Monthly Archives: December 2013

IT spending is kicking up again, but training budgets have been slow to recover.

Linda Bubbers got a tip early in her career: Become a Certified Netware Administrator and earn a transfer to a better team.

Bubbers, a Cobol programmer at the time, took the advice. She paid for the CNA course and test herself, banking that the certification would indeed help her get ahead.

It did. And so for the past 20 years Bubbers has followed the same strategy for career success, earning multiple certifications through studies she funds out of her own pocket. She estimates that her ongoing education, which includes structured classes, conferences and books, has cost her at least $14,000. She spent another $9,000 earning an MBA from Webster University.

“I just kept doing it on my own because I wanted to advance, but also this is what IT people need to do to stay employed. Everything changes so fast, you can’t not stay in the education stream,” says Bubbers, now a senior network administrator at Craig Technologies, an IT and engineering services provider in Cape Canaveral, Fla.

Bubbers is hardly alone in her approach. IT spending may be on the rise, but training budgets aren’t increasing at the same pace. That has left many IT professionals shouldering more of their own training costs as they seek to keep up with the rapidly changing technology landscape.

In fact, in a Computerworld survey of 489 IT professionals conducted in August and September, 62% of the respondents reported that they have paid for training out of their own pockets in order to secure their careers. They listed “keeping skills up to date/being valuable to employer” and “finding an appropriate new position for my skill set” as their two biggest career concerns. And 78% said education has been either very important or important for their careers.

They’re on the right track, says Jack Cullen, president of Modis, a global provider of IT staffing services.

“IT workers are right when they say this is an expectation, because given what IT jobs pay, the expectations from employers are high,” Cullen says.

He adds: “It’s a very competitive field, and this is what you have to do to stay competitive.”

That’s not to suggest that an IT professional has to get every certification under the sun to stay employed or land a big promotion. But, he says, the plum jobs and assignments do indeed go to those who have the extra education on their resumes.

Training as Table Stakes

IT is hardly the only field with such high expectations for ongoing training. As Cullen points out, people in many other lines of work face similar pressure to continually seek professional development opportunities. In fact, some professionals, such as CPAs, lawyers and medical personnel, are required to take a set number of hours of training if they want to retain their licenses or rights to practice.

“If you really think about it, IT is playing catch-up to what other professions have been doing for years,” Cullen says.

Some IT workers approach training the same way people in other professions do — with the sense that it’s essential to their careers.

Take Chante Nelson, an information systems analyst for Florida’s Broward County. She started in IT soon after joining the U.S. Navy in 2000 and remained in the field after receiving an honorable discharge in 2008.

She earned a bachelor’s degree in systems security from the University of Phoenix in 2011 and a master’s degree in information systems, also from the University of Phoenix, in August. She paid the nearly $50,000 tuition bill using her own money, loans and grants.

In addition, Nelson has paid for a number of seminars and training courses covering everything from Microsoft products to VMware. And she covered the costs for programs that helped her earn A+, Security+ and Network+ certifications as well as the Microsoft Certified Solutions Expert designation. She figures she spends eight to 20 hours a month in some sort of training program.

Nelson picks courses based on what she knows her employer will need as well as what’s hot in the field.

“You weed it down a little bit to what the company needs and then you ask if it’s going to be beneficial for me for the future. You don’t just want to do it for the company and have skills that won’t be useful anywhere else,” she says.

That approach has helped her get ahead. Nelson has held three jobs at three different organizations since 2008, with each position a step up from the prior one.

However, she questions whether such efforts will continue to stand out on her resume. She says employers seem to expect IT staffers to pursue ongoing education just to stay employed.

“I think it’s becoming more so that you have to have it, it’s not even putting you over the edge to know all these things,” she says. She points to a colleague who was told by a potential boss that even though a job posting listed a number of certifications as “preferred,” he really required them.

The courses that are most in demand seem to correspond with the most sought-after skill sets, with the popular training topics depending on the individual’s specialty, according to both IT workers and those who hire them. Networking pros gravitate toward Cisco certifications. Project managers seek out courses that can help them earn the Project Management Professional designation. Developers are trying to sharpen their mobile app development skills. Those looking to move into management are taking business courses and enrolling in MBA programs.

