The content below is taken from the original (Announcing the Public Preview of the Azure Site Recovery Deployment Planner), to continue reading please visit the site. Remember to respect the Author & Copyright.

With large enterprises deploying Azure Site Recovery (ASR) as their trusted Disaster Recovery solution to protect hundreds of virtual machines to Microsoft Azure, proper deployment planning before production rollout is critical. Today, we are excited to announce the Public Preview of the Azure Site Recovery Deployment Planner. This tool that helps enterprise customers to understand their on-premises networking requirements, Microsoft Azure compute and storage requirements for successful ASR replication, and test failover or failover of their applications. In the current public preview the tool is available only for the VMware to Azure scenario.

• The Deployment Planner can be run without having to install any ASR components in your on-premises environment.
• The tool does not impact the performance of the production servers, as no direct connection is made to them. All performance data is collected from the VMware vCenter Server/VMware vSphere ESXi Server which hosts the production virtual machines.

What all aspects does the ASR Deployment Planner cover?

As you move from a proof of concept to a production rollout of ASR, we strongly recommend running the Deployment Planner. The tool will help you answer the following questions:

Compatibility assessment

• Which on-premises servers are not qualified to protect to Azure with ASR and why?

Network bandwidth need vs. RPO assessment

• How much network bandwidth is required to replicate the servers to meet the desired RPO?
• How many virtual machines can be replicated to Azure in parallel to complete initial replication in a given time with available bandwidth?
• What is the throughput that ASR will achieve on my provisioned network?
• What RPO can be achieved for available bandwidth?
• What is the impact on the desired RPO if lower bandwidth is provisioned?

Microsoft Azure infrastructure requirements

• How many storage accounts need to be provisioned in Microsoft Azure?
• What type of Azure Storage (standard/premium) accounts should every protected virtual machine be placed on for best application performance?
• What virtual machines can be replicated to a single storage account?
• How many cores are required to be provisioned in the Microsoft Azure subscription for successful test failover/failover?
• What Microsoft Azure virtual machine size should be used for each of the on-premises servers to get optimal application performance during a test failover/failover?

On-premises infrastructure requirements

• How many on-premises ASR Configuration Servers and Process Servers are needed?

Factoring future growth

• How are all the above factors impacted after considering possible future growth of the on-premises workloads with increased usage?

How does the ASR Deployment Planner work?

The ASR Deployment Planner has three main modes of operation:

• Profiling
• Report generation
• Throughput calculation

Profiling

In this mode, you profile all the on-premises servers that you want to protect over a few days, e.g. 30 days. The tool stores various performance counters like R/W IOPS, Write IOPS, data churn, and other virtual machine characteristics like number of cores, number/size of disks, number of NICs, etc. by connecting to the VMware vCenter Server/VMware vSphere ESXi Server where the virtual machines are hosted. Learn more about profiling.

Report Generation

In this mode, the tool uses the profiled data to generate a deployment planning report in Microsoft Excel format. The report has five sheets:

• Input
• Recommendations
• Virtual machine to storage placement
• Compatible VMs
• Incompatible VMs

By default, the tool takes 95th percentile of all the profiled performance metrics and includes a growth factor of 30%. Both these parameters, percentile calculation and growth factor, are configurable. Learn more about report generation.

Throughput Calculation

In this mode, the tool finds the network throughput that can be achieved from your on-premises environment to Microsoft Azure for ASR replication. This will help you determine what additional bandwidth you need to provision for ASR replication. Learn more about throughput calculation.

With ASR’s promise of full application recovery on Microsoft Azure, thorough deployment planning is critical for both disaster recovery and migration scenarios where ASR is used. With the new ASR Deployment Planner, we will ensure that both brand new deployments and existing deployments where you are looking to protect or migrate more servers get the best ASR replication experience and application performance when running on Microsoft Azure.

You can check out additional product information and start replicating your workloads to Microsoft Azure using Azure Site Recovery today. You can use the powerful replication capabilities of Site Recovery for 31 days at no charge for every new physical server or virtual machine that you replicate. Visit the Azure Site Recovery forum on MSDN for additional information and to engage with other customers, or use the ASR UserVoice to let us know what features you want us to enable next.

The content below is taken from the original (5 lessons from Amazon’s S3 cloud blunder – and how to prepare for the next one), to continue reading please visit the site. Remember to respect the Author & Copyright.

The content below is taken from the original (Microsoft employees donate $650 million in cash, services and software), to continue reading please visit the site. Remember to respect the Author & Copyright.

The content below is taken from the original (Using On-Premises Azure Backup Instant File Recovery), to continue reading please visit the site. Remember to respect the Author & Copyright.

In this post, I will show you how to use Instant File Recovery with the MARS agent to restore files from Azure Backup.

