from

now browsing by tag

 
 

Working from Home? These Tips Can Help You Adapt

Source: National Cyber Security – Produced By Gregory Evans

COVID-19 means many people are doing their jobs from outside the confines of the office. That may not be as easy as it sounds.

So, you’re working from home …

For a while.

You’ve probably worked remotely before, and you’re thinking, “I’ve got this!”

Odds are, you’re mistaken. You don’t have this. That’s OK; this is an opportunity to learn new skills.

You can think of working from home much like someone moving into an entirely new environment. Your patterns of work might be optimized for working in an office, and they might not quite fit at home. You can think of this post as moving you from accommodating yourself to including yourself — reducing the friction that misspends your energy just to exist.

Now it’s time to adapt. You need to adapt, your workday needs to adapt, and your environment needs to be adapted. So what can you do? Below is some advice — take it in the spirit of unsolicited advice on self-improvement. Some of these things will work for you; some of them won’t. Many of these ideas work for me or people near me; they might or might not work for you. Give them a try, and be willing to learn and adapt.

Your Workspace
Maybe you’ve been getting by with sitting on the couch or on the floor in the corner of your bedroom. Those might be all the choices you have, but you should consider some changes:

  • Use an external monitor. One of the biggest productivity gains comes from useful screen real estate, so finding a way to get more is incredibly helpful to you. Paired with an external keyboard and mouse, you’re also on your way to better ergonomics.
  • Use a desk and a chair. Sitting on a couch for a long period is probably not healthy in a lot of ways. Can you fit in a sit/stand desk? Maybe you do need a different ergonomic choice, but make it deliberately.
  • If you can dedicate a workspace, that’s ideal. If you can’t, consider a space that you can set up at the start of the workday, then tear it back down in the evening — so you have clearly delineated boundaries of when you’re “in the office” instead of just chilling.
  • Even if you can’t dedicate a workspace, make a conscious effort to not take a meal (be it lunch, dinner, etc.) from where you are working. If you have a dedicated workspace, leave it and go to your kitchen, another room, or, if possible, outside for your meal. This should be time to mentally recharge as much as physically recharge. If you don’t have a dedicated space, still take the time to close your laptop and do something that is not work. Your brain (and your similarly stressed co-workers) will thank you.
  • Do you have a headset with a microphone to take meetings with? Gaming headsets can be an affordable and high-quality solution, or possibly Bluetooth earbuds. Anything is an improvement over just using your laptop’s speakers. But also think about how your ears might feel after multiple hours using a device you’re not familiar with. Maybe change between earbuds and a headset … or even just take a long break from videoconferencing.   
  • Wired Ethernet makes an enormous difference for videoconferencing — and for many of our other tools. Even if the cable has to get unplugged when you roll up your desk at the end of the day, this can be worth the trouble.

Your Family
There’s a good chance you’re sharing your space with other people — a partner, some children, maybe roommates. Their needs will matter, too, and it’s better for you to plan ahead with your schedules so that no one is disappointed.

  • Do you have to homeschool small children? What does your plan look like for that, and how are you trading it off with your partner?
  • Do you need to add daily household meetings to identify any issues?

Your Commute
You might be really excited about not having to waste time getting to the office because you can just hit work running. But take a moment to think about what you also do during your commute. Are you thinking about your schedule for the day? Working on a hard problem? Thinking about your kids? That’s valuable mental time, which you should consider how to keep in your day so that you can gracefully transition between parts of your life.

  • Can you go for a walk around the block (or further)?
  • Can you set aside quiet time at the start and end of your day, before you dive into email?
  • Make sure you take time for lunch. This might make a good time to check in with your colleagues in your co-working space or take quiet time for yourself. You might want to think about planning for those lunches to make sure you’re making healthy choices rather than just grabbing whatever is available.
  • Make a hard break. “Bye, kids, I’m headed to work!” can be a really powerful boundary to set.

Your Meetings
Meeting culture is very location-centric, especially when that location is your headquarters. Some of that is a product of enterprise tools (many video solutions makes it hard to see more than a few participants at once, and the slight added latency over the Internet interacts with the human desire to jump in as the next speaker), some is a product of our organizations (meetings where 80% of the attendees are physically in one place), and some is a product of habit (sitting in a circle, which then excludes the video participants). This is an opportunity to work on more-inclusive meeting structures.

