• While a lot has been said and written about digital etiquette, i still feel the need to address this topic more considering the number of ways technology is being misused in this current digital age.

    Digital etiquette also referred to as netiquette is the basic set of rules every technology user needs to follow in order to make the digital community (internet/intranet) better for oneself and others. The basic rule behind digital etiquette is the same that applies to our everyday lives which is “treat others the way you would like to be treated”.

    As a participant of a technology driven society, one is expected to demonstrate appropriate behavior and choices in the digital community as well as understand the impact and consequences of those choices. There are few set rules that everyone can agree on when it comes to using social media, emails and text messages, and all digital technology users must be aware of others when using technology while also understanding how this technology use can affect others.

    Think about being in the movie theater and a person's cell phone rings. Instead of turning the phone off, the person engages in conversation with the caller during the showing of the movie. This scenario is a common, yet inappropriate use of technology. Today, technology is everywhere. While technology offers many amazing opportunities for its users, it also requires users to follow etiquette guidelines. Turning a cell phone off during a movie is just one basic example of digital etiquette.

    Digital etiquette also relates to adults who have a responsibility to be an excellent role model for people of younger ages. Not very many people are aware of any rule(s) that have been enforced in using new technology so people are unsure how to exactly use their technology devices today. There are rules set out for people to take note of and follow, this way, the internet becomes better for every of its user.
    Some years ago, the American Red Cross got some unexpected attention on Twitter—you would think it is for their good deeds. An employee in charge of managing the organization’s social media made the mistake of mixing up his/her personal account with Red Cross’s corporate account, thereby accidentally tweeting about “getting slizzerd” on beer. Like most corporate social media mishaps, this one was quickly followed by an apology. Less common is that the mistake struck a chord with followers and resulted in a rush of donations, however, not all digital fumbles have such a happy ending.

    Most big brands often have hundreds of thousands of followers, we’re more likely to hear when they make a mistake that damages their digital reputation, but that’s not to say that what happens on your private accounts can’t come back to haunt you. From inappropriate tweets and Facebook status updates to lewd Instagram posts, and phone calls taken at the very worst moments, the list of what’s considered a tech-related blunder is nothing if not lengthy—and it’s growing every day as the digital landscape continues to change. So, how do you know if you’re being polite?

    Every time we post something online, we leave behind a permanent digital footprint. Sure, posts can be deleted, but they can also be preserved with a screenshot before we get the chance to self-edit. Additionally, we can never be sure that the information we share with your friends and coworkers won’t be seen by a supervisor or future employer. Companies now use social media as a tool to monitor employees as much as to promote their own brands, meaning that complaining about work or venting online could actually cost us a career.

    While digital etiquette is based around the idea that it’s just as important to treat people with courtesy and respect online as if you were in the same room with them, there are nuances depending on which platform you use. After taking an in-depth look into the 'dos and don'ts' of tech etiquette, I have put together some tips and guide to manage our online reputation correctly.


    • Don't overshare on Facebook, Instagram or any of your social media platforms.
    • Check your Privacy settings
    • Check your facts before sharing
    • Consider your audience
    • Stop being too Aggressive
    • Avoid sending messages or posting on social media when emotional, angry or drunk
    • Avoid chatting someone up on LinkedIn or other professional platforms except when its really necessary
    • Be strictly formal when sending messages or emails to clients and work colleagues, i.e. avoid adding kisses, love or other smileys when exchanging business emails.
    • Build Quality Relationships
    • Curate your photos like a museum
    • Respond to emails in a timely manner and know that every word matters
    • Be Accountable for Your Actions
    • Don't steal another person’s information
    • Be Nice, just like in any social interaction


    Through today's media, the topic of digital etiquette has been discussed in many different ways. From websites, to national television news programs, to our local schools, offices and public events, the importance of digital etiquette is apparent.

    Practicing digital etiquette isn’t only about being polite. Instead, it encompasses all aspects of human interaction, including respecting the privacy of others, paying for what you use, being an active participant, and carefully considering your permanent digital footprint. Today's digital platforms are creating best practices and policies through the use of a policy known as an "Acceptable Use Policy." These policies offer guidelines for its users to follow including the expectations of digital etiquette, the rules for technology use and the consequences for violating the rules.

    Don’t know if something is considered good digital etiquette? When it comes to manners and technology, follow the above rules and your instincts. If you’re second-guessing whether you should pull out your phone or send that bawdy tweet, chances are you shouldn’t do it.

    Technology is readily and freely available to us all, it is now left to us as users to make good and appropriate use of it and not to the detriment of oneself, others or our community.