“You can almost break it down by position,” says Joseph Kotlinski, a partner and manager in IT search at WinterWyman, a Waltham, Mass.-based recruitment firm.

Kotlinski says system administrators are signing up for training sessions in Linux and Windows administration and in Perl, PHP, Python and Ruby on Rails. People who know .Net and Java want to learn about mobile and open-source technologies. Database folks want to learn more about SQL, MySQL, Hadoop, Cassandra, and big data in general. And everyone wants to learn about cloud computing.

Kotlinski agrees that IT professionals need to keep up with their training if they want to keep their jobs.

“The business expects the technical people to really know what’s going on out there,” he says. “There are a lot of people in companies who are gadget people, and you don’t want those people to know more than the technology people, so the IT people [train] just to stay current, but also so they can provide services and guidance to those gadget people.”

Many pay for training so they can check off the certifications and skills that job postings list as requirements, just to make it past the screening process.

On the other hand, Kotlinski says, some techies sign up for extra training simply because they’re curious.

“They want to know what’s out there. If they hear someone mention a new technology, they want to know what it is,” he says.

Training Potpourri

Kotlinski and others say they’re also seeing new trends in how and where IT workers seek training. Although many corporate development budgets remain tight, companies still pay for some training. They might not be sending large numbers of staffers to big conferences and seminars, Kotlinski says, but they continue to contract with vendors for on-the-job training or encourage mentoring and other work-based learning.

IT workers may not see all of those learning opportunities as training. And they might not realize that their companies are still willing to pay for training. IT leaders say many employers cover training costs, even for courses picked by individual workers, as long as a worker can show how the training benefits the company. Still, they acknowledge, training dollars aren’t flowing as freely as they once were, and that leaves plenty of costs to individual employees.

And that scenario has serious drawbacks, says Joseph Young, IT director at OK International, a Garden Grove, Calif.-based manufacturer of bench tools, equipment and related products.

Young says he pays for the training he thinks his six-member IT team needs so that he — and therefore his organization — can stay current. “I just make sure they can quantify how their training will help the company reach strategic goals,” he says, noting that he supports a variety of training opportunities, from conferences to mentoring.

He says IT organizations that don’t pay for training lose their competitive edge. “There’s a common denominator I find with underperforming IT organizations: They don’t have the investment in training,” he says.

As a result, many techies must find ways to keep costs in check as they pay for more and more of their ongoing education. They seek out webinars and low-cost or free online learning opportunities, including massive open online courses, or MOOCs.

Ali O. Sabbah is a case in point. He’s a senior desktop analyst at a California law firm. He’s studying for a bachelor’s degree in business law and finance at California State University, and he takes courses in networking, Cisco certification and emerging technologies. He signs up for vendor-led training at his company, classes at an area community college and tutorials online.

He acknowledges that it’s an eclectic mix, but he says it’s delivering the knowledge he needs to earn his degree and the certifications he believes he’ll need to eventually launch his own IT services firm. “There’s enough out there,” he says, “that I can get what I need to get ahead.”

Via: itworld

Recently Google announced that it had changed its policy dealing with images in email. In a blog post on the official Gmail blog, Google said:

You’ll soon see all images displayed in your messages automatically across desktop, iOS and Android. Instead of serving images directly from their original external host servers, Gmail will now serve all images through Google’s own secure proxy servers.

Simply put, this means that all pictures in emails will now be automatically displayed. Instead of being served directly from the site hosting the image, however, they will be given a copy that has been scanned by Google.

Officially, the stated rationale for this change is that previously, senders “might try to use images to compromise the security of your computer”, and that with the change images will be “checked for known viruses or malware”. This change affects users who access Gmail via their browser, or the official iOS and Android apps.

In the past, there have been occasions where malicious images were used to compromise computers. A number of image formats were exploited in 2005 and 2006, including a Windows Metafile vulnerability (MS06-001), and an Office vulnerability that allowed arbitrary code execution (MS06-039). More recently, a vulnerability in how TIFF files were handled (MS13-096) was found and not patched until the December Patch Tuesday cycle. Properly implemented, scanning the images would be able to prevent these attacks from affecting users.

However, actual exploitation of these vulnerabilities has been relatively uncommon. Exploit kits have opted to target vulnerabilities in Flash, Internet Explorer, Java, and Reader instead. Image vulnerabilities are not even listed in the control panels of these kits.

