Monthly Archives: May 2014

Red-hot competition is driving cloud storage vendors to increase capacity and cut prices.

The cloud-storage arms race heated up even more on Monday when Microsoft gave its OneDrive for Business service a big capacity boost.

The per-user storage provided by OneDrive for Business is rising from 25 gigabytes to 1 terabyte. That applies to both the standalone version of the product and the versions that come bundled with Office 365.

The standalone version of OneDrive for Business is available as a $5-per-month option with the free Office Online Web-based productivity suite. Microsoft is currently offering the first year’s subscription at half the price. That promotional offer is available through September.

Microsoft also announced that for the first time, it is including OneDrive for Business with Office 365 ProPlus, a full-featured version of the desktop Office suite that is sold via an annual subscription for $12 per user, per month. These subscribers will also get 1 terabyte of storage per user.

OneDrive for Business, previously called SkyDrive Pro, is a service where employees can store, share and sync personal work files.

OneDrive for Business is included with most editions of Office 365, the cloud email and collaboration suite that includes online versions of Exchange, Lync and SharePoint, and with the standalone SharePoint Online service.

These Office 365 editions vary in price depending on their features and components. For example, Office 365 Small Business costs $5 per user, per month, while Office 365 Enterprise E4 goes for $22 per user, per month, to mention just two of the bundles.

The enterprise file sync and share market is crowded with specialty vendors such as Box, Dropbox, Accellion, Watchdox and Egnyte, and with products from larger providers such as Google, IBM, Citrix and EMC.

This type of storage product has become an essential component of modern collaboration systems designed to allow colleagues to jointly edit documents and access files from a variety of devices, including smartphones, tablets and PCs, via different methods including native mobile apps and standard Web browsers.

Dropbox charges $15 per user, per month for an unlimited amount of storage as part of its Business plan.

Meanwhile, Box charges $15 per user, per month for 1 terabyte of storage in its Business plan, and $35 per user, per month for unlimited storage.

Google Apps for Business, which costs $5 per user, per month, includes 30 gigabytes of Gmail and Drive storage. Customers can purchase more storage in various increments, including 1 terabyte for $89 per user, per month.

As part of its free Google account for individual consumers, Google offers each person 15 gigabytes of standard storage for Gmail, Drive and Google+ Photos, 100 gigabytes for $1.99 per month and 1 terabyte for $9.99 per month. Google chopped down those prices from $4.99 and $49.99, respectively, in March.

Via: computerworld

For those looking for some training in the Louisville, KY area, check out this deal:

For $800 (plus exam fee of $200 which is taken at the end of class) the students would get to sit in on these two days of our Quad Course—see below. They are running Saturday and Sunday. Clearly, this is going to have to be someone with a solid network and security background. I also attached a Cisco CCNP Security Boot Camp, my Trainer will run in July. It is almost booked because he only runs them twice a year on an open calendar.

Material Covered Day Six

Cisco Certified Design Associate (CCDA) is for network design engineers, technicians, and support engineers, who enable efficient network environments with an understanding of network design fundamentals. A CCDA certified network professional demonstrates the skills required to design basic campus, data center, security, voice, and wireless networks.

Material Covered Day Seven

Cisco Certified Network Associate Security (CCNA Security) validates associate‐level knowledge and skills required to secure Cisco networks. With a CCNA Security certification, a network professional demonstrates the skills required to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. The CCNA Security curriculum emphasizes core security technologies, the installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices, and competency in the technologies that Cisco uses in its security structure.

[gview file=”http://sherman-on-security.com/wp-content/uploads/2014/05/CISCO-CCNP-SECURITY-TRAINING-CAMP-v1.pdf”]

Anna Kepshire

CEO

KEP Training-Knowledge, Education & Performance

Tel: 502-384-3038

Cell: 858-245-9546

Email: akepshire@keptraining.com

www.keptraining.com

May Promotion for Military Appreciation Month

Any ISC2 CISSP 5 Day Training Camp for only $1500*
Any CompTIA Network+ 5 Day Training Camp for only $825*
Any CompTIA Security+ 5 Day Training Camp for only $925*
Any EC-Council CEH 5 Day Training Camp for only $1400*

The White House put out a statement describing its vulnerability disclosure policies: the contentious issue of whether and when government agencies should disclose their knowledge of computer vulnerabilities. The statement falls far short of a commitment to network security for all and fails to provide the reassurance the global public needs in the midst of the NSA’s security scandal. It basically says the White House plays a well-intentioned guessing game with our online safety.

