• Macs don't get viruses.

    The more megapixels your camera has, the better it is.

    Shelling out more money for expensive cables is worth it.
    These (and more!) are some of the most common myths revolving around the technology we use every day. From battery draining to deleting files off your computer, we've explained and debunked some of these popular beliefs.

    1. You should let your phone's battery drain before recharging.

    Apple
    A common myth surrounding phone and laptop batteries is that it's always best for the life of the battery to let it drain fully before charging it again. 

    This is true in some cases. When a device uses a Nickel-Cadmium battery, for example, you'd want to let your phone fully drain before charging it again. Why? Nickel-Cadmium batteries, unlike Lithium-Ion batteries, suffer from what's known as "memory effect." When they are charged and discharged hundreds of times, they start to lose the ability to charge up to 100%, draining your battery life significantly over time.

    There was a time when most electronics ran on Nickel-Cadmium batteries. Cordless telephones and answering machines all ran on Nickel-Cadmium. In 2006, most NiCd batteries were replaced with technology that used Lithium-ion batteries. These can be found in all Apple devices and do not suffer from "memory effect" the way NiCd batteries do.

    "Lithium-ion polymer batteries have a high power density," Apple says on its website, "and you can recharge a lithium-ion polymer battery whenever convenient, without requiring a full charge or discharge cycle."

    Apple does advise, however, that you should let the device go through at least one charge cycle each month to help keep the electrons moving (as opposed to a NiCd battery which needs to go through a full charge cycle every few days). Letting the device drain from 100% to fully shutting off at 0% helps to maintain the life of the battery.

    2. Jailbreaking is illegal.

    luccawithcheese/Flickr
    It's important to note that "jailbreaking" and "unlocking" a device mean different things. Unlocking a device means you've freed your device to work on any carrier, not just the one you bought it from, while jailbreaking refers to bypassing Apple's security to install modifications that are not allowed in the App store.

    The U.S. Library of Congress deemed it illegal to unlock any phone purchased after January 26, 2013 using a third-party vendor, but jailbreaking your iPhone is still legal until at least 2015 under an exemption in the Digital Millennium Copyright Act (DMCA). Note thatjailbreaking your iPad is illegal. Some catch, right?

    3. More bars means more service.

    DeadZones.com
    Bars on your smartphone actually indicate your signal strength to the cell phone tower closest to you. Your service depends on how many devices those towers are serving at a given time.

    Metropolitan areas are equipped to handle the dense population of people trying to use their phones in one confined space. In unexpected situations (say, a music festival where there are a lot of people in a small area), your phone can be showing lots of bars, but service will be impossible to find; everyone's trying to tap into that one cell tower.


    4. The higher the megapixels, the better the camera.

    Gord McKenna/Flickr
    Every year, the number of megapixels on the latest digital cameras seems to increase, with ad campaigns sending the frantic message that you need to be upgrading for the bigger and better version of your perfectly functional camera.

    More megapixels mean clearer photos to a certain extent, but there is often a misconception of just how many megapixels are needed to produce a quality photo you can enjoy on your phone or computer screen. For those, just three megapixels will do the trick, and even allow room for cropping. With seven megapixels, you can blow a photo up to the size of a poster with no issue.

    For the amateur photographer using a point-and-shoot device to capture casual moments, more megapixels does not translate into a better camera, or better photos.


    5. Emptying the trash or recycle bin means your files are permanently deleted.

    Surat Lozowick/Flickr
    Drag a file to the trash, then empty the trash can and your files are permanently deleted, right?

    Not so fast. Deleting something, and then deleting it again from trash, just frees up the space it had taken up on the hard drive, leaving fragments behind that could theoretically be revived. 

    On a Mac, choose "Secure Empty Trash" as a final step in the deletion process. On a PC, download a program like SDelete, which helps to securely wipe all free space. 



    6. Private browsing keeps you anonymous.


    Setting your browser to incognito tells your browser not to save any information about where you've visited or what you've typed while you were there, but it does not keep you anonymous. Your visits can still be recorded, and files you download while incognito will still live in your computer, phone, or tablet. 




    7. Improperly removing a USB drive will delete all your data.

    sandiskBetter to be safe than sorry.

    If you're working with a USB Drive and have removed it after all of the files have transferred, you should be fine. You might also be okay if you accidentally remove the USB while it's in the middle of transferring, but you run the risk of losing your data or experience software clashes.

    It's best to go through the short steps to remove the USB safely, taking all of the precautions to protect your work and workstation. 



    8. Macs don't get viruses.

    IntelFreePress/Flickr
    Macs can be infected by viruses. Up until a few years ago, Windows was the most common operating system. Now that Macs are becoming more and more prevalent in homes and offices alike, they're becoming a more vulnerable target.

    "The OS X operating system isn’t susceptible to the thousands of viruses plaguing Windows-based computers," Apple says on its website. 

    But Macs are still susceptible to viruses created to target Apple products and operating systems.



    9. Expensive cables are better than cheap ones.


    Last year, MythBusters Jamie and Adam determined there was no difference between a cheap cable and an expensive cable. 