Before Instant File Recovery

The Azure Backup MARS agent had a very traditional file restoration process before the introduction of Instant File Recovery. You selected a time that you want to restore a file from, browsed the backup store using a dialog box in the restore wizard, and then committed to restoring a file or folder. This meant that you had to restore something before seeing if it was what you wanted to restore.

Imagine your boss calls up to ask for a file to be restored that someone deleted some time ago … how far back do you go? Do you go back one day? Two? Thirty? What if the file was corrupted sometime in the past but no one knows when; how far do you go back to restore the file? How many restores have you to do to get the file back and keep your boss from taking their anger out on you?

Instant File Recovery

Microsoft made restores easier with Instant File Recovery, which you can use with version 2.0.9062.0 or later, with any age of backup you have completed with a recovery services vault. Click Recover Data in the Microsoft Azure Backup console to start the Recover Data Wizard.

The first dialog box asks if you want to restore data from the current machine or another machine; select the appropriate option.

The next screen asks if you want to restore Individual Files And Folders or if you want to restore an entire volume. Choose the Individual Files And Folders option to use Instant File Recovery. The agent will retrieve the available backup data for the machine from the recovery services vault. You can select which volume you want to restore from in the Select Volume And Date screen; the available recovery points for the selected volume are retrieved from Azure. The dialog updates itself to present you with a selection of available recovery points.

Choose a date with a recovery point (bold in the calendar), select a time from when the recovery point was created, and click Mount.

Choose a restore point [Image Credit: Aidan Finn]

And this is where things change. Instead of browsing a representation of the file system and being locked into restoring a file or folder, the recovery point in Azure is remotely mounted by your MARS agent using iSCSI. This might sound like it’ll be complicated, but the recovery point just appears as another volume in File Explorer.

Browsing an Azure Backup recovery point using Instant File Recovery [Image Credit: Aidan Finn]

Restoring a file is easy:

1. Browse through the folder structure to find the file if it is there.
2. Open the file, directly from Azure without restoring it, to see if it’s what you want or if it’s not corrupt.
3. Copy the file to wherever you want to, using the same copy/paste methods you’ve been using for years.

The mount will stay active until either:

• You click unmount in the Azure Backup console.
• 6 hours pass and the mount is automatically disconnected.

This means that you can go back in and get more files from the same recovery point if you need them, without going through the wizard again, saving you lots of time for complex recoveries.

The post Using On-Premises Azure Backup Instant File Recovery appeared first on Petri.

The content below is taken from the original (The best password managers), to continue reading please visit the site. Remember to respect the Author & Copyright.

By Joe Kissell

This post was done in partnership with The Wirecutter, a buyer’s guide to the best technology. When readers choose to buy The Wirecutter’s independently chosen editorial picks, it may earn affiliate commissions that support its work. Read the full article here.

If you’re not using a password manager, start now. As we wrote in Password Managers Are for Everyone—Including You, a password manager makes you less vulnerable online by generating strong random passwords, syncing them securely across your browsers and devices so they’re easily accessible everywhere, and filling them in automatically when needed. After 15 hours of research and testing, we believe that LastPass is the best password manager for most people. It has all the essential features plus some handy extras, it works with virtually any browser on any device, and most of its features are free.

Who should get this

Everyone should use a password manager. The things that make strong passwords strong—length, uniqueness, variety of characters—make them difficult to remember, so most people reuse a few easy-to-remember passwords everywhere they go online. But reusing passwords is dangerous: If just one site suffers a security breach, an attacker could access your entire digital life: email, cloud storage, bank accounts, social media, dating sites, and more. And if your reused password is weak, the problem is that much worse, because someone could guess your password even if there isn’t a security breach.

If you have more than a handful of online accounts—and almost everyone does—you need a good password manager. It enables you to easily ensure that each password is both unique and strong, and it saves you the bother of looking up, remembering, typing, or even copying and pasting your passwords when you need them. If you don’t already use a password manager, you should get one, and LastPass is a fabulous overall choice for most users.

How we picked and tested

Although I’d already spent countless hours testing password managers in the course of writing my book Take Control of Your Passwords, for this article I redid most of the research and testing from scratch, because apps in this category change constantly—and often dramatically.

I looked for tools that do their job as efficiently as possible without being intrusive or annoying. A password manager should disappear until you need it, do its thing quickly and with minimum interaction, and require as little thought as possible (even when switching browsers or platforms). And the barrier to entry should be low enough—in terms of both cost and simplicity—for nearly anyone to get up to speed quickly.

I began by ruling out the password autofill features built into browsers like Chrome and Firefox—although they’re better than nothing, they tend to be less secure than stand-alone apps, and they provide no way to use your stored passwords with other browsers.

