Category Archives: Security

Wearable Fitness Devices – The Internet of Fitness IoF

Wearable Fitness Devices – The Internet of Fitness IoF

Wearable Fitness Devices

The Internet of Fitness IoF (or IoT helping you get fit)

The tracking of your personal fitness has recently exploded. Fitness devices are probably the number one wearable IoT device out there. You now have the opportunity to take part in a valuable community experience by joining a connected fitness challenge. First off, connected fitness is a thing, really. The concept is quite simple: You get a device that measures what you are doing fitness wise and then share that with the world. Of course, this raises a few important questions around what you share and how you share it.

Our first consideration is the timing of the information. Timing is critical. If you share actively while you are actually working out, you present the “I am not currently at home now” risk. That is the same risk you face when “checking in” to various places on the internet. If you are at the airport now, you aren’t at home. The same is true of fitness activities. So the first thing to do is turn off the real time updates. In the end, none of us need to know when you stop by the Stop and Shop, or are getting coffee at a local coffee place.


(Image Source: Shutterstock)

This presents our next consideration: What do you share? The reality is that people in the beginning of a process tend to share too much information, so you have to consider what you are sharing with your various online communities. This applies to all of the information you share, not only to your fitness communities. In addition to turning off real time updates to prevent potential intruders from knowing you’re away from home, you should avoid posting vacation photos until after you return. Likewise, you should only use an out of office notice for your work email and phone, but never on your house and personal phones. The other side of what you share is the actual information. For example, posting how many steps you took yesterday isn’t bad. Posting the route you took isn’t good. Posting your blood pressure on a site you and your doctor can access is good. Posting your blood pressure to the world, not so good. In the end, as you begin gathering this information start asking yourself what I want people to know. Then it becomes easy to determine what you are going to share.

Don’t Be Discouraged

Despite the potential risks associated with oversharing, joining a fitness community can be a great source of motivation. If you are interested in comparing your progress with your friends, then posting your numbers for others to see becomes an important part of your community experience. This is especially true if you’re even slightly competitive, as knowing that others are exceeding your performance is an incredible motivator. If this describes you, then finding a safe balance for posting your data online and having other people connected to that data is key to your online community engagement. If you aren’t competitive, you can still post your data online – just don’t compare yourself to others. This sharing can still be a source of encouragement as your friends can see your personal progress and milestones over time, and you can celebrate each other’s successes.

Wearable fitness devices offer great benefits both in improving your health but also in helping you create a support community. Averaging 10,000 steps a day in the end make you healthier. Sharing that with people who care is even better. However, sharing your specific medical metrics like blood sugar levels or announcing you’re away from home are another thing altogether.

As wearable IoT continues to expand further and further into the personal fitness market it’s important to remember the initial rules: Don’t post your data real time. Your friend may cheer you on for doing that, but the burglar waiting for your home to be empty will cheer you on as well. Uploading after you are done is a great way to engage with your community and gain a great sense of accomplishment. By carefully considering what you share and how you share it, you can enjoy the health and emotional benefits of connected fitness while protecting yourself from potential threats.

By Scott Andersen

Exciting Job Opportunities In Several Tech Fields

Exciting Job Opportunities In Several Tech Fields

Exciting Job Opportunities

CompTIA has released a report projecting a growth of 5.1% in IT spending this year, and though more than Gartner and IDC expect, they too estimate considerable escalation. According to Infoworld, 2014 saw a 2.4% increase in IT employment, representing more than 100,000 jobs – 2015 could see this figure increase. According to the US department of labour, web development jobs experienced the highest growth in 2014 at 4%, and employment of information security analysts, software systems developers and network and computer systems administers increased between 1.8% and 3.6%.


Top Jobs

Earlier this year, Glassdoor released a list of the 25 Best Jobs in America for 2015, and ten of them are in the IT sector. Software Engineer takes second place, with Database Administrator and Data Scientist in the top ten. Solutions Architect boasts one of the highest average base salaries, though all of the listed IT occupations offer decent remuneration. US News puts Software Developer at the top of its list of best tech jobs for 2015 and predicts a flood of new jobs in the IT market over the next seven years, with a forecast of a 36.5% increase in demand for Information Security Analysts.

