Thursday, 13 April 2017

The Four Items to Review in Your Employment Contract

First on your note, employment contracts are agreements between employers and employees that spell out the terms and conditions of employment. These written and signed documents are crucial to understanding the expectations and inner workings of a job, and in one sense, serve as a legal protection for both employee and employer. "When I am representing a company, the contract often will set a precedent for numerous other individuals that are subsequently hired in similar positions," said Jeffrey Scolaro, attorney at Daley Mohan Groble P.C. and a Legal Services Link member. "The company will not likely know for years whether they have adequately protected their intellectual property, trade secrets, customer lists and business relationships." For employees, the employment contract will show whether they are "at will" employees or classified as something else. That alone will dictate the manner in which the employee can be terminated and certain obligations to which they must adhere. "By signing any employment agreement, the employee could also be obligating themselves to other restrictive terms regarding potential future commissions, vesting in company shares and many other compensation terms that are, of course, vitally important to any employee," Scolaro said. Scolaro advised professionals to carefully review the following four items in any employment contract before signing it:
1. Job description: Clarity of the job description avoids disgruntled employees from feeling overloaded or misled regarding what is expected of them. A company may desire a vague job description, but it is typically something most employees will want it detailed.
2. Terms: Now, if there happens to be a term on the contract, it is vital to know the specifics of the term and, at the same time, the grounds for termination in advance of the contract's expiration.
3. Restrictive covenants Businesses always attempt to protect themselves through restrictive covenants, including noncompete, nonsolicitation, and confidentiality or nondisclosure clauses. Each of these attempt to restrict an employee after (or during) their employment. Noncompete clauses are likely the most important, because they affect an employee's ability to work or start their own business in the industry for a period of time after their employment term ends.
4. Compensation: This is likely to be the most critical aspect of any employment contract. Most times, compensation is more than just certain biweekly payments of salary. It can include complicated or vague bonus structures, certain profit-sharing plans that may or may not be tied to performance and commission structures. When it comes to suggesting changes to an employment contract, there is no set etiquette. It may depend on the level of job in question, the relationship between the employer/employee and the part of the process in which they find themselves. Now, if there is anything in your contract you are unsure or wary of, you may want to review it with an attorney. "Each attorney will approach agreements differently and advise ways, but the important thing is following that advice and asking questions when you are confused by something," Scolaro said. "Failing to ask about something that does not appear clear can lead to misunderstandings and larger problems in the future." So on that note, Scolaro cautioned that the potential employer-employee relationship is in its infancy, and many potential employees do not want to appear aggressive or difficult by injecting their lawyer into the process immediately. "However, typically, the more sophisticated the employee might be, such as executive-level employees, the expectation can often be that an attorney will negotiate on their behalf from the start," Scolaro said. Thanks.............

Tuesday, 4 April 2017

Report says Samsung's Tizen OS on smart TVs is a clear playground for hackers

Any time we’re shopping for a new TV, things like 4K, HDR, smart apps, and design all factor into our final decision. We don’t generally give much thought to the underlying operating system, but a new report about Samsung’s Tizen OS may change that. According to Motherboard, Samsung’s home-grown OS is “a hacker’s dream,” with some 40 unknown zero-day vulnerabilities that can be exploited remotely. As the case may be, the report says the security holes can be found on versions of Tizen going back years, and affect all forms of the OS, including smartwatches like the Gear S3. As Israeli researcher Amihai Neiderman bluntly assesses, “It looks like to be the worst code I've ever seen,” with patched-together code from previous projects and amateur blunders. “Many of them are the kind of mistakes programmers were making twenty years ago, indicating that Samsung lacks basic code development and review practices to prevent and catch such flaws,” Motherboard reports. While each of the vulnerabilities Neiderman discovered allow for remote execution, one particular flaw stood out among the others, one that allows hackers to hijack Samsung's Tizen app store to deliver malicious code straight to Samsung TVs. In addition he also found that Samsung’s programmers failed to use SSL encryption when transmitting certain data and “made a lot of wrong assumptions” regarding security. While Samsung initially brushed off both Neiderman’s claims and Motherboard’s report, it has since begun working with the researcher to identify the problems and fix the issues. "We are fully committed to cooperating with Mr. Neiderman to mitigate any potential vulnerabilities,” the company said in a statement. “Through our SmartTV Bug Bounty program, Samsung is committed to working with security experts around the world to mitigate any security risks.”
Fear factor: While we hear a good number of things about the security of our phones, we don’t give a lot of attention to the OSes on our other gadgets. But we should. Just like smartphones, our TVs and watches can also hold sensitive personal information and can be used to steal our identities and take control of our accounts. What makes this report even more frightening is the magnitude of the flaws and the number of devices they affect, but hopefully Samsung will work to push out patches in due time. Thanks...

