John Ruggiero

John Ruggiero

WHEN THE BOTNET named Mirai first appeared in September, it announced its existence with dramatic flair. After flooding a prominent security journalist’s website with traffic from zombie Internet of Things devices, it managed to make much of the internet unavailable for millions of people by overwhelming Dyn, a company that provides a significant portion of the US internet’s backbone. Since then, the number attacks have only increased. What’s increasingly clear is that Mirai is a powerfully disruptive force. What’s increasingly not? How to stop it.

Mirai is a type of malware that automatically finds Internet of Things devices to infect and conscripts them into a botnet—a group of computing devices that can be centrally controlled. From there this IoT army can be used to mount distributed denial of service (DDoS) attacks in which a firehose of junk traffic floods a target’s servers with malicious traffic. In just the past few weeks, Mirai disrupted internet service for more than 900,000 Deutsche Telekom customers in Germany, and infected almost 2,400 TalkTalk routers in the UK. This week, researchers published evidencethat 80 models of Sony cameras are vulnerable to a Mirai takeover.


These attacks have been enabled both by the massive army of modems and webcams under Mirai’s control, and the fact that a hacker known as “Anna-senpai” elected to open-source its code in September. While there’s nothing particularly novel about Mirai’s software, it has proven itself to be remarkably flexible and adaptable. As a result, hackers can develop different strains of Mirai that can take over new vulnerable IoT devices and increase the population (and compute power) Mirai botnets can draw on.

“It’s accelerating because there’s a wide-open, unprotected landscape that people can go to,” says Chris Carlson, vice president of product management at Qualys. “It’s a gold rush to capture these devices for botnets.”

Internet of Bots

The rise of Internet of Things malware is reminiscent of the viruses, worms, and intense email spam that plagued early internet users. Most PCs weren’t adequately secured, and companies racing to join the dot-com bubble didn’t necessarily understand the importance of internet security. The same is true now, but with webcams and routers instead of desktops.

What’s distinctly different in this tech generation, though, is how users interact with infected devices. An infected PC often malfunctions, slows down, or notifies users (either through operating system security alerts or through the malware itself in the case of something like ransomware). All of this encourages people to act. It’s standard practice to install some sort of security software on enterprise PCs, and anti-virus measures are popular at home as well.

IoT devices like routers, though, are workhorses that are meant to function indefinitely, with minimal direct user interaction. One reason Mirai is so difficult to contain is that it lurks on devices, and generally doesn’t noticeably affect their performance. There’s no reason the average user would ever think that their webcam—or more likely, a small business’s—is potentially part of an active botnet. And even if it were, there’s not much they could do about it, having no direct way to interface with the infected product.

“The early 2000s web security called and they want their lack of security back,” says Rick Holland, vice president of strategy at the cybersecurity defense firm Digital Shadows. “It’s not like this population of total vulnerable devices is going to be going down. It’s going to be increasing.”


Hard to Kill

Mirai isn’t the only IoT botnet out there. The broader insecurity issues of IoT devices are not easy to address, and leave billions of units vulnerable to all sorts of malware.

But Mirai is the main go-to for now because it’s easily accessible and adjustable, with different strains for different campaigns. Holland says that Digital Shadows researchers have observed a growing community of Mirai users asking for help (even bad actors need tech support sometimes!) and offering each other tips and advice.

There are some precautions consumers can take to improve their personal IoT security. By assessing the IoT devices they have in their homes and eliminating superfluous “smart” products that directly access the internet for no reason, people can reduce their exposure to attack. Additionally, for devices that offer accessible interfaces, you can change default passwords and download firmware updates to get greater protection.

The early 2000s web security called and they want their lack of security back.RICK HOLLAND, DIGITAL SHADOWS

Mirai will ultimately be a “transient threat” in the broader landscape of IoT security, as a reportpublished this week by the Institute of Critical Infrastructure Technology notes. Hackers get bored with shiny new toys just like anyone, and eventually the IoT industry will erode Mirai’s vulnerable device population.