  • Consider nonverbal cues for meeting participants to use to call for attention. If everyone is visible, that can be a raised hand; if that’s not the case, then a chat backchannel can help.
  • Work more on pauses between speakers. There is rarely a need to jump in instantly, and that’s often seen as a behavior that is exclusionary anyway, so this is a good opportunity to evaluate it. Past three people, a moderator helps enormously — perhaps defaulting to whomever called the meeting or wrote the agenda.
  • Consider working off a shared document with an agenda and notes so that some information flows can be faster-than-verbal. This might rely on everyone having more screen real estate.
  • Think about the lighting. You should be able to clearly see your face, which generally means lights and windows should be in front of you, not behind you. It’s always possible to learn from one call and revise or improve for the next one.
  • Thirty-minute blocks are not fundamental to the universe. You can meet for 5 minutes or 15 — and jumping from chat to a video call for 5 minutes can unlock great work for you or your colleagues.
  • As a last resort, disabling video can improve audio distortions, jitter, and latency in meetings.

Your Physical Wellness
When working from home, it can be really easy to fall into a rut with no physical activity. Perhaps you roll out of bed, grab a quick bite, and hop on a call. For a day, that’s only a little bad, but that’s a bad long-term pattern. Schedule your exercise time.

  • Maybe take that long walk at the start of your day or after lunch.
  • If you’re fortunate enough to have a treadmill or stationary cycle in your house, maybe you take a walking meeting with a colleague.
  • Look at how you can keep your body from stiffening from a lack of movement or poor ergonomics. Take stretch breaks. Take a 20-second break every 20 minutes and look out at something at least 20 feet away to prevent eyestrain. Consider how to incorporate physical wellness into your everyday routine.

(Story continues on next page.)

Andy Ellis is Akamai’s chief security officer and his mission is “making the Internet suck less.” Governing security, compliance, and safety for the planetary-scale cloud platform since 2000, he has designed many of its security products. Andy has also guided Akamai’s IT … View Full Bio

Previous

1 of 2

Next

More Insights

Source link

The post Working from Home? These Tips Can Help You Adapt appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | Hackers Steal Customer Info from UK FinTech Loqbox

Source: National Cyber Security – Produced By Gregory Evans

A UK-based fintech was hit by a “sophisticated” cyber-attack last month, compromising the payment information and personal details of its customers.

The firm, which helps customers improve their credit score by taking out and repaying loans with it, revealed the incident in an email to customers seen by MoneySavingExpert.

It happened on February 20 this year, and although the number of customers affected is thus far unknown, the variety of personal information compromised should set alarm bells ringing for those affected.

It includes customers’ names, dates of birth, postal addresses and phone numbers alongside: the first six and last four digits of their card number, expiry date, sort code and two digits from their bank account number.

This information isn’t enough on its own for hackers to use in payment or account takeover fraud, but it could certainly be deployed to make follow-on phishing attacks more convincing.

If a victim responded to such an email with more of their details, hackers could piece together enough digital information to commit a range of identity fraud scams.

“Cyber-criminals are quick to create genuine-looking fake sites and emails designed to manipulate further information out of their victims including passwords or other missing data,” warned ESET cybersecurity specialist, Jake Moore.

Loqbox itself has claimed to have notified the relevant regulatory authorities and police, and has taken steps to address the security issues which led to the breach.

It reassured customers that any funds paid into accounts were still secure. However, there’s no public breach notification on its website or Twitter feed, the latter not having been updated since June 2019.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Hackers Steal Customer Info from UK FinTech Loqbox appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | DEF CON 27, Artificial Intelligence Village – Tal Leibovich’s & Shimon Noam Oren’s ‘From Noisy Distorted Data Sets To Excellent Prediction Models’

Source: National Cyber Security – Produced By Gregory Evans

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn.

Permalink

The post DEF CON 27, Artificial Intelligence Village – Tal Leibovich’s & Shimon Noam Oren’s ‘From Noisy Distorted Data Sets To Excellent Prediction Models’ appeared first on Security Boulevard.

Source link

The post #cybersecurity | #hackerspace |<p> DEF CON 27, Artificial Intelligence Village – Tal Leibovich’s & Shimon Noam Oren’s ‘From Noisy Distorted Data Sets To Excellent Prediction Models’ <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | Google Pulls 600 Apps from Play Store

Source: National Cyber Security – Produced By Gregory Evans

Google has removed almost 600 Android apps from its Play Store for violating its policy on disruptive advertising.