Next I looked for apps that support all the major platforms and browsers. If you use only one or two platforms or browsers, support for the others may be irrelevant to you, but broad compatibility is still a good sign. This means, ideally, support for the four biggest platforms—Windows, macOS, iOS, and Android—as well as desktop browser integration with at least Chrome and Firefox, plus Safari on macOS.

I excluded apps that force you to copy and paste passwords into your browser rather than offering a browser extension that lets you click a button or use a keystroke to fill in your credentials. And, because most of us use more than one computing device, the capability to sync passwords securely across those devices is essential.

After narrowing down the options, I tested eight finalists: 1Password, Dashlane, Enpass, Keeper, LastPass, LogmeOnce, RoboForm, and Sticky Password.

I tested for usability by doing a number of spot checks to verify that the features described in the apps’ marketing materials matched what I saw in real life. I set up a simple set of test forms on my own server that enabled me to evaluate how each app performed basic tasks such as capturing manually entered usernames and passwords, filling in those credentials on demand, and dealing with contact and credit card data.

If my initial experiences with an app were good, I also tried that app with as many additional platforms and browsers as I could in order to form a more complete picture of its capabilities. I did portions of my testing on macOS 10.12, Windows 10, Chromium OS (as a stand-in for Chrome OS), iOS 10, Apple Watch, and Android.

Our pick

Before I get to what’s great about LastPass, a word of context: LastPass, Dashlane, and 1Password are significantly better than the rest of the field. I suspect most people would be equally happy with any of them. What tipped the scales in favor of LastPass was the company’s announcement on November 2, 2016, that it was making cross-device syncing (formerly a paid feature) available for free. Although there’s still a Premium subscription that adds important features (more on that in our full guide), this change makes LastPass a no-brainer for anyone who hasn’t yet started using a password manager. Even its $12/year premium tier is much cheaper than 1Password or Dashlane’s paid options.

LastPass has the broadest platform support of any password manager I saw. Its autofill feature is flexible and nicely designed. You can securely share selected passwords with other people; there’s also an Emergency Access feature that lets you give a loved one or other trusted person access to your data. An Automatic Password Change feature works on many sites to let you change many passwords with one click, and a Security Challenge alerts you to passwords that are weak, old, or duplicates, or that go with sites that have suffered data breaches.

LastPass works on macOS, Windows, iOS, Android, Chrome OS, Linux, Firefox OS, Firefox Mobile, Windows RT, Windows Phone—even Apple Watch and Android Wear smartwatches. (Sorry, no BlackBerry, Palm, or Symbian support.) It’s available as a browser extension for Chrome, Firefox, Safari, Internet Explorer, and Microsoft Edge, and it has desktop and mobile apps for various platforms.

Upgrade pick for Apple users

If you’re a Mac, iPhone, and/or iPad user with a few extra bucks, and you’d like even more bells and whistles in your password manager, 1Password is well worth a look. 1Password has a more polished and convenient user interface than either LastPass or Dashlane. It’s also a little faster at most tasks; it has a local storage option if you don’t trust your passwords to the cloud; it gives you more options than LastPass for working with attached files; and it can auto-generate one-time tokens for many sites that use two-step verification—LastPass requires a separate app for this. 1Password is, however, more expensive than LastPass and doesn’t work on as many platforms: Windows and Chromebook users, especially, are better off with LastPass.

This guide may have been updated by The Wirecutter. To see the current recommendation, please go here.

Note from The Wirecutter: When readers choose to buy our independently chosen editorial picks, we may earn affiliate commissions that support our work.

The content below is taken from the original (Announcing new Azure Functions capabilities to accelerate development of serverless applications), to continue reading please visit the site. Remember to respect the Author & Copyright.

Ever since the introduction of Azure Functions, we have seen customers build interesting and impactful solutions using it.  The serverless architecture, ability to easily integrate with other solutions, streamlined development experience and on-demand scaling enabled by Azure Functions continue to find great use in multiple scenarios.

Today we are happy to announce preview support for some new capabilities that will accelerate development of serverless applications using Azure Functions.

Integration with Serverless Framework

Today we’re announcing preview support for Azure Functions integration with the Serverless Framework. The Serverless Framework is a popular open source tool which simplifies the deployment and monitoring of serverless applications in any cloud. It helps abstract away the details of the serverless resources and lets developers focus on the important part – their applications. This integration is powered by a provider plugin, that now makes Azure Functions a first-class participant in the serverless framework experience.  Contributing to this community effort was a very natural choice, given the origin of Azure Functions was in the open-source Azure WebJobs SDK.

You can learn more about the plugin in the Azure Functions Serverless Framework documentation and in the Azure Functions Serverless Framework blog post. 

