Free ebook: IoT

A free ebook from Manning: Using the Web to Build the IoT is a collection of six hand-picked chapters that introduce the key technologies and concepts for building the application layer of the IoT.  The page is here:

How to Use Tablet Mode or Desktop Mode when you Sign in to Windows 10

Tablet mode makes Windows easier and more intuitive to use with touch on devices like 2-in-1s, or when you don’t want to use a keyboard and mouse.

You will see the desktop by default on a typical laptop or desktop.

Tablet mode will be turned on by default on tablets.

On a convertible PC (laptop/tablet hybrid), detaching or attaching the keyboard will prompt you by default to switch in and out of tablet mode.

This tutorial will show you how to select to automatically use tablet mode or desktop mode when you sign in to Windows 10.

Read more…

Windows 10 – Anniversary update preview evaluated by ComputerWorld

Around July 2016, Windows 10 is slated for another major build and evaluation of preview version is shared below:

The first big update to Windows 10 will come this summer, a year after the operating system’s initial launch, with the release of what Microsoft is calling the Windows 10 Anniversary Update. The update’s exact release date hasn’t been set yet. Windows 10 was officially released on July 29, 2015 — but that doesn’t mean that the Anniversary Update will hit on the exact date.

When it is ready, the update will be delivered — as usual — via Windows Update. That means you won’t have to do anything manually — it will install automatically on its own. But you don’t have to wait until the official release date to install and use the update. Microsoft is releasing preview builds well before then — including one that you can install today.

As of this writing, the latest update is Windows 10 Insider Preview Build 14328. What follows includes information about features that Microsoft has announced will be in the final as well as features that are implemented in some way in the most recent build. Although the update is being called the Windows Anniversary Update, don’t expect many big presents. While there are some very solid and useful additions, this isn’t a big-bang change to the operating system.

Facebook – Government Data Requests on rise in 2016

As shared in article below requests from Government entities have increased during past year:

More than half of the requests for data that Facebook received from US law enforcement agencies in the second half of 2015 contained a non-disclosure order that prohibited the company from notifying the user whose data was requested, according to a report released today.  Facebook’s bi-annual report on global government data requests indicated that there were 19,235 requests in the US during from July to December 2015, up from 17,500 in the first half of the year. The company handed over data in 81 percent of cases.

Worldwide, government requests for account data increased by 13 percent, from 41,214 requests to 46,763. The number of items on the social network restricted for violating local law saw an even more dramatic jump, to 55,827 items, up from 20,568.  There were also up to 499 secret requests made for data under the Foreign Intelligence Surveillance Act (FISA).

In a blog post, Facebook’s Deputy General Counsel Chris Sonderby wrote that it does not provide any law enforcement agency access to data unless it determines the request to be legitimate.  “We scrutinize each request for user data we receive for legal sufficiency, no matter which country is making the request,” Sonderby wrote. “If a request appears to be deficient or overly broad, we push back hard and will fight in court, if necessary.”

Windows 10 – Cortana to enforce Edge and Bing standards

Within Windows 10, the Cortana search box will be standardize on use of Edge and Bing standards for a consistant and more secure user experience.  Other search and browser standards will continue to be supported outside of Cortana

With Windows 10, we have invested in delivering comprehensive, end-to-end search capabilities that make Windows more personal, intuitive and helpful. The Cortana search box, in the bottom left of the Windows 10 taskbar, allows you to easily search across apps, documents, settings and the Web all with the help of your truly personal digital assistant.

Unfortunately, as Windows 10 has grown in adoption and usage, we have seen some software programs circumvent the design of Windows 10 and redirect you to search providers that were not designed to work with Cortana. The result is a compromised experience that is less reliable and predictable. The continuity of these types of task completion scenarios is disrupted if Cortana can’t depend on Bing as the search provider and Microsoft Edge as the browser. The only way we can confidently deliver this personalized, end-to-end search experience is through the integration of Cortana, Microsoft Edge and Bing – all designed to do more for you.