The tech giant has not only removed the titles from the Android marketplace but also banned them from Google AdMob and Ad Manager, meaning their developers will not be able to monetize them on its platforms.

The disruptive ad practices highlighted by Google included “out of context” advertising, which pops up when the user isn’t even logged into a specific app.

“This is an invasive maneuver that results in poor user experiences that often disrupt key device functions and this approach can lead to unintentional ad clicks that waste advertiser spend,” argued Per Bjorke, senior product manager for Ad Traffic Quality.

“For example, imagine being unexpectedly served a full-screen ad when you attempt to make a phone call, unlock your phone, or while using your favorite map app’s turn-by-turn navigation.”

Bjorke explained that Google had developed machine learning functionality to help detect such “out of context” ads, which led to this enforcement action.

“Mobile ad fraud is an industry-wide challenge that can appear in many different forms with a variety of methods, and it has the potential to harm users, advertisers and publishers,” he added.

Google is also getting better at finding and removing apps on its Play Store that contain malware. Last year, it claimed to have increased rejected app submissions by over 55% and app suspensions by more than 66% in 2018.

That doesn’t stop the black hats trying, however: malicious apps still make their way onto the platform and sometimes are downloaded millions of times before being blocked.

In June last year, adware was found in 238 apps on the Play Store, installed by an estimated 440 million Android users.

However, downloading apps from the official marketplace is still the recommended option: last year, Android malware dubbed “Agent Smith” was downloaded over 25 million times from a popular third-party store.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Google Pulls 600 Apps from Play Store appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Has Samsung learned from their Galaxy Fold bendy mistakes?

Source: National Cyber Security – Produced By Gregory Evans

Dreaming deep, sound asleep

As machines become increasingly intelligent, they are also becoming more artistic.

Google’s Deep Dream is making a huge splash on the web. It was originally coded by Alexander Mordvintsev, a programmer working in security systems who liked to play around with artificial intelligence as a side project. In the middle of the night last May, he discovered the lines of code that would cause Google’s neural net to generate original images that look like a psychedelic combination of Salvador Dalí and Lisa Frank. He posted his images on Google’s internal Google + account, and was soon paired with young programmer Chris Olah and software engineer/sculptor Mike Tyka to develop Deep Dream.

bar

REM for your RAM

The Deep Dream team has created an entire gallery of surrealistic art. Animal parts of different species combine to form fantastical beasts, backgrounds fill with swirling patterns, and spiders emerge from cloudless skies.

In July, the Deep Dream team released the software on GitHub so that the general public could turn their family portraits and vacation photos into bizarre art pieces. New apps are popping up, several grotesque portraits of presidential candidates have been produced, and the band Wilco used a Deep Dream image on the cover of its latest album. Samim Winiger, who created software that makes animations from Deep Dream images, says that “in five years we won’t recognize Photoshop,” alluding to the possibility for Deep Dream technology to become a major feature in our visual world.

But is there more to it?

Winiger refers to Deep Dream as “creative AI [artificial intelligence].” But can a computer be said to have creativity? The dreamlike (or, at times, nightmarish) quality of Deep Dream images has certainly caused some observers to posit that Deep Dream is pulling images from the “subconscious” of Google’s mind. But a computer, no matter how smart, is not a brain. So is Deep Dream just the robot equivalent of a cool party trick?

Deep learning in the neural net

But Deep Dream wasn’t created just to blow our minds with freakish four-eyed kittens and giant tarantulas crawling from the sky. It’s also a useful way for programmers to study artificial intelligence. Computers can now achieve what programmers call “deep learning” by processing information through a neural net (NN). Neural nets are meshes of artificial neurons layered one over the other, like spider webs. Information is passed through several layers of the NN, and each layer analyzes it from a different angle. The topmost layer is responsible for the output of information that has been “learned” by deeper layers of the net.

Google has made great strides towards teaching its neural net to visually recognize objects by having it produce an image of whatever it’s viewing, which is then graded for accuracy and fed back into the computer, giving the NN an opportunity to learn from its mistakes and eventually come to automatically correct itself.

Layered learning, and pattern detecting

So far, it has been hard for researchers to really know for sure what is happening at each layer of the neural net. But a researcher can have a computer produce a Deep Dream image from a specific layer of its neural net, thus revealing exactly what that layer is learning. In this way, researchers are discovering more about what happens inside an artificial mind.