The primary reason to block images is not to block malware, but to stop information leakage. Images are used by spammers and attackers to track if/when email has been read and to identify the browser environment of the user. Email marketers also use this technique to check how effective their email campaigns are.

Email marketers have already confirmed that in spite of Google’s moves, email tracking is still very possible. Google’s proposed solution (a web proxy that checks images for malware images) appears to solve a small security problem (malicious image files), while leaving at risk user’s security and privacy. Attackers still have the capability to track that users have read email–and to learn aspects of their browser environment.

Users can still revert to the previous behavior via their Gmail settings, as outlined in Google’s blog post:

Of course, those who prefer to authorize image display on a per message basis can choose the option “Ask before displaying external images” under the General tab in Settings. That option will also be the default for users who previously selected “Ask before displaying external content”.

We strongly recommend that users change this setting for their accounts. Users who access Gmail via POP3 or IMAP should check the settings of their mail application to control the display of images.

Via: trendmicro

The latest Mobile Threat Report from the F-Secure Labs is now available.

You can download it now and watch our Mikko Hypponen and Sean Sullivan walk you through it above.

Or if you’re just looking for what you as smartphone or tablet owner needs to know now, here’s a quick list:

1. Android is the main target.
259 new mobile threat families and variants of existing families were discovered by F-Secure Labs in the third quarter of 2013. 252 of these were Android and 7 Symbian. That’s up just about 30% from the second quarter of this year. Android threats are growing in complexity with one in five the Labs finds being identified as a bot.

2. Windows Phone and iOS are basically malware free.
As a result of the strong vetting policies for their app stores, neither Windows Phone has any sort of malware problem, though there were reports of spy apps for both platforms this quarter. That doesn’t mean that it is impossible to be hit by online criminals on your phone. Phishing scams can be newly effective on smaller screen, which is why we’ve developed Safe Browser for Windows Phone and iOS.

3. If you stick to the official app stores, you’ll be in pretty good shape.
The vast majority of mobile malware that comes through the F-Secure Labs comes from a third-party market. Our Mobile Security, of course, provides an extra layer of protection for your tablet or smartphone.

4. Google Play is getting better.
The mobile malware that has made its way into an official app store has almost all ended up in Google’s app store, now known as Play. Google’s security is getting better but the Labs are concerned about the privacy concerns from the overcollection of data.

5. Keep an eye on your data.
How can you tell if an app may be harvesting your data for nefarious means? Check the reviews, the reputation of the app maker and the permissions it asks for. Our new free Android app “F-Secure App Permissions” makes that last step easy.

Via: f-secure

There are many ways to keep your computer secure. Your own behavior affects it a lot. But there are also many tools that can improve your security even if that wasn’t their initial purpose. Melissa and Sean described how you can use separate browsers to lower the risk for human errors. Virtualization is another technology that can improve security as a side effect. It’s a like the separate browsers idea, but takes it a lot further. Read on to learn more.

Virtualization in computing means to simulate something with software. What we talk about here is to create a whole virtual computer inside a real computer. It’s complex under the hood, but there are luckily easy products that can be used by almost anyone. This technology is by the way used extensively in the software industry. Huge number of virtual computers can be used to process data or test software. A large portion of the Internet is also provided by virtual servers.

But how can this improve my security? Most malware is made for profit and interfering with your on-line banking is a common payload. But what if you run your on-line banking on a separate computer? Buying another machine costs money and consumes space, but that can be solved by using a virtual computer instead. That virtual machine would only be used for banking, nothing else. A malware infection could happen if your guard is down and you open a malicious file in the mail. Or surf to a site witch is infected with a drive-by download. Both cases could infect your real computer, but the malware can’t see what you are doing with the bank inside the virtual machine. One could also use the opposite strategy. Use a virtual machine when doing something risky, like looking for downloads on shady servers. A previously made snapshot can easily be restored if something bad hits the virtual machine.

An additional benefit is that this gives you an excellent opportunity to play around with different operating systems. Install Linux/Windows/OS X just to become familiar with them. Do you have some hardware which driver won’t work in your new machine? No problem, install a virtual machine with an older operating system.

OK, sounds like a good idea. But can I do it? Here’s what it takes.

