Why IoT Security Is So Critical

By Ben Dickson (@bendee983) as written on techcrunch.com

Twenty years ago, if you told me my phone could be used to steal the password to my email account or to take a copy of my fingerprint data, I would’ve laughed at you and said you watch too much James Bond. But today, if you tell me that hackers with malicious intents can use my toaster to break into my Facebook account, I will panic and quickly pull the plug from the evil appliance.

Welcome to the era of the Internet of Things (IoT), where digitally connected devices are encroaching on every aspect of our lives, including our homes, offices, cars and even our bodies. With the advent of IPv6 and the wide deployment of Wi-Fi networks, IoT is growing at a dangerously fast pace, and researchers estimate that by 2020, the number of active wireless connected devices will exceed 40 billion.

The upside is that we are able to do things we never before imagined. But as with every good thing, there’s a downside to IoT: It is becoming an increasingly attractive target for cybercriminals. More connected devices mean more attack vectors and more possibilities for hackers to target us; unless we move fast to address this rising security concern, we’ll soon be facing an inevitable disaster.

IoT Vulnerabilities Open Up New Possibilities To Hackers

Some of the more frightening vulnerabilities found on IoT devices have brought IoT security further up the stack of issues that need to be addressed quickly.

Earlier this month, researchers found critical vulnerabilities in a wide range of IoT baby monitors, which could be leveraged by hackers to carry out a number of nefarious activities, including monitoring live feeds, changing camera settings and authorizing other users to remotely view and control the monitor.

In another development, it was proven that Internet-connected cars can be compromised, as well, and hackers can carry out any number of malicious activities, including taking control of the entertainment system, unlocking the doors or even shutting down the car in motion.

Wearables also can become a source of threat to your privacy, as hackers can use the motion sensors embedded in smartwatches to steal information you’re typing, or they can gather health data from smartwatch apps or health tracker devices you might be using.

Some of the most worrisome cases of IoT hacks involve medical devices and can have detrimental — perhaps fatal — consequences on patients’ health.

What Is being Done To Secure The IoT?

The silver lining is that IoT security, previously ignored, has now become an issue of high concern, even at the federal government level. Several measures are already being taken to gap holes and prevent security breaches at the device level, and efforts are being led to tackle major disasters before they come to pass.

After the Jeep Cherokee hack, automaker Fiat scrambled to have the problem fixed and quickly issued a safety recall for 1.4 million U.S. cars and trucks to install a security update patch. The whole episode also served as a wakeup call for the entire IoT industry.

Now security firms and manufacturers are joining ranks to help secure the IoT world before it spins out of control. Digital security company Gemalto is planning to use its experience in mobile payments to help secure IoT devices. Gemalto will be offering its Secure Element (SE) technology to automotive and utility companies. SE is a tamper-resistant component that gets embedded into devices to enable advanced digital security and life-cycle management via encryption of and access-control limitation to sensitive data.

Microsoft also is entering the fray, and has promised to add BitLocker encryption and Secure Boot technology to the Windows 10 IoT, the software giant’s operating system for IoT devices and platforms such as the Raspberry Pi. BitLocker is an encryption technology that can code entire disk volumes, and it has been featured in Windows operating systems since the Vista edition. This can be crucial to secure on-device data. Secure Boot is a security standard developed by members of the PC industry to help make sure that your PC boots using only software that is trusted by the PC manufacturer. Its implementation can prevent device hijacking.

The IoT security issue has also given rise to new alliances. A conglomeration of leading tech firms, including Vodafone, founded the Internet of Things Security Foundation, a non-profit body that will be responsible for vetting Internet-connected devices for vulnerabilities and flaws and will offer security assistance to tech providers, system adopters and end users. IoTSF hopes to raise awareness through cross-company collaboration and encourage manufacturers to consider security of connected devices at the hardware level.

“The opportunity for IoT is staggering,” said John Moor, a spokesperson for IoTSF. “However, there are ever-real security challenges that accompany those opportunities.” Moor stressed the importance to address security from the start. “By creating a dedicated focus on security,” he promised, “our intention is simple — drive excellence in IoT security. IoTSF aims to be the home for providers, adopters and beneficiaries of IoT products and services.”

Other companies are working on setting up platforms that will enable large networks of IoT devices to identify and authenticate each other in order to provide higher security and prevent data breaches.