That’s not going to happen in the near future, though. Mirai already has enough fodder to sustain it for years—and more susceptible products roll off of assembly lines every day. As the report adds, Mirai “has inspired a renaissance” in IoT vulnerability exploitation. In the meantime, expect more mayhem.

“Who knows what’s going to actually come up before the end of the year,” Digital Shadows’ Holland says. “Mirai is certainly not going away any time soon.”


Source : https://www.wired.com/2016/12/botnet-broke-internet-isnt-going-away/

The winners of the 9th annual iphone photography awards have been announced, chosen from thousands of entries from 139 countries around the world. Here’s a selection of the top entries, and the full list can be seen at IPPA Awards

Grand prize winner and photographer of the year went to Siyuan Niu of China for his shot of a man and eagle
Photograph: Siyuan Niu001-siyuan-niu-grand-prize-winner.jpg

Victor Kintanar from Cebu City, Philippines, took first place in the trees category for this picture of the roots of a wax apple tree
Photograph: Victor Kintanar2093.jpg

The Others section was won by Kevin Casey of Pemulwuy, Australia, for his picture of children at Botany Bay, Sydney

White Sands national monument in New Mexico won first place for Junfeng Wang of Shanghai, China, in Nature
Photograph: Junfeng Wang


Erica Wu of San Francisco, California, was the winner of Animals for her shot of foxes in Japan

Photograph: Erica Wu


Rhubarb won first prize for Andrew Montgomery of Hampton Wick, UK, in the Food section
Photograph: Andrew Montgomery


Winner of Lifestyle was Yuki Cheung from Hong Kong with a shot of her friends in Iceland


Photograph: Yuki Cheung 

The Seasons category was won by Valencia Tom with her shot of Brooklyn in New York during a winter storm
Photograph: Valencia TomThe Seasons category was won by Valencia Tom with her shot of Brooklyn in New York during the winter storm Jonas  

 Flowers: Instagram was won by Lone Bjørn of with a shot of poppies

Photograph: Lone Bjørn


The Architecture award went to Jian Wang from Beijing, China, for a picture taken in the Olympic Park there

The best iPhone photographs of 2016  in pictures

Photograph: Jian Wang  

The Children category was won by K K from Changsha, China, with an image of children were playing with a home-made sled on the frozen Songhua river

Photograph: K K

 First place in the Sunset category went to Nick Ryan from Sydney, Australia

Photograph: Nicky Ryan


Source : https://www.theguardian.com

Wednesday, 16 November 2016 10:29

Tech tips to help stay safe in Trump’s America

Tech is as much a liability as it is an opportunity, as this election demonstrated. The next few years will be scary for many reasons, and to some more than others, and part of that will be the continued and likely expanded exploitation of the technologies and services we’ve come to rely on. Communities likely to be targeted by Trump policies may want to take a few steps online to help ensure their safety and privacy.

Trump has gone on the record asking for backdoors to encryption and devices, saying he supports surveillance, and is against Net Neutrality. Policies pursuant to these goals will necessarily put your data at risk.

The following are privacy tips anyone can use, but they are particularly relevant for anyone who, for example, plans to participate in protests or grassroots organizing, or for undocumented immigrants who would like to decrease their online presence. I’ve listed them roughly in order of importance.

Ditch SMS and use end-to-end encryption

If Trump makes good on his promise to make deportation of undocumented immigrants, you can expect police to bring the same measures they use in serious crimes to bear on this task. One such measure is the interception of mobile phone calls and messages, whether using a Stingray-type device (which imitates a cell tower, causing phones to send it data instead) or more traditional tapping at the network level.


Ordinary phone calls and text messages are incredibly easy to collect this way, and are often also exposed as part of other investigations. It’s easily imagined that the police may run a dragnet in areas densely populated by immigrants and watch for keywords pertaining to under the table employment, family across the border, remittances, and so on.


They can’t do that if you’re using an app like Signal, which uses “end-to-end encryption,” preventing electronic snooping anywhere along the line — including on the service’s own servers and while the data is in transit between networks and devices. This type of encryption is the bane of every authority because not only can they not see what is being sent, nor can the company that runs it, so the information can’t be subpoenaed or hacked out.

