Information Technology News & Information

Using Yammer With Office 365

Social media has become an integral part of everyday life for many people. From Facebook, to Instagram and Snapchat, a growing number of internet users are embracing the power of instant connection. And while this is par for the course for social life, social media can be useful in the business world, too. By the year 2025, it’s expected that over 70% of the workforce will be people from the millennial generation. And millennials are very keen on connecting via social media and meeting apps. They have embraced technology much better than other generations. This means that more businesses should be exploring methods of communication that make the most of the digital world in which we live. Yammer is one of the most well-known social media apps for business platforms, and it’s already working for companies who’ve adopted Office 365. Microsoft has done a great job to ensure its capabilities are primed for the business world, and with Yammer, the potential for team environments is greater than ever before. There are plenty of benefits to integrating Yammer into your business operations. With the ability to create groups, you have access to instant communication among team members. This makes for a single point of communication that can be used for reference, unlike emails. Not only is Yammer valuable in bringing together teammates, but it’s also got potential to give management an inside look at what employees care about. They can readily explore how team members are using Yammer to enhance productivity and teamwork. Communicate Efficiently With Yammer Groups Yammer’s goal is simple: Make communication more effective. In order to achieve this, it’s important for users to familiarize themselves with the wide range of tools at their disposal. If you’re already using Microsoft Office 365, then simply download Yammer to get started. Yammer groups are a place to share information about projects, ask questions, and communicate openly with your team or department. Join a group by using the search box to check and see if there may be established groups you’re interested in joining. Create your own group by clicking “create group.” Once you create a group, you can post an update or announcement, conduct a poll or upload files to share with others. One example of a useful group would be an HR Benefits group. This type of company-wide group can be used to ask questions and start conversations about the types of benefits available. Groups are valuable in that they serve as a stored space where people can comment and ask questions with the confidence they will be answered. Too often, emails end up lost or deleted. Yammer Groups are a way to keep important files out in the open, in a centralized location where they’re easily accessible. Much like Facebook, Yammer allows for a personalized feed to keep you informed about things that matter. You can follow your colleagues by searching for them in the search box. Once you are following another user, you can view their posts in your Following feed. This feature is particularly valuable for large companies with many departments. Following users within your department can make it easier to keep privy of the developments that pertain to you. Effective Integration One of the most impressive aspects of Yammer is its capability for integration. Not only can it be used to share live links to documents among a group of teammates, but it also allows users to work within these same files and view each others changes as they happen. Yammer has the ability to link into a Skype call if needed, and it can also link directly to your Office 365 Calendar or Planner. Organization is made much simpler with Yammer in tow. Mobile App Accessibility Long gone are the days of clocking in from 8 to 5. For many, the modern day work experience means constant availability. With an ever-increasing number of remote workers joining the workforce, it’s important that communication be accessible even beyond the office. And with Yammer’s mobile app, users can stay connected with teams wherever they go. Users can download the Yammer app and gain access to the same communication tools they’d find in their desktop at the office. Yammer’s integration with Office 365 also means instant updates. With Yammer updated in line with the rest of Office 365’s apps, this means it will always be current as far as collaboration and efficiency go. How Can Management Use Yammer? Communication platforms like Yammer are useful for back and forth conversations and project sharing among teammates. But management can also benefit from this type of open-ended communication. They can use Yammer to evaluate company culture and make improvements by determining what type of content employees are searching for. This also applies to which threads are the most popular, and whether Yammer is effective at delivering the necessary information to the appropriate parties. Wrap Up Tools like Yammer have the potential to change the game for companies seeking more effective ways to communicate. Microsoft Office 365 has done the professional world a great service by realizing the power of Yammer to make an imprint in the business world. If your organization is hoping to improve communication and organization, consider subscribing to Office 365 to utilize this exciting range of tools.    