    As should be abundantly clear, expensive HDMI cables are simply not worth purchasing for normal use. In the case that you are running cable in a permanent fashion through walls or ceilings, it may be prudent to spend a little extra for heavier-duty cables for the sake of longevity, but if you’re spending extra on gold-plated connectors and the like, you are doing little more than embedding hard-earned cash in the walls of your home.
  • It's not paranoia: Using public or open Wi-Finetworks without taking your security into consideration is a bad idea. You don't even have to crack the network's passwords to grab tons of data from unsuspecting users on the network-We've shown you how to do it, and how to stop it from happening to you. Now, dSploit, a security toolkit for Android, makes that process so simple anyone can do it. Here's how it works, and how to protect yourself. 

    What is dSploit?
    dSploit is actually a suite of security tools bundled together in one application. It runs on rooted Android (2.3+) devices, its code is freely available at GitHub, and it's actually a great utility if you're a security professional or otherwise enjoy the ins and outs of network security, hacking, and penetration testing. We want to be clear that we're not villainizing the tool here; unlike apps like Firesheep, Faceniff, and Droidsheep, dSploit isn't made for the sole purpose of cracking networks or hijacking user sessions. It can certainly sniff out passwords transmitted in plain text on an open network, and it can crack poorly secured Wi-Fi networks. It can also scan networks for vulnerabilities, crack keys on common routers, and of course, hijack browser, website, or social network sessions and hold on to them. You can see a full list of the tool's features here. 

    For a security professional, an amateur looking for an affordable way to learn more about network security (or who's been tasked by their office to secure their Wi-Fi but can't afford professional pen-testers), or someone looking to protect their own network, dSploit can be a valuable resource. It can also be a valuable resource for people looking to steal your data. That's why we're going to talk about how it works and how you can protect your passwords and private data from anyone else using it. 

    How dSploit (and other apps like it) work
    dSploit makes it easy to do two things: Sniff out passwords being sent unencrypted, and hijack active browser sessions so you can masquerade as someone who's already logged in to a site or service. In both cases, they're really one-touch operations once you have the app installed. The former is easy to do. If someone is visiting a site, or logging in to a service without using HTTPS or SSL, your password is likely being sent in clear text. Anyone sniffing packets on a network can capture them without having to do any real kind of packet inspection, and once they have it, they'll try it on as many sites and services as possible to see if you use it for other accounts. The video above, from OpenSourceGangster, explains how the app works in detail, and how to use it. 

    The latter is a bit more intricate. If you're not familiar with session hijacking, it's the process of capturing cookies to exploit a valid active session that another user has with a secured service in order to impersonate that other user. Since no sensitive data like a login or password is transmitted in the cookie, they're usually sent in the clear, and in most cases they're used by web sites and social networks as a way of identifying a user with a current session so the site doesn't forget who you are every time you reload. This is the most common attack vector for apps that sniff out passwords and sessions via Wi-Fi. We showed you how this works when Disconnect, one of our favorite privacy protecting browser extensions, added protection against widget jacking and session hijacking, if you want to see an example. 

    dSploit approaches session hijacking in a similar manner to the other tools we've mentioned, mostly because it works well. The folks over at MakeUseOf explain how the app works in further detail, including some of the things you can do with it. Many web sites just encrypt your username and password, and once that handoff is made, everything else is unencrypted. While many sites have moved to HTTPS (and there are tools to help that we'll get to a little later), most require you to activate their HTTPS features. Many other sites haven't bothered moving to HTTPS universally at all. 

    What's the real risk here?
    The real risk from tools like this varies. The odds of you encountering someone in your local coffee shop running dSploit, Firesheep, or any other app like them to capture passwords and hijack sessions is pretty slim, but as we've mentioned, it only takes one person to ruin your day. 

    Someone could just capture as many Facebook or Twitter sessions as they can (after which they can change a user's password and keep the Facebook account for themselves), hijack Amazon shopping sessions and grab address and credit card information, read your email and chats, and so on. The risk goes up with more and more tools available that are easy for anyone to use, and with the number of people out there who simply don't protect themselves by encrypting their data. 

    How can I protect myself?
    Protecting yourself from these tools like it is actually remarkably easy if you put in the effort to actually do it: 

    * Turn on HTTPS on every site that allows you to connect with it, and install HTTPS Everywhere. This will make sure you're using HTTPS at all times, whenever possible, and none of your web browsing traffic is sent unencrypted. 

    * Get a privacy-protecting browser extension like Disconnect, which also protects against widget jacking or side-jacking. Disconnect is our favorite, but it shouldn't be the only tool in your toolkit. 

    * Use a VPN when browsing on public, free, or other open networks. We've explained why you should have a VPN before. We've even explained how to tell if a VPN is trustworthy. Using a VPN is the best way to make sure all of your data is encrypted and safe from anyone else on the same network, whether it's wired or wireless, public or private. 