1. You need a fairly new and powerful computer. Especially the amount of RAM memory is critical. You are usually OK with 8 GB, but more is desirable. This is probably a bad idea if you have less. (This depends a lot on what operating system you are running and what you want to run in the virtual machines.)
   
2. You need to download and install a virtualization product. Two good alternatives are VirtualBox by Oracle (free) and VMWare Player by VMWare (free for personal use).
   
3. You need to have an installation media for the operating system you want to run in the virtual machine. This is easy for Linux as you can download the installer freely from the net. Hint: Google: download linux.
   
4. You need to know how to install an operating system. This is not as nerdy as it sounds. Modern operating systems have easy installers that most people are able to use. And don’t worry if you make a mistake. It’s just a virtual machine and you can go back to the beginning at any time without losing anything (except some time).
   

I’m not going to provide detailed instructions for this. That depends too much on which virtualization product and operating system you use. And it would beside that be like reinventing the wheel. You will find plenty of step-by-step instructions by Googling for what you want to do, for example “install Linux in VirtualBox”.

But for your convenience, here’s an overview of the process.

1. Select one of the virtualization products and ensure that your computer meets its system requirements.
   
2. Download and install the virtualization product.
   
3. Ensure that you have an installation media for the operating system you want to use and any keycodes etc. that may be needed during installation. The media can be a physical disk or USB-memory, or a disk stored as an image file. The virtualization software can mount disk image files as a device in the virtual machine and there’s no need to burn a disk for this purpose.
   
4. Now follow the instructions you found on the net. They will help you create the virtual machine, mount the installation media in it and go through the operating system installation.
   
5. After this you can use the virtualization product’s console to start the virtual machine when needed. It shows up full-screen or in a window depending on the settings. Inside it you can do what you want, install programs surf the net, etc.
   
6. For the banking virtual computer you just need to install the browser of your choice, make sure it’s updated and patched and make your bank the home page. Don’t install anything else unless it really is needed for the banking connection and don’t use this virtual machine for anything else.
   
7. You can create multiple virtual machines, but be careful if you try to run them at once. Your computer may not have what it takes. As said, RAM memory is the critical resource here.
   

Safe surfing

Edited to add: It is of course a good habit to exercise the same basic security measurements inside virtual machines as in real computers. Turn on the operating system’s update function, install your anti-virus program and make sure your browser is kept up to date. Doing just banking with the virtual machine reduces the risk a lot, but this is good advice even in that case. And needless to say, the virtual machine’s armor is essential if you use it for high-risk tasks.

Via: safeandsavvy

You turn on your computer and a message appears to tell you to update your Adobe Reader or iTunes or any software you have installed on your computer. You can’t be bothered right now, so click the option to remind you later – it’s a habit with these irritating messages, right? Then you have just opened yourself up to cybercriminals the world over. Congratulations!

No piece of software is perfect or can ever be perfect. These imperfections within the code can be exploited by hackers to gain access to your computer. Once an exploit is found, it is patched by the software company which then sends an update to its users. This is the update that you keep ignoring. Until you take the time to click ‘Update’, you are vulnerable to attack. Your apathy is what the hackers are counting on.

Following on from our last blog post, this time we will look at more types of malware and what can be done to avoid them.

Adware

If you have ever downloaded a free app, chances are you have encountered adware – a program that displays advertising in the apps you use. Some may also track the user’s behaviour patterns to make sure the advertising is relevant to that user. Free apps are often adware, or are distributed with them, because it provides a way for the developer to offset the development cost through advertising revenue.

Most adware programs are not malicious in intent. Annoying perhaps, but usually harmless. They are just displaying advertisements ‒ not that much different from being shown commercials while watching television. Unfortunately, there is a fraction of adware that crosses over to the malicious side.

When adware leads the user to a malicious site, it is then categorised as malicious. Since adware is often bundled with other apps, tricky situations arises when the main application is clean but the adware is not. In addition, a malicious ad that appears today might be replaced with a clean one tomorrow. Because of these factors, it is hard to accurately categorise a piece of adware as entirely clean or malicious.

And then, there are some adware that fall in a grey area. They abide by the rules and do nothing wrong, yet they may use sneaky tactics to convert the ads into sales revenue. This is where in-app purchases come into the mix. Often, this happens with apps aimed at children where parents have not set up password prompts to confirm every purchase.