Information Technology News & Information

The Intelligent New (and Awesome) Data Types Supported by Microsoft Excel

To date, Excel and similar apps deal primarily with text and numbers as data types. However, that tradition is about to be a thing of the past as Microsoft is adding two new data types to Excel. These data types allow cells to contain rich, intelligent data that can better represent more real-world data types.  Limitations and Possibilities Suppose you are putting together a spreadsheet that will plot the relationship between a company’s sales and population in South America. The sales data is easy enough to find, but tracking down the latest population for each South American country might be a bit time consuming and error-prone. At the last minute, someone asks for data that shows sales related to the size of the country, which means another session of hunting down the right information. What if you could have all that information for a country — population, square miles, map, gross national product, average minimum wage and more – all contained in a single cell within your worksheet? Believe it or not, those days are not too far away. Excel’s New Intelligent Data Types There are two new intelligent data types available in Excel: Geography and Stocks. That means that cells in your Excel workbook are no longer limited to holding flat information like text, numbers, or dates. Cells can now house an incredible amount of information related to geography and stocks. Not only can you access this information easily, you can even work with it when you are offline. Both of these data types can be found under the Data tab in Excel, and converting existing data to either of these types is very simple. Working with the New Geography Data Type Let’s suppose we have a worksheet that contains a single-column table. The table contains strings that represent countries. To convert this data to the new Geography data type, highlight the country names, then go to the Data tab and click on Geography. This takes care of the conversion. You’ll notice that an icon appears in the cells next to each country name. It resembles a map that has been unfolded. If you click on that icon, you’ll see a data card that contains tons of information about that country. Now that cell is no longer just a string of characters, but a rich data type with much deeper meaning. All of the data from the data card is actually contained in that cell, and you don’t need an internet connection to access that data. You will notice that a widget appears to the right at the top of the table. If you click on it, it offers to add another column. You can select from a list of available fields based on the data contained in the card you just looked at. Stock Data Type The Stock Data type works in a similar manner to the Geography data type but provides access to data involving stocks. Let’s say you have a table with a single column that contains some company names and some ticker names. You highlight that data, then go to the Data tab and select Stocks. That converts the string data into the new Stock data type, and all the names are switched to company names. You’ll notice that an icon appears by each company name, allowing you to access the data card for that company. Stock data changes quickly, unlike the Geography data. Because of the dynamic nature of Stock data, the data is refreshable. Some of it is available in almost real-time, while other data will be delayed. If you want to do calculations with cells that contain either the Geography or Stock data type, type in a formula referencing the cell number and then use the . (dot operator) to select the correct member of that geography object. Anything you can do with normal data, you can do with these new data types. Intelligent Data Types The Microsoft Knowledge Graph, the intelligent service that also powers Bing, is what provides the data. When someone points out that the Stock and Geography data types are intelligent, that means far more than fixing typos or spelling errors. For example, these intelligent data types can interpret data requests in context. It may ask for more specifics if you enter a city name and convert it to the Geography data type because it wants to make sure what city you mean. However, if a city is listed with other city names in a particular geographical region, then Excel will select a city in that particular region (context). Accessing It Not all Excel 365 users can access these new AI data types just yet. According to Microsoft, “The new data types are being released as preview to Office 365 subscribers enrolled in the Office Insiders program, in the English language only, starting in April 2018. “ However, it will eventually be rolled out for all Office 365 users. And other AI data types will also be added to Microsoft Excel’s repertoire. These developments mean that in Excel you can do even more, even faster.  

Information Technology News & Information

What Should I Know About Hashcat?

What is Hashcat? Hashcat is a type of hacking tool, and a password cracker specifically. It was created to be able to hack the most complex of passwords, targeting multiple aspects of coding simultaneously. Additionally, according to online sources including Infosec Institute, it is regarded as being highly versatile and fast in comparison to other password hacking tools, making it especially threatening. Hashcat is capable of reverse engineering information and converting readable information into scrambled coding, which is used to crack password representations. The program can use ‘brute force’ in direct cracking, apply preconfigured dictionaries, or use rainbow tables in user attempts to gain access to sensitive information. What’s Been Happening in Current Events? Hashcat can currently be used to obtain passwords through multiple processes, and can be downloaded online, alongside reader access to user-friendly guides explaining step-by-step how to use the program to bypass security features. Unfortunately, this extent of general accessibility is not uncommon for modern hacking tools, and it is therefore regarded as an added vulnerability. The program can be used on Kali Linux, a version of Linux with hundreds of unique information security tools. The current version of the program is regarded as advanced with potential for further development. It can be run across the range of common operating systems, including Windows, Linux, and OSX, and is multi-hashed, multi-threaded, and multi-algorithm (including MySQL, DCC, MD4-5, and NTLM) based. Specialized rules can be used to extend the attack mode features, hackers can limit or resume sessions created, and the program recognizes hashes recovered from its out-file upon its startup. An external file stores a list that can be used in force attacks, and users can configure the number of threads before executing them according to their lowest priority. The program supports hex-salt in addition to hex-charset files, and over 90 algorithms can currently be implemented in an attempt to optimize performance. Online sources such as Help Net Security provide users with steps in using the programs for attacks. For example, Hashcat can be used to hack a user’s password through a dictionary attack by first creating a dictionary with MBD5 hashes, followed by a frame capture and file dumping for targeted information storage and future access. Only a single frame may be necessary for a successful hack. Unlike other approaches, the success of Hashcat in acquiring a pre-shared key (PSK) on average may involve only a hacker’s application of its features over the course of minutes or days, thereby making it more dangerous. The versatility and options of the program provide hackers with substantial potential. As with other recent developments in hacking and successes in hacking approaches, Hashcat increases the demand for formal and effective security protocol development as has been done through WPA3 network security protocol. WPA3 has only recently been released in its earliest form, and provides an improvement over fundamental weaknesses in WPA2 security that Hashcat is able to exploit. Online sources including Security Affairs report that experts expect WPA3 protocol to have a major role in safeguarding against Hashcat potentials in the near future. The Robust Secure Network Information Element (RSN IE) will be considered fundamental and important in ongoing security improvements. Hashcat is currently able to target this directly, rather than using a previous hacker approach of establishing connectivity through network port authentication protocol, and exploiting vulnerabilities in the Pairwise Master Key Identifier (PMKID). These PMKID vulnerabilities are targeted in WPA3 developments and other attempts to improve network safety on a less fundamental level. The RSN was initially created to secure 802.11 wireless networks, being an element of the 802.11i standard, but broadcasts an internal message during attempts to establish channel communications that have been exploited. Hackers can thereby access WPA PSKs from the PMKID under the current design with common protections. New WPA3 employs a Simultaneous Authentication of Equals (SAE) that is an improved protocol for modern key establishment, resulting in a system that is much harder to attack through current common processes. What Has Been Happening in Research and Development? In addition to WPA3, other attempts to improve security effectiveness and efficiency have targeted vulnerabilities exploited by Hashcat, although some efforts have involved benefits from its use. The Fundamentals of Digital Forensics journal reported that forensic analysts have been able to make use of the program in recent data recovery efforts, as Hashcat has been used by forensics experts to decrypt certain files. Meanwhile, researchers at the Technical University of Denmark reported that the program’s foundational basis of a machine learning model serve as a reference point for both forensic decryption and improved security efforts. What’s The Bottom Line? Hashcat: Is among the most effective hacking programs developed to date Can be highly useful to digital forensic analysts and used for positive outcomes rather than hacking Can exploit WPA2 vulnerabilities Creates further demand for WPA3 implementation