    * Use your head, and practice good internet hygiene. Hone your phishing and scam detection skills, turn your BS detecter up to max, and learn how to protect yourself from online fraud. Someone doesn't have to hijack your session or passwords to get to you-they could just as easily replace the website you're on with one that looks like it but insists you give it a ton of data first. Be smart. 

    * It doesn't take much to use HTTPS everywhere you can, fire up a VPN if you're going to be working from the library, or just not to use public Wi-Fi and wait until you get home or tether to your phone instead (that's always another option). However, if everyone did it, unscrupulous use of tools like these wouldn't' be an issue and only the people who needed them would use them. However, as long as they're so effective, it makes sense for you to take the necessary steps to protect yourself.
  • Even if your company operates on a shoestring budget, you can grow your IT to meet your requirements and help make your business successful. 

    You're a small business and you have the budget to prove it. The problem is, you need to expand your IT. Without such an expansion, you can't grow. How do you get around the budget-lock? You get creative. That's one of the beauties of technology: It's there for you to use and to use in a way that benefits you. Of course, nearly every piece of technology has its recommended usages -- but that doesn't mean you can't bend the rules a bit or just add some new policies to help your business IT grow.
    I've come up with 10 creative ways you can expand your company's IT without having to blow your budget wide open. Some of these ideas can be implemented with little to no effort, whereas some will require some serious change. Either way, the end result is the same.

    1: Open source

    This should be a no-brainer. Your IT budget is limited and you need more of just about everything. Though open source can't easily help you with hardware, it can do wonders for you on the software side of things. Those older machines? Slap a lightweight Linux distribution on them. The newer machines? Opt for LibreOffice instead of Microsoft Office. There are so many ways in which open source can help you -- even beyond the desktop. Install Linux on a desktop machine or even put it to work as an in-house server you can use in a multitude of ways.

    2: CRM/CMS/HRM

    One of the best-kept (non) secrets of midsize to large businesses is that they manage their workflow with the help of CRM (customer relationship management), CMS (content management system), and HRM (human resource management) tools. Part of that "secret" is that there are plenty of cost-effective solutions that can meet (and exceed) those needs. Try the likes of Orange HRMDrupal, and openCRX. Each of these tools offers tremendous power, at zero software cost, that can enable your company to expand in ways you probably never thought possible. And you don't always have to use the tools exactly as outlined. For example, the Drupal CMS platform is (with the help of plugins) an outstanding tool for creating a powerful company Web site.

    3: Crowd-source development

    One of the nice things about open source is that it's possible to get people involved in your project. This, of course, isn't limited to open source – but it's a great place to start. If you have a specific need for a project, or if you have a feature you'd like to get rolled into a currently existing project, reach out! I have done this on a number of occasions -- contacted developers and asked for a feature to be added. Sometimes it works and sometimes it doesn't. You can always host your project on Google Code, which offers free hosting for collaborative, open source projects. Other services, such as theZohoMarketplace, allow you to post your requirements, to which developers will submit to develop your app.

    4: BYOD

    BYOD is not new, nor is it all that creative. But for many smaller companies, it can be a real boon for getting technology in the hands of employees. This is especially true when you'd like to have the power and flexibility of tablets and other mobile devices. This doesn't mean you simply tell your employees, "If you want to use a computer, bring your own!" Instead, you let them know it's okay for them to bring their own devices to add a level of familiarity to their everyday usage. You will want to make sure that all devices brought in meet certain criteria (e.g., all Windows-based devices must have antivirus and anti-malware).

    5: Google Apps or Zoho for business productivity

    Google Apps is quickly becoming a standard by which businesses measure cloud-based software, butZoho offers a host of software and services that can do wonders to expand your business. Zoho offers tools like invoicing, email/social marketing campaigns, CRM, bug tracking, reports, recruiting, and finances.

    6: Cloud-source backups

    Maybe you won't be backing up a server's worth of data, but you can use the likes of Dropbox, SpiderOak, and UbuntuOne to sync your data to multiple computers. It's not a be-all, end-all backup solution (I would add some form of local back as well). But if disaster strikes, you can at least rest assured that certain folders and files can be retrieved easily. You can even get away with the free version of these tools. Although you are limited to 2 to 5 GB of data per service, you can get creative by installing multiple cloud-based tools and have them each sync different folders.

    7: Interns

    This is a rather touchy subject, but for some companies, bringing in undergraduate interns can help on a number of levels. First, you're bringing in new ideas. These students are typically just about to come out of their CIS or Comp Sci programs and need the internship hours. This means you get fresh minds, with fresh ideas, at a pittance. This isn't taking advantage of a system, because both sides have a need. Just make sure you don't work your interns too much or ask more from them than originally agreed upon.

    8: Social networking

    Social networking can play a huge role in expanding your IT. If you remove the "social" aspect of social networking, you're left with "networking." Being able to network means you have a large resource for help and information. If you're stuck with a problem, get on Facebook, LinkedIn, or Twitter and try to get help. I realize that anyone in the IT industry knows that the classroom and Google are your best friends -- but honestly, sometimes connecting with others is better than scouring Google or the Microsoft Knowledge Base.