There also is research being conducted to enhance IoT security through device and smartphone linking. The effort is being led by experts at the University of South Hampton, who believe smartphones can help overcome IoT devices’ limits in user interfaces and complexities in networking.

What More Needs To Be Done?

While the effort to tackle security issues regarding IoT devices is laudable, it isn’t enough to ensure that we can leverage the full power of this new technology in a secure environment.

For one thing, the gateways that connect IoT devices to company and manufacturer networks need to be secured as well as the devices themselves. IoT devices are always connected and always on. In contrast to human-controlled devices, they go through a one-time authentication process, which can make them perfect sources of infiltration into company networks. Therefore, more security needs to be implemented on these gateways to improve the overall security of the system.

Also of concern are huge repositories where IoT data is being stored, which can become attractive targets for corporate hackers and industrial spies who rely on big data to make profits. In the wake of massive data breaches and data theft cases we’ve seen in recent years, more effort needs to be made to secure IoT-related data to ensure the privacy of consumers and the functionality of businesses and corporations.

There also must be a sound plan for installing security updates on IoT devices. Each consumer will likely soon own scores — if not hundreds — of connected devices. The idea of manually installing updates on so many devices is definitely out of the question, but having them automatically pushed by manufacturers also can be a risky business. Proper safeguards must be put in place to prevent updating interfaces from becoming security holes themselves.

What is evident is that the IoT will become an important part of our lives very soon, and its security is one of the major issues that must be addressed via active participation by the entire global tech community. Will we be able to harness this most-hyped, emerging technology that will undoubtedly revolutionize the world, or will we end up opening a Pandora’s Box that will spiral the world into a new age of mayhem and chaos? Let’s hope for the former.

Source: techcrunch.com/2015/10/24/why-iot-security-is-so-critical/

As written on Microsoft.com on September 8, 2015 by Takeshi Numoto - Corporate Vice President, Cloud and Enterprise Marketing, Microsoft

I’m pleased to announce today that Microsoft has acquired Adallom, an innovator in cloud security and a leader in helping customers protect their critical assets across cloud applications. This acquisition is the latest example of Microsoft’s commitment to delivering innovative identity and security capabilities to our customers, across both on-premises and multiple clouds.

With more frequent and advanced cybersecurity attacks continuing to make headlines, customer concerns around security remain top of mind. These concerns pose real challenges for IT, who are charged with protecting company data in this rapidly evolving mobile-first, cloud-first world. In this world, identity is a critical control plane for managing and protecting access to applications and data.

Adallom expands on Microsoft’s existing identity assets, and delivers a cloud access security broker, to give customers visibility and control over application access as well as their critical company data stored across cloud services. Adallom works with popular cloud applications including Salesforce, Box, Dropbox, ServiceNow, Ariba, and of course Office 365. As a cloud-delivered, security-as-a-service solution, Adallom will complement existing offerings that Microsoft makes available today as part of Office 365 and the Enterprise Mobility Suite (EMS), including our recent Microsoft Advanced Threat Analytics release.

Adallom, cofounded in 2012 by Assaf Rappaport, Ami Luttwak and Roy Reznik, has assembled a world-class team with a dedicated focus on making it easier to enhance data security in the cloud. The team will continue to evolve, build technology, sell solutions and work with customers as we complete the integration into Microsoft.

Once again, we are thrilled to welcome the Adallom team into the Microsoft family. Advanced threats and cybercrime will persist in this mobile-first, cloud-first era, but at Microsoft we remain committed to helping our customers protect their data with new and innovative identity and security capabilities. We encourage our customers to evaluate and use this offering starting today, to learn more visit http://www.adallom.com.

"With traditional IT, it would take weeks or months to contend with hardware lead times to add more capacity. Using AWS, we can look at user metrics weekly or daily and react with new capacity in 30 seconds." Richard Crowley Director of Operations

AWS Case Study: Slack

About Slack

Slack provides a messaging platform that integrates with and unifies a wide range of communications services such as Twitter, Dropbox, Google Docs, Jira, GitHub, MailChimp, Trello, and Stripe. The San Francisco–based company, which launched its eponymous app in February 2014, was started by a small group of Silicon Valley entrepreneurs that include Flickr founder Stewart Butterfield. Privately-held Slack is on Fortune Magazine’s “Unicorn List” of startup firms worth $1 billion or more, with a $2.8 billion valuation supported by a five percent weekly user growth rate and major brand-name customers including Adobe, Samsung, Intuit, NASA, Dow Jones, eBay, and Expedia.

