their company from different cyberthreats.

Results in the Real World
The longest it has ever taken for me to hack into a company’s system remotely through tactics such as phishing emails is minutes. Usually, I’m already in the system 10 minutes after the phishing email has been sent. When doing on-site tests, if we properly cased the company (which a good hacker will), we are in within an hour. This is a clear illustration of the need for better cybersecurity training.

For example, at one social engineering engagement I performed at a large oil and gas company, I was able to get into the organization and gain full run of the computer network in under an hour, and no one stopped or questioned me. While they did have an information security training program in place, no one was enforcing the practices being taught. Because I could penetrate their network so quickly, the CIO had to be in the exit interview with me, though that was not the initial plan. 

Another example is from a very large retailer. During the company’s cybersecurity training process, I came in to do a social engineering test on the employees. The training should have been top of mind because the employees were currently going through it — the person who let me into the office even said that she was doing training at the moment and knew she was not supposed to let people in — but then she let me in anyway. I quickly gained access to the computer network once I was in the building, and there were no repercussions to the employees. This is a key example why there is much less likelihood that employees will be mindful of security practices that the company expects them to adhere to if there is no enforcement of the rules.

Simply put, there must be some sort of policy and enforcement in place for not adhering to security policies, such as a counseling session, but I see no companies doing this. Without enforcement, employees see the training as onerous. They simply ignore what they have learned, or don’t take the training at all, claiming that they’re too busy.

To be effective, companies need to stop treating cybersecurity training like a box to check off for compliance purposes and take it seriously. Once that happens, employees will take it seriously as well.


via:  darkreading

Save pagePDF pageEmail pagePrint page

AWS moves into IT training and job placement with re:Start, a UK cloud skills program

Amazon’s cloud storage business AWS has been gradually expanding into a range of cloud services for people not to simply host their business or app with AWS, but to use the platform for productivity and their own work purposes, too. Today came the latest development on that theme: AWS launched re:Start, a new program for IT skills training, specifically in cloud computing, and job placement for young adults and military vets and their spouses, which Amazon has built in partnership with the UK’s Ministry of Defence, the Prince’s Trust, and QA Consulting.

The new service was announced earlier today during an event in London and will start its first intake on March 27 of this year, the company said. The courses will actually take place at physical training facilities, in London and likely at QA offices. The first for military vets will be in Manchester, Travel will be covered for those who have to go to another city.

Amazon says that initially the plans are to roll out re:Start in the UK only, although it will evaluate future plans.

As AWS describes it on its website, “re:Start is a training and job placement program, launched by Amazon Web Services, for the UK to educate young adults as well as military veterans, reservists, and their spouses, on the latest software development and cloud computing technologies.”

Skills will include technical training classes; cloud computing and how to architect, design, and develop cloud-based applications using AWS; how to set up new cloud environments; and to build apps in languages like Python.

The training will be built with companies like QA Consulting and the Micro:bit Foundation (the micro:bit is a learn-to-code device from the BBC, and there will be content made for it); and for work placements, the program taps into AWS’s Partner Network as well as customers of the AWS platform (which is a huge list: AWS is one of the go-to cloud services companies globally).

Initially, AWS said that it will offer work placements for 1,000 people via re:Start. Some of the organizations that will be offering placements include accounting company Sage, insurance company Direct Line and lending platform Funding Circle.

The move to expand services in the UK comes almost exactly a month after AWS opened its first data center in the country, in London.

Education — specifically skills training — is not a new area for Amazon’s AWS. The company also runs a program called AWS Educate aimed at educators and students, providing them “with the resources needed to greatly accelerate cloud-related learning and help students prepare for a cloud-enabled workplace.”

Educate provides a template for how re:Start is likely to be run: Educate offers training materials, collaboration tools, and credits to use cloud services for free — all to be used and redeemed on AWS’s platform. More widely, Amazon has been making a big push to position itself as a go-to platform for educational services.

The new site also raises another interesting point: it opens up a new area of competition between Amazon and Microsoft, this time the area of online education. This is already an area where Microsoft is active. Last year, Microsoft acquired LinkedIn, and LinkedIn has been building up its own platform for skills training (by way of its Lynda acquisition) and linking online, LinkedIn-based skills training with job placements. Microsoft also, of course, owns Azure, which competes very directly with AWS.

But even with both companies, and many, many more, all looking to be the go-to platform for cloud-based tech training, it’s a large opportunity that will take some effort to be tapped dry: today, Gavin Jackson, Amazon’s UK MD for AWS, noted a recent study that said that in the UK alone, some 93% of organizations are having problems finding people who have the necessary IT skill set for jobs that need filling.

“Increasing digital skills in the UK is a major priority for the Government and we are working to make sure that everyone has the skills they need,” said Karen Bradley, UK Secretary of State for Culture, Media, and Sport. “We welcome the launch of AWS re:Start which is a fantastic initiative bringing together employers from different sectors and providing the foundation on which they can continue to train and grow the UK’s digital workforce.”

And you have to wonder why we don’t see more programs like this from the tech sector. At a time when many young people still may not consider higher education, but have not had the necessary training for the jobs of today and tomorrow when still in school, providing them with opportunities like this to pick up those IT skills outside of a formal education system is becoming ever more crucial.

And in the case of military personnel and their families, who may have had to be uprooted several times in the course of several years, it can be one option for helping them out as they make the transition into civilian life.


via:  techcrunch

Save pagePDF pageEmail pagePrint page

YouTube launches “Super Chat,” a way for creators to make money from their live streams

YouTube announced a new feature today aimed at helping creators make money while connecting with their fans during a live stream: Super Chat. The addition is reminiscent of streaming site Twitch’s Cheering feature, which allow viewers to pay real money in order to have their messages stand out in the chat stream through the use of emotes (animated icons.) In YouTube’s case, fans instead are able to highlight their message in a bright color, and have their comment pinned on the stream.

Though the implementation is different from Twitch’s, the goal is the same: it’s a means of allowing fans to pay real money in exchange for attention. (It’s also not all that different from technologies porn cam sites have used in their own chat systems for years, which typically involve the purchase of tokens.)


As YouTube explains in its blog post announcing the new feature, Super Chats will remain pinned to the top of the chat for up to five hours, which gives the message a lot of airtime.

Creators, of course, benefit from the feature not only by being able to better connect with their bigger fans, but also because it’s another means of generating revenue from their videos.

Along with the launch of Super Chat, YouTube is debuting an API that will allow developers to access real-time purchase data from the system. This API will replace the Fan Funding API, which will be shut down.

The launch follows a number of changes for YouTube aimed at bettering the experience for creators and viewers alike. Earlier this week, YouTube announced it would begin showcasing new talent on a weekly basis on its Trending section, while last year it rolled out a new Creator Hub, benefits program, improved support, and others tools, and launched a social network of sorts with YouTube Community.

Super Chat is launching today into beta with top YouTubers, including iHasCupquake, Great Library (buzzbean11) and Alex Wassabi. It will roll out more broadly at month end for creators in 20 countries and viewers in more than 40 countries, the company says.


via:  techcrunch

Save pagePDF pageEmail pagePrint page