It may be a pain, but getting your family and friends switched over to one of these apps could prevent a lot of trouble down the line.

Some other options, if for some reason Signal doesn’t work: WhatsApp is a popular and versatile option, but it’s owned by Facebook, and while it’s technically independent, that still makes us nervous. Apple’s iMessage is reliable and popular, but requires an iOS device or Mac — Apple is also under tremendous scrutiny, having been called out specifically by Trump as a company to put pressure on.

Avoid Allo and Telegram, which have been criticized for their encryption and privacy choices.

Use a get-home-safe app


Trump’s naked xenophobia, tacit support of vigilantism, and lack of concern over police militarization and brutality suggest it may soon become far less safe for people of color, Muslims and Sikhs, LGBT individuals and other targeted minorities to walk home alone. Tech can’t prevent bigotry and bashing, but it can at the very least help create a safety net.

Apps like Kitestring and Companion let you set emergency contacts, and if you, for example, don’t check in at home within 15 minutes, or if you shake the phone hard for 5 seconds, it will send them your location and a message that you need help. (They use SMS, but we’ll make an exception in this case.)

It’s scary and unfair that this should even have to be recommended, but it’s an opportunity to protect yourself using technology you already have. Check with some friends and see what app looks best.

Go private on Twitter, Facebook, Instagram, and Google

Part of the fun of social networks is the idea that you’re sharing with the world. But law enforcement also uses them as investigative tools, establishing whereabouts, work history, and anything else that your posts imply. Like anything you say to the police, this can and will be used against you, and if you have reason to think you may be targeted by them, you should make it difficult to get at. Making your account private is an easy way to do that, even if it’ll be harder to garner followers.


Be sure to check your preferences and privacy settings in every app and service and opt out of things like default public check-ins or anything with “personalized,” “tailored,” or “curated” in it — it means they’re reading your data.

On Google, you should turn off (“pause”) your location history and opt out of other tracking measures in the search and ads areas. On your phone, you can turn off location services or restrict them per app. Using an alternative to Google, like DuckDuckGo, helps keep your browsing habits private.


Install HTTPS everywhere

The Electronic Frontier Foundation has a plug-in for Chrome, Firefox, and other browsers that forces them to make a secure connection even when it isn’t the default for the website or service you’re connecting to. You’ll also be warned when the connection isn’t secure (browsers also tell you this, but not very loudly).

Keep your phone and PC software up to date

The latest versions of Windows, macOS, Android, and iOS don’t bring just the latest features, but also lots of fixes for serious security holes. These fixes will apply to a few of the previous versions, but not really old ones. Hackers — and the authorities — know this. If your phone and OS are new enough to take full advantage of encryption tools and resist well-known methods for unlocking and hacking, they’re secure against adversaries domestic and foreign.


It isn’t always easy to stay updated, but keep it in mind when buying a new phone or computer. If you’re on an OS more than a year or two old — before things like full-disk encryption were standard — you should consider updating at the earliest opportunity.

Slightly older iPhones will still get the critical updates (mainly iOS 8) that added broader encryption, as will Nexus phones and other flagship devices. Budget (but still modern) phones like the Moto E and G are also great options for those on a budget.

Look into a VPN

Virtual Private Networks obscure your internet traffic from your ISP and others by routing it through other servers first. If all your connections are to your VPN (which then passes it on to wherever it was headed), and your VPN doesn’t keep any records of those connections, there are far fewer ways for your browsing to be tracked.

Good VPNs cost money. We don’t recommend any VPN in particular, but it should be a VPN that plainly states that it doesn’t log your traffic. Examples include ExpressVPNAnonymizer, and Private Internet Access. There are dozens to choose from, however, and I don’t claim to be an expert; many are reviewed here if you want to be careful about the jurisdiction the VPN is based, the extent of its record keeping, and so on.


Get a backup/burner phone

If you attend lots of protests or demonstrations, or often choose to film police encounters, you might want to keep a burner phone around in case yours gets smashed or confiscated. You can get a cheap Android phone for $100 or less, and if you aren’t relying on SMS and phonecalls, you can do pretty much everything you need over wi-fi until you get a replacement.

