Synopsis on CCNA Exams

One of the most in-demand certification put forward by Cisco Systems is CCNA and ccna exams are conducted to impart the basics of skills in support and installation of networks.

The procedure to attain the CCNA certification is quite easy. The CCNA certification may be procured by clearing a written exam of one and a half hours. It requires no much of hurdles as Cisco provides you proper training to help you prepare for ccna exam questions and its portions consists of:

LAN and WAN designing
Network security management
IP addressing
WLAN and VLAN

Routers and routing protocols
In the various areas of computer networking which requires specialization Cisco offers like CCNA Security, CCNA Wireless, and CCNA Voice. This helps in providing basics of computer networking. This is apart from the course schedule and ccna exams offered.

The CCNA is valid till three years after which you may require a re-certification. Advanced certified courses are also made available. Apart from CCNA, Cisco provides programs like CCNP and CCIE, Cisco Certified Network Professionals as well as Experts respectively.

CCNA Certification Introduction:
CCNA is regarded as the foremost of certifications which a networking professional should be equipped with. This will help him enhance his career in the IT industry. The ccna exams impart a grounding knowledge on networking skills. This comprises of basics such as OSI reference models, Layer 2 concepts of switching and protocols and so on.

CCNA training:
There is a great deal of technical skill and knowledge imparted during this CCNA Certified course which will be highly useful for network professionals. Over a span of years there have been many networking professionals with the CCNA certification.

The training of ccna exams are been prepared by covering all aspects at length. The training is usually generated by a team of experts that include Senior Network and WAN Engineers with an experience of many years. The training program for ciscoccna exam will cost you about four thousand rupees or 80 USD.

Networking sector has been an upcoming flourish in the recent years. It is a budding industry which faces stiff competition as far as networking technology is concerned.

The networking sector is something which is in real demand these days. It offers numerous openings for networking professionals. However the truth is that proper and able networking professionals are difficult to find. Hence the demand for such professionals is immense. To keep up with the pace of the latest trends and technology even the most adept professional should be kept updated. This will offer the expertise the networking industry requires

Microsoft has formed the certification procedure from which the administrators required expertise and provide employers unmatched way of developing immeasurable skills

CCIE or Cisco Certified Internetwork Expert was the only label offered by Cisco. This was how Cisco initiated certification programs years before. A number of new programs were shaped owing to the pressing requirement for intermediate certification. This was done by Cisco in 1998.

The course for ciscoccna exam was initiated with an aim of providing a proper beginning to Cisco hardware and Cisco International Operating System. Cisco certified programs provide network professionals with the right exposure to enhance their career.

---

Best CCNA Training and CCNA Certification and more Cisco exams log in to examkingdom.com

CompTIA CTP+ certification is your ticket to a career in convergence

Are you looking for your next career opportunity? Depending on your skills and experience, the rapidly growing world of converged voice, video and data networking might be right for you. There are good job opportunities with vendors and value-added resellers (VAR) serving this market, as well as with corporations and government agencies deploying the solutions.

Why computer science students cheat
Research by CompTIA and other sources indicates that many organizations, regardless of size or industry, are aggressively deploying convergence solutions. For example, the April 2010 study CompTIA U.S. Small and Medium Business (SMB) 2010 Emerging Technologies Report found that 55% of SMBs now use or plan to use converged voice and data solutions. That's up from 39% in the 2009 survey. In the enterprise market, Forrester Research says 2011 is the year that "hypergrowth" of unified communications (UC) begins. According to Infonetics Research, the worldwide market for UC is expected to top $1 billion by 2013.

There are a lot of vendors with competing products in this market. Moreover, the vendors are consolidating, so products on the market one day could be on the losing end of a company acquisition the next day. So, if you want to break into the convergence market, it's best to focus on learning about the underlying technologies that are common to most vendors' products.

A highly recognized certification in this space is the CompTIA CTP+ (Convergence Technologies Professional) credential. This certification provides verification of knowledge of essential professional level technologies, including data networking, telephony networking, and convergence technologies. Training is offered in three separate courses, with each course covering one of the areas listed above.

Both the training and the certification are vendor-neutral; the student learns the fundamental knowledge to work in any vendor's space. CTP+ does a good job of explaining how the data world and the telecommunications world intersect. This background is especially helpful for VARs and service providers who work with or support products from multiple vendors to make sure the voice, video and data networks are working just right.

James Stanger is president and chief architect for Certification Partners, the developer of the CTP+ courseware and exam. According to Stanger, the ideal background for a candidate pursuing the CompTIA CTP+ certification is at least the same level of knowledge as the CompTIA Networks+ certification and at least a year of hands-on experience in each of the technology areas. However, it's not often that the candidate has such a variety of experience. "People might have 20 years of experience in the telecommunications industry and have very little data networking knowledge," says Stanger. The training is designed to overcome the shortcomings in knowledge in one or two areas and bridge the divide.

Draaco Aventura is a field support engineer for DataTactics Corporation. During his years in the military, Aventura acquired an extensive background in secure VoIP networks, video compression and image processing algorithms, and server stacks to support different types of operations. When he entered the civilian workforce, he attained the CompTIA CTP+ certification to validate his skills for potential employers.

"There's no way to directly translate the knowledge and skills I acquired in the military into the civilian world because of the differences in the systems I was using," says Aventura. "I earned the CTP+ certification because it's highly preferred in the job I do because of it being vendor neutral. My company values this certification, and I think other companies would, too. DataTactics promotes, encourages and supports its employees to get certified. Certifications enhance the company's image when we are competing for new contracts."

Kevin Tan, an IT manager with Lockheed Martin, uses the CompTIA CTP+ certification as a criterion for new hires. "We found that we're supporting a lot of different solutions when we host a next generation data center or a call center," says Tan. "We have Cisco Telepresence, and we have a lot of VoIP in our call centers. We need very specific types of individuals who have not only base level network administration skills but also knowledge of convergence technologies. We look for people with CTP+ certification because of our unique needs."

