February 8, 2017 brianradio2016

In a surprisingly detailed 20+ page report titled “UNDER THE HOODIE: Actionable Research from Penetration Testing Engagements“, Rapid7 – provider of tools such as Metasploit and Nexpose – is sharing some very interesting insights into the choices being made by companies in their penetration testing and what the testers are uncovering. Released just moments ago, this research report provides details on:

  • how much organizations budget for pen testing engagements;
  • what information organizations are most interested in protecting, despite the recent uptick in online industrial espionage;
  • what percentage of sites are free of exploitable vulnerabilities;
  • the easiest ways for attackers to execute their attacks; and
  • how often pen tests successfully identify and exploit software vulnerabilities.

The statistics provided will likely help many companies refine or initiate their own penetration testing. The findings are based on 128 penetration tests that the company conducted in Q4 of 2016. They reveal many interesting details and some surprising details on testing choices such as:

  • internal vs external testing pentesting engagements;
  • different lengths of engagements;
  • various customer testing priorities;
  • choices made by organizations of vastly different sizes; and
  • similarities across a range of different industries (verticals)

You can learn a lot about the types of vulnerabilities exposed, how credentials can be uncovered and accounts compromised – even those using two-factor authentication (2FA), that account lockout thresholds are commonly exceeded to limit credential guessing, and how escalating privileges can often take a pentester from one compromised user account all the way to domain admin privileges.

Surprises

The study uncovers some important, some surprising, and some fairly worrisome observations that might drive your own pentesting efforts – such as the high percentage of vulnerabilities created by system misconfiguration, the facts that 2/3 of penetration testers remaining undetected, that the industry you’re working in doesn’t make as much difference as you might imagine, and that domain admin access was achieved in nearly a quarter of the testing engagements.

February 8, 2017 brianradio2016

Like every previous Windows Server release, Windows Server 2016 is jam-packed with new features and capabilities. While it is difficult to pick one single feature as the most significant, the new Nano Server deployment option is definitely a strong contender.

As you may recall, several years ago Microsoft gave us the option of deploying Windows in a lightweight Server Core configuration. Server Core deployments achieved their size reduction by sacrificing most of the GUI elements. Nano Server can be thought of as the next evolution in lightweight Windows Server operating systems.

February 8, 2017 brianradio2016

Did the Apple Watch save my life?

Image from http://www.ccpixs.com. Creative Commons.

Last November, my Android phone died as I descended on a JetBlue flight into San Francisco. I took that trip as part of the CXOTALK series of conversations with technology executives and had six interviews lined up at a conference.

As I left the airport, it was obvious that a failed phone meant no Uber ride to my hotel, no phone calls, and no way to coordinate schedules with interviewees. In other words, I was screwed.

Although my dead phone was an Android, I figured that Apple would be my best route to get re-connected, so I bought an iPhone 7 Plus in San Francisco. Being a longtime user of activity trackers (Fitbit Charge HR, Polar M400, Polar M600, and even the Huawei Watch), I also decided to buy an Apple Watch Series 2.

Fast forward about three months, and I’m enjoying life in the Apple ecosystem. The Apple Watch is frustrating at times, but the notifications work, it’s waterproof, and the built-in heart rate sensor is accurate.

Notification spam

One frustration with the Apple Watch is limited functionality in the native Apple apps. For example, there is no sleep tracking, and Apple seems unaware of the concept of heart rate zones. Fortunately, third party apps fill some of the voids.

One of the third-party apps I installed is called HeartWatch, which gathers sensor data from the Apple Watch and presents a richer view than Apple’s activity tracking software.

Several weeks ago, I started receiving odd alerts from HeartWatch, saying my heart rate was elevated at certain times.

Heart rate comparison

Heart rate comparison

Early signs of a problem for which I experienced no symptoms. Notice the January readings show more red and purple, indicating higher rates than in December. Graphs from the HeartWatch app.

Although I noticed the alerts, they seemed like anomalies, and I dismissed them as spurious readings from complicated software that I did not have time to learn properly. I incorrectly interpreted these elevated heart rate notifications as spam.

The accuracy question

Eventually, however, I started to notice that my resting heart rate seemed higher than normal. Because I regularly work out and track my overall heart activity, I have a general sense of what seems right for me.

Thus, I started paying closer attention to my pulse and became aware that mildly elevated rates were happening consistently. Not alarmingly high, but enough to pay special attention to readings from the heart rate sensor in the Apple Watch.

Then, while walking home from dinner out one night, I checked my pulse, and it was far too high, given my slow walking pace. I can tell you, watching that number rise was alarming.

At this point, the immediate question became, “Are the readings correct?” To verify, I pulled out my Polar M400 and its Bluetooth-enabled H7 heart sensor. Testing the Apple Watch against the Polar, I found the Apple Watch readings to be sufficiently reliable.

