Juice-Jacking

You have just passed TSA airport security. Now you are heading to your gate. You notice that your phone needs to be charged so you can binge-watch the movies on your long flight. Panic sets in as you look for your phone charger cord. You realize you forgot it at home. You don’t want to spend $20 at an airport store for a cheap charger cord that you can get online for $7. You don’t want to spend your time on the flight reading an airport magazine and listening to someone next to you talk for three hour about their latest vacation with dolphins.
What can you do?
You can find two lemons and some steel nails to make your own phone charger. Imagine what the TSA would think if they saw you building something similar.
But wait! But wait! You run over to find the exact cable you are looking for. It’s inviting you to plug your phone in to charge it. Problem solved! You smile and realize that you’ll soon be fully charged up and ready for action.
What could go wrong?
The answer is “juicejacking.”
Forbes Caleb Barlow, Vice-President of X-Force Threat Intelligence, IBM Security, stated that their research shows that a growing number nation-state cybercriminals are targeting travelers and taking to airports. The transportation industry is now second most attacked, up from tenth in 2017. Why? Why?
Barlow also warned about the free, quick-charge charging stations for cell phones that are often found in airports. These charging stations could be modified by cybercriminals. How? They could also infiltrate the supply chains as these devices are being made and insert their malware (that’s already happened). They could also insert a small device between the connector for a smartphone and the legitimate cable (another common trick). The attackers can then download data from your phone, such as contact lists, photos, texts messages, and corporate documents, or infiltrate it. Or they could infiltrate (upload malware onto your phone).
Barlow puts it like this: “Plugging in a public USB port can be kind of like finding a toothbrush along the side of the road and then deciding to stick it into your mouth.” “You don’t know where it has been.” (And that leaves you with a mental picture you will soon forget). ).
This is known as juice-jacking in the security world.
Here’s the technical background. There were once dedicated charging ports for smartphones. To use them, you had to plug in a special charger that connected to a wall power outlet. Those days are gone. Smartphones have USB ports that can double as data ports or charging ports. You could get not only electrical current to your phone, but also unwanted malware or personal data.
These devices can help
You can attach small devices that look similar to a USB flash drive between your portable device and the charging port. These devices block the USB data pin connections, so only power can be sent to the device. They are often called the Juice-Jack Defenders or SyncStop, and can cost anywhere from $7 to $12. These devices are used to prevent infected USB flash drives from infecting computers (or vice versa). These devices use “full-size” USB connectors (USB–A) and not the Mini–USB or Micro–USB connections found on smartphones. They won’t protect your smartphone from infected charging stations.
There are several options. There are a few options. One is to buy a cable that connects to your phone on one end and to the wall power outlet on another end. This will allow you to charge your smartphone directly from the wall outlet. Sometimes, it is difficult to find a wall power outlet at busy airports.
A portable power bank is the best option. This is basically a battery you can charge and then take with you to charge your smartphone. A 2.4 amp, 12 watt, or 15k mAh device is the best choice. This can charge one smartphone quickly, and it can be charged up to five times before the battery needs to be recharged.
You might leave it in your suitcase, regardless of which option you choose. This will ensure that you don’t forget it when you return home.
But

Jeep awarded to high school student

Annette Nellen, co-editor of the South-Western Federal Taxation Series

Conyers, Order No. Conyers, Order No. 13969-18 (9/11/19). – In this designated order, Ms. Conyers was required to report the Jeep’s value and the one year of car insurance that she won. Her high school entered her into the “Strive to Drive” competition, which recognizes students who are good at attendance and have good grades. The high school had to allow the student to enter. C was the lucky winner of a 2016 Jeep Renegade, which she accepted and registered under her name. C was issued a Form 1099 by the Jeep dealer for $23,780. C didn’t include this in her 2016 return because she considered it a non-taxable gift.
The Tax Court ruled that the Jeep was not a gift because the donor intended to make the transfer deductible business expenses. The history of the rule regarding when a prize can be considered a gift was reviewed by the court. This included when the recipient had not asked for the item or entered any contests.
1954 saw the modification of SS74 by Congress. “In 1954, Congress amended SS74.
1986 added another requirement: the recipient must transfer the award or prize immediately to a government unit or charity.
C was not able to meet the prize exception as she did not transfer the vehicle to a government agency or charity, but instead registered it in her name.
CLASS ASSIGNMENTS
Ask students to rate the ruling and explain why they disagree.
How will C find the money necessary to pay the tax due on the prize?
Check out the rules regarding scholarships that can be excluded. If C is a college-bound student, why is the Jeep not a non-taxable scholarship.
How can this recognition program be restructured in order to maximize the tax treatment of the recipient?
Why would students be awarded a Jeep instead of a cash scholarship? (It is possible that the Jeep was donated by a Jeep dealer to the school contest for publicity.
SWFT CHAPTERS
Chapters 4 and 5 of SWFT Individuals
SWFT Comprehensive: Chapters 4 & 5
SWFT Essentials: Chapters 4 & 10