Monday, 3 April 2017

The Five Tips for Building a Strong Social Brand

In this present world, social media has become as important as public relations, as it's even been integrated into the overall PR strategy for many companies. So in that regard, it's necessary to understand the usefulness of social media and how it can positively impact your business. "There are many reasons why a small business needs a social media presence. The most practical reasons have to do with your credibility and discoverability," said Leah Paul, director of marketing at Mediabistro. "It’s important because it's expected, like having a website, a phone number and an email address. Not having a social media presence can signal to customers that you’re not a serious business." Paul notes that, if a customer can’t find a business on social media, it raises questions about credibility, how trustworthy or how legit a business is So while you take note of all that, in one sense, business owners should make sure that their social media profiles ranks high for brand names in search engines like Google. "So it’s very important to have them set up and frequently updated so that customers can find you online. Furthermore, social sites themselves are also search engines where consumers are doing lots of searching, so you want to be found there as well." In addition to SEO and credibility, social media is an imperative listening tool. "Having a strong social presence is important for your business because it can help you gain valuable customer insights," said Jeff Schaeffler, director of audience product marketing at Hootsuite. "By using social as a listening tool and monitoring your customers' posts, you can gain insight about who they are, what they’re like and their perception of your brand. This insight can help you make smarter business decisions." According to a recent Harris poll, sponsored by Hootsuite, approximately four out every five Americans (83 percent) have a social account, and nearly a third of Americans who have a social media account would rather engage with a brand or organization on social media than visit a physical location.
Creating success
First of all, a strong social brand is one that is actively creating content, connecting with its customers and having two-way conversations, said Schaeffler. "A strong social brand not only broadcasts information to its customers but listens to their audience, building relationships and, in turn, loyalty," he said. So now on that note, identifying your audience is the main component of a strong social brand. This will help your social brand thrive and in turn, create business success. "A few easy ways to target an audience are to leverage what’s already popular culturally, provide your audience with information and advice they care about, and always be authentic," said Schaeffler. Stacie Grissom, head of content at Bark & Co, the company behind BarkBox, says without social media, Bark & Co would not be the company it is today. "We are a brand built on a foundation of social, and I can say, without a doubt, that it is the biggest reason for our rapid growth over the past five years," she said.
Lastly on this note, here are the five tips Grissom shared for success :
1. Figure out who your target audience is and do some research to see if they're actually on social: "For us, our target audience is people who love their dogs like family," Grissom said. "A quick sweep of any social platform will quickly reveal a vast landscape of dog photos and shenanigans, which turn means that our brand's subject matter easily fits into the natural social scene that exists in the world."
She notes: If your target audience happens to be men ages 50- to 70, you might have more difficulty getting viral traction on social media platforms because that audience activity is small compared to something like women ages 18 to 34.
2. Offer content, not a sales pitch: "The brands who do social media the best are the ones who recognize that users are on social media to be entertained, not to buy things," she said.
She notes: It's up to the brands to fish out what types of entertainment or education work with the audiences they're pursuing and how to naturally use their products within those guidelines.
3. Find your unique voice – your "bark:" "One of the biggest differentiators between Bark & Co and other pet brands is our voice and approach to talking about dogs on social and in the world," Grissom said. "At Bark, we think that dogs are hilarious, bumbling, adorable little fart tornadoes, and this is obvious in everything from the hang tags on our products to everything we put on our social platforms."
She notes: Humor is one of the main pillars of Bark's unique brand voice, and it makes a big effort to run with it. It gets an engaged audience by looking at everybody else and finding a different niche.
4. Stay relevant by doing your research: "One of the things that has helped us grow quickly was our ability to test and adopt new platforms as they came out and showed signs of life. Back in 2012, we were one of the first brands who started to use Instagram," she said. "In 2016 we committed to being super playful with Facebook Live."
She notes: The company is exploring new ways to toy with bots and texting. So make sure you're aware of the new trends and be creative in how they can fit with your business objectives.
5. Never be boring: "No one will want to listen to what you've got to say! So you should always try to avoid clich├ęs, don't do what everyone is doing, and have some fun," Grissom said. Thanks....

