jeudi 30 avril 2015

Going After the A-list /Businesses Pursue Celebrity Clients/

       No comments

It's a dream for many small business owners: A-list celebrity clients. The owners of 5001 Flavors knew when they started the company 23 years ago they wanted to sell custom-made clothes to rap and R&B musicians. They sought out artists and record company executives at parties and music industry events. They looked in particular for up-and-coming artists. Now musicians like R. Kelly and Kid Rock are among their fans.
"We were able to really work with a lot of artists and help them go from obscurity to fame," says Sharene Wood, CEO of New York-based 5001 Flavors.
Some businesses court celebrities because they want to be part of the excitement of the entertainment industry or sports, and perhaps become well-known themselves. For other businesses, a famous client can bring publicity and a bump up in overall sales.
Just one or two celebrity clients can help a small business build a high-profile customer base.
"Once you're 'in', a lot of it takes care of itself," says Brian Menickella, a financial adviser in King of Prussia, Pennsylvania, who works with professional athletes including Los Angeles Angels centerfielder Mike Trout.
Menickella, co-owner of The Beacon Group, networked his way into advising athletes, attending baseball tournaments and befriending college coaches and sports agents.
Right Time, Right Industry
5001 Flowers launched in the early 1990s, when the hip-hop music industry was thriving and artists needed unique looks for CD album covers and videos, CEO Wood says. 5001 Flavors' designs included leather jackets, hats, shirts and accessories.
The company's designs, strategy and timing were right, Wood says.
Some of the artists eventually started their own record labels and brought more singers to the company's list of celebrity clients. Because 5001 Flavors is well known in the music industry, athletes and actors have also bought its clothes.
"One client can turn into 10. Ten can turn into a 100 in a year," Wood says.
Moving Furniture, Fooling Paparazzi


NorthStar Moving Co. began getting celebrity clients soon after the Los Angeles-based company was founded 20 years ago, owner Laura McHolm says. It has done work for production companies, and that has helped bring it many clients in entertainment; Holm estimates 15 percent of NorthStar's work comes from the industry.

New Browser Hack Can Spy On Eight Out Of Ten PCs

     ,  No comments





A group of Columbia University security researchers have uncovered a new and insidious way for a hacker to spy on a computer, Web app or virtual machine running in the cloud without being detected. Any computer running a late-model Intel microprocessor and a Web browser using HTML5 (i.e., 80% of all PCs in the world) is vulnerable to this attack.
The exploit, which the researchers are calling “the spy in the sandbox,” requires little in the way of cost or time on the part of the attacker; there’s nothing to install and no need to break into hardened systems. All a hacker has to do is lure a victim to an untrusted web page with content controlled by the attacker. Once there, the software inside the bogus content launches a program that  manipulates how data moves in and out of a victim PC’s cache, which is the part of the CPU that serves as the intermediary between the high-speed central processor and the lower-speed random access memory or RAM.

The exploit then records the time it takes for the victim’s PC to run various operations in the cache memory, using the browser’s own high-resolution timers (we’re talking nanoseconds here). By studying the time it takes for memory access to take place, the hacker can get an accurate picture about a user’s browser history, keystrokes and mouse movements. The attack is more for spying than theft: it doesn’t steal any data or passwords or corrupt the victim’s machine.

The “spy in the sandbox” is what’s known as a side-channel attack, which is one of the older tricks in the hacker’s black bag. Such an attack usually involves interpreting what’s going inside a computer guts by measuring physical outputs such as sound, electromagnetic radiation or power consumption. In the 1980s, Soviet spies reportedly were suspected of having planted tiny microphones inside IBM Selectric typewriters to record the striking of the type ball as it hit paper to determine which key was pressed. Other old-school side-channel hacks include filming and analyzing the blinking lights on old modems or external hard drives. Bad guys have since used side-channel attacks to steal pay TV streams and cars and break into phones.
Modern-day side-channel attacks now take the form of reading the activity of processors, memory or networking ports. The recent and massive shift of computing to cloud services such as Amazon EC2 or Microsoft Azure initially raised fears that hackers would be able to spy among virtual machines shared on the same servers (which is how clouds get their cost efficiencies), but apart from research done in 2009 showing that it is hypothetically possible for one virtual machine to spy on another by studying how it uses computing cycles, so far there haven’t been any publicly confirmed side-channel attacks by bad guys in the cloud. Amazon tried to downplay the 2009 report by researchers at MIT and UC-San Diego.