Are you interested in receiving FREE CPE Credit? To be added to the mailing lists for future events, contact your Cengage Account Executive!

Visit our events page to view recorded webinars.

James Lang: The Importance of Great Questions

Cengage draws inspiration and guidance from the most influential books on teaching techniques. James Lang (author “Small Teaching”), and Ken Bain (author “What the best college professors do” are two of our favourite authors.
In 2017, James Lang visited our NYC offices to discuss a variety of ideas that he and Ken Bain use in their teaching. Lang talks about the importance to start students with great questions.

Transcript:
How can we motivate students to learn?
We’re going to discuss a structure I borrowed from Ken Bain, who wrote “What The Best College Teachers Do”. Ken argues that college teachers often come into classes and say, “Here’s some content I have for your benefit.” It’s interesting. He says that you should learn about it and that this is not the best way to motivate learners.
Dan Willingham is another cognitive theorist I like. He says:
People are curious. People are naturally curious but not interested in the answers. They are curious about the answers to their questions.
It’s not a good idea to just walk into a class and say, “I have some answers for you here.” This is not going to motivate our students. When we look at it from a different perspective, most of our classes and disciplines were created because we are interested to answer big conceptual questions about life and the human condition.
Ken believes that our disciplines and classes are answers to fundamental questions. However, we often fail to foreground these questions. Ken’s idea is that:
We should design courses around problems, questions, and challenges that we offer to students…
This can be done in a course as well as in individual learning sessions or units of a course. It can also be presented digitally or face-to-face.
How can we approach starting with our biggest questions or problems, letting students engage with them, think about them, and then letting our courses answer those [questions]?

James Lang: How teachers could make a significant change in their approach to teaching

James Lang, author of “Small Teaching”, visited our Cengage offices in 2017, to discuss a teaching approach that Ken Bain (author of “What the best colleges teachers do”) discovered was used by the best college educators.
These ideas will be reflected in our community. Great questions.

Transcript:
What structure can we create if we build something around a problem, a question, rather than building it around content?
Ken [Bain] offers us a nice structure. What structure did highly effective teachers give to their courses?
I’m going to show you five parts with this [approach]
1) They started by articulating a problem or question. This could have been a deep philosophical question that the course was going answer, it could also have been a problem that people have been struggling with for a long while, or something that has recently arisen in society.
2) They tried to show students why this question or problem was relevant or interesting.
Why should I, a student, care about this problem?
Why is it important for our society today?
3) The third thing they did was a very important one. Give students the chance to answer this question. This question would be difficult to answer if you tried to solve it right now.
What would you do?
How would you answer that question?
How would you approach this problem?
Perhaps students are unable to do this individually but they might be able to work together, or go home and think about it, if they prefer a digital environment, they may have the chance to explore some possible solutions.
4) The fourth thing that happens is that we think about what we are doing in class or in a class, which is “I’m answering the question”. Ken suggests that this is in some ways the most important thing. Motivation is about getting them excited, getting them curious, and getting them to try things on their own. Only after they’ve done that will they be interested in the answer.
5) The final step is to end with a new question. This will send them back curious.
If you think of this five-part learning structure, it can be seen as a way to get students interested in a class. It could be a video lecture, a text component, or an individual learning session that could be done face-to-face or digitally.

This is the idea: Let’s just try to change the structure a bit from what a normal course looks like.

Instead of saying, “Here’s an outline, here are the things I want you to know ” I would rather say, “Here’s what I want to say to ” because this is a really interesting problem. Let’s discuss this problem briefly. How can you solve this problem? We then say, “Okay, now I’m going tell you a bit about here’s a tool, here are the ideas that will help you try and solve this problem.”