Azure Functions Proxies

Functions provide a fantastic way to quickly express actions that need to be performed in response to some triggers (events).  That sounds an awfully lot like an API, which is what several customers are already using Functions for.  We’re also seeing customers starting to use Functions for microservices architectures, with a need for deployment isolation between individual components.

Today, we are pleased to announce the preview of Azure Functions Proxies, a new capability that makes it easier to develop APIs using Azure Functions. Proxies let you define a single API surface for multiple function apps. Any function app can now define an endpoint that serves as a reverse proxy to another API, be that another function app, an API app, or anything else.

You can learn more about Azure Functions Proxies by going to our documentation page and in the Azure Functions Proxies public preview blog post. The feature is free while in preview, but standard Functions billing applies to proxy executions. See the Azure Functions pricing page for more information.

Integration with PowerApps and Flow

PowerApps and Flow are services that enable business users within an organization to turn their knowledge of business processes into solutions. Without writing any code, users can easily create apps and custom automated workflows that interact with a variety of enterprise data and services. While they can leverage a wide variety of built-in SaaS integrations, users often find the need to incorporate company-specific business processes. Such custom logic has traditionally been built by professional developers, but it is now possible for business users building apps to consume such logic in their workflows.

Azure App Service and Azure Functions are both great for building organizational APIs that express important business logic needed by many apps and activities.  We’ve now extended the API Definition feature of App Service and Azure Functions to include an "Export to PowerApps and Microsoft Flow" gesture. This walks you through all the steps needed to make any API in App Service or Azure Functions available to PowerApps and Flow users. To learn more, see our documentation and read the APIs for PowerApps and Flow blog post.

We are excited to bring these new capabilities into your hands and look forward to hearing from you through our forums, StackOverFlow, or Uservoice.

The content below is taken from the original (How Exchange Online Protection Dynamic Delivery Works Inside Office 365), to continue reading please visit the site. Remember to respect the Author & Copyright.

ATP Plays Safe with Attachments

Microsoft introduced the Safe Attachments feature as part of its Advanced Threat Protection (ATP) offering in 2015. ATP is an option for Exchange Online Protection (EOP). It is included in the Office 365 E5 plan and can be licensed as an add-on for $2/user per month for other Office 365 plans. Now Safe Attachments provides the option to scan inbound attachments dynamically and allow users access to message bodies while the scan proceeds. This feature is called Dynamic Delivery.

The Problem Lurking in Email

The idea behind Safe Attachments is simple. We know that attachments are a prime transmission vector for malware. This has been true since the first email-transmitted attacks like the famous “I Love You” virus appeared in 2002.

The majority of email messages are safe in that anti-malware engines are able to detect that their content does not include anything that could damage the recipient. But because malware authors constantly alter their attack techniques in an attempt to bypass anti-malware blocks, the danger exists that items might contain something that is dangerous but cannot be detected because the attack vector has never been seen before. This content might belong to a so-called Day Zero attack.

Messages and attachments that do not have a known malware signature are deemed unsafe. ATP routes these messages to a special hypervisor environment where a variety of techniques are used to test the content. If everything checks out, ATP releases the item back to the Exchange transport system for delivery to the end user.

The basic Safe Attachments feature works, but the need to spin up special test servers in the hypervisor environment to probe suspicious content can result in email delays. Some tenants reported that they experienced delays of between 10 and 15 minutes, depending on the load on Office 365 and EOP. A good case can be made that it is better to be safe than sorry when Day Zero attacks erupt in the wild, but users want their email now. And they want their email to be secure. It’s a hard balancing act.

Dynamic Delivery Steps In

Dynamic Delivery builds on the concept of Safe Attachments while recognizing that, in most cases, unrecognized content lurks in attachments rather than the messages to which they are attached. If a message is OK, it is possible to deliver it immediately. Meantime, the attachment is shuttled off to the side to be checked and when everything checks out, the attachment is released to reconstitute the full message.

The advantage of the approach is obvious. Recipients get to see the safe part of a message immediately instead of having to wait for EOP to validate the entire content. And often it is enough for a recipient to see the text of a message to understand its importance and know if they must take action.

Setting Up Dynamic Delivery

To implement Dynamic Delivery, you first need the necessary Office 365 licenses. Moving past that obvious requirement (Office 365 does nothing unless licenses are in place). The next step is to enable Safe Attachments scanning by policy. Go to the Threat Management section of the Security and Compliance Center and access Safe Attachments., You might not have a policy in place already. If not, create a new policy. You can then enable Dynamic Delivery in the policy (Figure 1) and decide the mailboxes to which you want the policy to apply. You can apply a policy to all recipients in one or more domains or members of a distribution group, or even individual people. You can also decide to exclude certain recipients from the policy (they are the people who only receive “nice” attachments). And multiple Safe Attachments policies can be active within a tenant.