While it’s difficult to launch a side-channel attacks in a secured cloud, it would be far easier on the open web. A handful of security researchers have already proven various techniques, a recent one of which used a radio receiver to steal cryptographic keys from a computer sitting a few feet away. Yuval Yarom, a researcher from the University of Adelaide, Australia, last year presented a way to use a cache memory side-channel attack to steal a victim’s Bitcoin secret key after observing about 25 Bitcoin transactions.
The Columbia researchers, Yossef Oren, Vasileios Kemerlis, Simha Sethumadhavan and Angelos Keromytis, used the same technical method as Yarom but focused on how such an attack could be built into a simple Web page to hit the most amount of users as possible—without being detected.

Cybersecurity At RSA

     ,  No comments

You could tell by the din that the RSA Conference in San Francisco this week is the largest enterprise IT security confab in the world. The fact that several prominent breaches over the last year have shaken the C-suite out of its ostrichlike complacency clearly turned the volume up on this show all the way to eleven. So now money seems to be flowing into IT security like never before, adding to the commotion.
The big question: with all this security gear from the many hundreds of vendors exhibiting at the conference, each trying to get their message heard above the clamor, why do the hackers appear to be winning? Clearly, tools aren’t enough – even when they’re arguably better than ever.
Regardless, the RSA Conference is largely about the tools and technologies – where each tool addresses some corner of the security sphere. Here are my picks for some of the most interesting (in alphabetical order, so as not to play favorites). Are they sufficient? You be the judge.


CA Technologies / As the largest vendor on this list, CA Technologies was predictably showing off a number of security products. The one tool that caught my eye is their secure API management tool, which joined the CA family through the 2013 Layer 7 Technologies acquisition. Today, this product has moved well beyond its XML appliance roots to a user-friendly tool for handing all the security around APIs, so that developers don’t have to worry about the nuts and bolts when publishing their software interfaces.
Certes Networks / Once hackers penetrate a corporate network, they typically sneak around from place to place, seeking further vulnerabilities until they happen upon their goal, which is typically data they’d like to steal. Certes Networks aims to slow down this behavior by leveraging sophisticated encryption to compartmentalize the network. Different segments of the LAN or WAN have separate keys, preventing hackers from moving around easily.
Contrast Security – Contrast Security takes a page out of the agent-oriented playbook of Application Intelligence vendors like AppDynamics and New Relic, leveraging agents scattered about the network to identify vulnerability patterns in code. Customers primarily use contrast security for development and test environments that leverage Java, .Net, and Adobe Systems Cold Fusion languages, but the technology also works in the production environment. The Contrast Security plugin for Eclipse will alert developers when they introduce vulnerabilities that might allow common attacks like SQL injection, thus preventing those vulnerabilities from reaching the production environment in the first place.
CrowdStrike – CrowdStrike is one of a handful of vendors who seek to detect adversaries once they’re already on your network by uncovering indicators of attack (IOA) and indicators of compromise (IOC). These indicators are essentially breadcrumbs that hackers leave behind as they probe for vulnerabilities. The trick to detecting them is that individually they may not raise red flags, so tools like CrowdStrike must look for suspicious patterns – at least until the hackers figure out how to avoid leaving breadcrumbs.

From Kaspersky To Webroot, Major Security Firms Can't Even Get Basic Android Encryption Right

     ,  No comments

When recently-appointed president of RSA, Amit Yoran, opened his company’s flagship conference yesterday, he warned the security industry was living in the dark ages. Protections just aren’t working, he said. Various anti-virus firms, including big names like Kaspersky and Webroot, have offered proof that the market’s many players get it wrong; they’re on a list of companies whose Google Play Android apps don’t do proper encryption checks, according to research from the Computer Emergency Response Team (CERT) at Carnegie Mellon’s Software Engineering Institute.

The CERT discovered a whopping 22,000 apps that weren’t carrying out “SSL validation”, where the software is supposed to check certificates over encrypted communications to ensure the parties involved are verified. Kaspersky’s Internet Security app and Webroot’s free offering and its “complete” tool (an apt name, perhaps?) both failed to carry out these checks, meaning an attacker sitting on the same network as a target user could, in theory, spoof those services and collect data the victim hands over to the fake application. That could be credit card data, especially where in-app purchases are taking place, as in both Kaspersky and Webroot anti-virus, or usernames and passwords. Users would understandably assume that apps using encryption were safe, so would likely be oblivious to such “man-in-the-middle” attacks.




