Tag Archive for Google

RB | February 2, 2012
No comments

Never Check Email First Thing In The Morning

Business Sid Savara a widely regarded personal development trainer published 7 Reasons You Should Never Check Email First Thing In The Morning at his site sidsavara.com.

#1 – Ignorance Is Bliss..fully Productive – When it comes to email, ignorance is bliss. That’s why if you’ve got something important you want to make progress on, the author offers these four words for success:

Don’t check your email.

EmailsAs soon as you get in, work on something important for 30-45 minutes, and only then check email. If you can stand it, wait even longer. The article suggests that as long as you’re ignorant of everything else that’s going on outside, you can concentrate on what you want to work on.

Any new information you get can cause you to get distracted.

#2 – It’s Not Your Todo ListMr. Savara you know what is most important for you to work on the first thing in the morning you should go ahead and do it!

By checking email, you risk doing what someone else wants you to do. Or more bluntly, when you check your inbox, the emails you get are a todo list someone else makes for you.

Who is in charge of your time – you, or the person emailing you?

Changed priorities#3 – It’s An Excuse To Lack Direction – The author says that checking email is a low priority activity and that you may be checking email first thing in the morning because your todo list has gotten off track somewhere. He argues that when you don’t have a clear list of priorities, checking email becomes an urgent activity that you do at the expense of your important ones.

#4 – Reaction vs “Proaction” - When you check your email, you end up with more work to do – and because we’re in “check email” mode, we start replying to them at the expense of the task we were just working on. Rather than actively setting an agenda, email forces you to react to items as they come in – regardless of their true priority.

Mr. Savara says he prefer taking proactive actions, proaction. Work on the things that are important to you, regardless of whether they’re urgent or simply at the top of your inbox. Stop wasteful actions, and focus on productive actions instead.

Social networking sites#5 – Searching For Excuses Blindly checking email (or Twitter, or Facebook, or any number iTime wasters) is usually just searching for an excuse to not do the work that must be done according to the author.

Don’t fall into that trap. Don’t give yourself an out by checking your email for an excuse to fail. He urges, Don’t check your email  – acknowledge the task you need to get done, and do it.

Cross that bridge – it’s not going away.

#6 – There’s No Set Time Limit – Meetings get a bad rap for being a waste of time – but at least you usually know how long a meeting will last. But do you know how long you’re going to spend on email once you open your inbox, odds are you don’t know – or you’ll underestimate it.

The problem is, checking email only takes a minute but you can get sucked into follow-up activities that result from opening your email, and there’s no way of knowing how much time these will take.

You have a set time limit for how many productive hours you have in a day don’t let email suck you in and cause you to devote more time to it than you can afford.

#7 – It Builds Expectation – A lot of people says, “But I have to check my email! People expect a response from me in the morning!” The author believes that there are some requests that need immediate responses, but they’re much less frequent than you might think.

He argues that people expect a response from you in the morning because you’ve always responded first thing in the morning and you’ve built that expectation. The more often you check email, the more often people will expect you to check it. Just stop checking it first thing in the morning, and people won’t expect it anymore.

Mr Savara recommends the following email rules:

  • Only check if there is something specific you are looking for. Most important – don’t go fishing around. Check it with a specific plan, a specific email you’re looking for from a specific person.
  • Separate low value emails via filters (“rules” in outlook) or separate email addresses so you don’t even see them in your inbox when you check
  • Set a time limit. Commit to checking for 5 minutes, just to look for that one piece of information – and have your exit strategy ready. Before you open your inbox, decide what you’ll do if 1) the email is there 2) the email isn’t there 3) the email is incomplete. Don’t be reactionary – proactively decide what action you will take based on the outcomes you expect.
Related articles
Enhanced by Zemanta
Category: Business | Tags: , , , , , , , , , , , ,
RB | January 19, 2012
No comments

Don’t Fear the iPad

Network security Dark Reading reports that as workers bring their consumer devices to the workplace and expect to use them, many IT teams have raised concerns over the impact of mobile devices on a business’ security.