Tan and his staff all attained the CTP+ certification. "This is a good starting and jumping point to get our network administrators and technicians trained and certified at a base level to deliver better service to our customers," says Tan.

Get more information about CompTIA CTP+ certification here. For information about CTP+ training products and the exam, visit here. As with any certification, training isn't required but is highly recommended.

---

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

After Arista and before Cisco/Insieme, Huawei hikes 100G bar again

CloudEngine 12816 supports 192 100G ports, tops last year's Interop intro

Huawei this week unveiled a high-end upgrade to its CloudEngine core switch, which debuted here at Interop a year ago.

The CE12816 is a 16-slot version of the Cloud Engine switch, capable of supporting up to 192 100G Ethernet ports. The previous high-end of the Cloud Engine line was the 12-slot 12812, supporting 96 100G ports.

The Huawei CloudEngine series switches comprise the CE12800 core switches, as well as CE6800 and CE5800 top-of-rack switches.

Bullet How Facebook aims to reinvent hardware
Bullet Interop: the quiz
Bullet Interop planning guide 2013
Bullet Wicked cool things to do in Las Vegas – after the tradeshow
Bullet SDN and InteropNet: Cranking up and running world's biggest temporary network

Huawei's 192-port 100G switch comes a week after Arista Networks rolled out a 96-port 100G switch in an 11 RU form factor. Some viewed Arista's introduction of the 7500E as a prelude to the Cisco/Insieme Networks programmable switches expected later this year.

[ BACKING OFF: Cisco nemesis Huawei retreating from the U.S. ]

The CE12816 provides 64Tbps of capacity. In addition to 192 100G ports, the switch supports 384x40G, or 1,536x10G Ethernet line-speed ports, Huawei says.

The CloudEngine series provides bandwidth of up to 2Tbps per slot, and is expandable in the future with upgradeable fabrics and linecards to a total system switching capacity of up to 64Tbps. The switch line is designed to accommodate data center lifecycle targets of up to 10 years, Huawei says.

The CloudEngine series incorporates Huawei's Cluster Switch System (CSS) feature to virtualize multiple switches into one logical switch, as well as a Virtual System (VS) feature to virtualize one switch into multiple independent logical devices. Together, CSS and VS turns the network into a resource pool, allowing network resources to be allocated on demand, Huawei says.

The CloudEngine series also allows network adminstrators to build large-scale Layer 2 networks with over 500 nodes based on the IETF's TRILL specification for lossless, multipath Ethernet, Huawei says.

Also at Interop, Huawei plans to articulate its commitment to the enterprise market with the "ICT Nation" initiative. ICT Nation will showcase Huawei and partner products to address enterprise challenges such as bring your own device (BYOD), cloud data center, enterprise LTE and software-defined networking (SDN).

Huawei established its Enterprise business group in 2011. It employs 18,000 worldwide and 80 in Silicon Valley, the seat of its U.S. enterprise operations. Huawei Enterprise did $1.9 billion in revenue in 2012.

Huawei executives recently disclosed plans to retreat from the U.S. market in telecom, but the company's enterprise business is not affected by that. These executives, however, downgraded Huawei Enterprise's revenue goals for 2017.

Huawei partners HVE Connexion, Netfast, Primasense, Softnet Solutions and Zadara Storage will participate in the ICT Nation demonstrations at Interop.

---

Best CCIE Training and CCIE Exams and more Cisco exams log in to Certkingdom.com

Windows Blue will be free upgrade for Windows 8 customers

The update will be officially called Windows 8.1, according to Windows division co-chief Tami Reller

Microsoft's Windows 8 update, code-named Windows Blue, will be formally released as Windows 8.1 and will be free for customers who have the new OS installed.

Windows 8.1 will be an "update" for both Windows 8 and for Windows RT, the version of the OS designed for devices that run on ARM chips, said Tami Reller, the chief financial officer and chief marketing officer of the Windows Division, speaking at the JP Morgan Technology, Media & Telecom Conference Tuesday.

As an update, Windows 8.1 will be more substantial than the regular patches Microsoft pushes out for the OS, but will not represent a dramatic leap like the upgrade from Windows 7 to Windows 8, she said.

Moreover, Windows 8.1 will be "really easy" and "straightforward" for customers to install, Reller added.

Microsoft's decision confirms speculation from industry analysts who spoke recently about this topic.

Last week, Reller and the other Windows chief, Julie Larson-Green, a corporate vice president in charge of the OS' development, provided more details about Windows Blue, including that it will be delivered before the end of the year and that a preview will be released at the end of June during Microsoft's Build conference for developers.

Larson-Green didn't say what changes Windows Blue will feature, but conceded that Microsoft has discussed user complaints about the removal of the start menu on Windows 8 and that it might be useful to restore it.

Asked if she could be more specific about the final release of Windows 8.1, Reller on Tuesday declined to provide a more concrete date but acknowledged that Microsoft wants to give OEM partners a chance to load it into computers they release for the holiday season.

She also reiterated that OEM partners are working on smaller Windows 8 and Windows RT tablets with 7-inch and 8-inch screens, and disclosed that there are now more than 70,000 applications for the OS in the Windows Store.

She also said Microsoft is satisfied with the amount and variety of Windows 8 and Windows RT devices, including desktop PCs, low-priced laptops with touch screens, sophisticated convertible laptops with detachable keyboards that double as tablets, all-in-one PCs and other variations.

"We feel very good about the direction we're headed with Windows 8," Reller said.

Windows 8 has a drastically redesigned interface based on tile icons intended to make the OS optimized for touchscreen devices such as tablets. However, it has not been an unqualified success and the lack of uptake by users has been blamed in part for the dismal performance of the PC market overall.

The Windows 8.1 preview version that will be delivered in June will be available for anyone to download and test drive, not just developers.

---

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Microsoft: What are people really asking for when they ask for a Start button?