Information Technology News & Information

What Should I Know About Fluxion Hacking And Protection?

What is Fluxion? Fluxion is a new program that combines social engineering and technology to trick users into giving up their log-in and password information. This program is a step above Wifiphisher, which lacks the ability to verify WPA passwords. Fluxion takes all the work out of hacking using a variety of processes that quickly and easily convince users to provide their Wi-Fi password. Hackers can acquire these passwords through a few simple taps on a keyboard. Fluxion is regarded as a success in making it easier than ever for cyber thieves to steal valuable information from users. Fundamentally, or in terms of many aspects of its basic framework, it is similar to previous developments but uses a twin access point in combination with handshake capture and integrated jamming functions. These can work together so that aspects of hardware and software operations that normally take place in the standard functionality of the user account are overwhelmed. What Recent Developments And Potentials Should I Be Concerned With? The extent that Fluxion has developed in combination with its accessibility and ease of use online is the most concerning. A search of Google or other major internet search engines will reveal numerous instructional pages that can be downloaded. These instructions provide anyone with a little Internet skill to begin a new career as a cyber thief. These sites provide public access to a range of resources that make it possible for anyone to violate user privacy and accounts and steal login information. The program initiated as an improvement over a successful attack and was rewritten, so both the structure and coding have been strategically optimized in addition to its user-friendliness and availability. How Does Fluxion Work? Fluxion uses what is known as a WPA handshake to affect the functionality of a login page as it attempts to gain receipt of user information. It can affect how the user’s entire script is controlled as the original network is jammed, and a clone is created with the same name, attempting to persuade the user into making an unsafe connection under the guise of a familiar one. It often requests that the user allow time for their router or firmware to reload or be updated. This is just a ploy; the real objective is to steal sensitive information. Fluxion is an EvilAP attack tool, written with a combination of Bash and Python, that is used for MiTM attacks on WPA Wireless networks. Online sources report on Fluxion as a potentially beneficial tool while touting its features similar to how potential improvements in business functions could be experienced through software installation. Hack Insight claims that the use of Fluxion allows network scanning, handshake capture, web interface use, imitating original access points, the de-authentication of all users on a network, capturing and redirecting of all DNS requests, captive portal launching, password verification processes, and automatic program termination following the recording of a viable password. Technology and strategies applied include the launching of FakeAP instances for access point emulation, fake DNS server launching, and MDK3 process spawning. What’s Been Happening In Research And Development? Research and development (R&D) regarding Fluxion and related computer software security processes have involved multiple studies and patents in the past year. At the 12th International Conference on Recent Innovations in Science, Engineering, and Management, researchers reported having developed a highly successful cracking system by using Fluxion as their foundation. They explained that the damage that can be done with new hacking software using Fluxion demands better software processes in addition to network strategies in currently maintained and improving systems, particularly those that handle network connections and passwords. At the 2017 IEEE International Conference on Power, Control, Signals and Instrumentation Engineering (ICPCSI), researchers reported that a number of new security patents have been involved in safeguarding against new hacking techniques that are relevant to the processes used by Fluxion. Fluxion was projected to remain a target of ethical hackers in ongoing research and development, and a foundation of the more damaging tools developed and made accessible online. What’s The Bottom Line? Accessibility and ease of use make Fluxion particularly dangerous Combines multiple processes for high potential effectiveness Foundation of new and more deadly cyber security attacks Warrants multiple security upgrades and ongoing R&D

