By Ellen Nakashima as written on The Washington Post - June 2015.

China hacked into the federal government’s network, compromising four million current and former employees' information. The Post's Ellen Nakashima talks about what kind of national security risk this poses and why China wants this information. (Alice Li/The Washington Post)

Hackers working for the Chinese state breached the computer system of the Office of Personnel Management in December, U.S., and the agency will notify about 4 million current and former federal employees that their personal data may have been compromised.

The hack was the largest breach of federal employee data in recent years. It was the second major intrusion of the same agency by China in less than a year and the second significant foreign breach into U.S. government networks in recent months.Last year, Russia compromised White House and State Department e-mail systems in a campaign of cyber­espionage.

The OPM, using new tools, discovered the breach in April, according to officials at the agency who declined to discuss who was behind the hack.

Other U.S. officials, who spoke on the condition of anonymity, citing the ongoing investigation, identified the hackers as being state-sponsored.

One private security firm, iSight Partners, says it has linked the OPM intrusion to the same cyber­espionage group that hacked the health insurance giant Anthem. The FBI suspects that that intrusion, announced in February, was also the work of Chinese hackers, people close to the investigation have said.

The intruders in the OPM case gained access to information that included employees’ Social Security numbers, job assignments, performance ratings and training information, agency officials said. OPM officials declined to comment on whether payroll data was exposed other than to say that no direct-
deposit information was compromised. They could not say for certain what data was taken, only what the hackers gained access to.

“Certainly, OPM is a high-value target,” Donna Seymour, the agency’s chief information officer, said in an interview. “We have a lot of information about people, and that is something that our adversaries want.”

The personal information exposed could be useful in crafting “spear-phishing” e-mails, which are designed to fool recipients into opening a link or an attachment so that the hacker can gain access to computer systems. Using the stolen OPM data, for instance, a hacker might send a fake e-mail purporting to be from a colleague at work.

After the earlier breach discovered in March 2014, the OPM undertook “an aggressive effort to update our cybersecurity posture, adding numerous tools and capabilities to our networks,” Seymour said. “As a result of adding these tools, we were able to detect this intrusion into our networks.”

“Protecting our federal employee data from malicious cyber incidents is of the highest priority at OPM,” Director Katherine Archuleta said in a statement.

In the current incident, the hackers targeted an OPM data center housed at the Interior Department. The database did not contain information on background investigations or employees applying for security clear­ances, officials said.

By contrast, in March 2014, OPM officials discovered that hackers had breached an OPM system that manages sensitive data on federal employees applying for clearances. That often includes financial data, information about family and other sensitive details. That breach, too, was attributed to China, other officials said. OPM officials declined to comment on whether the data affected in this incident was encrypted or had sensitive details masked. They said it appeared that the intruders are no longer in the system.

“There is no current activity,” an official said. But Chinese hackers frequently try repeat intrusions.

Seymour said the agency is working to better protect the data stored in its servers throughout the government, including by using data masking or redaction. “We’ve purchased tools to be able to implement that capability for all” the data, she said.

Among the steps taken to protect the network, the OPM restricted remote access to the network by system administrators, officials said. When the OPM discovered the breach, it notified the FBI and the Department of Homeland Security.

A senior DHS official, who spoke on the condition of anonymity because of the ongoing investigation, said the “good news” is that the OPM discovered the breach using the new tools. “These things are going to keep happening, and we’re going to see more and more because our detection techniques are improving,” the official said.

FBI spokesman Josh Campbell said his agency is working with DHS and OPM officials to investigate the incident. “We take all potential threats to public- and private-sector systems seriously and will continue to investigate and hold accountable those who pose a threat in cyberspace,” he said.

The intruders used a “zero-day” — a previously unknown cyber-tool — to take advantage of a vulnerability that allowed the intruders to gain access into the system.

[Why the Internet’s massive flaws may never get fixed]

China is one of the most aggressive nations targeting U.S. and other Western states’ networks. In May 2014, the United States announced the indictments of five Chinese military officials for economic cyber­espionage — hacking into the computers of major steel and other companies and stealing plans, sensitive negotiating details and other information.