Windows Blue can be previewed in June, but Microsoft said it heard our cries for a Windows 8 Start button. A Start button "might be helpful," but Microsoft is trying to understand "what people are really asking for when they're asking for that."

Microsoft sold more than 100 million licenses for Windows 8, keeping up with Windows 7 sales at the six-month mark. In June, people who have Windows 8 will be able to preview Windows Blue.

"We recently surpassed the 100 million licenses sold mark for Windows 8," stated Microsoft Chief Marketing Officer and Chief Financial Officer Tami Reller. "This number includes Windows licenses that ship on a new tablet or PC, as well as upgrades to Windows 8. This is up from the 60 million license number we provided in January." She admitted that "Windows 8 is a big, ambitious change," and "change takes time" to accept, but Microsoft believes "the Windows Blue update is also an opportunity for us to respond to the customer feedback that we've been closely listening to since the launch of Windows 8 and Windows RT."

Microsoft heard our outcries for a Windows 8 Start button but is trying to understand what people are really asking for when they're asking for thatLack of a Start button is the biggest Windows 8 criticism for users on non-touch devices. Reller told The Verge, "We have heard that, we definitely have heard that and taken that into account. We've really also tried to understand what people are really asking for when they're asking for that."

Seriously? Hmm, it seems pretty obvious that the outcries for Windows 8 to include a Start button really mean that customers are asking for the Start button. That would lead to a Start menu. Windows 8 is not user-friendly on a PC or laptop. The lack of a Start button, Start menu and the ability to boot straight to Windows are the "loudest" complaints.

"We knew there would be a learning curve with Windows 8," admitted Microsoft VP for Windows Julie Larson-Green at the Wired Business Conference. She is in charge of bringing Windows to the "mobile age" and may even be a candidate to eventually follow Steve Ballmer as CEO of Microsoft. She hasn't ruled it out and said to ask her again in a year.

For now, Larson-Green is the head of Windows Engineering and is "tweaking the design and layout of Windows to free it from the desktop and allow people to better incorporate it into their lives through mobile devices." She explained that Windows 8 was designed for mobile, compared to Windows 7, which was "optimized for the laptop." She insisted that people want to be mobile, yet added that Microsoft is "not going to be stubborn" when it comes to Blue.

ZDNet suggested that "New Coke, like Windows 8 for Microsoft, was total market failure." Coca-Cola was wise enough to switch back and give people what they wanted, Classic Coke. Steven Vaughan-Nichols asked, "Does Ballmer have the guts to admit he made a mistake and give users what they clearly want?"

Neither Larson-Green, nor Reller, would confirm that the Start button is coming back. Larson-Green stated, "The Start Button might be helpful," yet she pointed out that the Start Button is there now, but "basically hidden. Some would like it showing up on the screen all the time." Although there have been "meaningful discussions" about bringing it back, that doesn't imply that Microsoft will bring back the "old Start Menu."

Mary Jo Foley pointed out that the Windows Blue preview, which will be made available in June, happens to coincide with Microsoft's Build 2013 Conference; it will be held June 26 - 28 at the Moscone Center in San Francisco. Microsoft planned to "share updates and talk about what's next for Windows" at Build. Blue is expected to be named Windows 8.1.

Reller told The Verge that Microsoft is interested in 7- and 8-inch form factors for Blue. "We've made sure from the product to our pricing and offerings we are supporting 7- and 8-inch devices specifically." Yet Blue, according to Reller, "does a nice job of optimizing for those small screen form factor sizes."

Yeah, well, don't forget that we aren't all using those small screens at all times. Some of us will continue to work from a non-touch device and we flipping want Windows 8 to stop being so unfriendly to PC and laptop users. It's not about accepting change; it's about usability.

---

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

How to keep the feds from snooping on your cloud data

Virtual padlocks can keep storage providers -- and the government -- from accessing data in the cloud

A cottage industry is growing up around virtual padlocks that consumers can place on cloud services so that the vendors themselves can't get to the information -- even if the government requests access.

And in recent years there have been a lot of those government requests for access from storage-as-a-service providers.

For example, Google regularly receives requests from governments and courts around the world to hand over user data. Last year, it received 21,389 government requests for information affecting 33,634 user accounts. Sixty-six percent of the time, Google said it provided at least some data in response.

During the same period, Microsoft received 70,665 requests affecting 122,015 accounts -- more than three times as many requests for information disclosure as Google. Only 2.2% of those requests resulted in Microsoft turning over of actual content; 1,558 accounts were affected. Another 79.8% of the requests resulted in disclosure of subscriber or transactional information affecting 56,388 accounts.

Newly disclosed information, however, has added to public sensitivity around government intrusion.
Freedom of Information Act requests by the American Civil Liberties Union revealed last week that the U.S. government claims the right to read personal online data without warrants. "It is the case everywhere in the world that governments seem to believe that if data is recorded and available, they should be able to access it," said Jay Heiser, an analyst with research firm Gartner. "It's not unique to the U.S., although the United States brags about it to a unique degree."

New documents obtained by the ACLU from the FBI and U.S. attorneys' offices revealed startling realities around the government's email surveillance practices. Last month, the ACLU also obtained documents showing that the IRS does not always get a court order to read citizens' emails.

Locking the feds and thieves out
So should consumers add security to their cloud storage repositories to keep their data even more secure from prying providers and government snoops? Absolutely, says Heiser.

That's because many data breaches involve frustrated service provider employees who see treasure-troves of data as a way to make a quick buck. "There are repeated stories ... of rogue employees who collect data to sell to credit card fraudsters," Heiser said. "It is an issue with provider staff morale."

Apart from downloading freeware, such as TruCrypt, and encrypting every folder or file before it's uploaded to the cloud, new automated tools are emerging that handle the job of cloud storage security more seamlessly.