The National Security Agency (NSA) is a single agency with a dual mission—protecting the security of U.S. communications while also eavesdropping on our enemies. In furtherance of its surveillance goals, we recently learned about some of NSA’s top secret efforts to hack the Internet. For example, the NSA runs a network of Internet routers that it surveils all traffic going through. It hijacks (or did until recently) Facebook sessions to install malware. It has its own botnets, or networks of compromised computers, that it controls, and it has taken over botnets created by other criminals. It uses these capabilities to steal information, to deny access to websites and other internet services, and to modify digital information, whether in transit or stored on servers.

Given these revelations, the public might reasonably believe the NSA’s deck is stacked against securing people from the very same online vulnerabilities the agency could exploit. For example, some skeptics–not I, however–disbelieve government disavowals of advance knowledge of Heartbleed, one of the worst security holes ever found. To assuage this concern, on April 12^th, President Obama announced the government will reveal major flaws in software to assure that they will be fixed, rather than keep quiet so that the vulnerabilities can be used in espionage or cyberattacks, with one huge exception—if there’s “a clear national security or law enforcement need”.

The statement by Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, tries to reassure the public that this Administration knows how to make that judgment call. There are “established principles” and an “established process” for making what are essentially guesses—bets—on network insecurities, based on a series of facially sensible, but practically almost unanswerable, questions. Officials have to assess the risk from vulnerabilities. They have to guess how hard it is for other people to find the same flaw. They have to gamble on whether officials will figure out when the bad guys gain the same attack capabilities. They have to hypothesize whether, when they do, the attackers will use their knowledge to devastating effect.

On the other side of the table are intelligence “customers” demanding increasingly powerful surveillance capabilities, accustomed to getting their way, and waiving around the threat of terrorism. It is irresponsible for national security to rest unnecessarily on these impossible “judgment calls”. The public, left out of this process entirely, is left to hope that the U.S. government will get lucky, and not abuse its attack capabilities.

This is a global network. Today, people everywhere rely on the same cryptographic algorithms, operating systems, and Internet routers that terrorists and nation-states use. Attacking our enemies’ infrastructure in the name of national security and law enforcement exposes Americans and innocent civilians to attack as well. Secure routers, software, and encryption are what keep our online banking secure. They protect trade secrets and other intellectual property. They are what make sure people don’t change what our emails say before they get to the recipient. They are what let us shop confidently online. They are what confirm that we actually are talking with the person we think we are talking to. They are what ensure the grandkid photos we share with Grandma don’t end up in the hands of perverts. They are what protect human rights activists from oppression at the hands of their governments. These are the values that the Administration’s policy is gambling with.

We often say that the U.S. is a nation of laws, and that the rule of law is a fundamental American value. But what laws allow NSA to hack the Internet? Is the secret-but-established interagency process with no “hard and fast” rules where Daniel and other officials make bets with our online security the right way to go about securing the nation? How are Congress or the courts providing any meaningful oversight? What remedies does the public have when the White House guesses wrong? How can citizens be informed about what their government does in their name? A complicated interagency process governed by secret, internally crafted policies and norms is deciding one of the most important security, economic, and civil liberties issues of our time—how secure and reliable are modern communications technologies going to be allowed to become?

Today, modern networking technology ties the people of the world together, digitally and politically. But tomorrow, the demands of nation states to keep the NSA out, and also to spy on their own citizens, and to censor their networks, threaten to destroy the free and open Internet. The harm to our economy is spreading, as U.S.’s computer products and services are no longer trusted worldwide, and as people start to mistrust the Internet itself. We ought to agree that official policy is to make all of us secure from everyone today. Something precious is on the line.

Via: forbes

The giant candy and pet food maker MARS Inc has taken a big step in the right direction by announcing that it will soon begin construction of a massive wind farm in Texas that will produce enough clean energyto power all of MARS’ operations in the United States (they have 37 factories and 70 offices, so it’s a pretty big deal). This is one of many steps that the company has been taking as part of its ‘sustainable in a generation’ plan:

MARS/Screen capture

A gigantic 200-megawatt wind project

The wind farm will be erected near Lamesa, Texas, with 118 GE wind turbines (1.7MW each) producing annually about 800,000 megawatt-hours, equivalent to what it takes to power 61,000 U.S. households. This will be enough for MARS’ 37 US factories, and represent about 24% of their global factory and office carbon footprint. Hopefully they keep rapidly improving that number and reach 100% before their target date.