“China is everywhere,” said Austin Berglas, head of cyber investigations at K2 Intelligence and a former top cyber official at the FBI’s New York field office. “They’re looking to gain social and economic and political advantage over the United States in any way they can. The easiest way to do that is through theft of intellectual property and theft of sensitive information.”

Rep. Adam B. Schiff (Calif.), ranking Democrat on the House Intelligence Committee, said the past few months have seen a massive series of data breaches affecting millions of Americans.

“This latest intrusion . . . is among the most shocking because Americans may expect that federal computer networks are maintained with state-of-the-art defenses,” he said. “The cyberthreat from hackers, criminals, terrorists and state actors is one of the greatest challenges we face on a daily basis, and it’s clear that a substantial improvement in our cyber databases and defenses is perilously overdue.”

Colleen M. Kelley, president of the nation’s ­second-largest federal worker union, the National Treasury Employees Union, said her organization “is very concerned” about the breach. “Data security, particularly in an era of rising incidence of identity theft, is a critically important matter,” she said.

“It is vital to know as soon as possible the extent to which, if any, personal information may have been obtained so that affected employees can be notified promptly and encouraged to take all possible steps to protect themselves from financial or other risks,” she said.

Lisa Rein contributed to this report.

Source: WashingtonPost.com

Elastic Beanstalk Update – Enhanced Application Health Monitoring

By Abhishek Singh as written on AWS Official Blog.

AWS Elastic Beanstalk simplifies the process of deploying and scaling Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker web applications and services on AWS. Today we are making Elastic Beanstalk even more useful by adding support for enhanced application health monitoring.

To understand the benefit of this new feature, imagine you have a web application with a bug that causes it to return an error when someone visits the /blog page but the rest of your application works as expected. Previously, you could detect such issues by either monitoring the Elastic Load Balancers HTTPCode_Backend_5XX metric or going to the URL yourself to test it out. With enhanced application health monitoring, Elastic Beanstalk does the monitoring for you and highlights such issues by changing the health status as necessary. With this new feature, Elastic Beanstalk not only monitors the EC2 and ELB health check statuses but also monitors processes (application, proxy, etc.) and essential metrics (CPU, memory, disk space, etc.) to determine the overall health of your application.

At the core of the enhanced health monitoring feature are a set of rules that allow Elastic Beanstalk to detect anomalies in your running application and flag them by changing the health status. With every change in health status, Elastic Beanstalk provides a list of causes for the change. In the example above, the system would detect an increase in 500 errors as visitors visit the /blog page and flag it by changing the health status from “Ok” to “Warning” with a cause of “More than 1% of requests are failing with 5XX errors”.

Here’s what the status looks like in the AWS Management Console:

And from the command line (via eb health --refresh):

As you can see, this makes it much easier to know when your application is not performing as expected, and why this is the case (we are working on a similar view for the Console). For further details on how enhanced application health monitoring works, see Factors in Determining Instance and Environment Health.

As part of this feature we have also made some other changes:

• • Health monitoring is now near real-time. Elastic Beanstalk now evaluates application health and reports metrics every 10 seconds or so instead of every minute.

Rolling deployments require health checks to pass before a version deployment to a batch of instances is deemed successful. This ensures that any impact due to regressions in application versions is minimized to a batch of instances.

• The set of values for the health status has been expanded from three (Green, Yellow, and Red) to seven (Ok, Warning, Degraded, Severe, Info, Pending, and Unknown). This allows Elastic Beanstalk to provide you with a more meaningful health status.

• We have added over 40 additional environment and instance metrics including percentiles of application response times, hard disk space consumption, CPU utilization, all of which can be published to Amazon CloudWatch as desired for monitoring and alarming.

To begin using this feature, log in to the AWS Elastic Beanstalk Management Console or use the EB CLI to create an environment running platform version 2.0.0 or newer.

— Abhishek Singh, Senior Product Manager, AWS Elastic Beanstalk

Source: AWS Official Blog

All NFL Players Are Getting RFID Chips This Season

Using real-time RFID tracking of NFL players, the Next Gen Stats portion of the NFL app for Xbox One and Windows 10 shows a play in detail. Image: Microsoft

In terms of size, speed, and strength, NFL football players have always been superhuman. This season, they’re all about to become cyborgs, too.