Of course, you can continue to use your search engine and browser of choice on Windows 10.  They can be accessed and used as you always have.  You can easily use our centralized default manager to choose your preferred default program for everything from browsing to email, and you can configure the search default setting in Microsoft Edge and Internet Explorer, which are available when you directly access those programs.

FBI – Dangers of Ransomware increase during 2016

An informative security bulletin for April 2016 has been issued by FBI documenting the increasing number of corporate and home ransomware attacks

Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted recently by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them.  The inability to access the important data these kinds of organizations keep can be catastrophic in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files, and the potential harm to an organization’s reputation.

And, of course, home computers are just as susceptible to ransomware, and the loss of access to personal and often irreplaceable items—including family photos, videos, and other data—can be devastating for individuals as well.  Ransomware has been around for a few years, but during 2015, law enforcement saw an increase in these types of cyber attacks, particularly against organizations because the payoffs are higher. And if the first three months of this year are any indication, the number of ransomware incidents—and the ensuing damage they cause—will grow even more in 2016 if individuals and organizations don’t prepare for these attacks in advance.

In a ransomware attack, victims—upon seeing an e-mail addressed to them—will open it and may click on an attachment that appears legitimate, like an invoice or an electronic fax, but which actually contains the malicious ransomware code. Or the e-mail might contain a legitimate-looking URL, but when a victim clicks on it, they are directed to a website that infects their computer with malicious software.

Once the infection is present, the malware begins encrypting files and folders on local drives, any attached drives, backup drives, and potentially other computers on the same network that the victim computer is attached to. Users and organizations are generally not aware they have been infected until they can no longer access their data or until they begin to see computer messages advising them of the attack and demands for a ransom payment in exchange for a decryption key. These messages include instructions on how to pay the ransom, usually with bitcoins because of the anonymity this virtual currency provides.

Ransomware attacks are not only proliferating, they’re becoming more sophisticated. The FBI has developed a brochure of safety and risk mitigation tips for the growing threat of ransomware.

FBI – Ransomware Prevention Brochure 2016

The FBI has developed a brochure of safety and risk mitigation tips for the growing threat of ransomware.

Prevention Considerations

* Implement an awareness and training program. Because end users are targeted, employees and individuals should be made aware of the threat of ransomware and how it is delivered.

* Patch operating systems, software, and firmware on devices, which may be made easier through a centralized patch management system.

* Ensure anti-virus and anti-malware solutions are set to automatically update and that regular scans are conducted.

* Manage the use of privileged accounts. Implement the principle of least privilege: no users should be assigned administrative access unless absolutely needed; those with a need for administrator accounts should only use them when necessary.

* Configure access controls, including file, directory, and network share permissions, with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.

* Disable macro scripts from office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full office suite applications.

* Implement Software Restriction Policies (SRP) or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers

Business Continuity Considerations

* Back up data regularly, and regularly verify the integrity of those backups.

* Secure your backups. Ensure backups are not connected to the computers and networks they are backing up. Examples might be securing backups in the cloud or physically storing offline.

Other Considerations

* Implement application whitelisting; only allow systems to execute programs known and permitted by security policy.

* Execute operating system environments or specific programs in a virtualized environment.

* Categorize data based on organizational value, and implement physical/logical separation of networks and data for different organizational units.

PCI DSS standards 3.2 release

The PCI/DSS 3.2 release are designed to improve point-of-sale and e-commerce standards.  This new version will require moving away from older and less secure TCP/IP networking protocols by June 2016.  Full compliance with 3.2 standards are set for June 2018.

A new version of the standard was released today, version 3.2. There are a number of changes that will affect those that need to comply with the standard, especially for service providers.  For service providers struggling to move customers away from SSL and weak TLS there is some good news.  The deadline for this requirement has been moved to June 30 2018.  Service providers will however be required to have a secure environment (i.e. accepting TLS v1.2 or v1.1) by June 30 2016 (yes two months). This shouldn’t be to onerous as most service providers will already have this in place.