What You Need

While certainly the place to be, the range of skills required to work successfully in IT is broad, and with constant technological evolution, skills often need to be updated just as you think you’ve mastered them. Inc recommends that 2015 is the time for honing your skills in coding, big data, cloud computing, mobile computing, data visualisation and UX design skills, while Training Journal insists that more problem solving skills are critical in IT. FierceCIO advises that business skills should not be overlooked, as many key IT roles require an excellent sense of the business and its workings in order to best perform their roles.

Where It’s Happening

Forbes has detailed the highest-paying cities for tech jobs in the US, with Silicon Valley at the top of their list, followed by Seattle, Washington, DC and Boston. Austin, Texas is credited with the strongest tech sector employment expansion from 2004 to 2014, with Raleigh, North Carolina close behind. In the UK, The Telegraph puts Manchester and Bristol close to London’s top earning average, and notes that Bristol, Brighton and Cambridge offer higher rates to freelancers working in the cloud sector than London.

Wherever you are, it seems 2015 is the year for technology, and if the predictions for IT pay off the future is bright. IT professionals possessing the top skills as well as the ability to pull together various IT services and business acumen are in demand, and it looks like that trend will only increase in the coming years.

Jennifer Klostermann

US Cyber Security Trade Mission All Set For Eastern Europe

US Cyber Security Trade Mission All Set For Eastern Europe

US Cyber Security Trade Mission

A US Government cyber security trade mission, on its way to Eastern Europe this weekend, aims to minimize cyber attacks and boost cooperation between the two regions in fighting cyber crime. It also aims to increase cyber security-related business between the US and Eastern European countries.

The one-week mission that will be lead by US Deputy Secretary of Commerce, Bruce Andrews, will visit Bucharest in Romania and Warsaw in Poland. In a media statement, Andrews said he would be accompanied by Assistant Secretary for Industry and Analysis, Marcus Jadotte, as well as representatives of 20 American companies. While some were large companies like Microsoft, IBM, Cisco Systems and Hewlett Packard, others were small, but they all had the interests of cyber security at heart.


(Image Source: Tatiana Volgutova /

Andrews said they would be meeting business and government leaders in the two cities and hosting “regional dialogue” with a number of other countries from around Eastern and Central Europe.

We want US businesses to sign deals with companies and with governments in that region to help improve their cyber security and create jobs here at home,” he said.

In its official mission statement, said the primary purpose of the upcoming cyber security trade mission was to introduce US trade associations and businesses to Central and Eastern European information and communication technology (ICT) security and critical infrastructure protection markets. This would help US companies find new business partners so they could export products and services to this region. In addition to Poland and Romania, the statement said the mission would reach at least ten other potential Eastern and Central European markets: Bosnia, Bulgaria, Croatia, Hungary, Macedonia, Moldova, Montenegro, Serbia, Slovakia and Slovenia. There would also be virtual introductions to government officials and companies that were not able to attend the trade mission meetings.

Vital Security Properties, which is managed by the Department of Commerce’s International Trade Administration, was set up to assist US businesses plan international sales strategies.

Their mission statement points out that cyber security is used to safeguard the “vital security properties” of organizations’ and users’ financial, intellectual and infrastructure assets against any cyber security risks in the international cyber environment. In addition, the “critical information infrastructure” could not be separated from physical infrastructure systems, including basic services such as electricity, energy and water supply, safety and security, and even traffic management systems.

With the ever-increasing sophistication and growth of cyber-attacks in recent years, “strict compliance and unified security packages” were being prioritized. This was to try and protect the critical data, safety and infrastructure of businesses, as well as that of governments, the military, ports, public utilities, banking and other financial services, the statement said.

The damaging effects of cyber-threats can be felt on many levels from the business to the individual and can spill across borders.

As a result of recent cyber attacks in the region, attempts had been made to improve cyber security protection. Governments in Eastern and Central Europe had made cyber security a “policy priority” by creating task forces and participating with the US government in an attempt to improve their defenses.

Ultimately the trade mission would introduce US companies to what has become a “rapidly expanding market for cyber security products and services in Eastern and Central Europe.” Those businesses participating would have the opportunity to gain market insights, solidify business strategies, make industry contacts, and advance projects in an official US delegation, which would strengthen their abilities to secure meetings and get better exposure to the region.