    -->

  • As you may be aware, a new ransomware campaign has hit a number of high profile targets in Russia and Eastern Europe.
    Dubbed Bad Rabbit, the ransomware first started infecting systems on Tuesday 24 October, and the way in which organisations appear to have been hit simultaneously immediately drew comparisons to this year's WannaCry and Petya epidemics. This now seems to be the third major outbreak of the year.
    Those unfortunate enough to fall victim to the attack quickly realised what had happened because the ransomware isn't subtle -- it presents victims with a ransom note telling them their files are "no longer accessible" and "no one will be able to recover them without their decryption service".
    The criminals behind Bad Rabbit are tricking people into infecting themselves, by disguising the malware as an Adobe Flash installer and planting it on legitimate websites that have been compromised.
    However, a security researcher at Cybereason, claims to have found a vaccine for the attack, which should completely prevent Bad Rabbit from infecting your computer. This is a simple procedure that is carried out by blocking the execution of file “c:\windows\infpub.dat” and “C:\Windows\cscc.dat”, the main files the ransomware relies on in-order to carryout its attack.
    This makes sense because the ransomware needs the files, "infpub.dat" and "cscc.dat" to execute its attack, and by blocking them on your PC prior to any attack, you have prevented Bad Rabbit from carrying out its job.
    Prevention they say, is better than cure.

    Please follow the steps below to fully protect yourself.
    First, create these two files in c:\windows:
    infpub.dat
    cscc.dat

    You can do that really quickly by starting cmd.exe as an admin:
    image4.png

    Then type the following commands:
    echo “” > c:\windows\cscc.dat&&echo “” > c:\windows\infpub.dat
    Next, remove all their permissions by right clicking each file and selecting properties:
    image7.png


    Then select the security tab:
    image3.png

    Now click advanced, opening the following window:
    image2.png
    Click change permissions, opening the following window:
    image5.png

    Then, uncheck the “Include inheritable permissions from this object’s parents” box.
    After you do that, the following window will pop up. Click “remove”.
    image6.png


    You are now done. Remember to perform this action for the two files you created.

    If you are running Windows 10, repeat the same steps but instead of unchecking the inheritance box, click the “disable inheritance button”:
    image8.png


    And then select “Remove all inherited permissions from this object":
    image1.png





  • Skylake is the codename for Intel's sixth-generation range of Core laptop and desktop PC processors. They've already been superseded by the seventh-gen CPUs and you can find out how Skylake compares with Kaby Lake.

    But Skylake isn't dead yet. No. Intel has launched Skylake X CPUs, which are the high-end enthusiast versions.

    Interestingly, Intel isn't using the Core i7 branding as it has done in previous years but add a new number: 9. The Core i9 range could be in response to AMD's Ryzen processors, which were named to seem similar to Intel's Core i5 and i7 ranges. 

    Last year at Computex, Intel unveiled its first 10-core consumer CPU, the company's move into the world of a "megatasking." It was a pricey chip, launching at around $1,700, but it satisfied the needs for users who needed to juggle several intensive tasks at once. Now, Intel has upped the ante with a whole new family of processors for enthusiasts, the Core X-series, and it's spearheaded by its first 18-core CPU, the i9-7980XE.

    Priced at $1,999, the 7980XE is clearly not a chip you'd see in an average desktop. Instead, it's more of a statement from Intel. It beats out AMD's 16-core Threadripper CPU, which was slated to be that company's most powerful consumer processor for 2017. And it gives Intel yet another way to satisfy the demands of power-hungry users who might want to do things like play games in 4K while broadcasting them in HD over Twitch. And as if its massive core count wasn't enough, the i9-7980XE is also the first Intel consumer chip that packs in over a teraflop worth of computing power.




    If 18 cores is a bit too rich for you, Intel also has other Core i9 Extreme Edition chips in 10, 12, 14 and 16-core variants. Perhaps the best news for hardware geeks: the 10 core i9-7900X will retail for $999, a significant discount from last year's version.

    All of the i9 chips feature base clock speeds of 3.3GHz, reaching up to 4.3GHz dual-core speeds with Turbo Boost 2.0 and 4.5GHz with Turbo Boost 3.0. And speaking of Turbo Boost 3.0, its performance has also been improved in the new Extreme Edition chips to increase both single and dual-core speeds. Rounding out the X-Series family are the quad-core i5-7640X and i7 models in 4, 6 and 8-core models.