SafeNet, for example, just launched a beta of SafeMonk, which adds a secure encryption log-in to Dropbox. Essentially, the data you store in Dropbox can't even be accessed by Dropbox itself because users get to keep the encryption keys.

Ironically, SafeNet also happens to be one of the largest suppliers of encryption technology to the U.S. government.

SafeMonk, which will be available for download at the end of this month, works by creating a dedicated encrypted folder in your Dropbox account. The service also allows users to share files by offering others an RSA public key password and will eventually offer businesses administrative oversight so admins can monitor traffic and restrict corporate data access.

SafeMonk is free to consumers, who can download the software and start encrypting and sharing Dropbox files at no cost. For business customers, SafeMonk plans to charge for its service once it is available, though prices have not yet been set.

Chris Ensey, who runs the security division of Dunbar Armored, an armored transportation service, has been beta testing SafeMonk, largely in a bid to thwart to malware and cybercriminals.

He was able to take part in the initial beta testing because he worked for SafeNet last summer, before SafeMonk was created.

Ensey and his wife used the cloud encryption tool during a recent refinancing of their house. Initially, the security-sensitive Ensey passed along sensitive financial data to his mortgage broker using a USB thumb drive, something that turned into a laborious process. With SafeMonk, the couple could securely share files quickly.

"At some point you get worried that email isn't something that is very secure. Anything you put in there is being indexed by Google," he said, referring to Gmail. "I like having more control over that.

"And [my wife] doesn't even realize it's there. It's transparent," he continued. "This product is really pretty approachable. I just point to a folder and tell her anything you put in this will be protected."

Ensey also said he'd like to see the tool expanded for mobile and Android OS use.

Other options
SafeNet is not alone in offering a virtual padlock for cloud-based data stores. Vendors such as Boxcryptor, Sookasa, TrustedSafe and PKWare with its Viivo offering, are also going after the same market, according Heiser. So is CipherCloud, which is expected to offer consumer cloud encryption protection.

Willy Leichter, senior director of product marketing for CipherCloud, said virtual padlocks for cloud storage is a nascent but "hot" area for his company, especially in light of the increase in government requests to vendors for access to customer data.

Through its CipherCloud Platform, the company currently offers cloud data encryption and data loss prevention (DLP) tools for businesses. CipherCloud recently announced a partnership with cloud storage and content-sharing service Box.com, offering both encryption and DLP to users.

While Leichter said CipherCloud's cloud encryption business is "growing rapidly," he would not expound on whether his company plans to begin selling a consumer-class product anytime soon.

Businesses are acutely sensitive to government information requests because they're also beholden to privacy laws, such as HIPAA and the Gramm-Leach-Bliley Act. So, in highly regulated industries, such as financial services and healthcare, businesses must strike a balance between government oversight and consumer privacy.

"They feel they can't comply with local privacy laws and have their data subject to Patriot Act. We allow them to encrypt their data in the cloud and they keep the encryption keys," he said.

The U.S. Electronic Communications Privacy Act of 1986 came along in the early days of the Internet. The act did not require government investigators to obtain a search warrant for requesting access to emails and messages that are stored in online repositories.

In 2001, the Patriot Act further added to the authority of the federal government to search records under its "Library Records" provision, offering a wide range of personal material into which it could delve.

"You can argue that people shouldn't try to skirt around the Patriot Act, but they're also trying to comply with data privacy issues," Leichter said. "When some government agency requires information disclosure, most organizations I know would like to make that decision themselves and not have the cloud provider make it for them."

---

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

SunGard brings cloud service to disaster recovery

New infrastructure-as-a-service facility for high application availability to debut later this year

Can the old guard in business continuity and disaster-recovery services thrive in an era when the companies are looking at new ways to process business data? SunGard Data Systems, with decades of experience in availability services, is feeling the pinch as some business clientele move data to the cloud. But SunGard says it’s pushing forward with innovations that are making it a public cloud provider as well with the kind of application availability it says will be hard to match elsewhere.

Simon Withers
By the end of year, SunGard intends to open its own infrastructure-as-a-service (IaaS) for business customers in North America to run production workloads in the cloud with full disaster-recovery, says Simon Withers, vice president of global cloud products at SunGard Availability Services. The exact location where this is expected to be will be announced soon, but the new facility will be closely modeled on the first SunGard facility of this kind built in Dublin, Ireland. “It’s a true multi-tenancy utility supported by the Apache Foundation CloudStack, Xen and VMware,” says Withers.

It’s intended to serve the type of clientele, such as financial services, that have been traditional SunGard customers that simply cannot lose application availability no matter what.

“From the disaster-recovery perspective, customers are moving their production data into the cloud and software-as-a-service environments,” acknowledges Ram Shanmugam, senior director of product management, recovery services at SunGard. To not be left behind, SunGard is expanding its own range of services to be more cloud-like in return.

Today, SunGard operates 40 data centers globally with the software and expertise to support business recovery plans that include complete replication of a corporate computing architecture in the event there’s a disruption of any kind that renders the day-to-day computing unavailable. For instance, SunGard’s “workforce continuity” service makes available a facility of more than 27,000 workstation seats outfitted with necessary network, computing, phone and office equipment.

But the ground is shifting as some business customers opt for a do-it-yourself approach or move production data into cloud services of all kinds. However, there are often unanswered questions about application availability and recovery-time objectives hanging over cloud services, Shanmugam points out. He adds that even if there’s some guarantee about back-up, “that doesn’t guarantee availability.”

Gartner analyst Jay Heiser recently made a similar observation about perceived lack of solid business continuity and disaster-recovery practices by cloud service providers.

However, some SunGard customers are changing with the times and it’s having an impact on SunGard’s bottom line that’s plainly spelled out in its most recent corporate filings at the Securities and Exchange Commission (SEC). Wayne, Pa.-based SunGard Data Systems, which was acquired in a leveraged buyout in 2005 by Bain Capital Partners, The Blackstone Group, and Goldman Sachs, among other investment firms, is privately held but does make regular SEC filings because of its connection with bond debt.