Last year, the NFL tested out Zebra Technologies MotionWorks RFID system in 18 stadiums to track vector data: A player’s speed, distance, and direction traveled during each game in real-time. This season, that wireless tracking technology will be embedded in every NFL player’s shoulder pads, and viewers at home can see all that data come to life in the redesigned NFL 2015 app for Xbox One and Windows 10.

Within the app, there’s a feature called Next Gen Stats that turns each player into an digital avatar for a “Next Gen Replay.” In coordination with a highlight clip posted shortly after it occurs live on the field, Next Gen Replay displays every player’s speed at each moment of a play, lets you toggle between players, and keeps track of the actual yardage a running back has run in a play or in a game.

“We will tie Next Gen Stats into every replay that comes into the Xbox,” says Todd Stevens, Executive Producer at Microsoft. “Replays like a one-yard touchdown run, you don’t really need Next Gen Stats. But some of these plays, like a long pass play, are truly spectacular. We wanted to give them a bit of special sauce.”

To do so, the Next Gen Stats section will also include features that highlight players rather than plays. At launch, which will be in late August, there will be a special section called Afterburner that highlights the speediest players in the NFL over time. More of those player-highlight collections are planned for the future in a section called Top Playmakers.

Tying speed, position, and distance data to 22 separate football players, animating them on a virtual field, and aggregating all their data over time might seem like a process that would take a while to add to each highlight clip. But according to Stevens, as soon as a highlight clip is posted to NFL.com, the Xbox NFL app will have all that stuff ready to go for each video.

“The only thing that keeps us from having it instantaneous is the human element to cutting the highlight,” Stevens says. “If somebody in Culver City for the NFL has to edit the highlight, as soon as it hits NFL.com we get it, and we can tie in the data instantaneously. We have all the data as the game is being played. You could see the little position graphics live. There are complications to showing that, but it’s something I think we’ll end up trying to do in the future.”

Along with the video-game-like presentation of real-world plays, there’s an actual gaming aspect to the Next Gen Replay feature. In a mini-game called “NGS Pick’em,” you choose eight to 10 players you think will run the fastest or travel the farthest in a game.

While Next Gen Stats is innovative, a few more features within the new NFL app for Xbox may be even more compelling for big-time fans. You can basically roll your own sports ticker: You select pop-up notifications for specific games, your favorite teams, and two fantasy teams from NFL.com, CBS, ESPN, and Yahoo. A little alert will pop up from the bottom of the screen to let you know if something notable has happened in tracked games, if someone in your fantasy matchup has scored, or if a new highlight clip from a game is ready. Using the Xbox One’s “Snap” feature, you can then view that clip in a sidebar without interrupting the main game you’re watching on the big screen.

“Our focus was to make this the best gameday experience,” says Stevens. “It’s super-simple to customize and slide in and out of things without missing any of the game. You hit one button and you go into that snap view, another button and I’m back in full screen.”

The new app will be available in late August, just in time for week three of the preseason. The NFL app and the Next Gen Stats features are free to everyone.

Source: http://www.wired.com/2015/08/nfl-players-getting-rfid-chips-season/

[Editor's note: The overall award rating is based on a composite score of analyst ratings for customer satisfaction, depth of functionality, company direction, and cost. For the cost score, analysts gave the highest marks to vendors with the lowest expected costs. Company revenues were also factored into the overall score, but these numbers are not included in the chart above.]

THE MARKET

According to a Gartner report, the CRM software market grew from $20.4 billion in 2013 to $23.2 billion in 2014 (representing 13.3 percent growth). An ongoing trend among enterprises is the movement from pure on-premises solutions to cloud-based solutions. Increasingly, large companies are seeking easy deployments and quick ways to improve upon legacy systems with complementary functionality. In the report, Joanne Correia, research vice president at Gartner, noted that the demand for software-as-a-service continues, "with SaaS accounting for almost 47 percent of total CRM software revenue in 2014."