Worms

Replication and spreading to as many computers as possible is the order of the day for worms. If your computer is on a network (at work, for example), it will use this as a means to spread further. It does this by relying on security failures where software and operating systems have not been updated and have known weaknesses. They may make your machine (and network) run slowly by taking up bandwidth, but the biggest worry is that they create a backdoor, allowing the worm writer to access your computer.

Mobile malware

It is not just computers that get infected with malware any more. Mobile malware is on the rise, so it’s important to use a mobile security app on your smartphone. This will protect against viruses, visits to malicious websites whilst browsing and often has additional child protection features for parents – pretty essential as tablets are as popular among children as they are with adults.

Android devices are at more risk from malware than Apple users, but that is not to say that Apple users with children wouldn’t benefit greatly from safe browsing. Mobile malware will take control of your device, often without you knowing. Sometimes, cyber criminals use it to steal your content and blackmail you with it. Another ruse they have is to make your phone dial premium rate numbers in unregulated countries, racking up your bill.

There are two ways to protect yourself from mobile malware. The first is to be vigilant with the permissions you give new apps to your phone. Does a game really need to have access to your contacts? Does a music app need access to your location? If the answer is no, then don’t give the permission. The second is to ensure you use a mobile security app. People are used to having this on their computers, but less so with mobile phones and this is what the cyber criminals exploit.

Scared? It’s not all bad!

Hackers are a real threat now and this won’t change. Luckily, there are crime fighters out there though. These are the men in tank tops in security labs around the world who are monitoring the Internet for criminal behaviour and work to halt them. Once a new piece of malware is discovered by one of these labs, it takes a matter of seconds for every computer with quality antivirus protection to be protected. In the case of F-Secure customers, it’s eight seconds!

So the solution is very simple for the user – use a proven security solution and keep your software up to date. A few minutes spent doing this will save a lot of time, money and embarrassment further down the line.

Via: f-secure

We often hear about malware and the havoc it can cause, but what exactly is it and why should you care?

In this, the first of two blog posts on malware, we look at trojans, ransomware, keyloggers and spyware and how cyber criminals use it to extort money. Next time, we will take a closer look at worms, adware and mobile malware, along with offering advice on avoiding them.

Malware is malicious software which has been developed by someone (or some organization) to cause disruption or, more commonly now, to earn them money. Your money.

It wasn’t always this way. Originally, computer viruses were created by computer enthusiasts almost as a game to see how many PCs they could infect. In the time before the Internet, these viruses were spread by infecting a floppy disk (remember them?) and passing it onto an unsuspecting user. Every machine that the floppy disk was inserted into would become infected and every floppy disk inserted afterwards would become infected.

These infections were harmless though. Sometimes they would create a simple graphic moving across the screen, at other times they would show a message that you had been infected, but that was about it. There was no malicious intent. It was more of a game for the creator to see how far it could spread. The first ever virus created was by two Pakistani brothers who even included their names, phone number and address in the code, so they could be traced. If only it was so easy nowadays.

The invention and rapid adoption of the Internet opened up plenty of avenues for virus creators and it didn’t take them long to see that there was money to be made. This is where we are today.

Nowadays, virus writers are often hired by criminal gangs to create malware for them. There are a number of different tricks they use to steal information and money. Malware is a complex thing to create, but it all follows similar patterns of intent. Here are a few to be aware of:

Trojans

A trojan is the means by which a hacker gets his malware onto your computer. Often, it will appear to be a useful function such as a game, a screensaver or even an important security update, but it then drops the malicious payload. The malware it downloads onto the computer could be one of many types, such as a keylogger or ransomware, and it is this payload which causes the problems.

Ransomware

The FBI estimated that criminals’ profits from ransomware are roughly $150 million annually.  Just as the name suggests, this type of malware locks the user’s computer and holds it to ransom. However, once the money is paid to the cyber criminals, the computer will not be unlocked again. Why would they do you a favour?

In order to avoid the user going to the police, the message that appears often suggests that it is from a local enforcement agency which has found illegal material on the computer’s hard drive. This could be anything from pirated music to child pornography. The fear it instils prevents the user seeking help and they often pay.