The Challenge

In the age of the unicorn startups, Slack has drawn attention for its meteoric rise and potential for disrupting traditional business communications tools, particularly email. By June 2015—less than 18 months after its launch—the company already had more than 1.1 million daily users, 300,000 paid seats, and more than 30 million messages flowing through Slack each week via integrations with other services.

Slack’s founders had already learned hard lessons from previous failed ventures. One of those was the importance of picking the right IT infrastructure to run the business. If Slack was to succeed in a fiercely competitive business-software marketplace, its founders knew they would need a lean staff, low costs, and above all an IT environment capable of supporting speed, agility, and innovation. Going to the cloud was the logical choice.

“The realities of physical space, hardware acquisition, replacement parts, running a server facility with all its costs—all the physical manifestations that can lead to breakages—made a traditional IT environment impractical for an Internet startup,” says Richard Crowley, Slack’s director of operations. “Plus we would have needed an extra layer of expertise just to run the infrastructure. We could have operated with that kind of IT infrastructure, but the cost and complexity would have made it much harder to launch the business.”
Why Amazon Web Services

Crowley says Slack turned to Amazon Web Services out of experience and because it was the best choice for the company going forward. Tiny Speck—the original company name for what became Slack Technologies—used AWS in 2009 when it was the only viable offering for public cloud services.

“Given their expertise and pains running a more traditional environment when Flickr was developed, Slack’s founders realized it was a no brainer to use AWS,” says Crowley. “During the development of Slack, the feeling was that AWS was good to us and would continually improve with more and better features. There was no need to leave.”

Slack has a relatively simple IT architecture that is based on a broad range of AWS services, including i2.xlarge Amazon Elastic Compute Cloud (Amazon EC2) instances for basic compute tasks; Amazon Simple Storage Service (Amazon S3) for users’ file uploads and static assets; and Elastic Load Balancing to balance workloads across Amazon EC2 instances.

For security, Slack uses Amazon Virtual Private Cloud (Amazon VPC) to control security groups and firewall rules and AWS Identity and Access Management (IAM) to control user credentials and roles. The company uses Amazon CloudTrail for monitoring logs related to Amazon EC2 instances, and Amazon Route 53 for DNS management.

Along with the AWS services, Slack is using the Redis data structure server, the Apache Solr search tool, the Squid caching proxy, and a MySQL database.

The Benefits

Using AWS as its IT infrastructure has helped Slack achieve an astonishing growth rate and a multibillion-dollar valuation with a platform that supports speed of innovation and responsiveness, reliability, and security features to ensure the confidentiality of customer information.

Crowley says AWS gives fast-growing companies like Slack the ability to minimize their involvement with daily IT management. That lets them focus on pushing innovative products and services to market quickly. “We have a lot of metrics and programs that tell us about available capacity for new customer teams to join and existing customers to grow their Slack usage,” he says. “With traditional IT, it would take weeks or months to contend with hardware lead times to add more capacity. Using AWS, we can look at user metrics weekly or daily and react with new capacity in 30 seconds.”

The ease of provisioning resources in the AWS cloud allows Slack to practice disaster recovery scenarios, which is essential for assuring existing and prospective customers that their information will always be there, when and where they need it. “One of the real strengths of AWS is that we can do a lot of re-provisioning of our infrastructure, making sure that we can recover quickly and competently in the event that something goes down,” Crowley says. “Having the ability to quickly grab twice as many of a certain class of instances is great. It gives us the ability to regularly practice our disaster recovery scenarios.”

A large part of the appeal of Slack is that it replaces disparate communications tools with a single, unified platform. But that puts an increased burden on Slack to ensure that its customers' information is safe, and that Slack can deliver the kind of enterprise reliability and high availability to support the service-level agreements expected of robust enterprise applications.

“As a company, our business is integral to our customers’ daily lives,” Crowley says. “So in our customers’ eyes, our security controls and ability to deliver a reliable service become incredibly important, and it’s a responsibility we take incredibly seriously.”

He says AWS immediately addresses customers’ security concerns because AWS publishes service organization control (SOC) reports, which are based on third-party examinations evaluating how AWS achieves compliance controls and objectives. “The fact that we can rely on the AWS security posture to boost our own security is really important for our business. AWS does a much better job at security than we could ever do running a cage in a data center,” Crowley says. ”Hosting Slack in AWS makes our customers more confident that Slack is safe, secure, and always on.”