SunGard’s quarterly earnings statement for the period ending March 31, 2013 showed a 3% drop in revenues from the prior period year period. The availability services unit specifically said “our recovery services revenue has been declining due to customers shifting from traditional backup and recovery solutions to either in-house solutions or disk-based, cloud-based or managed recovery solutions.”

“Some customers, especially among the very largest having significant IT resources, prefer to develop and maintain their own in-house availability solutions, which can result in a loss of revenue from those customers. If this trend continues or worsens, there will be continued pressure on our organic growth rate,” SunGard acknowledges. “Also, cloud-based solutions are also perceived as inherently redundant and highly available. This is a misconception, as high availability is only provided when expressly engineered into a cloud environment.”

In a move to re-invent itself, SunGard has already taken steps to expand its business continuity into more cloud-subscription-oriented offerings, such as its “hosted private cloud” for “Oracle as a Service” and “hosted Cisco UCS” in some of its data center locations, including Philadelphia and Aurora, Colo.

It also has some VMware-oriented managed cloud services based on either multi-tenancy or a dedicated ESX cluster for managed OS, threat and log management and application management in several data centers in the U.S., Canada and the United Kingdom.

Shanmugam adds that SunGard has been working closely with VMware to add SunGard’s own technology to VMware’s Site Recovery Manager software to replicate application data, and it’s the “secret sauce” that allows SunGard to offer VMware-based disaster-recovery services.

---

Best CCNA Training and CCNA Certification and more Cisco exams log in to examkingdom.com

Microsoft votes for free Windows 8.1, collects kudos

If Microsoft proves annual updates are easy to deploy, OS could get its chance in the enterprise

Microsoft today announced that Windows 8.1, the update later this year for Windows 8, will be free to current users of the operating system, confirming analysts' expectations.

Analysts applauded the decision to give away the update. "Making the upgrade free will make the ecosystem and installed base very happy," said Patrick Moorhead, principal analyst with Moor Insights & Strategy, in an email Tuesday.

Tami Reller, CFO of the Windows division, made the announcement in prepared remarks at the JP Morgan Technology, Media & Telecomm Conference today. "Windows 8.1 will be delivered as a free update to Windows 8 and Windows RT," said Reller. "It will be easy to get right from the Windows Start Screen from the Windows app store."

It's unknown whether Microsoft will use the "Windows 8.1" name for the simultaneous update to Windows RT, the tablet-centric offshoot designed for devices running ARM processors. Microsoft did not reply to questions about the naming of the Windows RT update.

Reller declined to provide additional information on the update, such as the timing of the final release or specifics on Windows 8.1's contents.

A public preview will ship during BUILD, Microsoft's developers conference, which will run June 26-28 in San Francisco. That preview will also be distributed through the Windows Store.

Earlier this week analysts said that Microsoft had little choice but to offer the update free of charge.

Today, industry experts praised the gratis status of Windows 8.1 as well as the numbering choice.

"Microsoft made a good move on the naming and with the free upgrade," said Moorhead. "Calling it 8.1 signals that it's an improvement on its predecessor, not a sea change. This sets the right expectations."

However, Michael Silver of Gartner said Microsoft should quickly answer several up-in-the-air questions that enterprises have about Windows 8.1.

"We don't yet know what they're going to do to the desktop," said Silver, who also ticked off support -- specifically, how long Microsoft will support each of the expected annual updates. Will Windows 8.1 share the support lifecycle of its parent, Windows 8 -- which won't retire until January 2023 -- or have its own schedule? "Will they support 10 different updates?" Silver wondered.

But the fact that Microsoft will make good on its promise to shift to a faster release tempo had Silver more optimistic about Windows 8's future.

"Microsoft has a chance here," he said. "By the second half of 2014, there will be a lot more touch-enabled systems. That, and these updates, could help Windows 8 long term. I don't think Windows 8 will be more successful than Windows 7 [in the enterprise] but if 8.1 is easy to deploy, that could change over time."

Most important to enterprises, said Silver, will be the ease of updating from Windows 8 to version 8.1. If the first "point" release is painless to distribute to Windows 8 hardware, Microsoft will have a better shot at convincing enterprises to adopt the radical OS.

"If enterprises see that this is relatively easy to deploy, they may start thinking about Windows 8," Silver said. "What Microsoft needs to do is get some credibility here."

After Microsoft moved to a regularly-scheduled Patch Tuesday in the fall of 2003, companies instituted a complicated process of testing and spot-deploying the updates before rolling them out en mass, said Silver. But as time went on, many halted the practice as they became confident the patches would not cripple computers or break applications.

"Now, very few organizations do that," Silver maintained. "Microsoft needs to gain that kind of credibility for these [Windows 8] updates."

---

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Smartphones driving violent crime across US

An IDG News Service investigation finds guns and knives are used in a quarter of all robberies of cellphones in San Francisco

On Feb. 27th in the middle of the afternoon, a 16-year-old girl was walking through San Francisco's Mission district when she was ordered at gun point to hand over her cellphone. The robbery was one of 10 serious crimes in the city that day, and they all involved cellphones. Three were stolen at gun point, three at knife point and four through brute force.

Incidents of cellphone theft have been rising for several years and are fast becoming an epidemic. IDG News Service collected data on serious crimes in San Francisco from November to April and recorded 579 thefts of cellphones or tablets, accounting for 41 percent of all serious crime. On several days, like Feb. 27, the only serious crimes reported in the daily police log were cellphone thefts.

In just over half the incidents, victims were punched, kicked or otherwise physically intimidated for their phones, and in a quarter of robberies, users were threatened with guns or knives.

(An interactive map showing six months of cellphone and tablet thefts in San Francisco can be viewed here)

This isn't just happing in tech-loving San Francisco, either. The picture is similar across the United States.