    9: Resisting lock-in

    Don't fall for lock-in. Microsoft and other big companies are going to do everything they can to lock you into their products. The problem is, once you're locked in, it's a costly endeavor to get unlocked. Instead of falling for the typical tactics of the big software companies, understand that the world of computing has become very homogeneous. This is especially true as everything migrates to Web-based and cloud-based platforms. At some point in the near future, the operating system is going to be an afterthought. Keep this in mind as you begin purchasing new hardware and software. Avoid lock-in, and expansion will be much easier.

    10: Agility

     "Expand by remaining agile" might sound like a buzz-filled catch phrase. But when you give it some thought, one of the most remarkable characteristics of small businesses is that their size lends them an agility that big business doesn't have. By remaining small, you remain agile. And if you apply this to your IT, you will continue to operate that way. So in the end, thinking small can really be thinking big.

  • An Android malware is spreading around WhatsApp messenger called 'Priyanka'. It changes all your group names to Priyanka, and may also change your contact names to Priyanka.
    Android enthusiast site TheAndroidSoul.com said the malware replaced all the group names on an infected device's WhatsApp to “Priyanka.”
     
    Apparently, the malware doesn't actually harm Android devices. but it is very annoying and it spreads manually, relying on victims to accept and install a contact file from a friend, named "Priyanka". Just in this week, this virus started infecting WhatsApp users.
    Users of mobile messaging app WhatsApp were warned against this new malware threatening to spread and change all the names on the user's contact list to "Priyanka."

    Android malware 'Priyanka' spreading rapidly through WhatsApp messenger
     
    "Thankfully this virus doesn’t gets installed on your phone by itself. So in case you receive a contact file named 'Priyanka' from anyone on WhatsApp or by any other way, make sure that you do NOT add/save it to your contacts. It can’t do any harm without getting added to your contacts database so just DON’T save it," it said.
     
    For those who may have saved "Priyanka" to their contacts, they should turn off all Internet connectivity including WiFi, Mobile data and Bluetooth tether.
     
    The user should then delete the malware from the contacts, then clear his or her WhatsApp database.
     
    "NOTE that clearing your WhatsApp database would bring it to a freshly installed state. You’ll be required to do all the WhatsApp setup again. And thankfully, WhatsApp does take auto backups of all your conversations so they’ll be restored automatically once you’re through the setup," it said.
  • Just as with the demise of the dinosaurs, many theories have been put forward as to why the PC industry ground to a sudden halt the way it did. Some blamed consumer boredom with Windows, while other pointed the finger at an overall flaccid economy, while pointed to the ethereal 'post-PC' shift. Others weaved more elaborate models revolving around Moore's law or even changing aesthetics.
    While these factors may have played a part in the implosion of PC sales, a chart published by analyst firm Asymco leaves us with no doubt as to what catalyzed the catastrophe – the iPad.
    Since its launch in April 2010, worldwide PC shipments have been in freefall, with year-on-year percentage growth that was once in strong double-digit territory now having nosedived quite alarmingly into negative double-digit terrain. 
    (Source: Asymco)
    So, while there's little doubt that we've shifted from an era dominated by the PC to one ruled by post-PC devices, this shift clearly coincides with the introduction of the iPad.
    Tablets have, in one form or another, been around for decades. Microsoft has tried – and failed – on several occasions to take them mainstream. But it was Apple's iPad – with that name that many thought would doom it to failure – which took the idea of a tablet computer and transformed it into a marketable, successful product.
    This, in turn, paved the way for Android-powered slates, and then devices powered by Windows RT and Windows 8.
    What didn't help following the launch of the iPad was the way that Microsoft, along with its hardware partners, started furiously churning out expansive, poor quality tablets that OEMs could only convince consumers to buy by offering them at firesale prices. This confusion allowed the iPad to gain ground on the PC, and cemented its position as a game changer.
    What's interesting are the suggestions that the post-PC industry could also be headed for stagnation, as the high-end smartphone market becomes crowded. If this turns out to be the case, then beleaguered PC firms scrabbling for new markets could find themselves leaping headlong into another imploding market.

  • If you're still using Windows XP, Microsoft has a message for you: Stop. Upgrade to Windows 8 instead.
    Microsoft plans a carrot-and-stick approach to get customers off XP, says Computerworld. The stick: Support for the 11-year-old operating system ends April 8, 2014, and Microsoft plans to stop even issuing security patches then.

    Some 11 years after launch, XP still has 37 percent of market share, compared with 5 percent for Windows 8, as of last month, according to Netmarketshare.com. Some 586,000 PCs will have to migrate off XP every day to meet the deadline for the end of XP support.

    Microsoft's goal is more modest, to get XP below 10 percent by that time. Even that's going to be tough.
    Microsoft is providing the carrot to its partners to get their customers off XP. Partners will see a $32 billion service opportunity, based on a $200 per PC average, according to ZDNet.

    Microsoft will spend $40 million in fiscal 2014 to continue its Windows Accelerate Program for moving customers to a modern environment. As part of that program, Microsoft pays some resellers and integrator partners to create proof-of-concept Metro-style apps to demonstrate to customers.