Information Technology News & Information

Hurricane Florence Update: Florence Now A CAT4 Major Hurricane

Hurricane Florence strengthens to Category 4 Evacuation Orders Begin in the Carolinas The National Hurricane Center is now saying that Florence has maximum sustained winds of 115mph, with gusts to 140mph. It is now a Category 4 storm and is expected to hit the Southeastern US coast on Thursday. North Carolina, South Carolina, Maryland, and Virginia governors have declared a state of emergency and urged residents to be prepared by stocking up on the essential supplies of food, water, flashlights, and batteries. N.C. Governor asks Trump for Federal Declaration With Hurricane Florence setting its sights on the Carolinas, North Carolina Governor Roy Cooper has asked President Trump to declare a federal disaster. The Governor said on Monday, the federal declaration would allow for federal assistance and increase the state and local efforts in providing for a proper emergency response. Governor Cooper said he had a conversation with FEMA Director Brock Long on Monday. Governor Cooper Says to Prepare for the Worst The North Carolina governor also forewarned citizens in Hurricane Florence’s path to prepare to be without power for an extended period of time. In a Monday Morning press conference, Cooper said, “When it comes to utilities, families need to be ready. They need to prepare to be without power for a while; that’s why we’re urging people to have their emergency kits and prepare for this.” Currently leaving it up to local and county governments, Cooper also anticipates the other coastal communities in North Carolina to issue mandatory evacuation orders for residents and visitors just like Dare County and Hatteras Island have already done. Military Bases are Preparing for Florence In Norfolk, Virginia, the U.S. Navy has directed all working warships and submarines in the area to leave port in advance of Hurricane Florence. Both the Naval Station Norfolk and Joint Expeditionary Base Little Creek have said they have almost 30 ships currently planning evacuate as soon as possible. With an extensive beachfront, Camp Lejeune is preparing for Hurricane Florence as well. The largest U.S. Marine Corps base on the East Coast, Lejeune is located about 50 miles northeast of Wilmington, North Carolina. Historic Hurricane If the hurricane hits as hard as predicted, Florence will be the most powerful to strike the area in three decades. Water could reach up to 15 feet high, and rainfall will move inland over the next four to five days. The center of the hurricane is heading over the southwestern Atlantic Ocean between Bermuda and the Bahamas and some are predicting it to intensify into a Category 4 storm. With winds possibly reaching as high as 130-156 mph by Wednesday, it should reach the East Coast on Thursday or early Friday. The last category 3 hurricane to hit the Atlantic Southeast Coast was Hurricane Fran in September 1996. Fran caused extensive damage and was the fourth major hurricane of the 1996 Atlantic hurricane season. Category 4 Hurricane History in the Southeast The deadliest and most powerful hurricanes to hit the Southeast Atlantic North of Florida were Hurricane Hazel. in September 1954 and hurricane Hugo in September 1989. Hazel reached the U.S. right around the border between North and South Carolina, registering as a Category 4 hurricane. Before reaching the U.S., Hazel killed more than 400 people in Haiti. It then belted Canada, categorized as an extratropical storm. Hurricane Hugo was briefly a Category 5 hurricane crossing over Guadeloupe and St. Croix. It Weakened as it passed over Puerto Rico to a Category 3 hurricane and was downgraded to a Category 2 as it rematerialized in the Atlantic. But, just before it reached just the Charleston area it re-strengthened into a Category 4 hurricane, with 140 mph sustained winds. Hurricane Florence News from Myrtle Beach Myrtle Beach area residents have been asked to evacuate if and when Governor Henry McMaster gives the order. Myrtle Beach Spokesman Mark Kruea said for those who make the choice to ignore the order, “You take your own life into your hands.” Kruea also said Myrtle Beach does not have “mandatory” the evacuation policy, but they strongly warn about the dangers if its citizens choose to stay. Hurricane Florence News from Charleston, SC Hurricane Florence’s path looks Charlotte and the city’s surrounding area will experience the impact of the Hurricane’s power. Charlotte authorities are closely monitoring the Hurricane’s progress to help its residents be ready when Florence makes landfall and moves inland. Hurricane Florence News from Wilmington, NC Wilmington and all of Southeastern North Carolina area could easily be affected by Hurricane Florence and are encouraged to take precautions by local government agencies. The University of North Carolina Wilmington (UNCW) announced classes are canceled and issued a voluntary evacuation for all its students as the storm continues to rapidly approach the Carolina coast. Hurricane Florence News from Florence, NC Damaging winds and flooding rain are very possible later this week as Hurricane Florence moves inland. Florence residents are asked to start thinking now about how they will prepare for Florence and be vigilant about watching the progress of the Hurricane.

Information Technology News & Information

Do New Laws Improve Employee Stock Ownership Plans (ESOP)?