There are a few new requirements in the standard. The majority of these only apply to service providers and relate to ensuring that processes are followed throughout the year rather than a once a year effort.  A number of these are also quarterly requirements.  They include:

* 3.5.1 – Maintain a documented description of the cryptographic architecture.
* – If segmentation is used, confirm PCI DSS scope by performing penetration testing on segmentation controls at least every six months and after any changes to segmentation controls/methods.
* 12.4 – Executive management shall establish responsibility for the protection of cardholder data and a PCI DSS compliance program.
* 12.11 – Perform reviews at least quarterly to confirm personnel are following security policies and operational procedures.

Elasticsearch @ MVP Western Europe Community Open Day 2016

Today I presented on Elasticsearch at the MVP Western Europe Community Open Day 2016, in Rome. Apart from some problems with the magnifier tool, and taking much longer than I should Confused smile, I think it went relatively well!

If you are interested, you can find the PowerPoint deck and the sample steps in my One Drive here.

Thanks for voting for my presentation and for showing up! Winking smile

Email origination

We get email from all sorts, some people who we do not know very well or maybe not at all.

It’s very easy to buy goods and services online or even just connect with somebody, but how do we know that they are who they say they are. We don’t, but there is a way of finding out to some degree.

Email headers:

What we generally see at the top of an email is the sender, recipient and subject if it is filled in. The location of the sender is not shown, but it is there if we care to look. How to find out the whole header info..

An example:

If I send an email from my Hotmail or Outlook dot com account to one of my ISP accounts, the header shows the original location of the sender coming from the USA west coast Microsoft servers, not exactly surprising as I live in North America.

Friends and family who send me mail from their Hotmail and/or Outlook accounts originate on Australian or UK servers, again not surprising.

OK, so you have email from somebody who claims to be somewhere in Europe, Africa, the Middle East, it makes no difference, and you want to check that the claim is correct.

  1. Check out the header using the first link that I gave. It will show the originating IP address, but may take some finding as there is a lot of gobbledygook in headers.
  2. Next, look up the IP address here..

So, if the goods and/or services vendor or person is where they claim to be, the IP address lookup should show roughly that they are indeed where they claim to be.


I have, I think, recently been scammed because I failed to run the check above. Personally, I think that the default email header should show the location of the sender to at least the continent from which the email originates, and it should be shown clearly. Instead, it doesn’t, and more often than not, the only option is to show even less.. :-(

Malware – QBOT Bank Information Theft Trojan evolves in 2016

The QBOT family is a Bank Information Theft threat that emerged in 2008.  As documented in this excellent TALOS report, this threat has evolved significantly and it is on the rise.

Qbot, AKA Qakbot, has been around for since at least 2008, but it recently experienced a large surge in development and deployments. Qbot primarily targets sensitive information like banking credentials. Here we are unveiling recent changes to the malware that haven’t been made public yet.

Qbot’s primary means of infection is as a payload in browser exploit kits. Website administrators often use FTP to access their servers, so Qbot attempts to steal FTP credentials to add these servers to its malware hosting infrastructure. Qbot can also spread across a network using SMB, which makes it very difficult to remove from an unprotected network.

Packer — Qbot uses a packer that can change drastically between samples. The packer’s strings and code blocks are randomized in ways that make it difficult to create a detection signature. Randomization is a common theme in Qbot since filenames, domain names, and encryption keys are randomly generated.

Installation — Once the packer finishes loading the unpacked executable in memory, Qbot checks to see if it has already been installed. If Qbot is not running it copies itself there and executes the copy.

Logging — Qbot logs to an encrypted file in the install path. The log file can be identified as having a DLL extension, and a filename one letter short of the directory name where Qbot is installed in. The log file is encrypted with an RC4 key generated by converting the folder name to lowercase, then taking the SHA1 hash of the resulting string.

Updater — Qbot updates itself using an obfuscated script with the extension “.wpl”. This script attempts to download an encrypted executable hosted from numerous domains in URIs. The script hex decodes the server response, then uses the first 20 bytes as an RC4 key to decrypt the remaining bytes.