It’s official: Microsoft has retired dozens of exams. We have the list.

Rumours and talks have circulated about Microsoft’s plans to retire some exams this year. We now have official confirmation from Microsoft Learning, which was posted on the Microsoft Learning blog.
Microsoft intends to retire all Microsoft Dynamics MCTS, MCITP certifications by December 31, 2014. Microsoft plans to retire all Microsoft Dynamics MCTS and MCITP certifications by December 31, 2014.
Before we get to the list, let’s remind you that it is extensive, and includes the highly sought-after Windows Phone Applications exam, which is a result of all the hype surrounding the Windows Phone. Does this mean that Microsoft has reduced its certification program? Of course not, so don’t freak out. It makes sense that vendors make adjustments to their certification programs and overhaul some things as technology advances. Let’s take a closer look at the list. In our next posts, we will discuss the options for what you can do instead of taking these exams off the market.
Microsoft Dynamics – Area
MB7-838 NAV 2009 Installation & ConfigurationRetiring on 6/30/2014MB7-839 NAV 2009 Core Setup and FinanceRetiring on 6/30/2014MB7-840 NAV 2009 C/SIDE IntroductionRetiring on 6/30/2014MB7-841 NAV 2009 C/SIDE Solution DevelopmentRetiring on 6/30/2014MB7-842 NAV 2009 Trade & InventoryRetiring on 6/30/2014MB7-843 NAV 2009 Warehouse ManagementRetiring on 6/30/2014MB7-846 NAV 2009 Relationship ManagementRetiring on 6/30/2014MB7-848 NAV 2009 Service ManagementRetiring on 6/30/2014MB7-849 NAV 2009 ManufacturingRetiring on 6/30/2014MB7-849 NAV 2009-Produktion (Danish)Retiring on 6/30/2014MB7-849 NAV 2009-Produktion (German)Retiring on 6/30/2014MB5-845 POS 2009Retiring on 12/31/2014MB5-537 Microsoft Dynamics Retail Management System 2.0 Store OperationsRetiring on 12/31/2014MB5-538 Microsoft Dynamics Retail Management System 2.0 HeadquartersRetiring on 12/31/2014
Visual Studio Area
70-506: TS: Silverlight 4, DevelopmentRetiring on 7/31/201470-512: TS: Visual Studio Team Foundation Server 2010, AdministrationRetiring on 7/31/201470-521: Upgrade: Transition your MCPD .NET Framework 3.5 Windows Dev Skills to MCPD .NET 4.0 Windows App DevRetiring on 7/31/201470-523: Upgrade: Transition Your MCPD .NET Framework 3.5 Web Dev Skills to MCPD .NET Framework 4 Web DevRetiring on 7/31/201498-362: Windows Development FundamentalsRetiring on 7/31/201498-373: Mobile Development FundamentalsRetiring on 7/31/2014Area: Volume Licensing:
70-671: TS: Designing and Providing Volume Licensing Solutions to Small and Medium OrgsRetiring on 1/31/201570-672: TS: Designing and Providing Volume Licensing Solutions to Large OrganizationsRetiring on 1/31/2015Area: Windows
70-682 Pro: Upgrading Windows 7 MCITP Enterprise Desktop Support TechRetirement on 7/31/201470-684 OEM ResellerRetirement on 7/31/2014Area : Windows Azure
70-583: PRO – Designing and Developing Windows Azure ApplicationsRetired on 7/31/2014Area : Windows Embedded
70-582: TS Windows Embedded Standard 7 for developersRetired on 7/31/2014Area : Windows Phone
70-599: Pro: Designing, Developing Windows Phone ApplicationsRetirement on 9/30/2014So… how do these changes impact your 2014 certification plans? Are you sure what you’re going do? Keep reading as we explore other options in our next blog posts.

