Friday, January 30, 2015

Industry voice: Seven cyber-security risks your business should be aware of in 2015

TechRadar: All latest feeds Industry voice: Seven cyber-security risks your business should be aware of in 2015

With Sony being the latest major victim of hacking, large organisations are witnessing yet again how data breaches cause serious damage to the tune of millions. The prevalence of hacking in the media begs the question: what's in store for 2015?

Against a background of more frequent and dangerous XSS attacks, third-party code and plugins remaining the Achilles heel of web applications, and growing chained attacks, organisations will be looking to new ways to protect their online properties.

Unfortunately, it's pretty difficult to make information security predictions, and even more difficult to verify them afterwards – we can only judge the effectiveness of information security by the number of public security incidents, as the majority of data breaches remain undetected.

However, in this article we're going to make some web security predictions based on common sense profitability (profit/cost ratio) for hackers…

1. Vulnerable web applications will remain the easiest way to compromise companies

When almost any company has one or even several vulnerable web applications, hackers will not bother to launch complex and expensive APT attacks with zero-day exploits. Companies continue to seriously underestimate the risks related to their web applications and website. A tiny vulnerability, such as XSS, can lead to the compromise of the entire local network, emails and databases of a company.

2. XSS will become a more frequent and dangerous vector of attacks

It's very difficult to detect high or critical risk vulnerabilities in well-known web products (e.g. Joomla, WordPress, SharePoint, etc). However, low and medium risk vulnerabilities, such as XSS, will still regularly appear. Sophisticated exploitation of an XSS can give the same outcomes as an SQL injection vulnerability, therefore hackers will rely on XSS attacks more and more to achieve their goals.

3. Third-party code and plugins will remain the Achilles heel of web applications

While the core code of well-known CMS systems and other web products are pretty safe today, third-party code such as various plugins or extensions remain vulnerable even to high risk vulnerabilities. People tend to forget that one outdated plugin or third-party website voting script endangers the entire web application. Obviously hackers will not miss such opportunities.

4. Chained attacks and attacks via third-party websites will grow

Today it's pretty difficult to find a critical vulnerability on a well-known website. It's much quicker and thus cheaper for hackers to find several medium risk vulnerabilities and use a combination of these to get complete access to the website.

Another trend is to attack a reputable website that the victim regularly visits. For example, when chasing for a C-level executive, hackers may compromise several high-profile financial websites or newspapers, and insert an exploit pack that will be activated only for a specific IP, user-agent and authentication cookie combination belonging to the victim. Such attacks are very difficult to detect, as only the victim can notice the attack.

5. Weak passwords and password re-use will remain a very serious problem

Many people still use the same or similar passwords for all their accounts. Hackers cannot miss such opportunities and actively exploit this human weakness. The first step of attack is to identify all websites or blogs where the victim is registered or has an account. The second step is to select the weakest website from the list and to compromise it. Password encryption techniques commonly used in web applications today are far from being resistant, and a password in plaintext can be obtained pretty quickly.

Even if the victim uses a very strong password and it's being properly encrypted in the database. hackers will just Trojan the web application to intercept the password in plaintext during login. The last step is to try the password for all the victim's accounts and resources.

6. Application logic errors will become more frequent and critical

Examples with AliExpress and Delta Airlines highlight the impact of application logic vulnerabilities that are almost undetectable by automated solutions. Web developers have become aware about XSS and SQL injections flaws and code much better than before, however they forget about application logic vulnerabilities that may be even more dangerous than SQL injections or RCEs.

7. Automated security tools and solutions will not be efficient anymore

Web Application Firewalls, Web Vulnerability Scanners or Malware Detection services will not be efficient anymore if used separately or without human control. Both web vulnerabilities and web attacks are becoming more and more sophisticated and complex to detect, and human intervention is almost always necessary to properly detect all the vulnerabilities.

It's not enough anymore to patch 90% or even 99% of the vulnerabilities – hackers will detect the last vulnerability and use it to compromise the entire website. As a solution to the rise of new threats, High-Tech Bridge launched ImmuniWeb last year – a unique hybrid that efficiently combines automated security assessment with manual penetration testing.




http://rss.feedsportal.com/c/669/f/9809/s/42de7c7e/sc/4/l/0L0Stechradar0N0Cnews0Cworld0Eof0Etech0Cseven0Ecyber0Esecurity0Erisks0Eyour0Ebusiness0Eshould0Ebe0Eaware0Eof0Ein0E20A150E12827380Dsrc0Frss0Gattr0Fall/story01.htm

Sent with Reeder



Brief message sent from a mobile device

Tuesday, January 20, 2015

Download of the day: CrystalDiskInfo

TechRadar: All latest feeds Download of the day: CrystalDiskInfo

Download of the day: CrystalDiskInfo

Get to the bottom of any problems ailing your computer with CrystalDiskInfo, which shows you exactly what's wrong in an easy to use interface.