Tablet computersThe first reaction to the trend of consumerization of IT has typically been to ban smartphones and tablets. Slowly, companies are opening up Bring Your Own Technology (BYOT) programs and attempting to better manage the devices. Yet Josh Corman, director of security intelligence for Akamai (AKAM) told DarkReading firms should speed things up at least in the case of iPads.

He says firms that switch employees from general-purpose computers to more limited devices, such as the Apple (AAPL) iPad, could reap significant security benefits. “When new IT comes out, it is not ipso facto secure, consumer devices typically lag,” Mr. Corman told DarkReading. “But in this particular case, the adoption is of something that is inherently more defensible and inherently less complex.”

Apple ComputersMr. Corman looks at the more tightly controlled software ecosystem for iPads and sees fewer avenues for attackers to compromise corporate networks. The devices are simpler than general-purpose computer workstations, and that’s a benefit for security, he told DarkReading. “We know that complexity is the enemy of security, but we accept very high levels of complexity in our compute environments,” Mr. Corman says.

The article reports that the reasoning parallels that used by Microsoft (MSFT) when the company embarked on its mission to harden its Windows operating system. A measure of its progress was the reduction of the operating system’s attack surface area, a measure of the ease of which attackers could get access to and exploit critical functions. By reducing the ability for attackers to inject code into the system, Microsoft reduced the attack surface area and increased security. Similarly, simpler software systems, such as the iPad, used as part of a comprehensive attempt to reduce complexity in a company’s computational environment could have a similar effect.

Android logoAs long as the tablets can satisfy worker requirements, then a company could garner security benefits, agrees Frank Andrus, CTO for Bradford Networks, a network security provider. Not all tablets are created equal the more open Android platform might not offer as many security benefits as Apple’s more controlled product, “They can more easily be taken advantage of by an attacker,” he told DarkReading.

The mobile devices, however, pose a greater hazard to sensitive company data, he says. Because employees carry smartphones and tablets to places they would not bring a laptop, companies do run a greater risk of exposing data on lost and stolen devices, he says.

Weak linkIn addition, unless a company completely converts its employees to tablets for work, they will just be adding another attack surface to its IT systems, not subtracting a more complex system, Tim Matthews, a director of data-loss prevention products for Symantec told DarkReading. “The problem is that you don’t necessarily reduce the attack surface because you are not replacing your laptop yet,” he says.

To protect against the loss or theft of devices, and the resulting data leakage, companies should employee mobile device management (MDM), Mr. Matthews says. MDM software can also limit the applications installed on an employee-owned device and enforce role-based security on devices that attempt to connect to a corporate network.

In the end, allowing employees to use locked-down tablets, such as the iPad, can increase security, but only if the company pays attention to how employees are using the devices, he says.

Steve Ballmer

Where's my tablet?

“These guys are working on the plane or working at home, adding to a company’s productivity, but they are doing so in an unprotected way,” Matthews says. “And that’s a problem.”

rb-

Mobile devices bring a different set of threats, but more employees on hard-to-hack tablets means better security.

Related articles
Category: Security | Tags: , , , , , , , , , , , ,
RB | January 17, 2012
One comment

QR Codes Can Put Users at Risk

QR malware-Updated 01-26-12- It was just a matter of time and now the Websense (WBSN) ThreatSeeker Network has started spotting spam messages that lead to URLs that use embedded QR codes. According to a report at Help Net Security this is a clear evolution of traditional spammers towards targeting mobile technology. The spam email messages look like traditional pharmaceutical spam emails and contain a link to the Web site 2tag.nl. Once the 2tag.nl URL from the mail message is loaded in the browser, a QR code is displayed, along with the full URL. When the QR code is read by a QR reader, it automatically loads the spam URL.

Quick Response codes (QR codes) are a “new” type of barcode that can be used for a variety of purposes tracking, ticketing, labeling of products, etc. They can be put anywhere, in magazines, buses, websites, TV, tickets, and on almost any object which they might want to learn more about.

 Help Net Security writes that when used for legitimate purposes, they make life easier for users. “All you need to ‘visualize such a code is a smartphone with a camera and a QR reader application to scan it – the code can direct you to websites or online videos, send text messages and e-mails, or launch apps,” point out BullGuard’s researchers.