    Microsoft is also extending its "Get to Modern" program for small and midsized business users, who typically don't plan far ahead and will need partners to help them do a quick change off XP. And Microsoft and HP are working together on a new XP migration campaign. (HP competes with IBM, which is the exclusive sponsor of Internet Evolution.)

    All of that is great -- for partners. But what about enterprises? If they're willing to take a chance on foregoing support, why should enterprise customers get off XP? Says Computerworld's Preston Gralla:
    People and businesses are staying with XP and away from Windows 8 for a reason: XP does what they want, and Windows 8 doesn't. Until that is fixed, all the carrots and all the sticks won't get people to upgrade from XP to Windows 8.
    But Microsoft is serious about migration. Its two top priorities for next year: Getting businesses to stop using Windows XP, and making Windows 8 tablets the top business tablet.

    Microsoft plans to ship Windows 8.1 to manufacturers in late August, with tools designed toappeal to business users, including the ability to boot into the classic Windows interface by default, as well as new management capabilities.
  • This story, "In his own words: Confessions of a cyber warrior," was originally published at InfoWorld.com.

    A longtime friend working as a cyber warrior under contract to the U.S. government provides a glimpse of the front lines.

    Much of the world is just learning that every major industrialized nation has a state-sponsored cyber army -- though many of the groups, including team USA, have been around for decades.
    I've met a few cyber warriors. As you might imagine, they can't talk much about their duties. But if you work shoulder to shoulder with them long enough, certain patterns emerge. For starters, there are a lot of them. They are well armed with cyber weaponry, and they're allowed to experiment and hack in ways that, as we all now know, might be considered illegal in some circles.
    I've been a longtime friend to one cyber warrior. On condition of anonymity, he agreed to be interviewed about what he does for a living and allowed me to record our conversation on a device he controlled, from which I transcribed our conversation. I was able to ask clarifying questions the next day.
    We met in person in my boat off the coast of Florida, which might sound very clandestine, except that our primary goal was to catch some fish. It's interesting to note that he did not want me to contact him by email or phone during the months leading up to this interview or for a few months after, even though what he revealed does not disclose any national security secrets. The following is an edited version of our conversation. Certain inconsequential details have been altered to protect his identity.
    Grimes: Describe yourself and your occupation.
    Cyber warrior: Middle-aged, white male, not married. Somewhat smart. Music lover. Lifetime hacker of all things. Currently working on behalf of armed services to break into other countries' computer systems.
    Grimes: What is your background? How did you learn to hack?
    Cyber warrior: I got into computers fairly early in my life, though I grew up in a foreign country. My dad split when I was young, and my mom worked a lot. I got into computers by visiting one of the few Radio Shacks near my neighborhood. The sales guy hated me at first because I was always on their computers, but after I taught him a few things, we became good friends for years. I realized I had an aptitude for computers ... that most of the adults around me did not have. By the time I was 15, I had dropped out of school (it wasn't as big of a deal in the country I was in, as it is in most developed countries), and I was working a full-time job as the head IT guy at a federal hospital.
    I was hacking everything. I hacked their systems, which wasn't too much of a problem because I was already the head IT guy. They had lost some of the admin passwords to the network and other computer systems, so I had to use my hacking skills to reclaim those systems. I hacked everything: door locks, Master locks, burglar alarms -- anything. For a while, I thought I was a master spy and thief, even though I never stole anything. I would spend all my earnings on buying security systems, install them in my house, then spend all my time trying to bypass them without getting caught. I got pretty good, and soon I was breaking into any building I liked at night. I never got caught, although I did have to run from security guards a few times.
    Grimes: What did you like hacking the most: security systems or computer systems?
    Cyber warrior: Actually, I loved hacking airwaves the most.
    Grimes: You mean 802.x stuff?
    Cyber warrior: How cute. How quaint. No, I liked hacking everything that lives in the sky. Computer wireless networks are such a small part of the spectrum. I bought literally dozens of antennas, of all sizes, from small handheld stuff to multi-meter-long, steel antennas. I put them all in a storage shed I rented. I put the antennas up on the roof. I don't know how I didn't get in trouble or why the storage shed people didn't tell me to remove the antennas. I had to learn about electricity, soldering, and power generation. I had dozens of stacked computers. It was my own little cloud, way back when. I would listen for all the frequencies I could. I was next to an airbase and I captured everything I could.
    Back then a lot more was open on the airwaves than today. But even the encrypted stuff wasn't that hard to figure out. I would order the same manuals as the equipment they were using and learn about backdoors in their equipment. I could readily break into most of their equipment, including their high-security telephone system. It was fun and heady stuff. I was maybe 16 or 17 then. I was living and sleeping in the shed more than at my home.
    One day I started to see strange cars show up: black cars and trucks, with government markings, like out of movie. They cut the lock off my shed and came in the door. My loft was up near the rafters, so I scooted over into the next storage area, climbed down, and went out the side door at the far end of the shed area. I walked off into desert and never went back. I must have left $100,000 worth of computers, radio equipment, and oscilloscopes. To this day, I don't know what happened or would have happened had I stayed -- probably not as much as I was worried about.
    Grimes: Then what did you do?
    Cyber warrior: My mom got married to my stepdad, and we moved back to the States. I was able to get a computer network admin job pretty quickly. Instead of hacking everything, I started to build operating systems. I'm a big fan of open source, and I joined one of the distros. I wrote laptop drivers for a long time and started writing defensive tools. That evolved into hacking tools, including early fuzzers.
    Eventually I got hired by a few of the big penetration-testing companies. I found out that I was one of the elite, even in a group of elites. Most of those I met were using tools they found on the Internet or by the companies that hired us, but all that code was so [messed up]. I started writing all my own tools. I didn't trust any of the hacking tools that most penetration testers rely on. I loved to hack and break into to things, but to be honest, it was pretty boring. Everyone can break into everywhere -- so I made it a game. I would only break in using tools that I built, and I would only consider it a success if none of my probes or attacks ended up in a firewall or other log. That at least made it more challenging.