In Washington, D.C., cellphone thefts account for 40 percent of robberies, while in New York City they make up more than half of all street crime. There are no hard numbers on which phones are most popular, but those most in demand by thieves appear to be those most in demand by users: iPhones.

It's easy to see why the thefts are so rampant. Criminals can quickly turn stolen phones into several hundred dollars in cash, and phone users are often easy targets as they walk down the street engrossed in the screen and oblivious to their surroundings.

It shouldn't be this way. With built-in satellite positioning and reliance on a network connection, it should be easier to track them down. So why is theft still such a problem?

A big reason is that, until recently, there had been little to stop someone using a stolen cellphone. Carriers quickly suspend phone lines to avoid thieves running up high charges, but the handset itself could be resold and reused. It's made easier by modern smartphones that accept SIM cards, which were introduced to allow legitimate users to switch phones easily.

Reacting to pressure from law enforcement and regulators, the U.S.'s largest cellphone carriers agreed early last year to establish a database of stolen cellphones. The database blocks the IMEI (international mobile equipment identity) number, a unique ID in the cellphone akin to a car's VIN (vehicle identification number). The number is transmitted to the cellular network when the phone connects and remains with the phone no matter what SIM card is inserted.

In theory, once added to the list, a phone cannot be activated on any U.S. carrier network. But the system is not perfect. For it to work, phone users must notify their carrier of the theft and in some cases provide the IMEI themselves. There are also limitations to its scope.


"The blacklist is good, but one of the easiest things we can do to make it more effective is more worldwide data sharing," said Kevin Mahaffey, CTO of mobile security company Lookout. "There is some sharing in different parts of the world, but not all operators share their lists."

In the U.S., that's beginning to happen, said Chris Guttman-McCabe, vice president of regulatory affairs at the CTIA. AT&T and T-Mobile, which share a common network technology, have a common database and all U.S. carriers plan to have a single database up and running by November that covers phones based on the new LTE cellular technology.

U.S. carriers have also begun supplying information to an international database that covers 43 countries, and the U.S. Federal Communications Commission (FCC) has been talking to Canada, Mexico and some South American countries about getting on board, said Guttman-McCabe.

So now, the main push is to educate users about the existence of the block list and get them to secure their phones with a password, screen lock and software that can remotely track or wipe a stolen handset. Smartphone makers committed to include this information with new handsets sold from the beginning of this year.

Even if universal, a global blocklist still would have shortcomings. While technically difficult, it's possible in some phones to rewrite the IMEI number, providing them with a new identity and bypassing the network lockout.

In an attempt to combat this, Senator Charles Schumer, a Democrat from New York, introduced a bill into the U.S. Congress last year (S.3186) that sought a five-year jail sentence for anyone who rewrites an IMEI number. The bill was referred to the Judiciary Committee but died when the congressional session came to a close.

"To me, while well-intended, that's not necessarily where the solution is," said George GascA3n, San Francisco's district attorney, in an interview. "We already have way too many people in prison, we have enough laws on the books, and the last thing we want to do is continue to take young people and put them in prison for long periods of time."

"What we need to do is remove the marketability of these items," he said.

GascA3n, who has become one of the most outspoken members of the law enforcement community on the issue, is proposing the electronic equivalent of a self-destruct command.

"What we need is a technical solution, we need a kill switch that when a phone gets reported stolen the manufacturer or the carrier or a combination of both are going to render that phone inoperable anywhere," he said.

To work, it would have to rewrite the phone's basic software so the device becomes completely useless and cannot be restored, even if it was later recovered.

GascA3n says his message has not been received well by the carriers.

"I started last year by meeting with one of the carriers," he said. "They seemed to be genuinely concerned and wanted to set up a follow-up meeting."

The second meeting, between GascA3n, representatives of the four major carriers, and the CTIA, a Washington-based lobbying group for the telecommunications industry, didn't get far.

"It became very clear to me from the beginning, as the lobbying group took the lead on this, that they felt they had done all they were going to do," he said.

The CTIA disagrees with his assertion.

"I really think it's important for people to know that we recognize this is important for law enforcement," said Guttman-McCabe. But he doesn't support the idea of an electronic kill switch.

"Think of all the times people lose their phone and then find it, and imagine how consumer-unfriendly it would be if the carrier hit a kill switch," he said. "All of a sudden, you have a high-end smartphone that's useless and you have to buy an unsubsidized phone."

For now, the CTIA is sticking to its stolen phone database plan and isn't looking at other possible solutions.

The kill switch wanted by GascA3n would probably not be perfect, but it could help, said Lookout's Mahaffey.

"It would be very difficult to build anything that is impossible to take off a device," he said. "You can make it so difficult that all but the most sophisticated thieves can get around it. As we've seen with jailbreaking, no matter how much effort Apple put in, there will always be a way around it."

For now, the best thing phone users can do is try to avoid having their phones snatched in the first place.

"If you need to talk on your phone, we ask that you just step to the side of a building, put your back against the building, make your phone call or make your text, but then also be aware of what's going on around you. That makes a huge difference," said Officer Dennis Toomer of the San Francisco Police Department. He said most thefts occur because people are texting or talking on phones while walking and not paying attention to their surroundings.

"Day or night, you should always be aware of what's going on around you," he said.

In Washington, D.C., a series of crime-prevention posters show photographs of people using cellphones in public. In the pictures, the cellphones are overlayed with an image of a hundred-dollar bill and the tag line "This is how thieves see you on the street."

Phone users are also encouraged to install tracking software in their handsets. Apple has the Find My iPhone feature, and a number of applications exist for other phones that allow users to remotely track a phone's position and delete data stored on the device. They require the phone to be switched on and connected to a network, but often thieves don't immediately switch off stolen phones.

If a phone is promptly reported stolen, police can sometimes locate the device and the thieves using such applications.

"As with any security, there is no silver bullet, there's no one thing you can do," said Mahaffey. "But that doesn't mean we shouldn't do it, we should continue to find better ways to solve these problems."