If you experience a ransomware attack, the only way to get your computer unlocked is to seek the help of a data recovery specialist. Even then, not all data will be recovered, so it is prudent to backup everything on your computer automatically, so the loss of data on your computer will not affect you.

Keyloggers

A keylogger is a piece of malware which is downloaded onto your computer through visiting malicious websites or opening an infected attachment. Once it has installed itself, the user is none the wiser. However, the keylogger takes note of every key being pressed on the computer and transmits this back to the hacker. This gives the cybercriminal your login details and passwords to multiple websites – a particular risk if your bank does not have a two-factor authentication system.

Spyware

It is frightening to know that spyware can be easily purchased over the Internet. It is used to monitor an individual’s digital life – everything from reading their emails and text messages to intercepting their phone calls. Some kinds even allow the instigator to call the victim’s mobile phone, which will not ring, but answers the call and turns their phone into a microphone for listening to their offline conversations. Often used by people who fear their partner is cheating or by companies for corporate espionage, this is a very worrying and intrusive form of malware which needs to be avoided.

So, what do you do?

Avoiding malware is entirely possible. People should just remember that they need to replicate the safe life they lead in the real world into the digital world. If you wouldn’t give a stranger your bank card, why would you with someone online? Using a computer with no security protection is the online equivalent of opening the door of your house, welcoming in a crowd of criminals and telling them you have your life savings hidden under your mattress.

Be safe, protect yourself with the available resources and don’t take risks.

Via: safeandsavvy

JP Morgan Chase is the latest financial institution to own up to a data breach.

According to reports, the breach affected 2% of the customers of one of the bank’s payment card products.

That doesn’t sound such a big deal until you realise that the breach happened against a product called UCARD, of which it seems that 25,000,000 have been issued.

That makes it a pretty big breach when measured in absolute terms, with JP Morgan Chase having to contact 465,000 customers to warn them what has just happened.

Except that it looks as though it hasn’t “just happened”.

JP Morgan Chase’s own sites don’t seem to be saying, but stories already published seem to agree that the breach happened in July 2013; the bank realised in September 2013; and the notification has only followed now, in December 2013.

If, like me, you’re not from the USA, you might never have heard of UCARD – and, like me, you might have struggled to find out anything about it if you tried searching in the obvious places, such as jpmorgan.com, chase.com and jpmorganchase.com.

Not only will you find nothing about the breach, you won’t even find a mention of UCARD:

There’s a site called ucard.chase.com, but it seems to be for people who not only know what UCARD is, but actually already have one:

(One positive thing to report: at least the main page uses HTTPS, thus inviting you to login from a secure page to a secure page, though it doesn’t yet seem to offer forward secrecy.)

All we’ve been able to work out so far is that the UCARD CENTER website shown above seems to have been renamed from EBT ACCOUNT, and EBT stands for Electronic Benefit Transfer, which is pretty much what it sounds like – a way to get paid your food stamps and benefit cheques.

Briefly put, UCARD is welfare done digitally.

Of course, without an obvious official statement from JP Morgan Chase itself, we can only report what others are reporting, which seems to boil down to this:

• Data breach happened in July.
  
• Noticed and reported to relevant authorities in September.
  
• Reported to affected customers in December.
  
• Close to half-a-million cardholders affected.
  
• Still not sure what data was stolen.
  
• Most data stored encrypted.
  
• Some personal data exposed in unencrypted temporary files.
  
• Only the UCARD product affected.
  
• Law enforcement investigating.
  
• Affected customers get 12 months’ free credit monitoring.
  

Most of this, sadly, is a script you could probably have written yourself, through familiarity with all-too-many previous breach stories.

Sting in the tail

The sting in the tail – and the big lesson to take away in this case – is the issue of unencrypted temporary files.

Reuters suggests that the unencrypted data “appeared in plain text in files the computers use to log activity,” and that is probably a data leakage risk that affects many companies.

Financial transactions need scrupulous auditing, and that means keeping an accurate record somewhere of what happened, and when.

But logging can be a security risk as well as a benefit – you should be encrypting personally identifiable data both at rest (when it is written to disk) and on the move (as it flows across the network).

If you’re logging sensitive data, don’t wait until it reaches its final destination before encrypting it.