Figure 1: Enabling Dynamic Delivery in a Safe Attachments Policy (image credit: Tony Redmond)

The User View

The Safe Attachments policy becomes active immediately it is saved. Users will be unaware that anything has changed until the first time that ATP intercepts a suspicious message en route to their mailbox. When this happens, ATP swaps the suspicious attachment for a special .eml attachment to inform the user what is happening (Figure 2).

Figure 2: What a user sees when an attachment is being scanned (image credit: Tony Redmond)

In the background, ATP is scanning the suspicious content as before. The difference is that the user knows what is happening and can access and deal with any “good content” immediately. And when the scan is complete, ATP swaps its message out for the original now-verified and passed attachment. In my experience, the delay between the arrival of a new message and ATP updating the message with a passed attachment is usually two-three minutes, depending on the number of attachments. In short, it is enough for the recipient to read the cover note and begin to consider opening the attachment.

One thing that might disturb users is that messages are apparently delivered twice to their Inbox. The first contains the ATP notice; the second contains the real content. You get two notifications on mobile devices… But after a while, you get used to what’s happening.

A Step Forward

The war against malware will not stop anytime soon. Too many victims remain for malware authors to exploit, usually at great profit for the miscreants and loss for the unsuspecting. It is good to see Microsoft evolving ATP to speed up delivery to users while retaining the goodness of attachment checking. I rather like dynamic delivery. It is a good addition to the anti-malware mix.

Follow Tony on Twitter @12Knocksinna.

Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle.

The post How Exchange Online Protection Dynamic Delivery Works Inside Office 365 appeared first on Petri.

The content below is taken from the original (Why DRaaS is a better defense against ransomware), to continue reading please visit the site. Remember to respect the Author & Copyright.

Image by Eric E Castro

It’s one thing for a user’s files to get infected with ransomware, it’s quite another to have a production database or mission-critical application infected. But, restoring these databases and apps from a traditional backup solution (appliance, cloud or tape) will take hours or even days which can cost a business tens or hundreds of thousands of dollars. Dean Nicolls, vice president of marketing at Infrascale, shares some tangible ways disaster recovery as a service (DRaaS) can pay big dividends and quickly restore systems in the wake of a ransomware attack.

To read this article in full or to leave a comment, please click here

The content below is taken from the original (MIT researchers built an energy-sipping power converter), to continue reading please visit the site. Remember to respect the Author & Copyright.

Researchers from MIT’s Microsystems Technologies Laboratories have built a new power supply system designed specifically for powering electronic sensors, wireless radios and other small devices that will eventually connect the Internet of Things. While most power converters deliver a constant stream of voltage to a device, MIT’s new scheme allows low-power devices to cut their resting power consumption by up to 50 percent.

The MIT system was announced at International Solid-State Circuits Conference earlier this month and maintains its efficiency at a very broad range of currents from 500 picoamps to 1 milliamp.

"Typically, converters have a quiescent power, which is the power that they consume even when they’re not providing any current to the load," Arun Paidimarri, one of the postdocs who worked on the project said. "So, for example, if the quiescent power is a microamp, then even if the load pulls only a nanoamp, it’s still going to consume a microamp of current. My converter is something that can maintain efficiency over a wide range of currents."

Rather than providing a continuous flow of power, the MIT step-down converter works with "packets" of energy. "You have these switches, and an inductor, and a capacitor in the power converter," Paidimarri said, "and you basically turn on and off these switches." The switches themselves have a circuit that release a packet of energy when the output voltage is below a specific level. If the device is using a low-power circuit — say it’s a sensor waking up to take a measurement — then the device only releases a few packets of energy. If the device needs a high-power circuit — to send a wireless signal, for example — then it can release up to a million packets per second.

What’s more, the resulting 50 percent drop in quiescent power means the researchers can start exploring other, lower-power energy sources like body-powered electronics.

Via: TechCrunch

Source: MIT News

The content below is taken from the original (5 ways to spot a phishing email), to continue reading please visit the site. Remember to respect the Author & Copyright.

No one wants to believe they’d fall for a phishing scam. Yet, according to Verizon’s 2016 Data Breach Investigations Report, 30 percent of phishing emails get opened. Yes, that’s right — 30 percent. That incredible click-through rate explains why these attacks remain so popular: it just works.

Phishing works because cybercriminals take great pains to camouflage their “bait” as legitimate email communication, hoping to convince targets to reveal login and password information and/or download malware, but there are still a number of ways to identify phishing emails. Here are five of the most common elements to look for.

Related Video

1. Expect the unexpected

In a 2016 report from Wombat Security, organizations reported that the most successful phishing attacks were disguised as something an employee was expecting, like an HR document, a shipping confirmation or a request to change a password that looked like it came from the IT department.