---

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Payment card processors hacked in $45 million fraud

U.S. federal prosecutors indicted eight people accused of running a vast carding scheme

A vast debit card fraud scheme that allegedly netted US$45 million has been linked to the hacking of credit card processors in the U.S. and India.

Federal prosecutors in New York indicted eight men on Thursday whom they accuse of a scheme centered on raising the limit on prepaid debit cards and then withdrawing the cash from ATMs.

"In such operations, hackers manipulate account balances and in some cases security protocols to effectively eliminate any withdrawal limits on individual accounts," the indictment reads.

"As a result, even a few compromised bank account numbers can result in tremendous financial loss to the victim financial institution," it said.

Payment card processors are typically expected to comply with the Payment Card Industry Data Security Standard (PCI-DSS), a code of best practices created by the card industry designed to prevent hackers from obtaining card details.

In one example, the hackers raised the limit on 12 accounts at the Bank of Muscat, based in Oman. The account details were obtained through a U.S. credit card processor, which handles Visa and MasterCard prepaid debit cards. It was not identified in the indictment.

The account numbers were distributed to people in 24 countries, who encoded the account details onto dummy payment cards that could then be used in ATMs. Around Feb. 19, the Bank of Muscat lost $40 million in less than 24 hours as the people made withdrawals.

A single card's details was used around New York City for an astounding 2,904 withdrawals, amounting to $2.4 million, according to the indictment. The same number was used in other withdrawals worldwide for another $6.5 million.

The Indian credit card processor, which was also not identified, held the details for prepaid Visa and MasterCard debit accounts with the National Bank of Ras Al-Khaimah PSC in the United Arab Emirates.

The limits for five of those accounts were increased, and the card details send to people in 20 countries. More than 4,500 ATM withdrawals were made, causing $5 million in losses, the indictment said.

The defendants are charged in U.S. District Court for the Eastern District of New York with conspiracy to commit access device fraud, money laundering conspiracy and two counts of money laundering.

Those arrested are Jael Mejia Collado, Joan Luis Minier Lara, Evan Jose Pena, Jose Familia Reyes, Elvis Rafael Rodriguez, Emir Yasser Yeje and Chung Yu-Holguin.

An eighth defendant, Alberto Yusi Lajud-Pena, is believed to have been murdered in the Dominican Republic on April 27.

---

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

FAQ: Phishing tactics and how attackers get away with it

FAQ: Phishing tactics and how attackers get away with it
Latest Anti-Phishing Working Group report shows rise of attacks on virtual-server farms at hosting facilities

Phishing attacks on enterprises can be calamitous in terms of compromised networks or damaged brand names, and the Anti-Phishing Working Group (APWG), which aggregates and analyzes phishing trends data worldwide, offers some of the best insight from industry into what's occurring globally in terms of this cybercrime. The following list of frequently asked questions about phishing is derived from the APWG's April report that covers the period July-December 2012 worldwide.

Q: How many phishing attacks occurred in the second half of last year?
A: There were at least 123,486 unique phishing attacks worldwide. This is more than the 93,462 attacks that APWG observed in the first half of 2012. This is due to an increase in phishing attacks that leveraged shared virtual servers to compromise multiple domains at once.

Q: How many unique domain names were involved in the phishing attacks?
A: Due to the shared virtual server hacking, the attacks used 89,748 unique domain names -- up from the 64,204 domains used in for the first half of 2012. In addition, 2,489 attacks were detected on 1,841 unique IP addresses, rather than on domain names, a trend that has remained steady for three years. None of these phishing attacks were reported on IPv6 addresses though.

Q: How many of these domain names were maliciously registered by phishing attackers versus the number of domains that represent hacked or compromised ones on vulnerable Web hosting?
Of the 89,748 unique domain names, the APWG identified 5,835 domain names that APWG believes were registered maliciously by phishers. This number is down significantly from 7,712 identified in the first half of 2012, a downward trend that's occurred since the count for maliciously registered domain names stood at 14,650 in the first half of 2011. The other 83,913 domains were almost all hacked or compromised on vulnerable Web hosting. The overall use of subdomain services for phishing fell from 14% to 8% of all attacks. Phishers continue to use "URL shortening" services to obfuscate phishing URLs but such use involved only 785 attacks in the second half of 2012. Over 65% of malicious shortened URLS use for phishing were found at a single provider, TinyURL.com.

Q: What top-level domains (TLDs) are the most popular for registration by phishers?
A: 82% of the malicious domain registrations were in just three TLDs: .COM, .TK (Thailand) and .INFO. PayPal is the most targeted brand, with 39% of all phishing attacks aimed at PayPal users. .COM contained 48% of the phishing domains in the APWG's data set, and 42% of the domains in the world. Thailand's .TH domain, which accounts for just over half of the world's malicious registrations made in the .TK registry, continues its high ranking as it has for several years, and it suffers from compromised government and university web servers, according the APWG.

Q: What were the top registrars worldwide used by phishers to purchase domain names?
A: 21 registrars, several of them in China, accounted for 79% of the domains registered maliciously (a total of 2,991). These were Shanghai Yovole Networks; Chengdu West Dimension Digital technology; Hang Zhou E-Business Services; Jiangsu Bangning Science; Intenret.bs; Beijing Innovative; 1API; Bizcn.com; Directl/PDR; Hichina Zhicheng; Melbourne IT; Xin Net technology Corp; Regsiter.com; Name.com; Fast Domain; eNom Inc.; OVH; GoDaddy; Tucows; 1 and 1 Internet AG.

Q: What's being seen in the trend toward mass break-in techniques?
A: Instead of hacking sites one at a time, the phisher can infect dozens, hundreds or even thousands of websites at a time, depending on the server. In the second half of 2011, APWG identified 58,100 phishing attacks that used the mass break-in technique, representing 47% of all phishing attacks recorded worldwide at that time. In February 2012, attacks of this nature started up again, peaking in August 2012 with over 14,000 phishing attacks sitting on just 61 servers. Levels declined in late 2012 but are still high. These attacks, according to APWG, "turn compromised servers at hosting facilities into weapons" because hosting facilities contain large numbers of powerful servers with the type of network access that supports large amounts of traffic. This break-in tactic against virtual-server farms offers the attacker significantly more computing power and bandwidth that scattered home PCs.