Participants in the trade mission arrive in Bucharest on Sunday May 10 and leave from Warsaw the following Saturday, May 16.

By Penny Swift

Jumpstart The Cloud For Small Businesses

Jumpstart The Cloud For Small Businesses

The Cloud For Small Businesses

Cloud computing provides the perfect mix for small startups to jumpstart their business quickly and inexpensively. The utilization of Cloud based SaaS applications as well as benefiting from one of the several managed cloud service providers (Reducing IT costs) can save your company a fair bit of money. You will require a company website and the good news is, there are several CMS offerings available for you to work with offering varying complexities and prices.

Number Crunchers

One of the major to-do lists for any small business is to have a qualified accountant, or if you love numbers, a SaaS accounting program to help manage your business startup.

Attached is an infographic courtesy of Waspbarcode which outlines some of the accounting challenges faced by small businesses.

    • 74% don’t understand how ghost assets impact their books and inflate taxes, insurance or money owed.
    • Only 17% of small businesses use an asset management system that allows auditing.
    • Accountants ranked among the top professionals in order of importance to small businesses; and, 88% of small businesses are very or somewhat satisfied with their accountants.


Churning It Up In The Cloud

Churning It Up In The Cloud

Churning The Corner With SaaS Applications

There’s plenty of research that backs up our reasoning for a move to the cloud. Forrester Research claims that the public cloud computing market will reach $191bn in 2020 (everyone else is doing it); Peer1Hosting claims that 49% of IT decision makers are doing it to reduce costs (everyone else is cutting costs).

And that’s all great. So much of the evidence behind moving data into the cloud rests in the financial – even though on average, a business has around 250 applications to manage on approximately four different clouds (let’s leave that for another time…)

In fact, one the most compelling – yet little measured – impacts of the cloud is the softer element. To what degree is cloud technology helping us retain our talent? To what degree is cloud technology improving our productivity? Indeed, to what degree is cloud technology adding value to our businesses?

Let’s look at how we might be able to quantify the softer side of the cloud.

Days lost vs Days earned


Central London businesses will know the perils of public transport. Last week’s incident at Clapham Junction, where commuters were stuck for 7 hours, underlines the business risk. However, listen to the news, and you’ll have heard of the ‘demob happy’ atmosphere among commuters, many of whom had simply gone online and started working. At least, for as long as their laptops and phones had power. Ten, twenty years ago, this would have been unimaginable.

As a business, take the number of days lost to issues such as transport, minor illnesses, sick children (I can attest to the latter no longer being such an issue from a work point of view), and you can put a figure on how much the cloud is saving your business. Russell Cook wrote that you can add 25 hours per week for some employees with the cloud – a surprisingly large figure.

Churn & the cost of hire

cloud_14It’s hard to measure the effect cloud technology has on churn. However, we can have a go. In one business I worked at, technology was so old that laptops would take 20 minutes to load every morning. That’s 20 minutes, per person, per day – at a minimum – lost to technology. Home working was near impossible as e-mail was not available off-premises, and documents had to be hosted on a local server. On top of the cost of days lost, there was the inevitable disaffection brought about by a company not supporting employees who wanted to ‘get the job done’.

After all, we’re all after job satisfaction.

So if we take the cost of losing an employee and hiring another (some experts claim it’s as much as $55,000 on average), and we add another 5% to our churn due to a lack of cloud services, then we can come to a reasonable figure.

Speed is of the essence

In the UK, our government talks frequently of a lack of productivity in the workplace and they might be right. So what if those laptops loaded more quickly? There’s an extra hour of work for every three employees, per day. But what if files were more accessible and actionable – that’s measurable too.

For instance, a spreadsheet hosted on a local server can only be accessed by one person. A live one can be edited by multiple people. If that spreadsheet saves 5 minutes a day, per person, it may not sound like much. That is, until you add up those 5 minutes over several months, and you end up with several days’ worth of savings.

We’re not alone in finding it hard to quantify the softer side of the business – HR professionals have been trying to quantify for years, and it’s only recently (thanks to the cloud) that they’re able to bring all of their data together. The irony.