    While it might all seem like overkill, Intel says its Core i9 lineup was driven by the surprising demand for last year's 10-core chip. "Broadwell-E was kind of an experiment," an Intel rep said. "It sold... Proving that our enthusiast community will go after the best of the best... Yes we're adding higher core count, but we're also introducing lower core counts. Scalability on both ends are what we went after."

    As you can imagine, stuffing more cores into a processor leads to some significant heat issues. For that reason, Intel developed its own liquid cooling solution, which will work across these new chips, as well as some previous generations. All of the new Core i9 processors, along with the 6 and 8-core i7 chips, feature scorching hot 140W thermal design points (TDPs), the maximum amount of power that they'll draw. That's the same as last year's 10-core CPU, but it's still well above the 91W TDP from Intel's more affordable i7-7700K.

    Over the past few years, Intel's laptop chips have been far more interesting than its desktop CPUs. Partially, that's because the rise of ultraportables and convertible laptops have shifted its focus away from delivering as much computing power as possible, to offering a reasonable amount of processing power efficiently. The new Core i9 X-series processors might not be feasible for most consumers, but for the hardware geeks who treat their rigs like hot rods, they're a dream come true.




    When is the Core i9 release date?

    Release date: June 2017*

    At the chips' launch at Computex 2017, Intel said the new processors would be on sale "in the coming weeks". *That applies to the Core i9-7900X downwards. 

    The i9-7920X will go on sale in August, while the top three chips don't yet have an official release date.

















  • There is a lot more our industry should be doing to protect its systems and data from cyber blackmail.

    The scope and severity of the fallout from the WannaCry attacks over the past week elicits plenty of "we told you so" head shakes about the dangers of ransomware. With a lightning-fast speed, the blackmail worm spread quickly.

    According to Europol, the attack had reached about 150 countries and more than 200,000 systems. When security researchers found a kill-switch for the attack that they used to their advantage, it didn't take long for new variants to start up again with infections occurring at a rate of 3,600 systems per hour.

    It was a nasty bit of business and while the hue and cry over ransomware shouldn’t be ignored, there are a lot more valuable lessons beyond those that have to do with cyber blackmail. Here are just a few of them.

    1: Vulnerability and Patch Management overshadows everything

    Patch, patch and patch. It's been the overwhelming mantra of security pros for decades, and this attack campaign shows us why. The rapid spread of the worm was made possible by the ubiquity of systems worldwide running on unsupported or unpatched operating systems.
    Hopefully, after this attack, organizations will significantly alter their continuous patch hygiene. Microsoft also released new emergency patches for Windows XP and 2003, even though it has stopped all security updates and technical support for XP since April 2014, which simply shows the seriousness of the attack and the risk of deploying out-of-date operating systems in work environments."

    2: Unknown Assets can cause you so much problems

    It's just about impossible to patch systems an organization doesn't even know exists. The insidious effects of WannaCry offer up a good illustration of how easy it is for attackers to scale attacks against the forgotten systems that can be lost through inconsistent asset management.
    "Attackers performing reconnaissance will often find unknown, unprotected, and unmonitored assets to use as attack vectors," says Steve Ginty, senior product manager at RiskIQ. "For a large enterprise, these types of assets are typically easy for even novice hackers and threat groups to find, and because they’re unmonitored, they provide an easy way in and out. To defend yourself, you need to know what attackers see when they’re looking at your business from outside the firewall."

    3: Network Segmentation Can Be a Valuable Risk Reducer

    Of course, patch management isn't as simple as just finding every system and waving a magic wand over them. Many organizations struggle to update legacy and embedded systems due to a host of technical problems. It's why WannaCry found such fertile ground in healthcare organizations, since many medical devices are built on top of old Windows operating systems that are very difficult to update due to government regulations and the organizations' own concerns about causing system disruptions during updates. We all have faced challenge(s) while updating our work and personal devices at one point or the other.
    "In many cases, devices will never receive updates either because the OS is no longer supported and memory, storage, and processing constraints may prevent the device from operating effectively with the latest software. Finally, I suspect that many hospital administrators may not recognize the danger from using outdated software on these devices, and simply avoid patching because the device works. Thus 'if it ain’t broke, don’t try to fix it' mentality can be tremendously detrimental to hospital security."
    This scenario is a perfect example of how compensating controls - like network segmentation - should have kicked in for a lot of organizations.
    "Of course, today, completely disconnecting a machine from the Internet typically renders it of little use. But network connectivity can be limited as much as possible," says Brighten Godfrey, co-founder and CTO of Veriflow. "Segmentation requires careful network architecture, especially in a complex environment where configurations of firewalls, routers and other devices are continually changing. Rigorous network verification methods can help ensure that the intended segmentation is continually realized."