It seems that small businesses rarely catch a break. Unfortunately, their employees often enjoy fewer perks than those working for larger corporations do. This is primarily because the smaller companies have fewer assets with which to work. Due to the smaller economic cushion, they also have a greater risk. That is why, when a fresh law is put into action for the “little guy,” it is newsworthy. As with any new law, however, there are those that it benefits, those that are unaffected, and those that it may hurt. That’s why it’s good to stay informed. What Are ESOPs? ESOP stands for Employee Stock Ownership Plan. An ESOP allows the owner of a business to shift that ownership to his or her employees. This is often done by way of stocks or “shares.” In some companies, members buy stocks outright. Other businesses require no upfront cost. The ESOP is part of an “employee benefits package.” It is considered part of his or her pay, and maybe figured as 50/50. This is where the company matches monies contributed by the employee. Often, the shares are held until retirement, and maybe, in fact, the bulk of that employee’s retirement. Although ESOPs have existed much longer (just in different forms), they became prevalent in the 1980s. According to the National Center for Employee Ownership (NCEO), a few of the largest ESOP companies include the following: Brookshire Brothers Enercon Services, Inc. Krueger International, Inc. McCarthy Building Company Publix Super Markets, Inc. Travel and Transport, Inc By 2018, the number of ESOPs has been estimated at between 7,000 and 8,900. The number of participants is over 14 million. What Are the Pros of Employee Stock Ownership Plans? Reputedly, there are many benefits to participating in ESOPs. For example, they generally have a positive effect on employees. A few of the primary perks include the following: Employees feel more invested in the company Invested employees are typically harder workers Employees feel a greater sense of job satisfaction They have more job stability They feel like a part of something greater than themselves They often make a tidy profit ESOPs are particularly beneficial in small companies where the primary owner is planning to retire. This allows for a smooth transition of power. As the company succeeds, the employees succeed, and morale rises. What Are the Cons of ESOPs? One of the potential problems with an Employee Stock Ownership Plan occurs when the value of the company decreases after an employee buys in. When the business is worth less, each employee’s stock decreases in value. This usually occurs with companies that have inconsistent profits. An example of this would be the case of Lifetouch Inc., which was a popular photography company. They primarily specialized in school photos. As digital photography techniques became the demand, the company struggled to adjust. Business suffered. The company stock in ESOP declined by $840-million between 2015 and 2018. Lawsuits were filed against individual members of the Board of Directors. Unfortunately, the company’s ESOP was not protected against such losses. This is one example of what could go wrong with this type of retirement plan. How Does the New Law Work and Who Does It Benefit? New York Senator Kirsten Gillibrand introduced the Main Street Employee Ownership Act in May 2018. This ESOP law is the first to focus on employee ownership in the last 20 years. It eases the process for distributing loans for those transferring to an ESOP. However, there are no additional funds being allocated for this process. Generally, the new ESOP law is thought to primarily benefit small to mid-sized businesses. More specifically, it targets the Small Business Administration (SBA) in two ways. First, it directs them to make small business loans more readily available to cooperatives. A Cooperatives is a style of business organization that is owned and run by the employees. They also share in the profits. Second, it encourages the SBA to work with country-wide Small Business Development Centers (SBDC). SBDCs provide consultation and training to small businesses that are transitioning to an ESOP. The ESOP Association’s president, J. Michael Keeling, was reported as saying the following: “This law will help organizations better understand how to pursue a strategy of shared capitalism—something that our country’s founders agreed was vital to the health of our nation.” In Conclusion Whether Employee Stock Ownership Plans are the wave of the future is difficult to tell. The new law provides many benefits that make it an attractive proposition. It paves the way for small and mid-sized companies to more easily transfer ownership to employees. Consultation and training are more readily available for those companies wanting to make this transition. It also improves the ability to obtain loans. Overall, it appears things will be brighter for small businesses. As with anything, only time will tell.  

Information Technology News & Information

What Should I Know About New Hacking Attacks Against Pairwise Master Key Identifier (PMKID)?