Info Theft — Qbot primarily targets sensitive information like banking credentials. It does so by stealing data like stored cookies or credentials, and by injecting code into web browsers to manipulate live browsing sessions. Qbot lets malicious actors piggyback on the victim’s browsing sessions, enabling them to bypass security like simple implementations of two-factor authentication.

Evolution — We automated unpacking 618 Qbot samples via Pykd, then created Python scripts to decrypt and decompress the embedded resources. We extracted DLLs and config data, as well as Qbot version information and Compile Times for each file. Compile times are often used to attribute malicious activity, though it is important to note compile times can be manipulated.

WinOps conference

The WinOps conference is dedicated to ‘Windows in a DevOps World’  Its in London 24 May 2016. I’ll be speaking as will Jeffrey Snover and Ed Wilson of Microsoft.


More details from


Hope to see you there

Turn On or Off Ask before Automatically Switching to Tablet Mode in Windows 10

Continuum is Microsoft’s new way of switching between tablet and desktop mode on a Windows 10 tablet or convertible PC as needed.

Tablet mode makes Windows easier and more intuitive to use with touch on devices like 2-in-1s, or when you don’t want to use a keyboard and mouse.

You will see the desktop by default on a typical laptop or desktop.

Tablet mode will be turned on by default on tablets.

On a convertible PC (laptop/tablet hybrid), detaching or attaching the keyboard will prompt you by default to switch in and out of tablet mode.

This tutorial will show you how to set to Don’t ask me and don’t switch, Always ask me before switching, or Don’t ask me and always switch when your Windows 10 PC automatically switches tablet mode on or off.

Read more…

How to Hide or Show App Icons on Taskbar in Tablet Mode in Windows 10

Tablet mode makes Windows easier and more intuitive to use with touch on devices like 2-in-1s, or when you don’t want to use a keyboard and mouse.

This tutorial will show you how to turn on or off to hide app icons on the taskbar while in tablet mode for your account in Windows 10.

Read more…

Leadership – Influence is earned through actions over time

Influence is present as a function of the position itself.  However, great leaders emerge through their actions, relationship, and sincerity over time.  John Maxwell reflects on this as follows:

“Leadership is influencenothing more, nothing less — The more I speak to leaders of all stripes, the more I’m reminded of the truth of this statement. No matter who you are, no matter where you serve, if you have influence with people, you can lead them.

So the question becomes, How can I gain influence? — In fact, I get asked that question a lot. And I’m going to tell you the secret to influence today. It’s not hard to understand, and once you’ve got it, you’ll be able to gain influence almost anywhere you go.  But first, a foundational principle: You can’t build influence without other people. From bake sales to board meetings, there is no leadership without others, because influence comes from other people. It’s something they give in response to who they perceive you to be. The moment people perceive you differently is the moment that influence is withdrawn.

Borrowing versus Earning influence — Every leader either borrows influence or earns it. When people give you permission to lead in their lives because of your actions, you’ve earned influence. When people give you permission to lead in their lives because of your words, you’ve borrowed influence. With borrowed influence, the permission followers give the leader isn’t strong enough to extend to anyone else on the team. Unless the leader’s words are backed by actions—and results—his or her influence has limits. Earned influence is based on something tangible, so the leader can freely share and use it to lift others to positions of influence.

Which Kind of Influence Do You Have? — When leaders settle for borrowing influence instead of earning it, they fail to meet their capacity in leadership. Once they have been burned, however, it takes a genuine leader who can do something positive and meaningful to get people to give influence away again.  To lift and lead others in the long term, you must be a leader who continually earns influence with your actions. Leadership is influence, and the best kind of influence comes when people give you permission to lead in their lives based on your actions. If you want to get real influence, you have to get busy—and earn it from the people you lead.

Android Security – Overlay malware attacks increase in 2016

Overlay malware allows attackers to create hidden invisible windows that sits top of legitimate Android applications and intercept information which can compromise both security and privacy.  These attacks are growing both in terms of numbers and sophistication.

The black market for malicious Android software is heating up thanks to a rise in popularity of overlay malware, which can siphon credentials off Android devices and give crooks a tool to defeat two-factor identification schemes, according to security researchers at IBM’s X-Force.