Why you need it

If there's something wrong with your computer, it's not always obvious what the problem is. Even experienced PC users can be stumped by a faulty computer, which makes CrystalDiskInfo such a useful program.

Get it up and running and it displays the S.M.A.R.T. information of your PC – that stands for Self-Monitoring, Analysis and Reporting Technology, and it lets you see exactly what's ailing your computer.

CrystalDiskInfo breaks this down and makes it easy to know exactly whether a drive is too hot or whether your computer is in general good health or is about to lay down and die. Even better, this useful little app can automatically send you alerts if a problem arises, meaning you can quickly address the problem before any serious damage is caused.

Key features

  • Works on: PC
  • Versions: Free
  • Diagnose problems: Find out exactly what is ailing your computer and solve the problem fast
  • Monitor PC health: CrystalDiskInfo can send you alerts when things go wrong, especially useful if you need to monitor several systems at once

You'll also like











http://rss.feedsportal.com/c/669/f/9809/s/42843139/sc/4/l/0L0Stechradar0N0Cus0Cnews0Csoftware0Cdownload0Eof0Ethe0Eday0Ecrystaldiskinfo0E1280A30A70Dsrc0Frss0Gattr0Fall/story01.htm

Sent with Reeder



Brief message sent from a mobile device

Friday, January 9, 2015

Download of the Day: Easy YouTube Video Downloader

TechRadar: All latest feeds Download of the Day: Easy YouTube Video Downloader

Download of the Day: Easy YouTube Video Downloader

Simple to use and quick to install, Easy YouTube Video Downloader enables you to grab your favourite videos from YouTube.

Why you need it

We all have our favourite online videos, but downloading them to our devices or viewing them offline can be a complicated process. Thankfully there's a quick and simple way to download YouTube videos to your computer: the suitably-named Easy YouTube Video Downloader extension for Firefox.

After installing the extension, you'll see a new bar directly below the YouTube video. This presents you with a few simple options for downloading the video in question: choose quality (Normal, 720p or 1080p) and format (FLV, 3GP, MP4 or just the MP3 audio) and you're good to go.

So that means whether you want to watch a video on a long journey or strip out the audio in order to listen to it as a podcast, you're able to do so with this little Firefox extension.

Key features

  • Works on: PC, Mac, Linux
  • Versions: Free
  • Download: Easy YouTube Video Downloader lets you grab any video featured on the world's most popular video site, and you can download audio, too
  • Convert: Download the file in a number of different formats and qualities

You'll also like











http://rss.feedsportal.com/c/669/f/9809/s/421fdafe/sc/4/l/0L0Stechradar0N0Cus0Cnews0Csoftware0Cdownload0Eof0Ethe0Eday0Eeasy0Eyoutube0Evideo0Edownloader0E12794690Dsrc0Frss0Gattr0Fall/story01.htm

Sent with Reeder



Aron

Brief message sent from a handheld device.

Wednesday, January 7, 2015

Should you rent or buy a home in retirement?

Consumer Reports Should you rent or buy a home in retirement?

Should you rent or buy a home in retirement?

Deciding whether to rent or buy a home was never an easy question for my parents. Now age 83 and 84, they always treated homeownership as sacrosanct. Not only was owning their home a symbol of success, but it provided a haven that offered security and comfort. 

But when my parents recently left the home they owned in New Jersey for 43 years to move near my sister in California, they opted to rent. And after decades of do-it-and-pay-for-it-yourself, they are finding—surprise!—that it's nice to have someone else handle the landscaping and call in the plumber.

My husband and I might do the same in retirement. And as I'm learning, though some factors in the decision to rent or buy are the same at any age, others take on more significance in retirement.

Check out Consumer Reports' advice on smart real estate moves, and find out how to judge Top 10 lists for relocating in retirement.

A first consideration is how long you expect to live in your new residence. Just because you're retired doesn't mean you'll stay in your new digs. Down the road, you might want something smaller or more accommodating to a disability.

But the shorter the stay, the less financially attractive owning a home in retirement becomes. For one, you'll have to spread points and other closing costs over less time. If you finance, you're likely to have little new equity to show because you'll pay so much in interest in a mortgage's first years.

For that reason, if you are retired, you should rent your home if you don't expect to stay more than three or four years, says Josh Fatoullah, founder and CEO of JR Wealth Advisors in Great Neck, N.Y. "The last thing we would want is where you've paid the closing costs and then you're just not happy," he says.