Microsoft loses ~12 cents on every phone sold

     ,  No comments
Despite hitting a record 10 million sales in the second quarter of 2015, Microsoft's phone division is in trouble. Competitors, including Apple and Google, are pushing the envelope even further, leaving Microsoft in the dust. Redmond has seemingly chosen to produce only low-end phones with a flagship phone conspicuously absent from the current lineup.
A filing with the Securities and Exchange Commission highlights just how bad things have become. Microsoft acquired Nokia back in 2013 for around $7.2 billion (a figure which has since risen to over $9 billion, according to the filing) and the division, named "Phone Hardware", brought in $1.4 billion in Q3 2015 with the cost of revenue exceeding that figure by $4 million. This means that Microsoft lost around 12 cents per phone according to analysts, even before R&D costs, among other expenses, are applied, despite exceptional unit sales.
The filing talks of a potent write-off of the Nokia acquisition, too. Microsoft describes a "potentially material charge to earnings" as "impairment adjustment is required" due to "[d]eclines in expected future cash flows, reduction in future unit volume growth rates, or an increase in the risk-adjusted discount rate used to estimate the fair value of the Phone Hardware reporting unit." This wording is similar to that which Microsoft issued before taking a $6.2 billion write-off of its aQuantive acquisition.
Microsoft CEO Satya Nadella described a need to "take further action to reduce our costs across devices as we execute on our Windows 10 first-party hardware plans." According to ComputerWorld, Microsoft does its impairment calculations in May, factoring them into its April to June quarter and so if a write-off occurs it would be announced in July.
to buy



First Look: HP Spectre x360

       No comments

HP’s stunning new Spectre x360 gives Windows fans reason to cheer: It’s a premium transforming, multi-touch Ultrabook that doesn’t ape the MacBook Air’s styling but does deliver stellar performance and battery life. Best of all, perhaps, the Spectre x360 won’t set you back the $2000+ that other premium Windows Ultrabooks currently demand: it starts at less than half that heady sum.

I’ve been using an HP Spectre x360 since last week, and it appears that HP has successfully done for the high-end of the market what Stream did for the low-end: Revitalize HP’s PC reputation by delivering an awesome combination of power, style, and value. Readers know I’m always looking for the best values in technology. And this Spectre delivers.

Let’s start with the industrial. The Spectre x360 is precision milled and machine polished from aluminum and immediately presents the kind of understated elegance one might associate with Mercedes. It’s not a head-turner: indeed, on a recent trip I’m not sure that anyone even noticed I was using it. But the x360 is very clearly well-made, with a premium look and feel.

What’s most magical about the Spectre x360, however, is that it is very clearly a high-end Windows Ultrabook … until it isn’t. Thanks to its unique hinge design, you can rotate the screen all the way back and use it, Yoga-like, in tent, presentation or tablet modes too.

It’s not the capability that’s unique—many modern PCs can transform like this—it’s that the hinges don’t protrude in any way and that the device is no thicker in tablet mode than it is when closed.

So with the Spectre x360, HP is getting right what Microsoft got wrong with Surface Pro 3. Microsoft’s device is “the tablet that can replace your laptop,” so it’s oriented as a tablet first, laptop second. HP’s Spectre x360 is a laptop that can also be a tablet, or other form factors. It is true to the primary use cases of PCs, and is the more efficient—better—PC.

In keeping with this PC focus, the HP Spectre x360 is outfitted with modern, mainstream Intel Core i5 and i7 processors, and not the somewhat compromised Core M processors we see on newer hybrid devices. It can be had with 4 GB or 8 GB of RAM. 128 to 512 GB SSD storage. There are three full-sized USB 3.0 ports—no strange mix of USB 2.0 and 3.0 here—and full-sized HDMI and miniDisplayPort (so the device can drive two external displays simultaneously), plus an SD card reader.

The display is gorgeous. HP provides two panels, Full HD (1920 x 1080 and Quad HD (2,560 x 1,440), both of which are 13.3-inches and provide 10 points of multi-touch.
The keyboard is sublime. This is an area in which I had pretty much drifted off, given how much island-style keyboards are so similar. But the HP’s keyboard has a rock-solid feel to it that has re-awoken my need for a great keyboard. It doesn’t look special, but when you start typing the difference is immediately obvious.

The trackpad had me worried: it is the weirdest, widest trackpad I’d ever seen, and as someone with big hands, I’m very leery of errant palm swipes ruining my typing. So far, so good though: Despite the curiously wide trackpad, this is one of the most reliable trackpad experiences I’ve had. I still prefer a mouse, personally, but as trackpads go this is one of the best.