Overlay malware allows attackers to create an overlay to be displayed on top of legitimate Android applications. The overlay then tricks users into entering their access credentials into a fake window that will grab and forward them to a remote attacker.  Interest in overlay malware, X-Force wrote in a research note posted Thursday, has triggered price wars and a flood of new variants of overlay malware in recent months.

GM Bot was originally spotted in 2014. It, along with Bilal Bot, Cron Bot, and KNL Bot, all exploit a vulnerability found in older versions of Google’s Android operating system (prior to the release of Android 5.0) that enables activity hijacking.  In the case of Bilal Bot, Cron Bot, and KNL Bot, Kessem said, it’s unclear if they share the same base code as GM Bot. “There is a good chance they do, we just haven’t analyzed the samples yet,” she said.

Similar also is the overlay malware APK’s feature set that go beyond overlay screens and include: SMS hijacking, call forwarding and CC grabbing. Attackers also have the ability evade detection via a polymorphic code features that can recompile the malware periodically to avoid signature detection by security software.

Angular 2: Getting Started With Visual Studio 2015

My “Angular 2: Getting Started” course on Pluralsight details how to get started with Angular 2. To provide guidance that works on any platform (Windows, OS X, and Linux), the course uses Visual Studio Code as the editor. However, there are many developers that prefer to use Angular 2 with Visual Studio 2015. This post shows you how.

The biggest challenge in providing guidance for using Angular 2 with Visual Studio 2015 is that there are too many options.

  • Do we use TypeScript? If so, do we use a TypeScript project in Visual Studio 2015?
  • Do we use ASP.NET? If so, ASP.NET version 4.6 (current version) or ASP.NET Core 1.0 (previously known as ASP.NET version 5.0 and currently in beta)
  • Do we use MVC? If so, MVC 5 (current version) or MVC 6 (currently in beta)?
  • Do we use more JavaScript-ish tools such as npm? Or try to do everything with Visual Studio tools?
  • Do we use the command line? Or try to do everything within the Visual Studio 2015 IDE?
  • And so on …

The plan is to cover several of these options, starting with the most basic steps required to use Visual Studio 2015 with Angular 2.

Using a Visual Studio 2015 TypeScript Project

For this first technique, we’ll cover how to set up and run the “Angular 2: Getting Started” files using a TypeScript project in Visual Studio 2015.

1. Download the starter files from my GitHub repo:

    If you are not familiar with using GitHub, just click on the “Download ZIP” button as shown below. Then unzip the files.


2. Open Visual Studio 2015 and create a new project: File | New | Project.

3. Select the TypeScript project template and name the project “APM” for Acme Product Management.


4. This creates several TypeScript sample files. Delete app.css, app.ts, and index.html.


5. In file explorer, open the cloned or unzipped `APM – Start` folder if you want to start with the project starter files. Open the `APM – Final` folder if you want to work with the final files from the course.



6. Copy all of the files from within the folder shown above (except the .vscode folder) to the APM project file you just created with Visual Studio.


7. Click the “Show All Files” button in the toolbar of Solution Explorer.


8. Select to include the api and app folders and the index.html, package.json, tsconfig.json, and typings.json files into the project. If desired, click “Show All Files” again to hide the remaining files.


9. Right-click on the package.json file and select: Restore Packages


10. Open the Output window (View | Output) to watch Visual Studio 2015 run npm and install Angular 2 and its dependencies.

So even through we are using a Visual Studio 2015 menu option (Restore Packages), Visual Studio is running the Node Package Manager (npm) to install all of the packages defined in the package.json file.


11. If npm finishes successfully, it should appear like this (see below) in the Output window.


12. Right-click on index.html and select Set As Start Page.


13. Press F5 to run and the application appears in the selected browser.

HOWEVER … you won’t be able to edit and continue. And if you edit and try to refresh the browser, you will most likely see a 404 message.