Source: http://aws.amazon.com/solutions/case-studies/slack/

Read more customer success stories or search by industry to learn how Managed Solution helps businesses implement technology productivity solutions.

Kardashian Website Security Issue Exposes Names, Emails Of Over Half A Million Subscribers, Payment Info Safe

by Sarah Perez (@sarahintampa) as written on TechCrunch.com

Alongside the launch of the Kardashian and Jenner mobile apps, which are now dominating the App Store after seeing hundreds of thousands of downloads apiece in their first days on the market, the celeb sisters also released new websites designed to help them better connect with their fans while offering a more personal look inside their lives.

However, one enterprising young developer dug around those websites and immediately found an issue. Due to a misconfiguration, he was able to access the full names and email addresses of over 600,000 users who signed up for Kylie Jenner’s website as well as pull similar user data from the other websites.

In addition, the developer said he had the ability to create and destroy users, photos, videos and more, though we understand he didn’t actually take those actions.

The developer in question, 19-year-old Alaxic Smith, had some interest in the celebrity biz already. As the co-founder of Communly, he’s been working on a mobile app that lets users connect with others who share their interests, including tracking new information about favorite celebs, for example.

On blogging site Medium, Smith explained how he was able to access the user data from Kylie Jenner’s website. He also noted that his explorations initially began as idle curiosity about what was powering the new sites under the hood, rather than being some malicious hack or even a more focused attempt at uncovering security vulnerabilities.

Writes Smith: I’ll admit I downloaded Kylie’s app just to check it out. I also checked out the website, and just like most developers, I decided to take a look around to see what was powering the site. After I started digging a little bit deeper, I found a JavaScript file namedkylie.min.75c4ceae105ad8689f88270895e77cb0_gz.js. Just for fun, I decided to un-minify this file to see what kind of data they were collecting from users and other metrics they may be tracking. I saw several calls to an API, which of course made sense. I popped one of those endpoints into my browser, and got an error just liked I expected.

Smith then logged into the website with his own user name and password and was directed to a web page that contained the first and last names and email addresses of the 663,270 people who had signed up for the site, he says.

Following this discovery, Smith realized he could perform the same API call across each of the other sisters’ websites and return the same data. Besides being able to access this user data, Smith says he found he was also able to create and destroy users, photos and videos.

Source: http://techcrunch.com

Snapchat, less ghostly than ever, now lets you pay to replay snaps

by John Zorabedian as written on https://nakedsecurity.sophos.com

Snapchat has just released version 9.15 of the popular messaging app, and for the first time it includes a feature that users can purchase in-app.

It's called Replay, and for 99 cents you can replay an additional three snaps per day - additional because users already have the ability to replay one snap per day for free.

The ability to buy additional replays is new (currently only available to US users), but Replay as a feature has actually been around for almost two years.

The paid replay option only allows you to replay any given snap once, but that's still one more time than you might expect for an image that's supposed to be automatically deleted after it's viewed.

When Snapchat debuted in 2012, the company marketed its app as a way to send "fleeting messages" that would "disappear forever" after they were viewed - once - by the recipient.

Well, that turned out to be a blatantly false claim - one so misleading that the US Federal Trade Commission (FTC) stepped in to sanction Snapchat for unfairly deceiving users.

Snapchat settled with the FTC in May 2014, and since then, the company's privacy policy has explained just how un-fleeting the supposedly fleeting messages are (you have read the privacy policy, Snapchatters, haven't you?).

Snaps - the photos and videos users send to one another with written messages, drawings, and so forth - can be retrieved after sending in several ways:

• The recipient can take a screenshot of the snap. Snapchat says it will try to notify users if their snaps are screenshot, but by then it's too late - the recipient has created a new image of your snap that is under his/her control.

• Snapchat stores snaps on its servers for an undefined period of time. Although Snapchat says it deletes your snaps at some point, they can remain in backup for a "limited period of time."

• Snap images that you send stay on your phone in a folder that can be recovered with forensic software.

• And of course, your images can be viewed again via Replay, the feature that Snapchat is now offering as a paid service.

With Replay, you'll get a notification whenever a recipient replays your snap.

But as GigaOm reported in 2013, when Replay first became available, you only have control over Replay on your own device, and you can't prevent recipients from replaying your snap.

That's right - there's no way to opt out.