Assuming you can determine the minimum time you'll stay in a new home, you can then compare the costs of homeownership and renting. Early retiree Darrow Kirkpatrick provides an analysis in his insightful blog Can I Retire Yet?. He took a hypothetical $300,000 home in his Tennessee town and added up its expected maintenance and repair costs, property taxes, and homeowners insurance, then figured in the opportunity cost—what his money could earn in stocks and bonds if it wasn't tied up in home equity.

Kirkpatrick's estimated, effective cost of homeownership over a 10-year period was $834 per month for every $100,000 of a home's value. In other words, a $300,000 home would generate $834 x 3, or about $2,500 per month in ownership costs. If a retiree could find a comparable property to rent for less than $2,500 per month, he should rent.

Online mortgage calculators can personalize calculations like that for you. The New York Times' sophisticated rent-vs.-buy tool is among the better ones I've seen.

The Times' tool and Kirkpatrick's calculations also consider the impact of buying a home outright vs. getting a mortgage. If you can stomach holding on to debt late in life, you might benefit from getting a mortgage and investing in stocks, bonds, and other holdings rather than paying for your home outright. The National Association of Realtors says that since 1968 (when it began tracking real-estate inflation) through 2013, single-family home prices have increased 5.3 percent annually on average. In that same period, 10-year Treasury bonds returned an average 7.4 percent annually (neither figure accounts for inflation).

Of course, future stock, bond, and real-estate markets won't necessarily act as they have historically. Point is, the opportunity cost could be greater if you tie up money in a home rather than taking out a mortgage.

I can't speak of mortgages without mentioning the federal tax deduction on mortgage interest. It's often held up to justify owning. But it may be worth less if your retirement income puts you in a lower tax bracket than when you were working. (Income from required minimum distributions also can raise you to a higher tax bracket.)

Other, non-monetary factors may dominate your decision. If your pug requires a backyard lair or you'll feel lost without a home-improvement project, you'll want to buy—or find an owner who is OK with Roxy's ranging or welcomes your tinkering.

As for my mother, she's gardening at her rental home, just as she did in her New Jersey yard. This spring she expects to greet blooms of chocolate cosmos, hyacinths, tulips, bluebells, and daffodils. As a tribute to her new locale, she's adding California poppies.

They add a homey touch. 

—Tobie Stanger

This article also appeared in the January 2015 issue of Consumer Reports Money Adviser.

Consumer Reports has no relationship with any advertisers on this website. Copyright © 2006-2015 Consumers Union of U.S.

Subscribe now!
Subscribe to ConsumerReports.org for expert Ratings, buying advice and reliability on hundreds of products.
Update your feed preferences

                submit to reddit    




http://simplefeed.consumerreports.org/l?s=100003s276p6jt92ia3&r=feedly&he=687474702533412532462532467777772e636f6e73756d65727265706f7274732e6f726725324663726f2532466e65777325324632303135253246303125324673686f756c642d796f752d72656e742d6f722d6275792d612d686f6d652d696e2d7265746972656d656e742e68746d2533464558544b455925334449373252534841&i=727373696e3a687474703a2f2f7777772e636f6e73756d65727265706f7274732e6f72672f63726f2f6e6577732f323031352f30312f73686f756c642d796f752d72656e742d6f722d6275792d612d686f6d652d696e2d7265746972656d656e742e68746d

Sent with Reeder



Brief message sent from a mobile device

Thursday, January 1, 2015

The best Netflix tools: Use these 10 tricks and tips to get the most out of your subscription

Geek Tech The best Netflix tools: Use these 10 tricks and tips to get the most out of your subscription

Netflix's simplistic interface may be well-intentioned, but sometimes you need more powerful tools to find the best streaming movies and TV shows.

Now that Netflix has shuttered its public API, the number of useful apps and sites for sorting through Netflix video has thinned. But there are still several tried-and-true methods for finding the good stuff, along with a few tools and settings from Netflix that everyone should know about. Here are 10 tips for making the most of a Netflix streaming subscription:

Use better browsing tools

Netflix's catalog of movies and shows is massive, but you might only scratch the surface with its basic apps and website. When you're really trying to scratch a particular itch, use AllFlicks.net, which lets you search within specific genres, filter movies and TV shows, narrow down a date range, and sort by rating. (InstantWatcher has a similar tool without as many sorting options, but it does include a handy synopsis view.)

If you just want a quick recommendation, try WhatIsOnNetflix.com, It lists a handful of top-ranked movies from IMDB, Rotten Tomatoes, and Metacritic, and its "Random Pick" tool is especially helpful for the indecisive.