Regardless of whether you buy MARS’ products or not, it’s better for the climate to have them manufactured with clean energy than with dirty one, so this is clearly a ‘win’. It should also inspire other companies to do the same, so this move also has value as a potential catalyst.

Construction of the Texas wind farm will begin at the end of 2014, with about 10 turbines going up each week. It should be finished and fully operational by mid-2015. And to be clear, the wind farm will produce an amount of electricity equivalent to what they use across the US, it won’t be directly connected to all those offices.

Youtube/Screen capture

This is a bigger investment than the recent 98MW IKEA wind power announcement. Hopefully companies try to one-up each other with clean power; everyone would benefit from that!

Via: treehugger

With dozens of cities proposed for gigabit fiber, Google, AT&T and others are expected to rush to tack on Wi-Fi to offer ads and services.

A mega-battle is brewing between corporate giants such as AT&T, Google and Time Warner Cable to build Wi-Fi hotspots in U.S. cities connected to massive gigabit fiber-optic or fast networks of cable providers.

In the coming years. Google — and likely its competitors– are likely to pump free or low-cost Internet service to city centers and shopping areas, granting shoppers and other users access to a wide array of the services and advertising that are central to Google’s revenue model.

Both AT&T and Google recently announced proposals to provide gigabit fiber services to dozens of U.S. cities — and Wi-Fi connected to the fast fiber is expected to be a part of that offering.

Over the past several years, Time Warner has been busy provisioning its modern cable network to add 11,000 Wi-Fi hotspots for its Internet customers to use for mobile devices in various Kansas City area locales, including stores, parks, walking paths and nightlife spots like the popular downtown eight-block Power & Light District. During the last two years the Google Fiber network has steadily mushroomed to 6,000 fiber-optic miles throughout the KC metro area, but it hasn’t been connected so far to Wi-Fi.

In a 10-page document obtained by the IDG News Service, Google informed 34 cities that are candidates for Google Fiber in 2015 that it will be “discussing our Wi-Fi plans and related requirements with you as we move forward with your city during this planning process.”

Google, in part, appears to be responding to AT&T’s several year history of supporting up to 34,000 Wi-Fi hotspots nationwide. For instance, AT&T runs a Times Square “hotzone” in New York city as well as hotspots in other city centers and restaurants that can be used without charge by select AT&T home Internet customers who are going mobile with smartphones and tablets.

Prospects that AT&T will expand its Gigapower 1 Gbps fiber optic offering to include Wi-Fi in 21 cities is about potentially adding new services, paid for by end-users or third parties. And for Google, the potential for Wi-Fi atop of Google Fiber “is all about market creation for new kinds of ads and services,” said Patrick Moorhead, an analyst at Moor Insights & Strategy.

“The fatter the pipe — whether via fiber or Wi-Fi connected with fiber — more of the user experience can be delivered a remote datacenter, which is a strategic advantage for Google,” Moorhead added. “Google could put ads on everything from billboards to smart mirrors to the sides of buildings much, much easier.”

“Also, pervasive, fast connectivity means you can have more dumb clients that get all their horsepower from the cloud as a service,” he added

Jack Gold, an analyst at J. Gold Associates, said even AT&T’s reliance on Wi-Fi in many locations hasn’t been sufficient to handle the coming bandwidth load of uses, especially things like video over Netflix, YouTube and video used in ads.

“As users increase their use of rich media, they load up the networks pretty badly, and with an expected 1000x bandwidth increase needed by 2020, there’s a real problem,” Gold said.

“Google is seeing the writing on the wall as well as AT&T and wants to make sure it can offer its enhanced services where bandwidth may be constrained,” Gold added. “If you have a slow network, serving ads and serving up YouTube is a terrible experience. And with a terrible experience, users won’t go there. And if they won’t go there, Google can’t serve you ads … and generate revenues per click. For Google, it’s all about making sure they can maintain the click rates they need to keep their money machine going.”