I have not yet figured out the magic required to provide edit and continue using Visual Studio 2015 directly … but you can get edit and continue if you stop debugging and run the application using a script instead of F5 following these additional steps:

14. Display the Package Manager Console (View | Other Windows | Package Manager Console).

15. Type `cd APM` in the Package Manager Console to change to the directory containing the APM project.

NOTE that if you used a different directory name for your project, type that instead. And if you have a space in the name, it will need to be enclosed in quotes: cd “APM – Start”

16. Type ‘npm start’ into the Package Manager Console.

This will launch your default browser and watch for changes. You can then edit any of the project files (AND SAVE!). The browser will then update automatically and reflect your changes.

By following the above steps, you can follow along with the course using Visual Studio 2015 instead of VS Code. Just be sure to follow steps 14-16 above each time you reopen the project to restart the script that watches for changes and refreshes the browser.

It would be great to hear from you on whether these steps worked for you. Follow me on twitter: @deborahkurata


Leadership – Three types of mentors for personal growth

John Maxwell shares an excellent article on the value of mentors in building leadership skills

 I’m not a self-made man. It took a lot of people investing in me to get me where I am today. You may wonder: Who helped you, John?

Mentors – A mentor is someone who teaches, guides and lifts you up by virtue of his or her experience and insight. They’re usually someone a little farther ahead of you on the path—though that doesn’t always mean they’re older! A mentor is someone with a head full of experience and heart full of generosity that brings those things together in your life.

Started Close to Home — My first mentor was my father, Melvin. His investment into me as an individual was the foundation for everything I’ve achieved. My father’s encouragement, observation and advice helped shape everything from my mindset to my belief about the future. Without him, I’m not sure where I would’ve ended up.  But not every mentor in my life was a family member! There came a time when I had to seek mentors beyond my family tree in order to be successful. That required me to have the self-awareness necessary to choose mentors who could help me be the best version of myself possible.

For me, there have been three types of mentors:

1. Those Who Knew Me and Knew They Made a Difference — The greatest example of this type of mentor in my life was Coach John Wooden. I intentionally sought Coach out to learn about teamwork, leadership, vision, and character. I’ll never forget how much work I put into our first meeting—I came armed with pages of questions that took me hours to write! And the preparation paid off; not only did I come away from that initial meeting with a thousand ideas to consider, I also earned the right to sit down again with Coach Wooden several more times before he passed away.

2. Those Who Knew Me and Didn’t Know They Made a Difference — For me, the greatest example of this in my life is Kurt Campmeier, who introduced me to the concept of having a personal growth plan way back at the beginning of my career. Kurt’s influence on my life and work is far greater than the amount of time he spent with me, but time isn’t always equal to impact. For years, I don’t think Kurt had any idea of the impression he’d made on me. But a few years ago, my team tracked him down, and I had the opportunity to see him again and thank him.

3. Those Who Didn’t Know Me and Yet Made a Difference — And that intentionality extends even to those mentors whom I’ve never met. That may sound strange, but the truth is that all of us have access to long-distance mentors we may never meet in person! Speakers, books, magazine articles, webinars – the list of available mentors is endless.

Be Intentional about Finding Your Own Mentors — No one gets to the top alone. We all have help. It’s why I’ve made mentoring such a crucial part of my growth—and it’s why I mentor people along the way. It’s the inspiration for my Maximum Impact Mentoring call each month, and the reason I continue to write and speak to audiences each year. I want to help as many people as possible become all they can be.

TeslaCrypt 4.2 Released with quite a few Modifications

Version 4.2 of the TeslaCrypt Ransomware has been released according to TeslaCrypt researcher BloodDolly. This version was released today and contains quite a few modifications to how the program runs. The most notable change, though, is the revamp of the ransom note.  The ransom note, shown below, has been stripped down to basics with only the necessary info to connect to the payment servers.

Windows Server 2016 TP5 Cumulative Update

An update – KB 3157663 – should be installed BEFORE installing any roles, features or applications into a TP5 system.


Finding the update isn’t easy – no links from the TP5 pages and doesn’t show in search on Bing or if search


You can find it here:


Lets hope RTM is a bit more organised

Recent Comments