Unfortunately, QR codes can just as easily be used to compromise users’ mobile devices. “Much like URL shortening services can be and are used maliciously because of the fact that they obscure the real target URL, QR codes can also be used for such deception,” Joe Levy, CTO of Solera Networks told DarkReading. “QR codes … provide a direct link to other smart phone capabilities such as email, SMS, and application installation. So potential attack vectors extend beyond obscured URLs and browser exploits very nearly to the full suite of device capabilities.”

Mobile malwareThere are several ways attackers are already using malicious QR codes to perpetrate their scams. A recent attack via QR code “Attaging” took place in Russia and involved a Trojan disguised as a mobile app called Jimm. Once installed, “Jimm” sent a series of expensive text messages ($6 each), racking up unwanted charges.

On Apple (AAPL) iOS devices, hackers are sending users to websites that will jailbreak the device and install more malicious malware. Tomer Teller, security evangelist at Check Point Software Technologies, told DarkReading, “a user scans a barcode and is redirected to an unknown website … the user phone will be jail broken and additional malware could be deployed (such as key loggers and GPS trackers).”

Android malware“On the Google (GOOG) Android  … Criminals are redirecting users to download malicious applications. All a user needs to do is scan a barcode and it will redirect to a website that will download the Android Application” according to the article.

In addition attackers are using QR codes to redirect users to fake websites for phishing. “A QR code will redirect to a fake Bank that will look exactly like your bank. Since most smart phone screens are small, a normal user may not see the difference and will type in his or her (information) and hand it to the attackers,” Teller says. According to Mobile Commerce News some apps, like the NeoReader from Neomedia, that collect personal identifiable information (PII). This information is then sent to third parties who mine the data and possibly resell it.

Mobile paymentsThe trend to mobile QR based payment systems from firms like LevelUp, Kuapay, and Paypal are developing will drive QR code malware forward Mr. Levy says. “As our mobile devices and our wallets continue to converge through such technologies as near field communications (NFC), Bump and QR, malware authors are bound to prefer these very direct paths to the money. After all, these devices and apps are well on the road to becoming our new currency.”

So how do you protect yourself and the data on your mobile?

  • Download an app that scans QR codes and barcodes and shows the URL to which the codes want to take you. “Only use QR code reader software that allows the user to confirm the action to be taken i.e. visit a website link,” Paul Henry, security and forensic analyst at Lumension told DarkReading. “If you do not know and trust the link, cancel the action.
  • Do not scan QR codes from random stickers on walls and similar surfaces. Help Net Security says scammers are counting on people to do that because they can’t curb their curiosity.
  • Consider installing a mobile security app on your device, especially if it runs the Android OS. “Android is an open platform, which means that its source code can be examined by criminals and exploited easily when they find a weakness in, say, the Android browser,” according to the article. “That’s why most malicious apps transmitted via QR codes target the Android-based smartphones.”

rb-

I am not a fan of QR codes they seem to take you to an advertisement. Most of the destinations are fluff at best and dangerous at worst. Now that they have become nearly ubiquitous, they present more risk than necessary. Avoid QR codes.

Related articles

 

Category: Security | Tags: , , , , , , , , , ,
RB | December 20, 2011
2 comments

Web Connectable TV New Source of Threats

Internet of ThingsYou may want to consider the security of the fancy new 55-inch high-def LCD TV that Santa Claus brings you. Surprise, surprise, surprise they may have security holes that could allow hackers to take over your home network.

Consumer appetite for on-demand and online video content will drive sales of Internet-connectable TV devices to nearly 350 million units worldwide by 2015 reports ITnewsLinkParks AssociatesConnected Living Room: Web-enabled TVs and Blu-ray Players forecasts worldwide sales of Internet-connectable HDTVs, Blu-ray players, game consoles, and digital video players like Apple‘s (AAPL) Apple TV will grow about fourfold from 2010.

Digital televisionParks Associates says all major manufacturers are debuting new models with innovations in content aggregation, apps development, and user interfaces. Content options are finally catching up to the hardware innovations, and growing libraries of on-demand movies and TV available are starting to unlock the potential of connected TV devices as multifunction online entertainment and communications platforms.