Make sure to scrutinize any such emails before you download attachments or click on any included links, and use common sense. Did you actually order anything for which you’re expecting a confirmation? Did the email come from a store you don’t usually order supplies from? If so, it’s probably a phishing attempt.

Don’t hesitate to call a company’s customer service line, your HR department or IT department to confirm that any such emails are legitimate – it’s better to be safe than sorry.

2. Name check

If you receive an email or even an instant message from someone you don’t know directing you to sign in to a website, be wary, especially if that person is urging you to give up your password or social security number. Legitimate companies never ask for this information via instant message or email, so this is a huge red flag. Your bank doesn’t need you to send your account number — they already have that information. Ditto with sending a credit card number or the answer to a security question.

You also should double-check the “From” address of any suspicious email; some phishing attempts use a sender’s email address that is similar to, but not the same as, a company’s official email address.

[ Related story: 2017 Security predictions ]

3. Don’t click on unrecognized links

Typically, phishing scams try to convince you to provide your username and password, so they can gain access to your online accounts. From there, they can empty your bank accounts, make unauthorized charges on your credit cards, steal data, read your email and lock you out of your accounts.

Often, they’ll include embedded URLs that take you to a different site. At first glance, these URLs can look perfectly valid, but if you hover your cursor over the URL, you can usually see the actual hyperlink. If the hyperlinked address is different than what’s displayed, it’s probably a phishing attempt and you should not click through.

[ Related story: CIOs List the top hiring priorities for 2017 ]

Another trick phishing scams use is misleading domain names. Most users aren’t familiar with the DNS naming structure, and therefore are fooled when they see what looks like a legitimate company name within a URL. Standard DNS naming convention is Child Domain dot Full Domain dot com; for example, info.LegitExampleCorp.com. A link to that site would go to the “Information” page of the Legitimate Example Corporation’s web site.

IDG

A phishing scam’s misleading domain name, however, would be structured differently; it would incorporate the legitimate business name, but it would be placed before the actual, malicious domain to which a target would be directed. For instance, Name of Legit Domain dot Actual Dangerous Domain dot com: LegitExampleCorp.com.MaliciousDomain.com.

To an average user, simply seeing the legitimate business name anywhere in the URL would reassure them that it was safe to click through. Spoiler alert: it’s not.

4. Poor spelling and/or grammar

It’s highly unlikely that a corporate communications department would send messages to its customer base without going through at least a few rounds of spelling and grammar checks, editing and proofreading. If the email you receive is riddled with these errors, it’s a scam.

You should also be skeptical of generic greetings like, “Dear Customer” or “Dear Member.” These should both raise a red flag because most companies would use your name in their email greetings.

IDG

[ Related story: 14 Best tech jobs in America ]

5. Are you threatening me?

“Urgent action required!” “Your account will be closed!” “Your account has been compromised!” These intimidation tactics are becoming more common than the promise of “instant riches”; taking advantage of your anxiety and concern to get you to provide your personal information. Don’t hesitate to call your bank or financial institution to confirm if something just doesn’t seem right.

And scammers aren’t just using banks, credit cards and email providers as cover for their scams, many are using the threat of action from government agencies like the IRS and the FBI to scare unwitting targets into giving up the goods. Here’s the thing: government agencies, especially, do not use email as their initial means of communication.

IDG

Phishing scams continue to evolve

This is by no means a comprehensive list. Phishing scammers are constantly evolving, and their methods are becoming more cunning and difficult to trace. New tactics include this frighteningly effective Gmail attack, end-of-the-year healthcare open enrollment scams, low-priced Amazon bargains, and tax-season attempts.

So, trust your gut. If an offer seems too good to be true, it probably is. If something seems even the slightest bit “off”, don’t open the email or click on links.

More resources on phishing and how to protect yourself can be found at Phishing.org.

This story, “5 ways to spot a phishing email” was originally published by
CIO.

Join the Network World communities on

Facebook

and

LinkedIn

to comment on topics that are top of mind.

The content below is taken from the original (Sinclair C5 gets a modern reboot as the IRIS eTrike), to continue reading please visit the site. Remember to respect the Author & Copyright.

Before the Toyota Prius and Tesla Model S, there was the Sinclair C5. Launched in 1985, the electric tricycle was supposed to be the first of many battery-powered vehicles from inventor Clive Sinclair — renowned for developing personal computers such as the ZX Spectrum. The ambitious product was a huge flop due to its short range, low top speed and other limitations, selling only 5,000 before manufacturer Sinclair Vehicles folded. Perhaps it was ahead of its time, or at least that’s what Sir Clive’s nephew Grant Sinclair must be hoping, as he’s created a 25th century reimagining of the C5 called the IRIS eTrike.