Isolating the problem

After ten days, it became clear that something was wrong. So, with a heavy heart (no pun intended), I went to see my doctor. She had me do the following:

  • Take an immediate EKG (which was normal)
  • Take a blood test to check for non-cardiac underlying causes such as thyroid problems
  • Wear a heart event monitor for two weeks. It’s a portable device that captures an EKG while the patient is out in the world, tracking intermittent heart issues.
  • Get an echocardiogram

Within a few days, I picked up the heart event monitor (a King of Hearts Express, to be precise, that uses old acoustic coupling technology to transfer collected data back to the doctor for analysis). Almost at once, it showed sinus tachycardia, meaning a fast heart rate. And the blood test showed something going with my thyroid. And so, the doctor added a thyroid ultrasound and asked me to visit an endocrinologist.

See also: Apple Watch accounts for half of smartwatch sales, 80 percent of revenue | Samsung Gear S3 Frontier: The best smartwatch for outdoor use | Huawei Fit hands-on: An elegant $100 fitness watch with open data access

In retrospect, the apparently “spurious” readings reported by HeartWatch were early indicators of a potentially serious problem. Aside from seeing the heart rate data, I felt nothing strange, despite having heart rates that were alarmingly high at times.

Along the way, I also bought a blood pressure monitor, because more information is helpful. I purchased the Omron Evolv, which has Bluetooth and an app that tracks readings over time.

The bottom line

Sensor data reported by HeartWatch made me aware of a potentially dangerous condition of which I was otherwise absolutely unaware. Based on the data, I’m now undergoing various tests and treatment.

Heart health: What’s missing from the Apple Watch

You can find many reviews of the Apple Watch explaining what’s good and bad. However, from a heart health-tracking perspective, the native watch software and associated apps are overly complicated and incomplete:

  • Heart reporting is minimal, at best. The Apple Watch is full of sensors, but you must actively start a “workout” to activate heart rate reporting in the Apple apps.
  • There is no native concept of heart rate zones, which is how virtually all other activity trackers report workout intensity.
  • Although the data is buried in HealthKit, Apple’s apps do not let you easily see trends over time such as heart rate zone, and min / max heart rates. It reports average heart rate, but that is not enough.
  • There is no native sleep tracking app. Seriously?
  • What about correlating sleep and heart activity? Also missing.
  • How about mirroring a real-time heart rate from the watch to the iPhone, to monitor heart rate without continually to look at the watch?
  • A minor bug: if you try to measure heart rate while the watch is charging but connected to a Bluetooth heart rate strap, the watch gives an error and insists you put on the watch.
  • In summary, Apple should rethink its data collection and reporting aspects of its health-tracking sensors.

Heart and sleep apps

If you want to track heart health, here are a list of apps I have tried during this whole experience.

February 8, 2017 brianradio2016

So you’ve carried out the tests and come to the conclusion that your iPhone suffers from a battery drain issue. What do you do next?

Must read: Does your iPhone have a battery drain problem?

Before you venture any further I want to point out a few things.

  • The process of troubleshooting a battery drain can be long and frustrating. Be aware of this right from the start and take your time.
  • Make notes of the changes you’ve made to your iPhone so that you know where you are in your troubleshooting process. This will help save you time and allow you to roll back any changes that don’t help.
  • There are no guarantees that you’ll solve the problem, especially if your battery drain issue is down to a bug with iOS or an app you use, or it’s a hardware problem such as a dying battery.

With that out of the way, let’s get troubleshooting.

Background Refresh

First head over to Settings > Battery and take a look at the Battery Usage list. Tap anywhere on the list to change it from showing percentages to also show you a breakdown of how much screen time and background time the running apps are taking.

What to do if your iPhone has a battery drain issue

Battery Usage screen in iOS

Remember that while some apps — the Music app for example — are designed to work in the background, most apps are not and could be the cause of the problem.

While you’re here also look to see if you have No Cell Coverage on the list. If this is responsible for high battery usage then you’ve found your problem — being out of cell coverage or in an area with poor coverage. If this figure is high, try putting the iPhone into Airplane Mode when cell coverage is poor (you can still turn on Wi-Fi and Bluetooth independently) and see if that helps.

If you notice an app with unexplained high background usage then you may have solved your problem. Go into Settings > General > Background App Refresh and turn off background refresh for that specific app.

After you’ve done this it is a good idea to check to see if the battery drain issue is any better by repeating the tests you carried out here. If things are now good, then you’re done. If things are better then look for another app that may be working in the background where it shouldn’t and switch that off too. And if things are no better, undo the change you made previously.

Push Email

Another feature that could be draining your battery is push email, which can actually prevent your iPhone from going to sleep properly. If when you carried out the tests here you found that the Usage and Standby figures were almost identical, then this is likely down to email.

Head over to Settings > Mail > Accounts > Fetch New Data and temporarily disable Push and see if that helps. If you have multiple email accounts coming to your handset then you can click on them separately and disable push separately and see if that works.

I find that push works well for iCloud accounts but routinely causes problems with other third-party email providers.

Get your apps under control

Apps can have an indirect effect on battery life in a couple of ways.

  • Working in the background.
  • Popping up notifications

This is why you need to get your apps under control. Here are a few ways to do that.

  • Delete apps you are not using
  • For apps that you don’t use much, disable features such as notifications (Settings > Notifications), background refresh (Settings > General > Background App Refresh), and also location services (Settings > Privacy > Locations Services).