Tips and Tricks to Ensure the Best Practices of RPA

Automation can’t make us jobless or take over the planet. It can assist us in completing various tasks or work with the same efficiency as humans. Robots are kind servants who offer assistance to humans and help us change more. Robots can increase productivity, create new types of employment, raise the standard of living, and increase demand for work. Automations can perform tasks that were previously performed by humans using machines. Automation is often used to mean the replacement of labor with machines. However, automation mainly refers to the integration of machines into self governing organizations. Automation is often used to refer to the simple replacement of labor by machines, but it is more about the integration of machines into self-governing organizations. What are some tips and tricks to keep in mind during and after the implementation of RPA in a company? Let’s get into it. Tips and Tricks to Ensure Best Practices of RPA
1. Understanding the process – Before we can plan for any automation technology, it is important to understand the process. It is not possible to automate only half of the knowledge process. To ensure that automation produces the desired results, we must first define, analyze, and track the processes. Then, we must evaluate and test them to make sure they are working as intended. Keep in mind that processes cannot be recorded and captured immediately. They must be continuously used, optimized, modified, and updated as necessary. It is important to explain to employees that RPA automation will help them reduce their workload. It is important to set clear goals and then implement them regularly using RPA. Once you have achieved good results, you can increase the amount of automation tasks gradually. Conclusion
Robotic Process Automatio

This is why you should become a computer support specialist

Computer support specialists provide assistance and support to organizations regarding their computer systems, hardware and network settings. Computer support specialist jobs have increased dramatically since the advent of digital transformation. According to the US Bureau of Labor Statistics, there will be a demand for more than 88,000 computer support specialists in the US by 2024. This is a significant growth projection at about 12%, which is much higher than the projected growth for most other occupations and job roles.
Every business has a digital presence today. It is difficult for new brands to stand out in today’s digital age without a well-organized virtual presence. This means that computers and systems must be in perfect working order at all times. This requires a computer support specialist.
There has been a significant increase in the demand for IT support, particularly for email systems and cybersecurity functions. Computer network support specialists ensure that everything runs smoothly, even on holidays and weekends, as more devices and people connect remotely to the main server. Employees are increasingly using their own devices at work, connecting to the main server by simply logging in. This raises security concerns that computer support specialists address.
Computer Support Specialists:
Support specialist jobs can be divided into several roles, such as user support specialist and computer network administrator, senior IT manager, systems engineer, and system administrator.
Technical support specialists, also known as computer network support specialists play an important role in the maintenance of the organisation’s networks. Today, an enterprise’s IT network system is essential for its daily operation and special operations. The main tasks of a technical specialist in technical support are:
Evaluation and testing of existing network systems
Regular maintenance is necessary to ensure that systems work properly
Troubleshooting LANs (local areas networks), WANs, and Internet systems
You may also like: The Top 7 Job Profiles You can Go With After CCNA Certification
Computer user support specialists, also known by help desk technicians, provide technical support to non IT computer users. They can usually connect with users via email or phone, but they also visit the site when necessary. They are responsible for the following tasks:
Paying close attention to customer descriptions of computer issues.
Being able to guide customers through the recommended problem-solving steps
Repairing and setting up computer equipment and other related devices
Users will be trained to use new software and hardware, such as email platforms, printers, word-processing software, and email platforms.
Correct information to other t

Things You Need to Know About Cloud Security

1. General Risk: There are many risks, from data breach to data leakage, which must be prioritized when selecting a provider. There is a way we can use to understand the client’s requirements, assess what providers are offering, then select the right framework that will allow you to implement control according your requirements and then assess any control gaps to help us understand whether the risk is within our appetite level.
2. Vendor lock: This is another problem that most consumers will have to deal with if their initial due diligence fails. In this case, most consumers don’t understand the technology used or the initial contract. Consumers are then locked in to provider and can’t leave.
3. Provider Exit: Financial stability of the provider is also important. What if the provider makes a large investment in technology, and the market disappears? Consumer data as well as provider data must be protected. Before making large investments, it is necessary to verify stability of the provider.
4. Multitenant: Due to the shared nature of cloud (Multitenant), side channel attack is also a concern for consumers. This needs to be prioritized, and rectified. Multitenancy can also pose a serious security and privacy issue. This is because other tenants are also using the same hardware. If the infrastructure is not secure, it could lead to isolation failure that results in data and service breaches.
You may also like: Top 10 Cyber Security Certifications For 2021
5. Virtualization – is the foundation of cloud. We can also say that without virtualization, there is no cloud. Multiple attacks have been detected against well-known hypervisors like ESXI. These attacks need to be tested and rectified. We need a secure virtual platform from which to build the secure service. There are many rootkits and malwares that can be used to exploit a weak virtual platform. Secure cloud is also about selecting the right virtual platform.
6. VM-HOPPING – Attackers target the less secure virtual machine, then the virtual platform, and finally the other tenant information and workload. This attack is technically known as VM Hopping attack. These attacks can usually occur due to insecure operating systems and insecure virtual platforms
7. API : API is on cloud because most services are assessed through web console or CLI. In both cases, API (application program interface) is the primary service to assess all services. The API accepts the request and forwards it.