The growth of these devices will increase opportunities for apps developers – including third-party developers and giants such as Google (GOOG), Samsung, and Yahoo (YHOO) and one other group, hackers.

Mocana Mocana, a company that focuses on securing the “Internet of Things”, released a study that highlights digital security flaws in Internet-connected HDTVs reports ITnewsLink. The Mocana researchers believe that the security flaws exist in many Internet TVs and recommend that consumers seek out third-party security tests before they purchase and install them in their home.

Mocana’s CEO Adrian Turner told ITnewsLink: “…manufacturers are rushing Internet-connected consumer electronics to market without bothering to secure them … consumer electronics companies that might lack internal security expertise should seek it out, before connecting their portfolio of consumer devices to the Internet.”

Computer securityMocana’s research shows that attackers may be able to leverage Internet-connected TVs to hack into consumers’ home network. Researchers found that the Internet interface failed to confirm script integrity before those scripts were run. Mocana was able to show that JavaScript could then be injected into the normal datastream, allowing attackers to obtain total control over the device’s Internet functionality. As a result, an attacker could intercept transmissions from the television to the network using common “rogue DNS”, “rogue DHCP server”, or TCP session hijacking techniques. The security holes could allow attackers to:

  • Present fake credit card forms to fool consumers into giving up their private information.
  • Create a man-in-the-middle attack on the HDTV to dupe consumers into thinking that “imposter” banking and commerce websites were legitimate.
  • Steal the TV manufacturer’s digital “corporate credentials” to gain special VIP access to backend services from third-party organizations including popular search engine, video streaming and photo sharing sites.
  • Monitor and report on consumers’ private Internet usage habits without their knowledge.

The flaws Mocana uncovered should raise questions about the security of consumer electronics in general-which manufacturers are scrambling to connect to the Internet, often with little or no security technology on board.

Alfred E. NewmanMocana’s CEO Adrian Turner continued: “While much public discussion … on the recent explosion of smartphones … the vast majority of new devices coming onto the Internet aren’t phones at all: they are devices like television sets, industrial machines, medical devices and automobiles – devices representing every conceivable industry. And the one thing that all these manufacturers have in common is that, unlike the computing industry, they don’t have deep experience in security technology.”

Related articles
Category: Security | Tags: , , , , , , , , , , ,
RB | December 19, 2011
One comment

McAfee’s 12 Scams of Christmas

Christmas elfBefore logging on from a PC, Mac, or mobile device, for the last minute holiday online shopping madness, consumers should look out for the 12 Scams of Christmas by McAfee:

1. Mobile Malware – A National Retail Federation (NRF) survey found that 52.6% of U.S. consumers who own a smartphone will be using their device for holiday-shopping. Malware targeted at mobile devices is on the rise, and Google’s (GOOG) Android smartphones are most at risk. McAfee cites a 76% increase in  Android malware in the second quarter of 2011, making it the most targeted smartphone platform.

New malware has recently been found that targets QR codes, a digital barcode that consumers might scan with their smartphone to find good deals or just to learn about products they want to buy.

Malicious Mobile Applications2. Malicious Mobile Applications – These are mobile apps designed to steal information from smartphones, or send out expensive text messages without a user’s consent. Dangerous apps are usually offered for free, and masquerade as fun applications, such as games. Last year, 4.6 million Android smartphone users downloaded a wallpaper app that collected and transmitted user data to a site in China.

Facebook3. Phony Facebook Promotions and Contests – Who doesn’t want free stuff? Unfortunately, cyberscammers know that “free” things are attractive lures and they have sprinkled Facebook with phony promotions and contests aimed at gathering personal information. A recent scam advertised two free airline tickets, but required participants to fill out multiple surveys requesting personal information.

Scareware4. Scareware, or Fake Antivirus software - Scareware is the fake antivirus software that tricks someone into believing that their computer is at risk or already infected so they agree to download and pay for phony software. This is one of the most common and dangerous Internet threats today, victimizing one million victims each day. In 2010, McAfee reported that scareware represented 23% of all dangerous Internet links, and it has been resurgent in recent months.