If all else fails…

If none of the above helped you narrow down the battery drain problem you are facing then you’re down to a few final options:

  • Wipe your iPhone and either reinstall everything from a backup (which risks bringing the problem back) or setting it up from scratch (which is time consuming).
  • Take your iPhone to an Apple Store and let the Geniuses attempt to fix it by laying their healing hands on it.
  • Carry a portable battery pack with you to recharge during the day.

See also:

Pushing the limits of the iPhone 7 Plus camera:

February 8, 2017 brianradio2016

You know those shows where the cop looks at a pixilated image of the bad guys and asked the computer tech to zoom in and enhance the image?

Well, it seems the team at Google Brain has, and they wanted to make it actually possible to do that. So, being Google, they did — with an assist from neural networks. But how does it work?

In IT Blogwatch, we zoom, then we enhance. 

So what is happening? Justin Duino has the background:

February 8, 2017 brianradio2016

Open source software is the norm these days rather than the exception. The code is being written in high volumes and turning up in critical applications. While having this code available can offer big benefits, users also must be wary of issues the code can present and implement proper vetting.

Josh Bressers, cybersecurity strategist at Red Hat, emphasized this point during a recent talk with InfoWorld Editor at Large Paul Krill.

InfoWorld: Why is Red Hat getting on the soapbox about open source security?

Bressers: We’ve been on this soapbox for a long time. Fundamentally, there’s a supply chain with software. In the past, you’ve not really thought of software using the supply chain concept. [In the past, it was thought of as] some dude writes software, and that’s how it is. We’re realizing now that there are vendors, and vendors provide you with a thing that goes into your product and obviously it’s designed in a way that with a supply chain if you use low-quality parts, by definition, you’re only going to get a low-quality product out the other side.

February 7, 2017 brianradio2016

Features limited to the iPhone 7 Plus helped boost sales of the larger smartphone, but they were not the only reasons why a higher percentage of customers went big last year, analysts said.

“The nature of the market is also shifting,” said Ben Bajarin of Creative Strategies, in a recent interview. As consumers encounter large-screen smartphones with more frequency — especially ones owned by friends — there’s a bandwagon effect, he explained.

Although the shift to bigger screens has been strongest in China and other Asian markets, the iPhone 7 Plus accounted for a larger proportion of new iPhones sold in the U.S. as well, said Bajarin, citing his firm’s research.

Apple does not separate iPhone sales by market, or even say exactly what percentage of total sales was of the 7 Plus, but CEO Tim Cook did claim that the number was the highest yet for its 5.5-in. model. “We saw especially strong demand for iPhone 7 Plus, which was a higher portion of the new product mix than we’ve ever seen with Plus models in the past,” Cook said during the December quarter’s earning call on Jan. 31.

February 7, 2017 brianradio2016

One of the trickiest parts of proving the value of emerging smart city technology is showing how city residents could benefit from data being picked up by sensors located on light poles and along streets.

On Tuesday, officials in Kansas City, Mo., took steps to connect how such real-time data gathered by sensors provides benefits to its citizens.

City officials unveiled an online interactive map for the public that shows available parking, traffic and KC Streetcar locations in real time with data gathered from 122 video sensors along a two-mile segment of Main Street in the downtown.

Also, at a press conference on the same day, a city contractor asked the Alexa voice service running on an Amazon Echo device which city’s buses were running late. In the demonstration, Alexa was able to come back with an answer naming the top five late buses by correlating bus routes with an array of available data.

February 7, 2017 brianradio2016

One out of every 50 new U.S. jobs last year came from the solar industry, with growth in that industry outpacing the overall U.S. economy by 17 times, according to a new report.

Overall, there were 260,077 solar workers in 2016, representing 2% of all new jobs, according to the Solar Foundation’s Solar Jobs Census 2016.

solarcity solar powerLucas Mearian

SolarCity workers prepare to install panels on the rear of a home.

Solar employment increased by more than 51,000 workers, a 25% increase over 2015, according to the report. Solar industry employment has nearly tripled since the first National Solar Jobs Census was released in 2010 — rising at least 20% annually for the past four years.

Along with growth in solar and other forms of renewables, energy storage is a rapidly growing industry, comprising 90,831 jobs — of which 47,634 are focused on battery storage.

February 7, 2017 brianradio2016

For H-1B workers, one of the most hated and frustrating parts of working in the U.S. is this: Their spouses were idled, unable to work under law. That changed in 2014, when President Obama signed a regulation that allowed some spouses to get a job. But the future of this rule may be in doubt under the new administration.

President Donald Trump’s administration, which is broadly repealing Obama-era regulations, is reviewing the H-1B spouse rule as well, according to a new court filing.

The Obama rule change affected H-1B holders who were seeking green cards or permanent residency. It allowed their spouses to get work authorization. There may have been as many as 180,000 spouses eligible, according to a lawsuit that’s challenging this rule.

After the Obama administration finalized the spouse rule, a group of former IT workers at Southern California Edison (SCE) — who were laid off after training their replacements — filed a lawsuit arguing that this new regulation was not only unlawful but unfair.