I’m not testing this, but HP’s Pro Tablet Active Pen is also compatible with the Spectre x360.
But here’s where things get truly interesting. HP claims that the Spectre x360 can obtain 10 to 12.5 hours of battery life in real world conditions—not with the display dimmed down to non-viewability, and not in special lab conditions—a claim I am well on my way to verifying. On a recent flight, I used the Spectre x360 for three hours and as I closed the lid, I noted about 70 percent of battery life left.
As HP noted, the MacBook Air also delivers about 12 hours of battery life. But the Apple device has a much lower-resolution panel and does not support multi-touch nor provide any transforming capabilities. These are fair points, but I would counter that the MacBook Air is also a bit lighter (2.96 pounds vs. 3.3 pounds) and thinner, as you can see below.
Apple MacBook Air (top) and HP Spectre x360 (bottom)
And then there’s the pricing.

I’ve been shopping recently for a high-end Ultrabook to replace my aging 2012-era 15-inch Samsung Series 9, and I’ve had a few interesting possibilities—the Lenovo Yoga 3 Pro and ThinkPad X1 Carbon among them—come across my desk. But where these and other similar machines cost $1500 to $2200 as I’d configure them, the HP is quite reasonably priced.
The Spectre x360 will start shipping on March 15 with a starting price of $899 for a version with an Intel Core i5 processor, 4 GB of RAM, a 128 GB SSD, and a Full HD display. Step up to 8 GB of RAM and 256 GB SSD—the model I’m reviewing and the one I would spend my own money on—and you’re looking at just $999. This is literally half the price of the machines I’d been considering.
You can step up from there as well. For $1149, you can add a Core i7 processor. And then in early April, you’ll be able to step up to that Quad HD screen for $1399.
I’ll keep testing and will post my final review in a few weeks. But my initial response is over the moon. This could very well be the premium Ultrabook I’ve been looking for.
to buy 
 

Microsoft Wireless Display Adapter

     ,  No comments
While Miracast was once an unreliable solution for replicating a PC or device screen to an external display, Microsoft’s newer Miracast dongles—in particular the inexpensive Microsoft Wireless Display Adapter—change all that. And I now bring such a device with me on family trips so that we can all enjoy TV shows or movies together on the big screen.

We’re in Puerto Rico this week for the kids’ vacation—how we managed to get out of Boston and its historic snowfalls and low temperatures is still unclear—and I brought along the Microsoft Wireless Display Adapter for this very reason. It’s a simple and, at $60 at the Microsoft Store, inexpensive solution: Just plug in the HDMI end of the dongle to an available HDMI port on the TV and plug the USB end into a USB port for power. (If there’s no USB port on the TV, you can use a standard cell phone-like power adapter instead.)
In addition to its rock-solid reliability, there are a number of nice things about the Microsoft Wireless Display Adapter.
First, because it’s Miracast, it doesn’t require a Wi-Fi network to work: you just make a direct connection between a compatible PC or device (see below) and the dongle. If we had brought along a similarly sized Roku Streaming Stick or Amazon Fire TV Stick, we’d have been left stranded since those devices need to connect to Wi-Fi and they can’t navigate a hotel’s web-based sign-in pages.
Second, it works with all my devices, which on this trip include a Surface Pro 3 and a Nokia Lumia 930 smart phone. Basically, you need Windows 8.1 or Windows Phone 8.1, or Android to use any Miracast device. (And if you’re using Windows 8.1 (as with the Surface), you can even download a special Microsoft Wireless Display Adapter app for configuring the device, though that is not necessary on a trip like this.)
I tested the Wireless Display Adapter with both of these devices and it worked great: With the phone, you get a nice screen replication, which is of course odd in portrait mode.
On Surface Pro 3, the display projection functionality in Windows 8.1 goes to screen duplication by default, which squishes the built-in device display. But you can switch to external only and just used the Surface’s trackpad to control onscreen items. It works fine.
Because the Wireless Display Adapter works with my devices, that further means it works with anything I can do on those devices. Native apps like Netflix and Xbox Video. Web-based apps like YouTube or Google Play Video. Everything works.
Finally, the Wireless Display Adapter is small and self-contained, so you won’t notice its size or heft at all in a carry-on bag, let alone the device bag I throw in my larger luggage. Bringing this device along on a trip is a no-brainer, and if I don’t use it, no harm no foul.
Looking ahead to this summer, we’ll be traveling to France, and accessing US-based services like Netflix has other challenges. I’ll examine those issues in August, but it’s fair to say that screen projection via the Wireless Display Adapter will work just as well in Europe as it does here in the USA. And this dongle will be a permanent part of my travel toolkit going forward.