Watch new and soon-to-be departed releases

Netflix's "New Releases" section rarely gives you the full story when you're trying to find fresh movies and TV shows. For that, turn to InstantWatcher's "Newly Available on Instant" section, which gives a complete list of recent arrivals. It also lets you filter just movies or just TV, and it has sorting options for rating and original release date.

You might also want to keep track of which movies and shows will be leaving Netflix. Now Streaming has weekly and monthly roundups, so you can watch the good stuff before it's gone.

Use extensions to take command

In theory, Netflix's built-in star rating system should work really well, because it's personalized to your interests. But sometimes you just want to watch a trailer and see what critics think before pushing play. The Netflix Enhancer extension for Chrome can help, showing IMDB ratings, Rotten Tomatoes scores, and a trailer button when you hover your cursor over a movie.

To gain even more control, install Lifehacker's Flix Plus extension, which adds a heap of customization options including a "Darker Netflix" theme and the ability to hide spoilers.

Get powerful sorting options for your queue

Sorting through the "My List" section of Netflix's site can become unwieldy if you've built up a massive backlog. Fortunately, a free script called Netflix Queue Sorter lets you get a handle on your queue in Chrome, Firefox, Opera, or Safari. Once installed, you can sort your queue by star rating, genre, title, and more. You can also shuffle the order if you're feeling lucky. Just follow the instructions on Github for your browser of choice. (Note: You must turn on Manual Ordering in Netflix settings for the script to run.)

Figure out what's on with your phone

Most Netflix power tools live on the Web, but that makes them cumbersome if you don't have a home-theater or easy access to a laptop. For powerful Netflix searches on your phone, check out Upflix for iOS or Android. The free app lets you sort movies and shows according to their ratings on Netflix, IMDB, TMDB, Rotten Tomatoes, or Flixster. You can also browse through dozens of genres and use a "roulette" feature to get spontaneous recommendations. When you're ready to watch, you can even jump straight into the Netflix app to begin playback.

Search beyond Netflix

Searching on Netflix can be a waste of time if you're looking for something specific that the service might not even have. Instead, broaden your search with WhereToWatch, a video search engine that includes several legal online sources, including Amazon, iTunes, and Hulu. You can search by title, actor or director, and while it has a few holes, it'll save you the disappointment of coming up empty on Netflix.

Manage your profile

If you're ever felt let down by Netflix's recommendations, it might be because you haven't fed it enough data. Start by visiting the Edit Profiles section of Netflix's Website, and make sure everyone in your family has their own profile. (Don't worry, it's free to have several profiles tied to a single account.) Now head to theYour Account section of Netflix's Website and click onTaste Preferences, where you can rate how much you care for various genres. You can also use the Ratings Wizard to give star ratings to the movies and shows you've already seen. It's a good way to ensure those banal direct-to-DVD horror movies are permanently banished from your menus.

Learn some keyboard shortcuts

Watching Netflix on a laptop isn't quite as comfy as kicking back with a TV and remote control, but using keyboard shortcuts are the next-best thing. Some of these controls will work on other video sites such as YouTube and Hulu, so they're worth remembering:

  • Enter or Space: Toggle pause/play
  • Left Arrow: Rewind
  • Right Arrow: Fast Forward
  • Up Arrow: Volume Up
  • Down Arrow: Volume Down
  • M: Mute
  • F11: Toggle Full Screen (Chrome only)

Tweak a few settings

For those who watch a lot of foreign fare, Netflix's Subtitle Preferences menu is worth a visit, as it'll let you change the color, size and font of all subtitles and captions. (It works on all devices except those running iOS, which havetheir own instructions. You should also check out the Playback Settings menu, which lets you manually adjust video quality—useful when you're on a limited data plan—and turn off auto-play of the next video in a series. And if you're perturbed by Netflix's auto-sorting of your "My List" queue, you can turn on Manual Ordering to arrange them by hand.

Minimize buffering

If Netflix keeps hitting you with the dreaded "buffering" icon, you may be able to sacrifice audio and video quality for smoother playback. While streaming, hold Ctrl-Shift-Alt and press "S" to bring up the bitrate menu. Select lower numbers for audio and video bitrate to increase your odds of smoother streaming, then click "Override." You can change things back to normal by bringing up the menu again and hitting "Reset."

Share your own tips

That's all the tips I have to share for now. Did I overlook any of your favorite strategies for squeezing maximum value from your Netflix subscription? Please share by posting them in the comments section, below.




http://www.pcworld.com/article/218797/netflix-power-tools.html#tk.rss_all

Sent with Reeder



Brief message sent from a mobile device