However – even if we’re unable to put the pence to it, we can estimate the pounds – and they are considerable, whether they’re hypothetical pounds or not.

By Gareth Cartman

The Growth Of Rampant Digital Diseases

The Growth Of Rampant Digital Diseases

Rampant Digital Diseases

Keeping ‘Rombertik’ at Bay – The New Malware that Destroys Hard-Drives

A new form of malware is still on the loose, and this one takes malicious to a whole new level. Nicknamed ‘Rombertik’ by Cisco Systems, the malware attempts to infiltrate the victim’s browser to procure confidential information; fairly standard operating procedure for malware. Where Rombertik differentiates itself from other malware is the way in which it avoids detection, and how it fights back if it is detected.

Kowsik Guruswamy, CTO for Menlo Security, on the subject. Kowsik says,

“It’s a scenario that we’ve seen time and time again – none of the existing security solutions have been able to protect enterprise users from malware infection. We’ve thrown signatures, sandboxes, big data, analytics and numerous other seemingly innovative security technologies at it yet nothing works. In the State of the Web 2015: Vulnerability Report we published last month, we found that one in three web sites out there pose some sort of risk to the user. We really need to be thinking about ways of eliminating malware that doesn’t involve keeping up with the latest trends – something more definitive that just takes the problem off the table.”

How Rombertik Stays Invisible

Rombertik employs a number of advanced mechanisms that render it almost completely undetectable.


(Source: Talos)

First of all, Rombertik devotes a lot of information – around 97% of its binary data – to appearing perfectly innocent. Only 3% of the program actually functions as malware; the rest of it is a collection of harmless images and functions. Furthermore, the program uses a bogus data generator that, at the beginning of its operation, writes 960 million random bytes to memory, effectively creating over 100GB of log files that analysis applications have to trawl through.

These mechanisms make it extremely hard for any malware detection application to detect Rombertik.

Advanced Sandbox Detection

Rombertik deliberately makes invalid function calls that are designed to invoke specific errors – errors that are typically suppressed by a virtual machine. By doing so, Rombertik can check whether or not it is running within a sandbox. It is only once it determines that it is not running within a sandbox that it begins unpacking itself.

Detection and Self-Destruction

If Rombertik detects that it is in fact running inside a VM, it decides that it has been flagged as a suspicious program, and initiates a self-destruct sequence that ultimate destroys the host computer’s hard drive. Its first priority is to access and overwrite the Master Boot Record of the host hard drive. Essentially, it completely overwrites the MBR partition data with null bytes, making it next to impossible to restore the hard drive.

If it is unable to gain access to the MBR, Rombertik instead encrypts all the files (using an RC4 key) within the C:\ drive’s administrator folder.

Prevention is better than a Cure

The best course of action, as with any virus or malicious software, is to avoid getting it in the first place! Rombertik, as with most cases of malware, gets installed when people click on links or attachments sent through email. The trouble is, these emails can often come from trusted sources – sources that people would never suspect to be harbouring malicious software of any sort. Even Forbes, a well-respected and widely acclaimed website, had fallen victim to hackers back in November 2014, who had used it as a platform to spread malware. The reality is that this can happen to anyone, anytime and anywhere. These are rampant digital diseases that are becoming more and more powerful. We need much better systems in place to find preventative methods before situations become that much more terminal.

By Vanja Daskalovic

Will Your Internet of Things Device Testify Against You?

Will Your Internet of Things Device Testify Against You?

Will Your Internet of Things Device Testify

Imagine this:  Your wearable device is subpoenaed to testify against you.  You were driving when you were over the legal alcohol limit and data from a smart Breathalyzer device is used against you. Some might argue that such a use case could potentially safeguard society. However, it poses a bigger concern about how data from the broader spectrum of Internet of Things (IoT) devices could be used against you.  Doesn’t it seem reminiscent of George Orwell’s dystopian universe, Nineteen Eighty Four where children were indoctrinated to inform on suspicious activity, only now it’s an IoT device? But, this time it’s you who chose to use the device or network of devices that could start working in concert against you.