Public key cryptography makes it comparatively easy to protect logging data from snoopers and thieves in an end-to-end fashion, thus ensuring that it is encrypted everywhere along the way.

→ By the way, the potential for data leakage via temporary files is one reason why it is recommend you use FDE, or Full Disk Encrpytion, for your laptop or mobile device, rather than just encrypting your home directory. If everything is encrypted, you don’t have to worry that one or two odd or out-of-the-way files might not be.

Via: nakedsecurity

Microsoft would greatly appreciate it if you could knock off that Gmailing business and move to its Outlook.com email service. I refuse to, and so do more people than Microsoft prefers, so the company released a new tool that will make it easier for Gmail users to jump ship.

The Outlook.com switching tool is designed to make changing inbox homes more seamless and less an exercise in re-tagging. It will propagate over the next few weeks to all 400 million-plus Outlook.com users — as well as current Gmail users who have yet to make the move — a simple path to a new email home.

The tool, which you can find directions for here, will hold your hand when changing teams, though expect to wait a bit as it could be a while for your email to slip over. The transition will bring over your most recent email more quickly than the rest. But, you should be sorted in short order. The new tool will land over the next few weeks. If you don’t have it now, sit tight.

The company has research indicating that people are more willing to change email providers if the friction betwixt the two is minimized. That’s logical. So, as Microsoft wants to knock Gmail off its tech throne (name a technology leader who swears by Outlook.com over Gmail), it is working to lower the delta between leaving Google and dropping into its own product.

Outlook.com is a worthy tool that is far superior to its Hotmail predecessor. Buckled with functionally unlimited storage, Outlook.com grew quickly organically, and then benefited from the end of Hotmail itself.

Via: techcrunch

Google has long had a thing for voice search, but until now, the only language it fully supported was English. Even though voice search itself is available for a few dozen languages, the only language Google could respond in with spoken answers was always English. That’s changed.. Google just announced that its Search app for iOS and Android can now speak out answers in French, German and Japanese.

Unsurprisingly, these are also languages Google’s Knowledge Graph supports. To answer these questions, after all, Google needs to be able to understand their intent (or at least have a high confidence that it does). Chances are then, that after this initial roll-out, Google will also target Spanish, Portuguese, Russian and Italian, all of which are supported by Knowledge Graph.

If you speak German, French or Japanese, you can now easily try this new feature on your mobile phone. Just ask it “Wo bekomme ich Kaffee in München?” and it will happily show you coffee shops in Munich.

For now, this is only available on mobile, but given that Google has started to build voice support into virtually all of its services, chances are that it will also bring it to the web very soon.

Via: techcrunch

Google is promoting a White House petition calling for reform to the Electronic Communications Privacy Act (ECPA), amending it to require a warrant for the government to read the email of its citizens.

In a Google+ post – natch – Google asked its followers if they felt their online missives deserve the same protection as their physical mail. Sign the petition, the company continued, to “tell the government to get a warrant” before reading your email.

That the petition exists is not surprising. To see Google publicly promoting it is refreshing. Since Google’s post went live, around 6,000 more people have signed the petition, which is now over halfway to the needed 100,000 signatures.

What the hell is Google banging on about? Well, the ECPA is old, broken legislation that leaves us, the regular folk, unprotected from government intrusion into our affairs. As I reported earlier this year:

Written in a different era, it dictates that any email can be ordered by a mere subpoena provided that it is over 180 days old, or has been opened. Back in the last eighties, the amount of email you could store was constrained by ludicrously small hard disk space. With modern webmail systems today, you can store an unlimited amount of mail.

Thus, given that the bulk of your email is either a half year old or more, or read, the government can under current law access it with little to no oversight.

It’s like the NSA, but legal, and in the open.

In the larger discussion concerning privacy, the United States government has lied repeatedly, something that is incredibly frustrating. However, this specific law is something that we could change, that would in fact make a positive change to our society, and the relationship between our government and ourselves.

Bills have been written (including the Online Communications and Geolocation Protection Act) that would amend the ECPA, bringing it in line with our broader privacy rules, regulations and mores.

Good on Google for furthering the petition. It likely won’t do much but demonstrate that there exists market appetite for reform among the more active in the electorate. Perhaps that will job Congress. One can hope.

Via: techcrunch