The Four Elements of Physical Energy and How To Master Them

 

"Manage your energy, not your time." This is the quote that made Tony Schwartz famous. And it's one that I believe best represents a truly efficient lifestyle in the 21st century. Yet, living "manage your energy, not your time" is incredibly hard, at least for me. It probably took me around a year to fully grasp its meaning. Since then, I've turned my life upside down and changed my routine dramatically. More »

 

The Four Elements of Physical Energy and How To Master Them
Leo Widrich Wed, 27 Mar 2013 11:00:00 GMT

How-To: Setup SSO Between SAP E-Sourcing & SAP NetWeaver Portal 7.3

 

It’s three step process, the critical part is UME pull setup in E-Sourcing:

Step #01: Activate SSO in SAP Sourcing  (NetWeaver UME pull)

Step #02: Single sign on setup for AS Java NW 7.3 Using Logon Ticket

Step #03: Configuring the Portal iView for NetWeaver 7.3

Note: It is explained very well by the authors of these three articles.

SSL/TLS Deployment Best Practices (Qualys SSL Labs)

SSL/TLS is a deceptively simple technology. It is easy to deploy, and it just works . . . except that it does not, really. The first part is true—SSL is easy to deploy—but it turns out that it is not easy to deploy correctly. To ensure that SSL provides the necessary security, users must put more effort into properly configuring their servers.

In 2009, we began our work on SSL Labs because we wanted to understand how SSL was used and to remedy the lack of easy-to-use SSL tools and documentation. We have achieved some of our goals through our global surveys of SSL usage, as well as the online assessment tool, but the lack of documentation is still evident. This document is a first step toward addressing that problem.

Our aim here is to provide clear and concise instructions to help overworked administrators and programmers spend the minimum time possible to obtain a secure site or web application. In pursue of clarity, we sacrifice completeness, foregoing certain advanced topics. The focus is on advice that is practical and easy to understand. For those interested in advanced topics, we provide references at the end of the guide.

(Complete document from Qualys SSL Labs)

SSL Threat Model

Not mine & forgot the origin but nice!

(Click to view the original size pic)

The "Red October" Campaign

In October 2012, Kaspersky Lab’s Global Research & Analysis Team initiated a new threat research after a series of attacks against computer networks of various international diplomatic service agencies. A large scale cyber-espionage network was revealed and analyzed during the investigation, which we called «Red October» (after famous novel «The Hunt For The Red October»).

This report is based on detailed technical analysis of a series of targeted attacks against diplomatic, governmental and scientific research organizations in different countries, mostly related to the region of Eastern Europe, former USSR members and countries in Central Asia.

The main objective of the attackers was to gather intelligence from the compromised organizations, which included computer systems, personal mobile devices and network equipment.

The earliest evidence indicates that the cyber-espionage campaign was active since 2007 and is still active at the time of writing (January 2013). Besides that, registration data used for the purchase of several Command & Control (C&C) servers and unique malware filenames related to the current attackers hints at even earlier time of activity dating back to May 2007.

Main Findings

Advanced Cyber-espionage Network: The attackers have been active for at least several years, focusing on diplomatic and governmental agencies of various countries across the world.

Information harvested from infected networks was reused in later attacks. For example, stolen credentials were compiled in a list and used when the attackers needed to guess secret phrase in other locations. To control the network of infected machines, the attackers created more than 60 domain names and several server hosting locations in different countries (mainly Germany and Russia). The C&C infrastructure is actually a chain of servers working as proxies and hiding the location of the ‘mothership’ control server.

Unique architecture: The attackers created a multi-functional kit which has a capability of quick extension of the features that gather intelligence. The system is resistant to C&C server takeover and allows the attack to recover access to infected machines using alternative communication channels.

Broad variety of targets: Beside traditional attack targets (workstations), the system is capable of stealing data from mobile devices, such as smartphones (iPhone, Nokia, Windows Mobile), enterprise network equipment (Cisco), removable disk drives (including already deleted files via a custom file recovery procedure).

Importation of exploits: The samples we managed to find were using exploit code for vulnerabilities in Microsoft Word and Microsoft Excel that were created by other attackers and employed during different cyber attacks. The attackers left the imported exploit code untouched, perhaps to harden the identification process.

Attacker identification: Basing on registration data of C&C servers and numerous artifacts left in executables of the malware, we strongly believe that the attackers have Russian-speaking origins. Current attackers and executables developed by them have been unknown until recently, they have never related to any other targeted cyberattacks.

More @ www.securelist.com

Do Less: A Short Guide

 

By Leo Babauta

Many of us work in an endless stream of tasks, browser tasks, social media, emails, meetings, rushing from one thing to another, never pausing and never ending.

Then the day is over, and we are exhausted, and we often have very little to show for it. And we start the next day, ready for a mindless stream of tasks and distractions.

I am a fan of going against the stream of what most people do, and taking a step back. Is it really worth it? Is this the best way? Are we losing our lives to busy-ness and distraction?

What if we did less instead?

Of course, I’ve been suggesting doing less for six years here on Zen Habits, but it’s a topic worth revisiting, because it is so necessary. Today I offer a short guide to doing less, for those willing to give it a try.

The Benefits

I could probably write an entire book on the benefits of doing less, but here’s the short version:

1. You accomplish more. No, you don’t get more done (you’re doing less, after all), but if you do less and focus on the important stuff, you actually achieve better results, more meaningful accomplishments. This is how I’m able to work less but still write hundreds of posts a year (on various sites), create ebooks and courses, and more.
2. You have less anxiety. When you let go of the distractions and the non-essential, you free yourself from the fear that you need to do these things. You learn that your world doesn’t fall apart when you let these things go.
3. You enjoy life more. Taking time to really focus on an important task, or enjoy the little things, rather than rushing through them, is much more enjoyable.
4. You create time. When you do less, all of a sudden you have free time! What can you do with all that time? How about spend some time with loved ones, read, write, make music, exercise, cook healthy meals, start your own business, meditate, do yoga?

I’ll stop with those benefits — they’re sufficient for getting started. But I think you’ll discover others as you give this a try.

More @ Do Less: A Short Guide By Leo Thu, 17 Jan 2013 15:35:29 GMT

Microsoft Tech: Choose Your Adventure

Click to enlarge