IoT devices range from wearables such as wristbands, shirts, and goggles to a range of household and other real-world objects that are increasingly being connected to the Internet using RFID chips, barcodes, sensors, bots via mobile applications. And as the technology has become cheaper and more efficient these devices have become enmeshed in our daily lives. Runners like myself regularly slip sensors into our shoes to track our distance and times.  Many people wear fitness bands with the goal of optimizing their sleep, diet and lifestyle patterns. There is also a certain coolness and addictive factor associated with these devices and many rush to have the latest and greatest in these devices.

Data Brokers Are Waiting

What most people don’t think about is most if not all of the analysis of the data is not carried out on the device and is analyzed and often shared with third party data brokers via a cloud backend depending on the privacy policies in place.  These third parties may share information and the aggregated data used to create profiles, which at best case may be use for marketing purposes but over time what’s to stop insurers and law enforcement gaining access to this information?

Earlier this year Federal Trade Commission (FTC) Chair Edith Ramirez warned of the privacy risks when at the CES tradeshow, she posed the question ”Or will the information flowing in from our smart cars, smart devices, smart cities just swell the ocean of “big data,” which could allow information to be used in ways that are inconsistent with consumers’ expectations or relationship with a company?”   The Electronic Privacy Information Center has also written at length on the risks of the “hidden collection” of sensitive data from IoT devices.  In Accenture’s survey report on the “Internet of Things” many of the 2000 respondents polled in the United States indicated they would be willing to share personal data in return for discounts and coupons.

Transparency, Standards And Data Confidentiality


I am a fan of IoT and the potential a great many of these devices offer for improved quality of living and safety, health, greater home and environmental efficiencies.  However, consumers need clear standards for secure connections from the devices to a backend cloud and standards around data confidentiality, and transparency of that data stored and processed in the backend cloud.  Until these standards are in place, I encourage users to be vigilant and to press manufacturers for clear answers on the following at minimum:

  1. Will your data shared with third parties? This is particularly important for any device that collects sensitive data about you. It may be challenging given the volume and legalese of privacy policies but well worth the time investment given it’s your private data.
  2. Understand how your information is transmitted. And, once in storage, who has access to the information?  Is the information stored on a third party’s cloud?  When you stop using the device, what happens to your data?
  3. Take time to understand your device’s privacy settings. Have you configured the device’s settings maximum privacy? Are you only sharing what you are comfortable sharing publicly?

The tension between convenience and privacy is at it’s most strained and hopefully that will accelerate the move towards much needed digital safeguards.  But in the interim, a more cautious and defensive approach will help you preserve your privacy.

(Image Source: Shutterstock)

By Evelyn de Souza

CloudTweaks Comics
A New CCTV Nightmare: Botnets And DDoS attacks

A New CCTV Nightmare: Botnets And DDoS attacks

Botnets and DDoS Attacks There’s just so much that seems as though it could go wrong with closed-circuit television cameras, a.k.a. video surveillance. With an ever-increasing number of digital eyes on the average person at all times, people can hardly be blamed for feeling like they’re one misfortune away from joining the ranks of Don’t…

The DDoS That Came Through IoT: A New Era For Cyber Crime

The DDoS That Came Through IoT: A New Era For Cyber Crime

A New Era for Cyber Crime Last September, the website of a well-known security journalist was hit by a massive DDoS attack. The site’s host stated it was the largest attack of that type they had ever seen. Rather than originating at an identifiable location, the attack seemed to come from everywhere, and it seemed…

The Conflict Of Net Neutrality And DDoS-Attacks!

The Conflict Of Net Neutrality And DDoS-Attacks!

The Conflict Of Net Neutrality And DDoS-Attacks! So we are all cheering as the FCC last week made the right choice in upholding the principle of net neutrality! For the general public it is a given that an ISP should be allowed to charge for bandwidth and Internet access but never to block or somehow…

Reuters News: Powerfull DDoS Knocks Out Several Large Scale Websites

Reuters News: Powerfull DDoS Knocks Out Several Large Scale Websites

DDoS Knocks Out Several Websites Cyber attacks targeting the internet infrastructure provider Dyn disrupted service on major sites such as Twitter and Spotify on Friday, mainly affecting users on the U.S. East Coast. It was not immediately clear who was responsible. Officials told Reuters that the U.S. Department of Homeland Security and the Federal Bureau…