What researchers have found is that computers may have higher perception and better pattern-recognition than humans. It’s like having a highly imaginative child watch clouds. If a cloud looks a little bit like a ship, the neural net will run the image through a feedback loop until a highly detailed ship emerges. This is why Deep Dream is able to create images even out of random noise – it can detect patterns that a human wouldn’t even notice.

This has far-reaching implications for how artificial intelligence may eventually replace humans. For example, researchers are using neural nets to read ultrasounds, detecting tumors invisible to the human eye.

Final thoughts

So, is artificial intelligence becoming creative? Is a computer an artist? That depends on how you define creativity, and where you draw the line between the “real” and the “artificial.” But Deep Dream engineer Mike Tyka is impressed: “If you think about human creativity, some small component of that is the ability to take impressions and recombine them in interesting, unexpected ways,” – the same ability Deep Dream displays.

Regardless of whether or not this is true “creativity,” the world seems to agree with Tyka that when you let a computer come up with original art, “it’s cool.”

Steven Levy was granted the first interview with the Deep Dream team. You can read his report at Medium.com.

#DeepDream

Source link
——————————————————————————————————

The post #deepweb | <p> Has Samsung learned from their Galaxy Fold bendy mistakes? <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Merkel Plan for Huawei Gets Pushback From Within Her Own Ranks By Bloomberg

Source: National Cyber Security – Produced By Gregory Evans

© Reuters. Merkel Plan for Huawei Gets Pushback From Within Her Own Ranks

(Bloomberg) — Chancellor Angela Merkel’s efforts to rule out a ban on Huawei Technologies Co. have hit a wall of resistance in parliament.

While the U.K. and the European Union introduced policies that allow Huawei’s partial participation in next-generation wireless networks, Merkel has failed to forge a compromise with lawmakers in her Christian Democratic-led bloc who want to ban China’s biggest maker of telecommunications gear, according to three officials familiar with the process. Attempts to reach an agreement last week failed and will be resumed later in February.

The stalemate reflects Merkel’s difficulty in asserting control in a standoff that pits trade interests with China against security concerns raised by Washington and her own intelligence agencies. Open dissent such as that over the 5G policy is uncommon in Merkel’s otherwise disciplined CDU. Since the 65-year-old former physicist announced over a year ago that she wouldn’t run for a fifth term, she has withdrawn from domestic politics and her agenda has at times been overshadowed by a power struggle to succeed her.

Read More:

  • BMW China 2019 Vehicle Sales Rise 13% to Record 723,680 Units
  • Merkel’s Partner Wants to Forget Talk of Ditching Coalition
  • Germany Lifts Economic Outlook, But Says Better Is Needed (1)

The security concerns over Beijing’s potential influence over Huawei are shared by many in her allied Social Democratic party and in the Foreign Ministry. Yet the balancing act is proving difficult for Merkel and her government, which are torn between an allegiance for a traditional ally and the risk of antagonizing and isolating Germany’s largest trading partner by shutting out Chinese technology.

“I call on us not to slip into a new form of bi-polarity,” Merkel said in a speech last month in Berlin. “Rather we must try, with the results and experiences we have around multilateralism, to include a country like China and at least treat it on the same terms.”

Yet skeptics accuse Merkel of adhering to an outdated geopolitical view that Chinese economic development would spur political reform and a convergence of the world’s most populous nation with international standards and norms.

“Merkel is stuck with an idea of China that is 10 years old,” Nils Schmid, a senior SPD lawmaker on the Bundestag foreign affairs committee, said in an interview last week.

A group of Bundestag lawmakers is standing by a bill drafted in December that would exclude “untrustworthy” equipment vendors from the whole network, a clear reference to Huawei and a break from last week’s decisions in London and Brussels that defied U.S. demands to exclude Huawei. The U.K. said that Huawei would be allowed access to the periphery of 5G networks, but not the core — a principle that Merkel’s chancellery had agreed to late last year in a concession to hawks.

Smoking Gun

The hard-liners got a boost last week, when Handelsblatt reported on a classified document from the Foreign Ministry containing U.S. intelligence linking Huawei to Chinese security services, or a “smoking gun.” The ministry declined to comment on the report.

U.S. Deputy National Security Adviser Matthew Pottinger led a delegation to Berlin in December and another to London last month as part of a Trump administration effort to warn the Europeans about Chinese technology and to alert them that intelligence-sharing across the North Atlantic is at risk.