The Ultimate Guide to Ethical Hacking 2022

Technology and the internet have made it possible to reach remote corners of the globe using technology today. We share information and data online all the time, whether it’s photos from vacations or confidential business documents. Technology has made our lives so much easier. Technology has its downsides. It also has a flip side. Cybercrimes have seen a significant rise. Cybercriminals are increasing in number due to technological advances. Hackers are needed to protect our systems from cybercriminals. This is where ethical hacking steps in. We will be discussing who and what ethical hackers are, their roles and responsibilities as well as the types of ethical hacking and how to become one. Let’s get started.
Ethical hacking is the legal practice of trying to gain access to a computer system or network. It involves bypassing existing security systems to detect potential weaknesses that cybercriminals could exploit to breach the system/network. This involves hackers hacking into a company’s network. This hacking, unlike malicious attacks is legal, preplanned, and approved by the company.
Ethical hackers are professionals who carry out the above-mentioned functions, and assess the safety and security of a company’s computer systems and network. Ethical hackers are also called ‘white hats’, and they are the opposite of hackers who hack into systems for malicious reasons like fraud, theft, and extortion.They perform the following functions:Investigating the weak points of a system/network that are vulnerable to attack from malicious hackers
Collecting and analysing information from multiple reliable sources to ensure network/system security
Enhance the security of the network or security systems in order to resist attacks by malicious hackers
Create strategies and solutions to prevent system breaches
Types of hacking and hackers
They are classified based on hacking done and the results:

1. White hat hackers
These people are also known as Ethical Hackers and Penetration Testers. They are the good guys in hacking. They hack into a system in order to determine if it is secure. They report and fix any security holes in the system. They are authorized to hack into the networ

The Ultimate Guide to CCSP- Certification Requirements

The CCSP credential ranks among the best cloud security credentials on the market. You must prove that you have the technical skills and knowledge to design, manage, and secure apps, infrastructure, and data on a cloud platform. You should also be able to follow industry best practices and policies in order to ensure the highest level of security.
You’re already on the right track if you’ve read this far. Continue reading to learn more about the CCSP credential, certification, and whether it is the best option.
What Prerequisites Are Necessary to Take the CCSP Certification Exam
Candidates must have a prespecified level of experience to apply for the CCSP certification exam.
You must have at least five years’ experience in information technology. Three years should be in information security. One year should be spent in at least one of six CCSP CBK domains. You can replace all five years of work experience with CSA’s CCSK certification.
You can always become an (ISC2) Associate if you don’t have enough work experience. You should have passed the CCSP certification exam in this case. You can earn an additional six years as an (ISC2) Associate to add five years of work experience. Your five-year total can also include part-time work and relevant internships.
Who can benefit from a CCSP certification?
The Certified Cloud Security Professional credential for IS and IT professionals who apply industry best practices in cloud design, security architecture and operation is the best career move. This includes professionals in these roles:
Cloud engineers

Cloud architects

Cloud consultants

Cloud security analysts

Cloud administrators

Cloud specialists

Auditors of cloud computing services

Cloud developers

What work experience will satisfy the CCSP Prerequisites
You must prove that you have worked in a cloud environment, either in the information security domain or in any other work that requires cloud security knowledge and application before you can take the CCSP certification exam. Your combined experience must fall under at least one of six domains listed below in the (ISC.2 CCSP) CBK.
Domain 1 – Cloud Concepts Architecture and Design

Domain 2 – Cloud Data Security

Domain 3 – Cloud Platform & Infrastructure Security

Domain 4 – Cloud Application Security

Domain 5 – Cloud Security Operations

Domain 6 – Legal and Risk Compliance

It is important to remember that full-time work can be exhausting.