Timeline of the Massive DDoS DYN Attacks

Timeline of the Massive DDoS DYN Attacks

DYN DDOS Timeline This morning at 7am ET a DDoS attack was launched at Dyn (the site is still down at the minute), an Internet infrastructure company whose headquarters are in New Hampshire. So far the attack has come in 2 waves, the first at 11.10 UTC and the second at around 16.00 UTC. So…

Cloud Infographic – DDoS attacks, unauthorized access and false alarms

Cloud Infographic – DDoS attacks, unauthorized access and false alarms

DDoS attacks, unauthorized access and false alarms Above DDoS attacks, unauthorized access and false alarms, malware is the most common incident that security teams reported responding to in 2014, according to a recent survey from SANS Institute and late-stage security startup AlienVault. The average cost of a data breach? $3.5 million, or $145 per sensitive…

Cloud Infographic: Security And DDoS

Cloud Infographic: Security And DDoS

Security, Security, Security!! Get use to it as we’ll be hearing more and more of this in the coming years. Collaborative security efforts from around the world must start as sometimes it feels there is a sense of Fait Accompli, that it’s simply too late to feel safe in this digital age. We may not…

How You Can Improve Customer Experience With Fast Data Analytics

How You Can Improve Customer Experience With Fast Data Analytics

Fast Data Analytics In today’s constantly connected world, customers expect more than ever before from the companies they do business with. With the emergence of big data, businesses have been able to better meet and exceed customer expectations thanks to analytics and data science. However, the role of data in your business’ success doesn’t end…

Cloud Services Providers – Learning To Keep The Lights On

Cloud Services Providers – Learning To Keep The Lights On

The True Meaning of Availability What is real availability? In our line of work, cloud service providers approach availability from the inside out. And in many cases, some never make it past their own front door given how challenging it is to keep the lights on at home let alone factors that are out of…

Cloud Native Trends Picking Up – Legacy Security Losing Ground

Cloud Native Trends Picking Up – Legacy Security Losing Ground

Cloud Native Trends Once upon a time, only a select few companies like Google and Salesforce possessed the knowledge and expertise to operate efficient cloud infrastructure and applications. Organizations patronizing those companies benefitted with apps that offered new benefits in flexibility, scalability and cost effectiveness. These days, the sharp division between cloud and on-premises infrastructure…

Three Factors For Choosing Your Long-term Cloud Strategy

Three Factors For Choosing Your Long-term Cloud Strategy

Choosing Your Long-term Cloud Strategy A few weeks ago I visited the global headquarters of a large multi-national company to discuss cloud strategy with the CIO. I arrived 30 minutes early and took a tour of the area where the marketing team showcased their award winning brands. I was impressed by the digital marketing strategy…

Three Tips To Simplify Governance, Risk and Compliance

Three Tips To Simplify Governance, Risk and Compliance

Governance, Risk and Compliance Businesses are under pressure to deliver against a backdrop of evolving regulations and security threats. In the face of such challenges they strive to perform better, be leaner, cut costs and be more efficient. Effective governance, risk and compliance (GRC) can help preserve the business’ corporate integrity and protect the brand,…

The Rise Of BI Data And How To Use It Effectively

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the business world as a whole. In 1983, the first commercially handheld mobile phone debuted and provided workers with an unprecedented amount of availability, leading to more productivity and profits. More recently, the Cloud has taken…

Using Private Cloud Architecture For Multi-Tier Applications

Using Private Cloud Architecture For Multi-Tier Applications

Cloud Architecture These days, Multi-Tier Applications are the norm. From SharePoint’s front-end/back-end configuration, to LAMP-based websites using multiple servers to handle different functions, a multitude of apps require public and private-facing components to work in tandem. Placing these apps in entirely public-facing platforms and networks simplifies the process, but at the cost of security vulnerabilities. Locating everything…

The Cancer Moonshot: Collaboration Is Key

The Cancer Moonshot: Collaboration Is Key

Cancer Moonshot In his final State of the Union address in January 2016, President Obama announced a new American “moonshot” effort: finding a cure for cancer. The term “moonshot” comes from one of America’s greatest achievements, the moon landing. If the scientific community can achieve that kind of feat, then surely it can rally around…


Sponsored Partners