Q: What more is evident about the link between shared hosting environments and phishing?
A: In late 2012 and into 2013, the APWG saw increasing use of tools targeting shared hosting environments, and particularly WordPress, cPanel and Joomla installations. For example, beginning in late 2012, criminals hacked into server farms to perpetrate extended DDoS attacks against American banks. In April 2013, there were brute-force attacks against WordPress installations at hosting providers in order to build a large botnet. Tens of thousands to hundreds of thousands of these shared servers have been cracked by such techniques. Access and use of these boxes is then metered out in the criminal underground for all sorts of activities, including DDoS, malware distribution, and phishing. It all highlights the vulnerability of hosting providers, the software they use and weak password management. Rod Rasmussen, president and CTO at Internet Identity and co-chair of the APWG's Internet Policy Committee, says unpatched open-source software is a popular target with attackers hitting the hosting providers that make the software available to their customers.

Q: How long do live phishing attacks typically last these days?
A: The average "uptime" as of the last half of 2012 was 26 hours and 13 minutes. The median uptime was 10 hours and 19 minutes -- said to be almost twice the historically low uptime of five hours and 45 minutes achieved in the first half of 2012. According to the AWPG, the longer a phishing attack remains active, the more money the victims and target institutions lose. The first day of a phishing attack is believed to be the most lucrative for the phisher. The virtual-server-related attacks tended to be mitigated more efficiently if only because they prompted many complaints to the hosting providers that were impacted.

Q: The APWG points out that malicious domain registrations remained under 10% of all phishing domains for the last three quarters of 2012. Any idea why?
A: Some factors may be contributing to the trend -- reputation services are blocking domains and subdomains quickly, registrars and registries are more responsive to malicious registrations and have better fraud controls, and phishers may be relying more on automated scripts to exploit large numbers of Web servers using known vulnerabilities.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter:

---

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

Intel appoints Krzanich CEO

After a vetting process that lasted a little more than six months, Intel has named Brian Krzanich as its next CEO, succeeding Paul Otellini, who will officially hand over the reins of the chip giant at the company's annual stockholders' meeting on May 16.

Otellini announced Nov. 20 last year that he would retire in May after four decades with the company, of which eight years were as the company's CEO.

Krzanich, who has worked as chief operating officer and senior vice president up until now, beat other internal candidates being considered for the post, according to industry insiders. They included Stacy Smith, Intel's CFO and senior vice president and Renee James, senior vice president and general manager of software and services.

The board of directors also elected James, 48, to be president of Intel. She will also assume her new role on May 16.

All three were promoted to senior vice president on Nov. 20, the same day Otellini's retirement was announced.

"After a thorough and deliberate selection process, the board of directors is delighted that Krzanich will lead Intel as we define and invent the next generation of technology that will shape the future of computing," said Andy Bryant, chairman of Intel, in a statement Thursday.

"Brian is a strong leader with a passion for technology and deep understanding of the business," Bryant added. "His track record of execution and strategic leadership, combined with his open-minded approach to problem solving has earned him the respect of employees, customers and partners worldwide. He has the right combination of knowledge, depth and experience to lead the company during this period of rapid technology and industry change."

Analysts have said that recent CEOs at Intel were appointed at the time of directional changes for the company, whose core business of laptop and desktop chips has struggled with the slowdown in the PC market. Otellini's successor will have the task of maintaining Intel's top spot in the slumping PC market while trying to dislodge ARM from the fast-growing mobile market.

Intel's processors are used in just a handful of mobile phones and tablets, and 52-year-old Krzanich will have to a get device makers to adopt the company's mobile Atom processors. Intel has poured millions of dollars into smartphone and tablet chip development as it tries to take market share away from ARM, whose processors are used in most tablets and smartphones.

It will also be up to the new CEO to fix a faltering strategy around ultrabooks, which Intel is pushing as a new category of thin-and-light laptops with tablet features. Ultrabooks were introduced to reinvigorate the PC market, but product sales have been slow because of high prices.

Analysts have also pointed out that Intel could focus more on a foundry strategy and expand operations for making chips for third parties. Intel's fabrication plants are considered more advanced compared to those of rivals GlobalFoundries, Samsung, and TSMC (Taiwan Semiconductor Manufacturing Co.) Intel has historically used its manufacturing assets to make chips for itself, but has recently opened up to the idea of becoming a contract manufacturer. Intel makes chips -- mainly high-margin FPGAs -- on a limited basis for third parties such as Altera, Tabula and Achronix.

Otellini became Intel CEO in 2005 just as the company was struggling to keep up with chip development and losing processor market share to rival Advanced Micro Devices. Otellini put in place the famous "tick-tock" strategy that brought out updates to chips on a yearly basis. That stabilized product releases, development and chip manufacturing cycles. In addition to winning back market share, Otellini played a key role in Apple's shift from the PowerPC processors to x86 chips on Macs in 2005 and 2006.

Otellini also guided Intel through multiple antitrust cases and expanded product offerings through acquisitions of companies such as Wind River and McAfee. Intel also acquired networking firm Fulcrum, and assets from Qlogic and Cray, with which the company is expanding its data center offerings. Intel also bought wireless assets from Infineon which are expected to be integrated into smartphone and tablet processors.

But for all his achievements, Otellini's reign had its rough times. He failed to quickly adapt to the fast-growing mobile market, but made up by accelerating development of the Atom chips. Otellini was also a champion of ultrabooks, which have so far failed in the market.

---

Best CCNA Training and CCNA Certification and more Cisco exams log in to Certkingdom.com