    Grimes: How did you get into cyber warfare?
    Cyber warrior: They called me up out of the blue one day -- well, an employment agency on behalf of the other team. They were offering a lot more money, which surprised me, because I had heard that the guys working on behalf of the feds made a lot less than we did. Not true -- it's certainly not true anymore, if you're any good.
    I had to take a few tests. I had a few problems getting hired at first because I literally didn't have a background: no credit, no high school or college transcripts. Even the work I had done was not something you could easily verify. But I scored really well on the tests and I was honest on what I had done in the past. They didn't seem to care that I had hacked our own government years ago or that I smoked pot. I wasn't sure I was going to take the job, but then they showed me the work environment and introduced me to a few future coworkers. I was impressed.
    Grimes: Explain.
    Cyber warrior: They had thousands of people just like me. They had the best computers. They had multiple supercomputers. They had water-cooled computers running around on handtrucks like you would rent library books. The guys that interviewed me were definitely smarter than I was. I went from always being the smartest guy wherever I worked to being just one of the regular coworkers. It didn't hurt my ego. It excited me. I always want to learn more.
    Grimes: What happened after you got hired?
    Cyber warrior: I immediately went to work. Basically they sent me a list of software they needed me to hack. I would hack the software and create buffer overflow exploits. I was pretty good at this. There wasn't a piece of software I couldn't break. It's not hard. Most of the software written in the world has a bug every three to five lines of code. It isn't like you have to be a supergenius to find bugs.
    But I quickly went from writing individual buffer overflows to being assigned to make better fuzzers. You and I have talked about this before. The fuzzers were far faster at finding bugs than I was. What they didn't do well is recognize the difference between a bug and an exploitable bug or recognize an exploitable bug from one that could be weaponized or widely used. My first few years all I did was write better fuzzing modules.
    Grimes: How many exploits does your unit have access to?
    Cyber warrior: Literally tens of thousands -- it's more than that. We have tens of thousands of ready-to-use bugs in single applications, single operating systems.
    Grimes: Is most of it zero-days?
    Cyber warrior: It's all zero-days. Literally, if you can name the software or the controller, we have ways to exploit it. There is no software that isn't easily crackable. In the last few years, every publicly known and patched bug makes almost no impact on us. They aren't scratching the surface.
    Grimes: What do you like hacking now?
    Cyber warrior: Funny enough, it's a lot of wireless stuff again: public equipment that everyone uses, plus a lot of military stuff that the general public knows nothing about. It's mostly hardware and controller hacking. But even that equipment is easy to exploit.
    Grimes: Does your team sometimes do illegal things?
    Cyber warrior: Not that I know of. We get trained in what we can and can't do. If we do something illegal, it's not on purpose. Well, I can't speak for everyone or every team, but I can tell you the thousands of people I work with will not do anything intentionally illegal. I'm sure it happens, but if it happens, it's by mistake. For instance, I know we accidentally intercepted some government official's conversations one day, someone high-level. We had to report it to our supervisors and erase the digital recordings, plus put that track on our red filter list.
    Grimes: You say you don't do anything illegal, but our federal laws distinctly say what we cannot offensively hack other nations. And we are hacking other nations.
    Cyber warrior: They say we can't hack other nations without oversight. John Q. Public and John Q. Corporation can't hack other nations, but our units operate under laws that make what we are doing not illegal.
    Grimes: I know you from many years ago, and I think the young you would revile hacking any government by any government. I think I heard you say this many times, and you were passionate about it.
    Cyber warrior: I'm still passionate about it, but the older self realizes that the young self didn't have all the facts. We have to do what we do because [other nation states and other armies] are doing it. If we didn't, we would literally be dead. It's already something that I don't know if we are winning. I know we have the best tools, the best people, but our laws actually stop us from being as good as we could be.
    Grimes: What about your job would surprise the average American?
    Cyber warrior: Nothing.
    Grimes: I really think the average American would be surprised you do what you do.
    Cyber warrior: I don't agree. I think everyone knows what we have to do to keep up.
    Grimes: What does your work location look like?
    Cyber warrior:  I work in obscure office park in Northern Virginia. It's close to DC. There's no lettering or identifiers on the building. We park our cars in an underground garage. There are about 5,000 people on my team. I still work for the same staffing company I was hired by. My badge does not say "U.S. government" on it. We are not allowed to bring any computers, electronics, or storage USB drives into the building. They aren't even allowed in our cars, so I'm the guy at lunch without a cellphone. If people were to look around, they could spot us. Look for the group of people being loud that don't have a single cellphone out -- no one texting. Heck, they should let us carry cellphones just so we don't look so obvious.
    Grimes: What do you do for a hobby?
    Cyber warrior: I play in a hardcore rap/EDM band, if you can imagine that. I play lots of instruments, make beats and percussion stuff. I wish I could make more money doing music than hacking. I'm even considering now leaving my job and doing music. I don't need much money. I have enough for retirement and enough to support my lifestyle.
    Grimes: What do you wish we, as in America, could do better hacking-wise?
    Cyber warrior: I wish we spent as much time defensively as we do offensively. We have these thousands and thousands of people in coordinate teams trying to exploit stuff. But we don't have any large teams that I know of for defending ourselves. In the real world, armies spend as much time defending as they do preparing for attacks. We are pretty one-sided in the battle right now.
    Grimes: What do you think of Snowden?
    Cyber warrior: I don't know him.
    Grimes: Let me clarify, what do you think of Snowden for revealing secrets?
    Cyber warrior: It doesn't bother me one way or the other.
    Grimes: What if it could lead to your program shutting down? You'd be without a job.
    Cyber warrior: There's no way what we do will be shut down. First, I don't intentionally do anything that involves spying on domestic communications. I don't think anyone in my company does that, although I don't know for sure. Second, it would be very dangerous to stop what we do. We are the new army. You may not like what the army does, but you still want an army.
    If I was out of job I'd just get better at playing my instruments. I like to hack them, too.