In cities where Google Fiber is already being rolled out, city and neighborhood leaders have reported that Google has refused in the past to connect its fiber to Wi-Fi for use in apartment buildings and low-income housing projects. They say Google contends that such Wi-Fi service wouldn’t be secure or reliable, especially with the signal passing through concrete walls.

Google now holds a more positive stance on public locations for its Wi-Fi, especially outdoors, where concrete walls aren’t an impediment.

“We would be interested in providing public, outdoor Wi-Fi access to our Google Fiber cities, although we don’t have any specific plans to announce right now,” Google spokeswoman Jenna Wandres said Friday.

She refused to say if Google’s “public” approach would allow anyone with a Wi-Fi ready device to join the Google Wi-Fi or only Google Fiber customers, in keeping with the approach of some other providers.

The Google Wi-Fi locations will probably be similar to what Google has done in Mountain View, Calif., according to a community activist who asked not to be identified. “Knowing Google’s past behavior, its locations for future Wi-Fi will be based on where they can get the most useful consumer information to resell to advertisers and push their products,” the activist said. “Don’t forget, mining individual user data is how Google has made their billions.”

Time Warner appears to be following a similar strategy in the Kansas City area, where residents have noticed Wi-Fi hotspots pop up to add convenience to smartphone-or tablet-carrying Time Warner customers.

Activists speculated that the cable provider is sapping up the free, unlicensed Wi-Fi spectrum in its many Kansas City locations, which essentially stalls competing providers from moving in. Instead of a land grab, there’s a kind of spectrum grab. Time Warner wouldn’t comment on that speculation.

AT&T remains noncommittal about predictions it will add Wi-Fi to its Gigapower fiber networks in 21 candidate cities. When AT&T meets leaders in those cities, “we are willing to explore ways in which AT&T can help meet [city] needs,” spokeswoman Kurko Wong said via email.

Noting AT&T’s history of making Wi-Fi available at 34,000 hotspots in 50 states for free to some of its customers, she added, “we’re committed to making the benefits of Wi-Fi widely available.”

Customer response to the AT&T Wi-Fi “has been better than expected,” she added, as smartphones, laptops and tablets have proliferated. Over a few months in 2010, AT&T found that its customers made more than 350,000 connections to Wi-Fi hotzones in New York City, Charlotte and Chicago.

As AT&T and others have found, Wi-Fi hotspots are clearly hotter than ever, and major companies are positioning themselves to cash in.

Via: itworld

34 lucky cities could soon have gigabit internet speeds

If you think about it, internet access and speeds are some of the most enabling or crippling technolgies today. I would kill for Google Fiber.

Okay, I’m just kidding. I wouldn’t move to one of these 34 cities invited to bring in Google Fiber, but for a few minutes I did consider it.

34 lucky cities have the oppotunity to get internet access speeds up to 100 times faster than anyone else. Google Fiber includes high definition TV streaming, but the 1,000Mbps speed is the real draw. (Google Fiber subscribers also get 1TB of Google Drive storage space.)

Right now Google Fiber is only available in 3 cities: Austin, TX;  Kansas City, KS; and Provo, UT. Current prices range from $0 (yes, zero, at least for 7 years with a $300 construction fee) to $120 a month if you roll in TV service.

Who doesn’t want this?! 

Google Fiber might be coming soon to a city near you. It depends on Google’s deals with the local government, but in the 34 cities Google is exploring, Portland, Nashville, Atlanta, and others are under consideration.

Lucky ducks.

Via: itworld

Devices made through March 2013 may be affected.

Apple confirmed that some iPhone 5 smartphones have defective sleep/wake/power buttons and kicked off a free component replacement program in the U.S. and Canada.

The sleep/wake/power button is on the upper-right top of the iPhone.

“Apple has determined that the sleep/wake button mechanism on a small percentage of iPhone 5 models may stop working or work intermittently,” Apple said in an online support document published Friday.

The iPhone 5 debuted in September 2012. Devices made through March 2013 may be affected.

Complaints about the sleep/wake/power button appeared on the Apple support forum just a few months after the iPhone 5 launched, with many customers reporting intermittent issues, or that they had to press the button extremely hard for it to register. The new program covers all eligible iPhone 5 smartphones, including those now out of warranty.

Customers can determine whether their iPhone 5 is eligible for repair by entering its serial number in a field on the support document. The iPhone 5 serial number can be found by tapping the Settings icon, then General and About.