Such warnings haven’t convinced the French government. France’s cybersecurity chief said his agency hasn’t uncovered any evidence of Huawei snooping via Europe’s communications networks.

“There is no Huawei smoking gun as of today in Europe,” Guillaume Poupard, the head of the national cybersecurity agency ANSSI, said in an interview last week. “There is no situation with Huawei being caught massively spying in Europe. Elsewhere maybe it’s different, but not in Europe.”

Merkel will now have to seek a compromise with lawmakers in the Bundestag, which reconvenes Feb. 10.

Disclaimer: Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. All CFDs (stocks, indexes, futures) and Forex prices are not provided by exchanges but rather by market makers, and so prices may not be accurate and may differ from the actual market price, meaning prices are indicative and not appropriate for trading purposes. Therefore Fusion Media doesn`t bear any responsibility for any trading losses you might incur as a result of using this data.

Fusion Media or anyone involved with Fusion Media will not accept any liability for loss or damage as a result of reliance on the information including data, quotes, charts and buy/sell signals contained within this website. Please be fully informed regarding the risks and costs associated with trading the financial markets, it is one of the riskiest investment forms possible.

Source link

The post #nationalcybersecuritymonth | Merkel Plan for Huawei Gets Pushback From Within Her Own Ranks By Bloomberg appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Opinion: Three Spurs players who were far from their best against Man City – Spurs Web

Source: National Cyber Security – Produced By Gregory Evans Tottenham Hotspur recorded a famous 2-0 win over Man City this afternoon in the Premier League, leapfrogging up to fifth in the table. Goals from Steven Bergwijn and Heung-min Son sealed a delightful win and clean sheet for the Lilywhites against the current champions. However, a […] View full post on AmIHackerProof.com

#cybersecurity | #hackerspace | From my Gartner Blog – Updated Paper on Penetration Testing and Red Teams

Source: National Cyber Security – Produced By Gregory Evans

I finally managed to publish the update to my paper on pentesting, “Using Penetration Testing and Red Teams to Assess and Improve Security”. It has some small tweaks from the previous version, including some additional guidance around Breach and Attack Simulation tools role.

Questions about how to define the scope of penetration tests are very common in my conversations with clients. I always tell them it should be driven primarily by their objective for running the test. Surprisingly, many have problems articulating why they are doing it.

The discussion about comparing pentests with other forms of assessments is there too, although we also published a paper focused on the multiple test methods some time ago.

A few good pieces from the document:

“Research the characteristics and applicability of penetration tests and other types of security assessments before selecting the most appropriate one for the organization. Select a vulnerability assessment if the goal is to find easily identifiable vulnerabilities.”

“Definitions for security assessments vary according to the source, with a big influence from marketing strategies and the buzzword of the day. Some vendors will define their red team service in a way that may be identified as a pentest in this research, while vulnerability assessment providers will often advertise their services as a penetration test. Due to the lack of consensus, organizations hiring a service provider to perform one of the tests described below should ensure their definition matches the one used by the vendor”

“Pentests are often requested by organizations to identify all vulnerabilities affecting a certain environment, with the intent to produce a list of “problems to be fixed.” This is a dangerous mistake because pentesters aren’t searching for a complete list of visible vulnerabilities.”

Next on the queue is the monitoring use cases paper. That’s my favorite paper and excited to refresh it again. You’ll see it here soon!

The post Updated Paper on Penetration Testing and Red Teams appeared first on Augusto Barros.

from Augusto Barros https://ift.tt/2Gx5wWq
via IFTTT

*** This is a Security Bloggers Network syndicated blog from Security Balance authored by Unknown. Read the original post at: http://feedproxy.google.com/~r/SecurityBalance/~3/1h–omhBJ4Q/from-my-gartner-blog-updated-paper-on.html

Source link

The post #cybersecurity | #hackerspace |<p> From my Gartner Blog – Updated Paper on Penetration Testing and Red Teams <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Cut From the Same Cloth as PCI DSS

Source: National Cyber Security – Produced By Gregory Evans Finally, some good news about CCPA: If you’ve built your security infrastructure to PCI DSS standards, you may be already covered by California’s new data protection rules Feeling a little frantic about implementing the California Consumer Privacy Act (CCPA)? The good news is that you may […] View full post on AmIHackerProof.com