    4: Security Has Real-World Repercussions

    Speaking of healthcare, one of the big-picture lessons that security professionals around the world should be thinking deeply about is the fact that cybersecurity is no longer just a game of protecting data. When attacks happen today, they have real-world repercussions that can affect the safety of people's life and limb.
    "With so many medical devices connected to the internet, it’s not surprising to know that some of these devices were rendered useless by WannaCry," says Terry Ray, chief product strategist for Imperva.
    The attacks against the UK's National Health Service put hospital operations at a standstill and threatened the health of real people. As much as the security industry talks about its struggle with attackers as a game, using terminology like "whack-a-mole" and "cat-and-mouse" to describe the back-and-forth exchanges, the truth that WannaCry should bring home is that what we're engaged in is not frivolous or fun. The consequences are real and serious.

    5: It's Easy to Forget the 'A' in Security's 'CIA'

    So many security organizations get hung up on the confidentiality and integrity part of IT risk management that they forget the final leg of that three-legged stool: availability. According to estimates from Cyence researchers, the business interruption costs to companies from WannaCry will add up to over $8 billion.
    "Business interruption caused by the WannaCry malware is probably the most substantial and problematic component to this event. Organizations will suffer interruptions to their business, lost income, and extra expenses while the infection is being remediated – and it will take some time to get back to full productivity even after systems are restored.
    Obviously, these are big-picture lessons. And it will take time to turn these lessons into meaningful action. In the meantime, for those who've found they've lost access to their WindowsXP systems, there's at least some good news on that front. Security researchers with the French security firm Quarkslab have released a tool called Wannakey, which can help recover the private encryption key for infected WindowsXP systems.


  • Hackers can steal macOS keychain passwords using unsigned applications, it works on the latest version of macOS, High Sierra 10.13, and previous releases.


    Cyber security expert Patrick Wardle, director of research at Synack, revealed that unsigned applications can steal macOS Keychain passwords, including plaintext passwords from the latest version of macOS High Sierra and previous versions of macOS.

    The researchers tested the exploit on Sierra and High Sierra, but he confirmed that El Capitan appears vulnerable as well. This issue is not a ‘High Sierra specific’ vulnerability.
    The researchers shared a video that shows how an unsigned application can exfiltrate sensitive data from the macOS Keychain, including plaintext passwords.

    OS keychain hack

    “What does your attack do?


    A: I discovered a flaw where malicious non-privileged code (or apps) could programmatically access the keychain and dump all this data …. including your plain text passwords. This is not something that is supposed to happen! :(” explained Wardle.




    on High Sierra (unsigned) apps can programmatically dump & exfil keychain (w/ your plaintext passwords)🍎🙈😭
    https://

    It interesting to note that the attack does not require root permissions. The attack does require the knowledge of the master password, it only needs the targeted user to download and launched a malicious application, clearly ignoring the warnings displayed when an app from an unidentified developer is being executed.

    “Q: What are the prerequisites for this attack?


    A: As this is a local attack, this means a hacker or piece of malware must first infect your your Mac! Typical ways to accomplish this include emails (with malicious attachments),  fake web popups (“your Flash player needs updating”), or sometimes legitimate application websites are hacked (e.g. Transmission, Handbrake, etc). Theoretically, this attack would be added as a capability or as a payload of such malware. For example, the malware would persist, survey the system, then use this attack to dump the keychain. If I was writing a modular mac backdoor or implant, I’d call it the “dump keychain” plugin :)”  added the expert.




    Wardle reported the discovery to Apple along with a proof-of-concept (PoC) code, he avoided to publicly disclose technical details to prevent malicious actors from abusing the technique.
    Security experts always recommend customers to download applications only from trusted sources and pay attention to the security warnings displayed by the operating system.

    “A few things. As mentioned before, this attack is local, meaning malicious adversaries have to  first compromise your mac in some way. So best bet – don’t get infected. This means run the latest version of macOS and don’t run random apps from emails or the web. Also, this attack requires that the keychain is unlocked. By default the keychain is unlocked when the user logs in. However, you can change the keychain password (so it is not automatically unlocked during login, or (via the Keychain Access app) lock the keychain while you are not using it. ” suggests Wardle to stay safe.

    Unfortunately, Apple’s bug bounty program doesn’t cover macOS., this means that the expert will not be rewarded. Well, let's hope that Apple will make his case an exception.