The futuristic three-wheeler is part pushbike, part EV, with an eight-speed, twist grip gearing system. Its battery apparently has a one-hour charge cycle and a 50-mile range at a top speed of over 25MPH. But who wants the silver "Eco" version when you can get the matte black "Extreme" model with a top speed of over 30MPH? The eTrike will also be road legal, have a decent-sized boot, and is tall enough that Range Rover drivers should spot it (before crushing you anyway) — the low profile of the C5 wasn’t thought particularly safe, you see.

Unlike the C5, the eTrike is also built to be an all-weather vehicle thanks to its pod-like, mostly windscreen design. Inside, you get an LCD display for the essentials like speedometer and remaining charge, but curiously, you have to stick your smartphone into the included dock to get a live feed from the rear-view camera. Available to reserve right now for a £99 deposit, the IRIS eTrike is expected to launch this winter for £2,999 for the Eco model and £3,499 for the Extreme edition.

While there’s no doubt a legitimate, working prototype has been developed, it’s important to look at any Sinclair-associated product with a pinch of skepticism. For every ZX Spectrum re-release or re-design, there’s some sketchy project or another, like the ZX Vega+ handheld that’s been beset with delay after delay despite receiving over £500,000 in crowdfunding donations. Grant Sinclair himself still seems to be pursuing his POCO Zero micro computer idea after a failed Indiegogo campaign. And let’s not forget that Sir Clive announced a follow-up to the Sinclair C5 in 2010, but his two-wheeled X-1 e-bike never made it to market.

Via: Telegraph

Source: Grant Sinclair

The content below is taken from the original (Microsoft creates a low-data version of Skype for India), to continue reading please visit the site. Remember to respect the Author & Copyright.

Skype’s place as the original gangster of internet messengers means that it’s never had to watch its weight, until now. Microsoft has put the app on a diet to announce Skype Lite, a slimmed-down messenger designed for countries like India. You’ll win no prizes for guessing that the Android app will heavily compress images and video and is intended to work reliably even on India’s 2G wireless infrastructure.

Microsoft is proud of its new creation, and is boasting that Skype Lite was "built in India, for users in India." The app also has a bundle of India-specific features, including SMS filtering, mobile data and WiFi usage monitoring and local Skype bots. The company is also working on bringing India’s national identity scheme, Aadhaar, into the app to enable callers to verify who they are speaking to. Skype Lite also supports seven languages, including Gujarati, Hindi and Urdu, and is available to download right now.

Via: TechCrunch

Source: Google Play, Microsoft

The content below is taken from the original (OpenStack sets its sights on the next generation of private clouds), to continue reading please visit the site. Remember to respect the Author & Copyright.

The content below is taken from the original (How Pinterest’s visual search went from a moonlight project to a real-world search engine), to continue reading please visit the site. Remember to respect the Author & Copyright.

Sometime around 2013 and 2014, deep learning was going through a revolution that required pretty much everyone to reset their expectations as to how things worked, and leveled the playing field for what people were doing with computer vision.

At least that’s the philosophy that Pinterest engineer Andrew Zhai and his team have taken, because around that time he and a few others began working on some internal moonlight project to build computer vision models within Pinterest. Machine learning tools and techniques had really been around for some time, but thanks to revelations in how deep learning worked and the increasing use of GPUs, the company was able to take a fresh look at computer vision and see how it would work in the context of Pinterest.

“From a computer vision perspective we have a lot of images where visual search makes sense,” Zhai said. There’s this product/data-set fit. Users that come to Pinterest, they’re often in this visual discovery experience mode. We were in the right place at the right time where the technology was in the middle of a revolution, and we had our data set, and we’re very focused on iterating as quickly as we can and get user feedback as fast as we can.”

The end result was Lens, a product Pinterest launched earlier this month that allows users to basically point at an object in the real world with their camera and return search results for Pinterest. While a semi-beta was launched last year, Lens was the result of years of scrapped prototypes and product experimentation that eventually produced something that would hopefully turn the world collectively into a bunch of pins that were searchable through your camera, creative lead Albert Pereta said.

When a user looks at something through Lens, Pinterest’s visual detection kicks in and determines what objects are in the photo. Pinterest’s technology can then frame the image around, say, a chair, and use that to ask a query using Pinterest’s existing search technology. It uses certain heuristics, like a confidence score of what kind of object it is, and the context of it — like whether it is the dominant object, the largest one, the one the most in focus or something along the lines. Zhai said part of the priority was leveraging as much of Pinterest’s existing technology, like search, to build its visual search products.

Pinterest had collected a lot of data from users initially cropping objects in their images in order to search for objects, drawing bounding boxes for their searches. The company had positive feedback loops to determine if those searches were correct — if users engaged with results for a chair, then it was probably a chair. With that, the company had lots of ways to initially train these deep learning algorithms in order shift the process over to camera photos and try to do the same thing. All that paid off in the future, as the initially janky projects gave the company the critical data set to build something more robust.