Saturday, 1 April 2017

The Google's Android hacking contest fails to attract exploits

Six months ago, Google volunteered to pay US$200,000 to any researcher who could remotely hack into an Android device by knowing only the victim's phone number and email address. No one stepped up to the challenge. While that might sound like good news and a testament to the mobile operating system's strong security, that's likely not the reason why the company's Project Zero Prize contest attracted so little interest. From the start, people pointed out that $200,000 was too low a prize for a remote exploit chain that wouldn't rely on user interaction. "If one could do this, the exploit could be sold to other companies or entities for a much higher price," one user responded to the original contest announcement in September. "Many buyers out there could pay more than this price; 200k not worth for finding needle under haystack," said another. Google was forced to acknowledge this, noting in a blog post this week that "the prize amount might have been too low considering the type of bugs required to win this contest." And more, other reasons that might have led to the lack of interest, according to the company's security team, might be the high complexity of such exploits and the existence of competing contests where the rules were less strict. Now, in order to gain root or kernel privileges on Android and fully compromise a device, an attacker would have to chain multiple vulnerabilities together. At the very least, they would need a flaw that would allow them to remotely execute code on the device, for example within the context of an application, and then a privilege escalation vulnerability to escape the application sandbox. Judging by Android's monthly security bulletins, there's no shortage of privilege escalation vulnerabilities. However, Google wanted for exploits submitted as part of this contest to not rely on any form of user interaction. This in the other hand means, the attacks should have worked without users clicking on malicious links, visiting rogue websites, receiving and opening files, and so on. This rule significantly restricted the entry points that researchers could use to attack a device. The first vulnerability in the chain would have had to be located in the operating system's built-in messaging functions like SMS or MMS, or in the baseband firmware -- the low-level software that controls the phone's modem and which can be attacked over the cellular network. One vulnerability that would have met these criteria was discovered in 2015 in a core Android media processing library called Stagefright, with researchers from mobile security firm Zimperium finding the vulnerability. The flaw, which triggered a large coordinated Android patching effort at the time, could have been exploited by simply placing a specially crafted media file anywhere on the device's storage. In one sense, one way to do that involved sending a multimedia message (MMS) to targeted users and didn't require any interaction on their part. Merely receiving such a message was enough for successful exploitation. Many similar vulnerabilities have since been found in Stagefright and in other Android media processing components, but Google changed the default behavior of the built-in messaging apps to no longer retrieve MMS messages automatically, closing that avenue for future exploits. "Remote, unassisted, bugs are rare and require a lot of creativity and sophistication," said Zuk Avraham, founder and chairman of Zimperium, via email. They're worth much more than $200,000, he said. An exploit acquisition firm called Zerodium is also offering $200,000 for remote Android jailbreaks, but it doesn't put a restriction on user interaction. Zerodium sells the exploits it acquires to their customers, including to law enforcement and intelligence agencies. So why go to the trouble of finding rare vulnerabilities to build fully unassisted attack chains when you can get the same amount of money -- or even more on the black market -- for less sophisticated exploits? "Overall, this contest was a learning experience, and we hope to put what we’ve learned to use in Google’s rewards programs and future contests," Natalie Silvanovich, a member of Google's Project Zero team, said in the blog post. To that end, the team is expecting comments and suggestions from security researchers, she said. It's worth mentioning that despite this apparent failure, Google is a bug bounty pioneer and has run some of the most successful security reward programs over the years covering both its software and online services. Finally on this note, there's little chance that vendors will ever be able to offer the same amount of money for exploits as criminal organizations, intelligence agencies, or exploit brokers. Ultimately, bug bounty programs and hacking contests are aimed at researchers who have an inclination toward responsible disclosure to begin with. Thanks..........