THE LEADERS

According to analysts, NetSuite has the right steps in mind, evidenced by its high score in company direction (4.1). Jim Dickie, managing director at CSO Insights, a division of MHI Global, notes that though the solution is "not seen often for large enterprises," the company has its sights set on larger outfits. "We've been moving upmarket ever since we've gone public [in 2007]," CEO Zach Nelson said at SuiteWorld, the company's annual user conference, this May. The company also garnered a respectable customer satisfaction score (3.8). Rebecca Wettemann, vice president of Nucleus Research, says that "the strength of NetSuite still lies in its single database and ability for sales and other users to see not just CRM but order and other data."

Like last year, Oracle scored the second highest in depth of functionality (4.1). Wettemann notes that the company's offerings, which include the Sales Cloud, Eloqua, CPQ, analytics, and mobile functionality, "are…solid capabilities enterprises need," but that Oracle "still needs some improvement in setup." She suggests changes are on the way, however, as the company "has made significant advances in usability." Cost continues to be an issue for Oracle; the company had its lowest score in that area (3.3).

Salesforce.com stands out for its company direction and customer satisfaction, two areas where it scored a 4.2. Analysts attribute this largely to the company's focus on an improved user interface. Wettemann says she expects that "the investments it is making in UI and in-app analytics will really pay off and make [Salesforce’s offerings] even more attractive to customers in the near term." John Ragsdale, vice president of technology and social research for the Technology Services Industry Association (TSIA), agrees, saying that the solutions are becoming more usable and that the company's focus on its Customer Success platform "is paying off with strong adoption and consumption by customers."

SAP scored lowest in cost (3.4) and highest in depth of functionality (nearly 4.0). Ragsdale suggests that SAP's embedded analytics "offer tremendous value" to buyers, who are "increasingly demanding sophisticated analytics and dashboards." Leslie Ament, senior vice president and principal analyst at Hypatia Research Group, notes that the company has improved its customer engagement and journey tracking capabilities. "Encompassing sales, marketing, customer service, and commerce, SAP has delivered an enterprise-class CRM solution," she told CRM magazine via email. Despite this praise, it is notable that of the leaders, SAP ranked the lowest in company direction (3.6). Wettemann says that "SAP seems to have lost its way in CRM and doesn't have a clear story on how it delivers value or how it can catch up on product road maps."

THE WINNER

Microsoft takes the title this year from longtime defending champion Salesforce.com. Analysts gave the company high marks in company direction (4.5). Ragsdale notes that "Microsoft is heavily investing in [its] CRM platform, adding sophistication across sales, marketing, and service, and as a result is seeing increased adoption by large enterprises." Wettemann singles out as strengths the "Parature service capabilities and knowledge base" as well as "integration with Office 365 and PowerBI," and Ament lauded the company's improved suite of integrated customer engagement products. Its software enables companies to reach customers "via multiple touch points and to do so with enterprise-wide intelligence, supported by Microsoft's Business Analytics platform (PowerBI and Azure Data Services)," Ament said via email.

ONE TO WATCH

Infor stepped up as One to Watch this year—and nearly made it onto the leaderboard. The company's acquisition of SalesLogix in August has bolstered its sales functionality, the category in which it scored the highest (3.8). "Infor has long had strong marketing capabilities with Epiphany and continues to build out its CRM offering with…SalesLogix," Wettemann says.

SOURCE: http://www.destinationcrm.com/Articles/Editorial/Magazine-Features/-The-2015-CRM-Market-Leaders-Enterprise-CRM-Suite-105502.aspx?_cldee=bHZhbmdlcnVAbWljcm9zb2Z0LmNvbQ%3d%3d&utm_source=ClickDimensions&utm_medium=email&utm_campaign=FY16%20Microsoft%20Newsletter%20-%20CRM%20Focus

[vc_row][vc_column][vc_column_text]

Microsoft Announces Expansion of Security Bounty Programs Offering Direct Payments in Exchange for Reporting Vulnerabilities

Microsoft is offering direct payments in exchange for reporting certain types of vulnerabilities and exploitation techniques. Microsoft today announced additional expansions of the Microsoft Bounty Programs like raising the Bounty for Defense maximum from $50,000 USD to $100,000 USD, new bonus period for Authentication vulnerabilities in the Online Services Bug Bounty and few others. Read about them below.