  • As Posted on Windows Blog: blogs.windows.com 
    Before we launched Windows 7, we envisioned what the next version of Windows would need to deliver. We made a bet that the PC landscape and industry would undergo a significant transformation driven by an increase in mobility. That bet underscores the changes we made with Windows 8 – it’s a generational leap forward. We built Windows 8 for a world where touch is a first class interaction model, the same as mouse and keyboard; and where there’s a proliferation of innovative and diverse devices that are highly mobile, always on the go and always connected. Windows 8 was built on the reality that the lines between our work and personal lives have blurred.
    We’re only a bit more than seven months into this new, bold approach to computing. The response to Windows 8 has been substantial— from new devices to strong app growth to key enhancements to the OS and apps. We’ve learned from customers on how they are using the product and have received a lot of feedback. We’ve delivered hundreds of updates to the product and to apps. We’re just getting started, and the potential ahead is tremendous.
    Windows 8.1 will advance the bold vision set forward with Windows 8 to deliver the next generation of PCs, tablets, and a range of industry devices, and the experiences customers — both consumers and businesses alike — need and will just expect moving forward. It’s Windows 8 even better. Not only will Windows 8.1 respond to customer feedback, but it will add new features and functionality that advance the touch experience and mobile computing’s potential. Windows 8.1 will deliver improvements and enhancements in key areas like personalization, search, the built-in apps, Windows Store experience, and cloud connectivity. Windows 8.1 will also include big bets for business in areas such as management and security – we’ll have more to say on these next week at TechEd North America. Today, I am happy to share a “first look” at Windows 8.1 and outline some of the improvements, enhancements and changes customers will see.

    Personalization:

    In Windows 8.1, you’ll be able to do more to personalize the experience on your device. As people started using Windows 8, we found that people were using their Lock screens to show pictures of their families. So in Windows 8.1, you can turn your PC or tablet into a picture frame by making your Lock screen a slide show of your pictures – either locally on the device or photos from the cloud in SkyDrive. We also added the ability to take pictures with the built-in camera right from the Lock screen without having to log in.
    Start screen High res
    Windows 8.1 offers more colors and backgrounds for the Start screen – including ones with motion.
    Start with wallpaper High res
    You can even choose your desktop background as your Start screen background, creating a greater sense of unity and familiarity. And the Start screen in Windows 8.1 features a variety of tile sizes including a new large and new small tile, so you can organize your Start screen exactly the way you want it. It’s also even easier to name groups and rearrange tiles. You can now select multiple apps all at once, resize them, uninstall them, or rearrange them. We also found people were accidentally moving tiles on their Start screen so in Windows 8.1, you press and hold (or right click) to move things around.
    You can view all apps just by swiping from the bottom to view all apps, and we’ve added the ability to filter your apps by name, date installed, most used, or by category. You want the Start screen to be about all the things you love. So when you install a new app from the Windows Store, we no longer put that app on your Start screen. Instead, you’ll find these apps under apps view as mentioned above and marked as “new” where you can choose to pin the apps you want to your Start screen.