What is PMKID? Pairwise Master Key Identifier (PMKID) is a type of roaming feature in a network. Recent improvements in hacking have been targeting it for exploitation in vulnerable processes, thereby demanding that ongoing security efforts better address it and its affected procedures. New wi-fi hacking strategies have been using coding and processes that have made it easier for hackers to learn user passwords for a wide range of router types that are commonly used in homes and businesses. Specifically, processes targeting PMKID zero in on internal network protocols with its features enabled, bypassing critical processes. The method was initially discovered by accident, in an assessment of developments in WPA3 security standards, with the exploitations realized to be potentially applicable to existing security systems. What Security Vulnerabilities Are Concerning? Online sources including The Hacker News report that hackers have used the approach successfully to gain pre-shared key (PSK) user account login passwords, which they have then used to hack the wi-fi networks of their victims. This has led to hackers penetrating even further into user databases to gain or misuse other information. While earlier methods have demanded that hackers stand by while waiting for their targets to log in to the network and acquire a complete four-way authentication handshake of EAPOL, the PMKID approach does not require this. This approach, therefore, makes it easier for hackers to access sensitive information, since they can instead use the Robust Security Network Information Element (RSN IE) with a single Extensible Authentication Protocol over LAN (EAPOL) after making a request from their access point. This is also significantly more efficient and with higher potential for multiple attacks from a single point. Generally, a successful attack occurs in three steps, which may or may not be followed by the subsequent abuse of personal or otherwise sensitive information. In the first step, the hacker uses a tool such as hcxdumptool to make a request to the PMKID. The PMKID is thereby asked, from the hacker’s point, and the hacker can use the tool to prepare to dump information received to a file for future access and misuse. In the second step, the tool is used to process frame output, converting it to a hash format for future acceptance. In the third step, a tool such as Hashcat can be used to crack the WPA PSK password, at which point the hacker has the potential to access the personal information of users. Researchers have been vague in terms of the specific routers involved and the extent of routers most vulnerable to PMKID attacks. The general method seems to be most threatening in 802.11i/p/q/r networks with their roaming functions enabled. This, unfortunately, describes most current routers, while WPA3 developments have only recently begun to counter aspects of the fundamental nature of the vulnerabilities. The Hacker News reports that WPA3 is a new form of security protocol that is required to address previous WPA2 vulnerabilities that have been increasingly exploited despite smaller non-version-specific security developments. Newer developments employ a new framework that includes features that cannot be encompassed by these smaller software and security upgrades, demanding foundational improvements. An example of a foundational technological improvement is the establishment of Simultaneous Authentication of Equals (SAE). In addition to the nature of the vulnerability, as is common with modern hacking potentials, access to directions in a PMKID attack are readily available online. SecuredYou is an example of one of many online sources that walk users through potential attacks. According to this source, in an optimized approach, users should first request PMKID from the router, install hcxdumptool and hcxpcaptool, and make network requests for recording through additional described steps. Other online sources, including the Latest Hacking News and The Register, report that such an approach can be currently used for success in 10 minutes or less on most networks, depending on the extent of active network traffic. Hacking has never been so easy for predators. What’s Been Happening In Research And Development? Software and security protocol developers have been addressing the issue most directly through WPA3 and network security strategy research and development. One recent patent has attempted to address and improve an aspect of vulnerability by enhancing an extensible authentication protocol re-authentication protocol (EAP-RP) framework in message transition. Another recent patent has targeted the way network information is configured and authenticated while maintaining PMKID in addition to a basis on a transient identity key pair provided to other access points. Such developments may benefit users more quickly or to greater extents than the implementation of WPA3. What’s The Bottom Line? PMKID attacks do not require the same waiting times. The potential detriment is high. WPA3 technology can counter the attacks. Other non-WPA3 patents/developments may work but should be tested first.

Information Technology News & Information

Happy Labor Day

Happy Labor Day (Labour Day – International Workers Day –  May Day)! You’ve worked hard all summer. This Labor Day before going back to work and back to school, take some time to relax and enjoy one more backyard barbeque, one more trip to the beach, one more night sleeping under the stars, one more bonfire, and create one perfect summer memory.  After all, you’ve earned it! When Is Labor Day Celebrated Around The World?   In both Canada and the United States, Labor Day is celebrated on the first Monday in September. It’s to honor the achievements of American and Canadian workers. In Australia, it’s celebrated on different days according to which state/territory you’re in. For some countries around the world, it’s connected to International Workers’ Day that’s celebrated every May 1st.  And yet for others, it’s celebrated on different dates that hold a unique significance for their labor movement. Over 80 countries around the world celebrate International Workers’ Day on May 1st. The History Of Labor Day In The U.S. The first national Labor Day was held in 1885. The late 1800s was in the height of the Industrial Revolution in the U.S. At this time, the average laborer worked 12 hours a day, 7 days a week.  Plus, children ages 5 and above worked in factories, mills and even in mines. On May 11, 1894, laborers in Chicago working at the Pullman Palace Car Company went on strike. They were protesting wage cuts and the firing of union representatives. Because of the massive unrest, it caused, and to repair relations with American workers, Congress made Labor Day a legal holiday. As the story goes (no one is really sure) Peter J. McGuire, general secretary of the Brotherhood of Carpenters and Joiners and a co-founder of the American Federation of Labor, suggested we honor our workers. But some believe that Matthew Maguire, a machinist, was the founder of Labor Day. He was also the secretary of Local 344 of the International Association of Machinists in Paterson, N.J., and it’s said that in 1882 he proposed we have a holiday to celebrate the work our laborers do.  At this time he was serving as secretary of the Central Labor Union in New York. The History Of Labour Day In Canada In 1872 the Toronto Trades Assembly organized Canada’s first demonstration for worker’s rights. It was held to promote the release of 24 leaders of the Toronto Typographical Union who were imprisoned due to a strike they held for a nine-hour working day. Trade unions were illegal at this time. There was such an uprising of support that the house of Canada’s first prime minister, Sir John Macdonald promised to repeal all Canadian laws against trade unions. This led to the Canadian Labour Congress in 1883. In 1894, Labour Day which had been celebrated in the spring, was changed to the fall to be held on the same day as the U.S. The celebration of workers’ rights continues, and many Canadians take the day to relax, take a late summer trip or get together with family and friends at picnics, fairs, and festivals. Labour Day In Australia Labour Day in Australia is held to honor the granting of the 8-hour working day and to recognize the contributions of workers to the country’s economy. Before then, the workday was 12 hours and people worked 6 days a week. In Australia, Labour Day varies between its different states and territories. In New South Wales and South Australia, Labour Day is celebrated on the first Monday in October. In Tasmania and Victoria, it’s recognized on the second Monday in March. (Tasmania calls it the Eight Hours Day). Western Australia celebrates Labour Day on the first Monday in March. Queensland and the Northern Territory celebrate it on the first Monday in May, and they call it May Day. On Christmas Island, they celebrate it on the fourth Monday in March. Labour Day Is Called May Day In The United Kingdom May Day is a bank holiday in the UK and coincides with Labour Day. It’s also known as Labour Day.  It’s commemorated on the first day of May each year. May Day goes as far back as the Gaelic festival Beltane.  In Britain, communities celebrate May Day with village gatherings where folks erect a maypole with ribbons attached that children and adults hold onto while dancing. A competition is typically held to name one of the girls the May Queen in honor of the Roman goddess Flora. The winner then dresses in a white gown and a crown of flowers is placed on her head.  Then, she leads the others in a May Day parade. Labor Day/Labour Day/ May Day/ International Workers Day Labor Day, Labour Day, May Day or International Workers’ Day, it’s a public holiday for all to enjoy.  Whatever you call it, Labor Day constitutes an annual national tribute to the contributions workers have made to the prosperity of our countries.  So, take the time to celebrate.  You work hard, and you deserve a nice long weekend!