In a post on the Snapchat blog announcing paid replays, the company said its users were "frustrated" without the ability to replay more than one snap per day:

We've provided one Replay per Snapchatter per day, sometimes frustrating the millions of Snapchatters who receive many daily Snaps deserving of a Replay. But then we realized - a Replay is like a compliment! So why stop at just one?

Here's another question for Snapchat: now that you've done away with the ruse that snaps are "fleeting" messages, isn't it time to change the ghost on your logo to something a little more permanent?

Source: https://nakedsecurity.sophos.com/2015/09/17/snapchat-less-ghostly-than-ever-now-lets-you-pay-to-replay-snaps/

By Ellen Nakashima as written on The Washington Post - June 2015.

China hacked into the federal government’s network, compromising four million current and former employees' information. The Post's Ellen Nakashima talks about what kind of national security risk this poses and why China wants this information. (Alice Li/The Washington Post)

Hackers working for the Chinese state breached the computer system of the Office of Personnel Management in December, U.S., and the agency will notify about 4 million current and former federal employees that their personal data may have been compromised.

The hack was the largest breach of federal employee data in recent years. It was the second major intrusion of the same agency by China in less than a year and the second significant foreign breach into U.S. government networks in recent months.Last year, Russia compromised White House and State Department e-mail systems in a campaign of cyber­espionage.

The OPM, using new tools, discovered the breach in April, according to officials at the agency who declined to discuss who was behind the hack.

Other U.S. officials, who spoke on the condition of anonymity, citing the ongoing investigation, identified the hackers as being state-sponsored.

One private security firm, iSight Partners, says it has linked the OPM intrusion to the same cyber­espionage group that hacked the health insurance giant Anthem. The FBI suspects that that intrusion, announced in February, was also the work of Chinese hackers, people close to the investigation have said.

The intruders in the OPM case gained access to information that included employees’ Social Security numbers, job assignments, performance ratings and training information, agency officials said. OPM officials declined to comment on whether payroll data was exposed other than to say that no direct-
deposit information was compromised. They could not say for certain what data was taken, only what the hackers gained access to.

“Certainly, OPM is a high-value target,” Donna Seymour, the agency’s chief information officer, said in an interview. “We have a lot of information about people, and that is something that our adversaries want.”

The personal information exposed could be useful in crafting “spear-phishing” e-mails, which are designed to fool recipients into opening a link or an attachment so that the hacker can gain access to computer systems. Using the stolen OPM data, for instance, a hacker might send a fake e-mail purporting to be from a colleague at work.

After the earlier breach discovered in March 2014, the OPM undertook “an aggressive effort to update our cybersecurity posture, adding numerous tools and capabilities to our networks,” Seymour said. “As a result of adding these tools, we were able to detect this intrusion into our networks.”

“Protecting our federal employee data from malicious cyber incidents is of the highest priority at OPM,” Director Katherine Archuleta said in a statement.

In the current incident, the hackers targeted an OPM data center housed at the Interior Department. The database did not contain information on background investigations or employees applying for security clear­ances, officials said.

By contrast, in March 2014, OPM officials discovered that hackers had breached an OPM system that manages sensitive data on federal employees applying for clearances. That often includes financial data, information about family and other sensitive details. That breach, too, was attributed to China, other officials said. OPM officials declined to comment on whether the data affected in this incident was encrypted or had sensitive details masked. They said it appeared that the intruders are no longer in the system.

“There is no current activity,” an official said. But Chinese hackers frequently try repeat intrusions.

Seymour said the agency is working to better protect the data stored in its servers throughout the government, including by using data masking or redaction. “We’ve purchased tools to be able to implement that capability for all” the data, she said.

Among the steps taken to protect the network, the OPM restricted remote access to the network by system administrators, officials said. When the OPM discovered the breach, it notified the FBI and the Department of Homeland Security.

A senior DHS official, who spoke on the condition of anonymity because of the ongoing investigation, said the “good news” is that the OPM discovered the breach using the new tools. “These things are going to keep happening, and we’re going to see more and more because our detection techniques are improving,” the official said.

FBI spokesman Josh Campbell said his agency is working with DHS and OPM officials to investigate the incident. “We take all potential threats to public- and private-sector systems seriously and will continue to investigate and hold accountable those who pose a threat in cyberspace,” he said.

The intruders used a “zero-day” — a previously unknown cyber-tool — to take advantage of a vulnerability that allowed the intruders to gain access into the system.