5. Holiday Screensavers – Bringing holiday cheer to your home or work PC sounds like a fun idea to get into the holiday spirit, but be careful. A recent search for a Santa screensaver that promises to let you “fly with Santa in 3D” is malicious. Holiday-themed ringtones and e-cards have been known to be malicious too.

Mac Malware6. Mac Malware – Until recently, Mac users felt pretty insulated from online security threats, since most were targeted at PCs. But with the growing popularity of Apple (AAPL) products, cybercriminals have designed a new wave of malware directed squarely at Mac users. According to McAfee Labs, as of late 2010, there were 5,000 pieces of malware targeting Macs, and this number is increasing by 10 percent each month.

Phishing7. Holiday Phishing Scams - Phishing is the act of tricking consumers into revealing information or performing actions they wouldn’t normally do online using phony email or social media posts. Cyberscammers know that most people are busy around the holidays so they tailor their emails and social messages with holiday themes in the hopes of tricking recipients into revealing personal information.

  • Phony notice from UPS (UPS) saying you have a package and need to complete an attached form which asks for personal or financial details to complete the delivery. The form sends the that will go straight into the hands of the cyberscammer.
  • Banking phishing scams continue to be popular and the holiday season means consumers will be spending more money and checking bank balances more often. From July to September of this year, McAfee Labs identified approximately 2,700 phishing URLs per day.
  • Smishing –SMS phishing remains a concern. Scammers send their fake messages via a text alert to a phone, notifying an unsuspecting consumer that his bank account has been compromised. The cybercriminals then direct the consumer to call a phone number to get it re-activated—and collects the user’s personal information including Social Security number, address, and account details.

Online Coupon Scams8. Online Coupon Scams - An estimated 63 percent of shoppers search for online coupons when they purchase something on the Internet, and October 2011  NRF data shows that 17.3 percent of smartphone users and 21.5 percent of tablets consumers are using their mobiles devices to redeem those coupons. But watch out, because the scammers know that by offering an irresistible online coupon, they can get people to hand over some of their personal information.

9. Mystery Shopper Scams - Mystery shoppers are people who are hired to shop in a store and report back on the customer service. Scammers are using this fun job to try to lure people into revealing personal and financial information. There have been reports of scammers sending text messages to victims, offering to pay them $50 an hour to be a mystery shopper, and instructing them to call a number if they are interested. Once the victim calls, they are asked for their personal information, including credit card and bank account numbers.

10. Hotel “Wrong Transaction” Malware Emails - Many people travel over the holidays, so it is no surprise that scammers have designed travel-related scams to get users to click on dangerous emails. In one example, a scammer sent out emails that appeared to be from a hotel, claiming that a “wrong transaction” had been discovered on the recipient’s credit card. It then asked them to fill out an attached refund form. Once opened, the attachment downloads malware onto their machine.

11. “It” Gift Scams - Every year there are hot holiday gifts that sell out early in the season. Not only do sellers mark up the price of the must have toy, but scammers will also start advertising them on rogue websites and social networks, even if they don’t have them. So, consumers could wind up paying for an item and giving away credit card details only to receive nothing in return. Once the scammers have the personal financial details, there is little recourse.

12. “I’m away from home” Scammers - Posting information about a vacation on social networking sites could actually be dangerous. If someone is connected with people they don’t know on Facebook or other social networking sites, they could see their post and decide that it may be a good time to rob them. Furthermore, a quick online search can easily turn up their home address.

How to Protect Yourself

  • Only download mobile apps from official app stores, such as iTunes and the Android Market, and read user reviews before downloading them.
  • Be extra vigilant when reviewing and responding to emails.
  • Watch out for too-good-to-be-true offers on social networks. Never agree to reveal your personal information just to participate in a promotion.
  • Don’t accept requests on social networks from people you don’t know in real life. Wait to post pictures and comments about your vacation until you’ve already returned home.
Related articles

Mobile Threats Top Holiday Scam List (pcworld.com)
Five Tips to Avoid Malware in Mobile Apps (pcworld.com)

Category: Business, Security | Tags: , , , , , , , , , , , ,
« Older Entries  

Switch to our mobile site