Change your DNS

Should the authorities choose to enforce blocks of certain websites — for your own sake, of course — the easiest way to do it is ordering major domain name services (which connect URLs like techcrunch.com to IP addresses like to simply prevent internet users from getting to them. Fortunately, this type of censorship is as easy to circumvent as it is to put in place.

You can easily change the DNS your computer uses in its network settings. OpenNIC has detailed instructions for various operating systems, and has proven itself trustworthy. Google’s Public DNS is another option, and has the benefit of being easy to remember: change the preferred and alternate DNS servers to and respectively.

Set up Firechat or another offline communication tool

Another way governments have quashed dissent is by suppressing mobile communication altogether. It can’t hurt to have an app like Firechat installed on your phone, which passes messages directly between devices without the need for a network. This is also useful in case of power outages and other disasters — a good emergency measure to take regardless.

Avoid the “Internet of Things”

Even if the various smart appliances worked well, we’d still have issues with their security and the way data is handled. You’re not missing out on much, so just skip the wi-fi front door lock and Amazon Echo for now.


Go end-to-end encrypted on email and cloud storage too

This is harder to do for many people, since services like Gmail and Dropbox have become practically ubiquitous. But if you’re really worried about privacy, there are options that provide similar services but with a “zero knowledge” guarantee — basically that the company that runs them never knows a thing about what you use their service for.

ProtonMail is a solid one if you’re looking to get away from Gmail, or just have a second email for sensitive topics. SpiderOak One is like a super-private Dropbox.

Install an alternative OS

If you’re really worried about snooping, consider using an alternative to the standard operating systems that’s designed with privacy and security in mind. This isn’t an easy option but it might be good to explore if you have an old laptop or phone lying around.

Copperhead is worth trying if you’re used to Android, although it won’t have all the conveniences of the usual Google-powered version. Tails is what Edward Snowden has recommended for desktop and laptop work that needs to stay private. It’s basically a simple, security-focused OS that deletes itself when you’re done.

Source : techcrunch

Competitive knowledge is an important part of building a successful digital marketing campaign. While the actual optimization of your website can be competitor agnostic, the performance of that optimization isn’t.

Simply monitoring competitors is not enough. And it’s more than collecting data and numbers. You have to understand what all it means. Analytics is great, but if you don’t know what to do with the data, it’s pointless. The same is true for competitive knowledge.

Let’s look at three competitive factors that you need to review, assess, and understand if you want to build a web marketing campaign that outperforms your competition.

Factor #1: The Four Types of Competitors You Need to Keep an Eye On

1) Offline Competitors

Many businesses–especially those that were around pre-internet–have a fairly good grasp on the offline competition around them. After all, before the internet, that’s all there was. But many newer businesses forget to look at these competitors. It’s important for them to realize that failure to do so will affect their long-term success.

Any competitor who is not online today can certainly be online tomorrow. They may be only a minor threat at first, but as soon as they begin to invest, that threat just got real, yo.


Don’t wait until the competition gets fierce before you begin to lay the groundwork for building your own online empire. It’s always better to force someone else to play catch-up to you than you to them.

2) Organically Ranked Competitors

Many businesses tend to discount online competition that they feel is relatively weak in their space. But here’s the thing: Anyone ranking for your keywords is a clear and present danger to your success. It doesn’t matter if they don’t compete for the same customers as you. What does matter is they are currently ranking where you want to be ranked.

It’s always a good idea to run some keyword searches to see what kind of businesses, blogs, forums, etc., are holding those top spots. Where your offline competition may truly be competing for your customers, these online competitors are competing for searcher attention. And you won’t get it as long as they are showing up and you are not.

“It’s important to note that these are not necessarily limited to companies or websites that offer the same type of content, services, or products that you do, but can be any website that competes with you in the search results for your target keywords.” — Moz

Of course, you may find genuine competition in this space as well, which means they won’t give up those spots easily. You’re going to have to work for them.