[Why the Internet’s massive flaws may never get fixed]

China is one of the most aggressive nations targeting U.S. and other Western states’ networks. In May 2014, the United States announced the indictments of five Chinese military officials for economic cyber­espionage — hacking into the computers of major steel and other companies and stealing plans, sensitive negotiating details and other information.

“China is everywhere,” said Austin Berglas, head of cyber investigations at K2 Intelligence and a former top cyber official at the FBI’s New York field office. “They’re looking to gain social and economic and political advantage over the United States in any way they can. The easiest way to do that is through theft of intellectual property and theft of sensitive information.”

Rep. Adam B. Schiff (Calif.), ranking Democrat on the House Intelligence Committee, said the past few months have seen a massive series of data breaches affecting millions of Americans.

“This latest intrusion . . . is among the most shocking because Americans may expect that federal computer networks are maintained with state-of-the-art defenses,” he said. “The cyberthreat from hackers, criminals, terrorists and state actors is one of the greatest challenges we face on a daily basis, and it’s clear that a substantial improvement in our cyber databases and defenses is perilously overdue.”

Colleen M. Kelley, president of the nation’s ­second-largest federal worker union, the National Treasury Employees Union, said her organization “is very concerned” about the breach. “Data security, particularly in an era of rising incidence of identity theft, is a critically important matter,” she said.

“It is vital to know as soon as possible the extent to which, if any, personal information may have been obtained so that affected employees can be notified promptly and encouraged to take all possible steps to protect themselves from financial or other risks,” she said.

Lisa Rein contributed to this report.

Source: WashingtonPost.com

Rendering the final verdict on which cloud storage provider is superior is no less than a Herculean task. Although the storage industry has witnessed just a few winters, the competition among the leading cloud storage providers appears to be quite intense. Over the last few years, users have seen commendable improvements and innovations in the storage industry, and who can forget about the famous price war?

Much has been said and discussed about the features and functionalities of two leading cloud storage programs, namely, Box and OneDrive. So we have come up with an unbiased comparison of these two leading products that can render an insight to users to cast their vote in favor of the one that best suits their requirements.

Box

Unveiling its cloud storage and sharing platform back in 2005, Box has become highly popular among businesses. Embellished with robust security provisions and lavish and business-oriented features, it is one of the top choices among businesses to store and share files and folders.

OneDrive

With several constant improvisations such as the January 2015 update of iOS for business integration, OneDrive has become an attractive service for both individuals and business-purpose users.

Let’s look at how they stand against each other on the following parameters.

Security

With the ever-escalating cases of phishing scams, data security is one of the prime concerns of Internet users. Whether it’s personal or business data, it is vitally important to maintain privacy and security.

Box

Box has 256-bit AES encryption for all the files uploaded to it. With Box, you have the ability to decide who can access or view your specific files or folders, and simultaneously, it also allows you the freedom to edit and upload the files. If you like to safeguard your files even further, you can protect them by creating passwords. Box is HIPAA compliant and certified for EU and Swiss Safe Harbor frameworks for the use of personal data from European member countries.

OneDrive

The transferring data is SSL encrypted. It scans all the files for “objectionable content” that sometimes may lead to deletion of your account or data. OneDrive offers two-step verification that further protects the log-in via text message or One Time Code app.

Additionally, it features e-discovery and data preservation, audit reporting capabilities, and compliance with high-level industry standards such as HIPAA, FISMA, BAA, and EU model clauses. With OneDrive for business, you can set the custom permission level for users in your company and add it to existing lists available while OneDrive personal allows you only to edit or read.

Usability

The user-friendliness of a product or service matters a lot, and the lack of it can repulse customers. So, which is more user-friendly – Box or OneDrive?

Box

In Box, anyone can create an account free of cost. The interface is pretty simple, and the “Make available” option is a great feature to store your data offline.

However, if you have multiple accounts, you cannot switch from one platform to another unless you log out and log in again. Also, the sharing and privacy features are built very much along business and IT lines and are a bit confusing.

Last year, it introduced a new mobile web interface that helps users take advantage of the same interface and navigation that Box mobile apps offer without the need to install the app on your mobile. It also added an HTML5 document-previewing feature that makes sharing your content effortless, even on the go.