    Search:

    In Windows 8.1, the Search charm will provide global search results powered by Bing in a rich, simple-to-read, aggregated view of many content sources (the web, apps, files, SkyDrive, actions you can take) to provide the best “answer” for your query. We think this will really change the way you interact with the Web and with windows making it quicker and easier to get things done. It is the modern version of the command line!
    Search High res
    Quick actions include things you would want to do like play a song or video. Results from local files, apps, and settings are easily accessed in the same convenient view by scrolling to the left.

    Apps and Windows Store:

    We will be improving all our built in apps that come with Windows 8 for Windows 8.1. For example, the Photos app now has some new editing features that lets you quickly edit or adjust photos when you view them in the Photos app or open them from other places like the Mail, SkyDrive, and Camera apps. And our Music app has been completely redesigned to help pick and play music from your collection. We plan to talk more about updates to the built in apps in Windows 8.1 and some brand new apps we will be introducing in a future blog post.
    We’re also making improvements for using multiple apps at once in Windows 8.1.
    Multitasking High res
    Windows 8.1 brings variable, continuous size of snap views. You will have more ways to see multiple apps on the screen at the same time. You can resize apps to any size you want, share the screen between two apps, or have up to four apps on screen. If you have multiple displays connected, you can have different Windows Store apps running on all the displays at the same time and the Start Screen can stay open on one monitor. This makes multi-tasking even easier. Also in Windows 8.1, you can have multiple windows of the same app snapped together – such as two Internet Explorer windows.
    The improved Windows Store in Windows 8.1 is designed to show more info than in Windows 8 with detailed lists of top free apps, new releases, and picks for you on the homepage. The app listing is more descriptive and informative and includes an area for related apps to help with app discovery. Categories are listed with other app commands such as links to your apps and your account information. App updates install automatically in the background as well as they come through the Store. And search is available in the upper right hand corner for finding the apps you want.

    Cloud Connectivity:

    In Windows 8.1 your files can be saved directly to SkyDrive, so you can always have your files with you.
    SkyDrive High res
    The new SkyDrive app gives you access to your files that are on your device or in the cloud, and files are accessible even when offline.
    Also, when you log on to your Windows 8.1 device with your Microsoft account (Outlook.com by default), your device magically becomes personalized with your settings and apps, making switching or setting up a new device really easy.

    PC Settings:

    The updated PC Settings in Windows 8.1 gives you access to all your settings on your device without having to go to the Control Panel on the desktop. You can do things like change your display resolution, set your power options, see the make and model of your PC, change the product key, let you run Windows Update, and even join a domain – all from PC Settings. You can even manage SkyDrive from PC Settings as well and see how much available storage you have (and buy more if needed).

    Internet Explorer:

    Web browsing continues to be one of the most popular activities on any device. That’s why with Windows 8.1, you also get Internet Explorer 11 (IE11). IE11 builds on the advancements in IE10 and is the only browser that is built for touch. IE11 will offer even better touch performance, faster page load times and several other new features we think you will enjoy. For example, you can now adjust the appearance of modern IE11 to always show the address bar and you can have as many open tabs as you like. And you can access your open tabs in sync across your other Windows 8.1 devices.

    Better Mouse and Keyboard Options

    PCs today are evolving for a world of mobile computing where people interact with their devices through touch, and we designed Windows 8 for this. But we also recognize there are many non-touch devices in use today – especially in the commercial setting. As such we’ve focused on a number of improvements to ensure easier navigation for people using a mouse and keyboard.
    We’ve improved the way you navigate to Start with the mouse by changing the Start “tip” to be the familiar Windows logo. The new tip appears anytime you move the mouse to the bottom left corner of the screen, and is always visible on the taskbar when on the desktop. There are also options to change what the corners do, and options to boot into alternate screens. For example, if you prefer to see the Apps view versus all the tiles, you can choose to have the Start screen go directly to Apps view.
    --
    These are just some of the updates coming in Windows 8.1. We’ll be blogging more about these and other changes in the coming weeks. As you’ve heard us talk about before, Windows 8.1 will be available later this year as a free update for consumers to Windows 8 through the Windows Store the same way customers get app updates today.
    Beginning June 26th, and timed with the start of Build, our developer conference, you will be able to check out these improvements for yourself with a preview of Windows 8.1 that will be released. At Build, we’ll also be sharing more about Windows Embedded, which will be updated in the same timeframe as Windows 8.1. We’re aligning the platforms even more to bring Windows to form factors of all types, including not only tablets and PCs, but also the growing category of industry devices such as ATMs, point of service (POS) terminals, and kiosks.
    Windows 8 has been a bold, necessary move towards mobility for the PC industry – pushing ourselves and our industry ahead with a touch-first approach that is redefining the PC as we know it, while offering the best of all worlds across any device at any time. Our commitment to that vision – and to always improving - remains the same as we stay the course of the evolution of Windows with Windows 8.1. We’ve been watching, we’ve been listening; Windows 8.1 will continue to build on what you love bringing the latest advancements in hardware, apps, cloud services and the OS to enable a unique experience in everything you do.
    More to come. Thanks for reading.
Subscribe to: Posts (Atom)