The changes to the Bounty for Defense reflect the continuing evolution of the Microsoft Bounty Program, based on the feedback and opportunities brought to us from the Security Research Community.

• Raising the Bounty for Defense from $50,000 USD to $100,000 USD

• Brings defense up on par with offense

• Rewards the novel defender equally for their research

This continued evolution includes a new approach to the Online Services Bug Bounty Program:

• Authentication vulnerabilities will receive double bounty payouts

• Microsoft Account (MSA) and Azure Active Directory (AAD) vulnerabilities

• Bonus period will run from August 5, 2015 – October 5, 2015

• All payouts during this period will receive twice the normal payout (that means we will pay $30,000 USD for a great Authentication vulnerability!)

MSA contest at Black Hat

• Come show us your 1337 skills and win an Xbox One, Surface 3, or one year of full MSDN access

• Come visit us at the Microsoft Networking Lounge, August 5-6, in Mandalay Bay to review full rules and to participate

RemoteApp

• RemoteApp lets users run Windows apps hosted in Azure anywhere, and on a variety of devices

• RemoteApp is being added as a new property of the Online Services Bug Bounty Program and all of the regular terms and payout rules apply

Source: Microsoft[/vc_column_text][/vc_column][/vc_row]

Microsoft today released updated OneDrive and OneNote apps for Android Wear. The new OneDrive for Android Wear brings a new OneDrive watch face, every time you activate your watch, you’ll see a photo from the last 30 days. Also, they have now added support for OneDrive notifications on your watch, so you will always be up-to-date on edits made to shared documents.

With the updated OneNote app, in addition to dictating a new note with the ease of saying “Ok Google, take a note,” you can see your most recently viewed notes right on your watch.

Learn more.

The AWS Webinar Series is a selection of live online presentations that cover a broad range of topics at varying technical levels. These webinars feature technical sessions led by AWS solutions architects and engineers, live demonstrations, customer examples and Q&A with AWS experts.

Whether you are new to the cloud or an experienced user, you will find a number of sessions that can help you learn about our products, solutions and best practices.

The sessions below are categorized into three levels: Overview*, Essentials* and Advanced*. You can click on the "learn more" drop down arrow to view the detailed description of each session.

Overview: No domain or topic knowledge needed

Essentials: Domain knowledge required, topic knowledge not required

Advanced: Domain and topic knowledge required

Learn best practices of the following services:

• Build serverless backends with AWS Lambda and Amazon API Gateway

• Save Up to 90% on your Amazon EC2 Bill with Spot Instances

• Deep dive on new and existing Amazon S3 features

• Get insights for exporting and querying your mobile app usage with Amazon Mobile Analytics

• Run containerized batch jobs with Amazon EC2 Container Service

• Use AWS services to reduce the impact of DDoS attacks

AGENDA & REGISTRATION

Microsoft today announced that fully featured DVR capability is coming to Xbox One. Users can schedule recordings and watch TV shows and programs at their convenience. From your Xbox One, you can stream recorded TV shows to other devices, either via the Xbox app on Windows 10, or through Xbox SmartGlass for iOS and Android. Even better, you can also download shows to your Windows 10 phone, PC or tablet so you can watch them anywhere. You can schedule recordings from OneGuide on your Xbox One console, the Xbox app on Windows 10 devices or with Xbox SmartGlass on iOS and Android devices. You can also add, review and edit your scheduled recordings from your PC, tablet or phone while you are away from home with ease.

With DVR for Over-the-Air TV, you’ll never miss a minute of your favorite TV shows, movies or sporting events when you want to play a game or need to step out. Once your Xbox One is set up for over-the-air TV*, it’s as easy as plugging a USB hard drive into your Xbox One console and recording your content. And by recording content to an external drive, there’s no impact on your gameplay activities or ability to save to the console.

This feature will be free and it will be coming in 2016.