Information Technology News & Information

What Security Precautions Should You Take If Using Snapchat?

What Is Snapchat And What Business Uses Does It Have? Snapchat is a form of now commonly used social media more recent than Facebook, Myspace, or Twitter. It’s unique in that it allows users to create pictures or messages that are only available for a short period of time before they become inaccessible to viewers. This is considered a convenient self-cleaning of media in addition to its other features. Just like Facebook timelines and Twitter feeds, users are allowed to create original “Stories” as 24-hour feeds of content presented chronologically through the app. A “Discover” feature allows businesses to have an interactive exploration of their products or services. The app was developed for mobile technology and continues to evolve with the emphasis on virtual ‘stickers’ and affected ‘reality objects.’ Although not all features are unique to the software, business uses of Snapchat can include some pretty attractive features: Frequently updated postings Promotion through marketing channels Creating sponsoring lenses Allowing people to explore content through interactive features Integrated content created by users Promotion of products or services through discounts and promotion code marketing Promoting new products One of the best features that users love is that SnapChat allows celebrities and other people of interest to directly access the app. This means you might be able to view Jennifer Garner’s favorite places to eat or check out LeBron James on vacation in Italy. Many of today’s top organizations are now successfully using the Snapchat app, including: Taco Bell Disney Gatorade Starbucks McDonald’s AT&T Many others As with other widespread social media programs, Snapchat can be used in traditional business practices including the social media marketing mix, brand strengthening processes, community engagement, and brand awareness. According to The Social Media Examiner, over 100 million people use the app every day, responsible for up to 400 million snaps each day, and while 71% of the estimated billion viewers are between the ages of 18 to 34, it is considered one of the fastest growing networks. Access to live events can be provided through streaming, and the NBA is an example of a major organization that has been taking advantage of this. Private content can be delivered through the software, and contests and other perks can be added to the organization’s storyline. Internal developments can be shown through the service while users can partner with influencers. People can also effectively “follow” organizations analogous to post subscriptions available on Twitter or Facebook. What Are The Security Risks And Why Should I Be Concerned? Snapchat’s features can be more convenient for some users, but it has security risks that may also be unique and therefore uniquely be concerning to users. The software, in short, may not be as private as it may seem. The creative nature of the app means that much of the user provided content is not covered by the same privacy and protection offered through other social media services like Facebook and Twitter. The “snaps” that are made and posted can be potentially retrieved with software tools, and both forensic analysts and hackers alike have some potential to exploit this. According to the Telegraph, it is possible for hackers to intercept Snaps in transmission processes despite levels of encryption. This is due to the potential for decryption through a form of reverse engineering possible through the Android application package file. This does not mean that Snapchat is less secure than services such as iMessage, but it is likely less secure than many people assume. Another potential issue is the possibility that a business will not have access to records if claims are made regarding the nature of posts that have automatically deleted. This could result in dually unfounded claims in court that can cost the organization funding and negative publicity if nothing else. As explained in depth by The Hacker News, the source code of the program itself has also been hacked and posted online after a cyber thief was able to obtain it. The posting made the confidential information of the organization vulnerable to other people who could misuse it. In addition, a number of apps now exist that can capture your Snaps without alerting you. One popular site like this called “SnapSave” was breached in 2014 and 200,000 Snaps were leaked publically. What Additional Security Concerns Should I Have If Using SnapChat?   In general, businesses who plan to use SnapChat should take some precautions to avoid being exploited. These are discussed below: Enable login verification (2FA). Educate users at your workplace who will be in charge of SnapChat with information about security breaches and such. Manually restrict and control access. Ignore random requests. Make sure that only those connected with your account are able to connect with it. Limit who can see your stories. Transfer private snaps saved in memories to the ‘my eyes only’ section for added privacy. Never publically share your Snapcode or username. Conclusion SnapChat can be a powerful business tool that lets your company connect directly with your consumers, fans, and other interested parties. However, by following a few security protocols you can protect your account against hackers and other intruders. As with all your IT technology, hackers are always on the look-out for weak perimeters that will allow them to come in and steal from you.