OneDrive

The interface is quite simple, and the learning curve is almost zero. Something that may annoy customers is that once you sign in, you find yourself forced to use other Microsoft features such as Word, PowerPoint, Excel, OneNote Online, Office Online, and Outlook, among others. But when it comes to sharing, OneDrive renders an easy and enriched user experience. You can conveniently share the files and folders either via email or the links generated for that purpose. Administering OneDrive for business is easy, especially if you are an Office 365 user, as it can be done from the admin portal itself. You can access it from anywhere, manage users and settings, control your storage, and most importantly, you can easily mix OneDrive for business with your on-premise solutions in the cloud. This clearly reflects Microsoft’s competitive positioning over other storage competitors, that is, serving the needs of companies that want to move to cloud storage for file storage and sharing but still would like to keep their on-premise infrastructure untouched.

Pricing

Although customers look for elegant and lavish features, price remains one of the chief concerns. Here, which service is more competitive in terms of pricing, Box or OneDrive?

Box

Box offers 10 GB of free space with a limit of 250 MB file size. The limited file size appears to be forcibly pushing the customer to the “Personal Pro” service at $10 per month, which provides 100 GB space with file size going up to 5 GB. However, the file size of 5 GB appears to be quite meager compared to the other providers. Box for business comes at a price of $17 per user per month, which allows content collaboration and user management for up to three users with a file size limit of 5GB. However, for large-scale user deployments, it offers customized pricing that comes under the Enterprise storage plan.

OneDrive

You get 15 GB free space with OneDrive. Office 365 users get 1TB of storage space that comes at a price of $6.99/month. There is a referral policy in place as well, which can help you get an extra 5GB free space if you refer upto 10 friends. Earlier, it had a 2 GB file size limit for sharing, which has been increased to 10GB size file support limit. OneDrive for business comes at a price of $5 per user per month with 1TB of storage space. It includes Office Online, which comes with a free trial, so you can always test it out first to see if it fits your bill. Last year, Microsoft announced it would offer unlimited storage space for Office 365 users starting sometime in 2015, which will keep them well ahead of Box.

Box for office 365

Several months ago BOX has released the new BOX for Office. Box goal was to make it as simple as possible for everyone to open, edit, save and share any file from BOX. That release enabled to save attachments from incoming mail to a folder in BOX, to insert links to files already stored on BOX, and to automatically turn attachments into BOX shared links. Two days ago, Box have announced it is joining the Microsoft Cloud Storage Partner Program. Box now will support native integrations with with Office for iPad, iPhone and online. This extends Box reach of existing integration with office. Box is taking an important step toward a more open future. This will be updated soon with also making office 365 on the web available later this year.

Source: http://www.cloudally.com/box-vs-onedrive/?utm_source=facebook&utm_medium=social&utm_content=Oktopost-facebook-profile&utm_campaign=Oktopost-Box+VS+OneDrive

[vc_row][vc_column][vc_column_text]

Microsoft Announces Expansion of Security Bounty Programs Offering Direct Payments in Exchange for Reporting Vulnerabilities

Microsoft is offering direct payments in exchange for reporting certain types of vulnerabilities and exploitation techniques. Microsoft today announced additional expansions of the Microsoft Bounty Programs like raising the Bounty for Defense maximum from $50,000 USD to $100,000 USD, new bonus period for Authentication vulnerabilities in the Online Services Bug Bounty and few others. Read about them below.

The changes to the Bounty for Defense reflect the continuing evolution of the Microsoft Bounty Program, based on the feedback and opportunities brought to us from the Security Research Community.

• Raising the Bounty for Defense from $50,000 USD to $100,000 USD

• Brings defense up on par with offense

• Rewards the novel defender equally for their research

This continued evolution includes a new approach to the Online Services Bug Bounty Program:

• Authentication vulnerabilities will receive double bounty payouts

• Microsoft Account (MSA) and Azure Active Directory (AAD) vulnerabilities

• Bonus period will run from August 5, 2015 – October 5, 2015

• All payouts during this period will receive twice the normal payout (that means we will pay $30,000 USD for a great Authentication vulnerability!)

MSA contest at Black Hat

• Come show us your 1337 skills and win an Xbox One, Surface 3, or one year of full MSDN access

• Come visit us at the Microsoft Networking Lounge, August 5-6, in Mandalay Bay to review full rules and to participate

RemoteApp

• RemoteApp lets users run Windows apps hosted in Azure anywhere, and on a variety of devices

• RemoteApp is being added as a new property of the Online Services Bug Bounty Program and all of the regular terms and payout rules apply

Source: Microsoft[/vc_column_text][/vc_column][/vc_row]