Defective sleep/wake/power buttons are not replaced at Apple’s retail stores, but owners can drop off devices there. Alternately, iPhone 5 users can ship their handsets directly to an Apple repair center after calling the Cupertino, Calif. company and requesting a postage-paid box. According to messages posted Saturday on Apple’s support forum, customers who took their phones to an Apple store were told that it would be returned in about a week.

iPhone 5 16GB loaners are available, Apple said, and several owners confirmed that they had been handed one. Smartphones still running iOS 6 will be upgraded to iOS 7 by Apple has part of the button replacement.

The program will be expanded to other countries in May, and will expire September 21, 2014, two years after the iPhone 5 first went on sale.

Via: itworld

The prevailing view that young people are careless of information security has been challenged by a new UK survey that reveals two-thirds believe security is the number one priority when buying a new internet-connected device.

The survey of more than 1,200 16to 24-year-olds by youth insights consultancy Voxburner found that almost 90 percent of them are concerned about the security of the data they share. And the study, which asked young people’s views of the Internet of Things (IoT) and other connected devices, finds more than a third feel that the benefits of new technologies such as IoT do not outweigh the risks.

Analysing the findings, Voxburner says: “There is a popular belief that young people are frivolous with their data and don’t have any concerns about privacy, but 67 percent of 16 to 24s say that security is their number one priority when buying an internet-connected product.”

Among those surveyed, Claire, 18, from Medway, says: “I certainly have concerns about data privacy and in some cases I will avoid whatever I am doing if I am not willing to share my information with the company.”

Sean, aged 24 and from Dublin, adds: “The internet can be useful, but we don’t always need to be connected to everything. Think carefully if the internet would really improve the functionality or experience or whether it’s just internet for internet’s sake. And above all, protect my privacy.”

Voxburner’s head of insight, Luke Mitchell, believes 16 to 24 year olds have changed their attitude to cyber security from being trusting to being unsettled by factors such as stalker stories, cyber bullying and the Edward Snowden revelations.

He told SCMgazineUK.com via email: “Many observers would say that young people are too careless and open with their personal data, but young people today – rightly to a degree – regard themselves as advanced technology users who are experienced enough to recognise threats.”

But he said: “Because they have good digital literacy and awareness of technology developments, they are beginning to realise the dangers of their data being exposed to so many different platforms and players.

“While they have so far been fairly trustful in the digital environment, particularly of recognised brands (asked if Google is evil, 86 percent of our youth panel have told us ‘no’, and 53 percent also disagreed with the statement ‘I believe technology will increasingly be used for evil rather than good’) new innovations are potentially moving them out of their comfort zone.

“There is the media back-drop of stalker stories and cyber bullying, Edward Snowden and dark TV like Charlie Brooker’s Black Mirror that is starting to unsettle them.”

However, security expert Mark James, technical director at ESET UK, does not believe the new attitude will necessarily provide UK organisations with a new generation of security-savvy employees.

He told SCMagazineUK.com via email: “It’s encouraging to see a growing awareness of the importance of maintaining privacy and security amongst young people, but it’s important to distinguish between their work and personal lives.

“Whilst they are often the most tech-savvy when it comes to personal brand, when it comes to transferring that same shrewdness to their business lives, they are arguably some of the most unreliable.”

James explained: “In recent research by ESET into the attitudes of Gen-Y professionals, 50 percent believed it is nearly always their organisation’s responsibility to ensure the safety of data; 38 percent are also unaware of, or don’t believe, their company has an IT security policy, and 30 percent of those aware of its existence don’t know what it is.

“IT security teams need to engage with younger employees in the creation of policies that suit the needs of both parties.”

Luke Mitchell at Voxburner also admitted that young people’s new caution does not yet extend to their mobile phones.

He told us: “Interestingly our research has shown that while most have protected their laptops, they currently perceive very little threat to their mobiles and few are using security software on their smartphones.”

When it comes to the Internet of Things, 80 percent of the respondents are interested in the concept. But while three-quarters are excited by the prospect of IoT, 16 percent feel scared and 9 percent even say they feel threatened.

Voxburner questioned 1,244 UK 16 to 24 year olds last month for the study, ‘Are young people wild about the Internet of Things’, both online and through phone interviews.

Via: scmagazineuk