3) Paid Ad Competitors

Even if you’re not venturing into paid ads, you can learn a bit from those who are investing in getting paid listings for your keywords. There are two reasons for this:

  1. If you’re not investing in PPC, you’re leaving money on the table. Simultaneously investing in paid and organic marketing provides far more exposure and traffic than you’d get running either of those independently. As long as people click on ads, you won’t get those clicks unless you’re paying for those positions.
  2. Understanding how your competitors are investing in PPC allows you to get a sense of how aggressive they are in total. You specifically want to look at keywords and estimated ad spend. If you see big PPC ad spend, you can count on the fact that they will likely begin focusing some efforts on the organic side of things as well.


4) Startup Competitors

Startups can fall into any of the categories above, but it’s good to keep an eye on them. Start-ups tend to enter the game with investment money. That allows them to come out of the gate doing far more than you ever dreamed. These deep pockets give them a distinct advantage. While many startups flame out, they can take a big chunk of potential business away from you long before they do.

Factor #2: The Five Ways Competitors Impact Your Digital Marketing Footprint

how competitors impact your digital marketing footprint


1) Competitor’s Brand Authority

Every competitor–yourself included–has a certain amount of brand authority built-in. Any competitor’s authority that exceeds yours is a formidable foe. Not only do you need to match their authority level, but you also need to exceed it. I liken this to two cars on a race track. However far ahead they are, you need to catch them before you can beat them.

2) Competitor’s Focus/Niche

Not every competitor you face will compete head to head. You might only offer a fraction of the products/services they offer, and others might offer a fraction of the products/services you do. There are downsides to both.

The bigger the brand, the more opportunities they have to build authority and dominate across all products. However, niche competitors can also zero in on a single product or area and focus all their energies there to dominate it.

Either way, you have to build the authority necessary to compete with the big brand while being laser focused to dominate in your niche.

3) Competitor’s Content

Content is a big part of online marketing and is a great way to build brand authority. Even if your competitor isn’t a brand name today, if they keep publishing both valuable and helpful content, it’s only a matter of time before that earns them some digital respect.


That doesn’t mean you have to out-publish them on a quantity scale, but you will have to find a way to make sure you’re providing equal or better value to your audience.

4) Competitor’s Overall Presence

Look at your competition’s overall web presence. Not just rankings, but social content and engagement as well. Social media consumes a lot of time, but it pays dividends. More than ever, customers are looking to engage with brands. If your competitors are there and you’re not, they are winning the hearts and minds of would-be customers.

5) Competitor’s Depth of Marketing Investment

Online marketing investment comes in many forms: Paid ads, social engagement, content publishing, organic optimization, etc. You can learn a lot about your competition by seeing how much they are doing in each of these areas. A weak competitor will be difficult to find, which is an opportunity for you. But any competitor that is showing significant investment in all these areas will prove to be stiff competition indeed.

Factor #3: The Two Ways Your Success Is Influenced (or Hindered)

how competitors influence success


1) The Level of Your Success

Unless a competitor flames out, you will never overcome them by doing less. That doesn’t mean working harder, but it does mean working smarter. And that very well may require working harder.

You don’t need to match everything a competitor does point for point. But you do need an effective strategy that takes these factors into consideration. Even if you catch their pace strategically, that will only keep you from losing ground. If you want to gain ground, you have to match and beat them at their own game.

2) The Immediacy of Your Success

Working harder and smarter than your competition doesn’t mean you’ll overtake them immediately. Or anytime soon, for that matter. It all depends on how long they’ve been in the race before you started, and how much better you are doing at your online marketing than they are.

If you’re barely doing more, or barely doing better, it’s going to take a while to catch up. It could be years. But the more in you invest in online marketing (and I don’t just mean dollars; I mean a smart strategy as well) the less time it will take to catch up. But again, how much time depends on how far ahead they are.

Every good digital marketing strategy should be taking all of these factors into consideration. And then there needs to be some communication with the higher-ups to ensure everyone is on the same page, defining what success looks like and when it can be expected.


As they say, failing to plan is planning to fail. Failure to build a strategy that considers your competition will ultimately lead to a failing web marketing strategy overall. Web marketing is a race that can be won. You just have to know what it takes to win it.

Source : searchenginejournal

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media