Pinterest’s goal was to emulate the service’s core user experience: that sort of putzing around and discovering new products or concepts on Pinterest. Just getting the literal results like you might expect from a Google visual search wasn’t enough to extend the Pinterest experience beyond its typical search — with keywords and concepts — to what you’re doing with your camera. There are other ways to get to that result, like literally reading the label on a bottle or asking someone what kind of shoes they are wearing.

“If I’m in my kitchen and have an avocado in front of me, if we point at that and we return a million photos of avocados, that’s close to as useless as you can get,” Pereta said. “When someone tags am avocado on Pinterest, what they expect is to wander about. It can go from cooking a recipe to health benefits and growing one in a garden. You know the related pins, you don’t quite understand why they’re there but sometimes they feel like exactly what you want to see.”

One of the biggest challenges Pinterest faced was figuring out how to jump from user-generated content — like low-quality photos — to results that included more professional high-quality photography. It was easy to map from low-quality photos, like ones that are blurry or without great lighting, to other low-quality photos, visual search engineering manager Dmitry Kislyuk said. That’s primarily what the results were returning in the first demos that the team was working on, so the team had to figure out how to get to higher-quality results. Both objects clustered together on their own, so the company had to basically forth them to deliver the same semantic results and bucket them together.

Collectively, these all piece together to put together a strong argument that Pinterest is trying to be a leader in visual search. That’s largely been considered one of Pinterest’s biggest strengths. Because of its large data set that lends itself so neatly to products, each part of an image can easily be broken out into searches for other products. These searches existed early on at Pinterest, but only in limited form — and users couldn’t figure out what to do with them — but in the past years they’ve started to mature more and more. The pitch is part of what’s made Pinterest attractive to advertisers, though it needs to ensure it makes the jump from a curiosity baked into an innovation budget to a mainstay product alongside Facebook (and soon potentially Snapchat).

A lot of the success — and origins — of Pinterest’s modern visual search dovetails almost perfectly with the rise of GPU usage for deep learning. The processors had existed for a long time, but GPUs are great at running processes in parallel such as rendering pixels on a screen and doing it very quickly. CPUs have to be more versatile, but GPUs were specialized at running these kinds of processes in parallel, enabling the actual mathematics that’s happening in the background to execute faster. (This revolution has also rewarded NVIDIA, one of the largest GPU makers in the world, by more than tripling its stock price in the past year and turning it into a critical component in the future of deep learning and autonomous driving.)

“Methods for deep learning existed for 10 or 20 years, but it was this one paper around 2013 and 2014 that showed when you provided those methods on a GPU you can get amazing accuracy and results,” Zhai said. “It’s really because of the GPU itself, without that this revolution probably wouldn’t happen. GPUs only care about these specific things like matrix multiplication, and you can do it really fast.”

The actual process is a careful dance between what happens on the phone and what happens online, in order to build a more seamless user experience. For example, when a user looks at something through their phone, the annotations for Lens are returned quickly while the company finishes doing the image search on the back-end. That kind of perceived user latency helps smooth out the experience and makes it feel more real-time. That will be important going forward as Pinterest begins to expand internationally — and has to start grappling with problems like low-latency areas, potentially moving more operations to the phone.

Pinterest’s results were partially the result of a lot of new learnings, and part luck that everyone’s teams had to scrap and re-learn all their approaches to deep learning. Beyond that, Pinterest has billions of images that are largely loaded with high-quality versions of images that lend themselves to be naturally searchable, an archive of data that other companies or academics might not have. The whole “move fast, break things” kind of fits with Pinterest, which was trying to get versions in front of users in order to figure out what worked best, because the team (of less than a dozen) felt like it was inventing new user behavior.

There are plenty of other attempts by other companies to weaponize this technology into something commercial, with startups like Clarifai raising a lot of capital and  building metadata-driven visual search that it make available for retailers and businesses. Google is always a looming beast with its vast amount of data, though whether that translates into a commercial product is another story. Pinterest, meanwhile, hopes that its focus on returning related ideas rather than direct one-to-one image results — and the tech behind it — is something that’ll continue to differentiate it going forward.

“We’re trying to use camera to turn your world into Pinterest,” Pereta said. “It’s not that we’re creating some completely new experience to a user. It feels like when we nailed it, it’s when you feel like the entire world is made of pins. That thing, I take a photo of that chair, it’s not just that chair’s similar styles but also it in context. If you were to find that chair on Pinterest, that’s exactly what you’d expect to find. That wandering, that discovering. When we do a really good job with camera, it’s gonna feel like the world is made of pins.