Information Technology News & Information

Girls in Tech: Girl Scouts of the USA Adds New Badges

Girl Scouts of the USA recently announced the addition of 30 new badges now available for Girl Scouts aged 5-18. The new badges were created to address a number of today’s most important social issues, including environmental advocacy, cybersecurity, robotics, computer science, and space exploration, among others. Girl Scouts of the USA has long served as a means for young girls to acquire life experience and develop a number of important soft skills, which include perseverance and confidence. The benefits of participating in Girl Scouts are proven. According to one study, Girl Scouts are over twice as likely to demonstrate community problem-solving skills compared to those who do not participate. The Cybersecurity badge, funded by Palo Alto Networks, will introduce the girls to a variety of age-appropriate internet safety and privacy principles. They will first learn how the internet works, then learn techniques to spot, report, and further investigate cybercrime. Cybercrime is on the rise, and the Girl Scouts are in a unique position to influence young girls all over the nation. According to the FBI’s 2017 Internet Crime Report, cybercrime resulted in more than 300,000 complaints last year with losses reaching upwards of $1.4 billion. Raising awareness about cybercrime is just one step toward combatting the problem, and with the help of their sponsors, the Girl Scouts are on their way toward arming a new generation of young people with the tools they’ll need to make a difference in internet security. New Leadership Journeys In addition to the cybersecurity badge, the new badges include two additional Girl Scout Leadership Journeys to help girls on their path to growth. Girl Scout Leadership Journeys involve hands-on activities to help girls utilize their new skills to tackle problems within their respective communities. These programs prepare girls to achieve success in fields like computer science, robotics, and cybersecurity. Funded by Raytheon, “Think Like a Programmer” offers girls a valuable foundation in computational thinking, which will serve as the basis for next year’s Cyber Challenge, a first for the organization. The Think Like an Engineer Journey will help girls further understand how engineers approach and solve problems. Phase one of the national computer science program for middle school and high school-aged girls has been run as a pilot in a small group of geographies since earlier this year. The program is expected to expand nationwide in the fall of this year, with select groups of Girl Scout councils piloting the upcoming Cyber Challenge next year in 2019. Raytheon & The Girl Scouts: A Partnership Raytheon Company, headquartered in Waltham, Massachusetts, is a leader in technology and innovation in civil government, defense, and cybersecurity solutions. With a history spanning nearly a century, Raytheon operates in more than 80 countries. The company has a long history of partnership with several Girl Scout Councils. It is the inaugural sponsor of the Girl Scouts’ computational thinking program, which will expose the girls to age-appropriate content across areas such as science, engineering, technology, and math. Although women made up half of the current college-educated workforce, only 29% work in occupations dealing with science and engineering. The new partnership with Raytheon seeks to increase the number of female STEM leaders by encouraging girls to explore an interest in these fields early on. In fact, the Girl Scout Research Institute, GSRI, compiled a report, the Generation STEM report, which determined that 74% of teen girls demonstrate an interest in STEM fields; however, this interest fades as they get older and move on through middle school and high school. The decreased interest is thought to be the result of a lack of exposure to STEM fields in ways that pique their further interest and inspire ambition. In 2017, the Millennial Cyber Security Survey, conducted by the National Cyber Security Alliance, NSCA, found that the majority of female Millennials said that more exposure to STEM information, training, and classes during their middle school and high school years would have had an impact on their interest in cybersecurity careers. These new badges will strive to empower young girls to achieve their goals across all industries, particularly those currently dominated by males. History Of Girl Scouts The Girl Scouts of the US have been making a difference across the nation for nearly a century. The first Girl Scout troop was established in 1912 in Savannah, Georgia by Juliette Gordon “Daisy” Low. Since then, the organization has grown exponentially, culminating into a membership of more than 2.6 million. Today, they continue to operate under the principles of courage, character, and confidence in hopes of making the world a better place.