These Are the Best Holiday Gifts for Creative Kids

If your kids are anything like mine, they love exploring their creative, artistic sides—that is, until a screen comes on. But it doesn't have to be this way: There are all kind of toys and games available that will effectively lure them from the siren song of their iPads.

If you're looking for a gift that will stimulate your child's brain instead of straining their eyes, we've compiled a list of presents that will get your kid using their imaginations and having fun, to boot.

Learn to Mix & Spin DJ Pad

Check out the beats while your toddler revolves it on this portable turntable with an 18-key synth, sound effects, and the ability to create hip-hop fills like the DJ at your favorite club (or the one you went to in college).

Resources Building Blocks

If your LEGO budget is running low, the 72 wooden pieces in this set, inspired by nature, offer a natural alternative to the expensive plastic bricks your creative kid uses. But don't worry—they'll probably still find a way to create a robot bent on destroying the world. 

Art-chitect Home Model Building Kit

Ever since I took my oldest son to a Frank Lloyd Wright house, he's been obsessed with design and architecture. This set has everything he needs to bring his ideas to life, from the walls required to model his 3-D home to floor plan tracing sheets. 

Robot Building Toy

When your kid puts together a LEGO set, there isn't much they can do with it after building is complete. With this 635-piece toy, you have a remote-controlled device that (hopefully) won't get smashed to bits once it is in motion. 

The Woobles Easy Peasy Beginner Bundle Crochet Kit 

Chances are your child wants a Squishmallow this year for the holidays. Now they can crochet their own cute, fluffy friend. One Lifehacker editor can't recommend these enough for DIY-obsessed older kids—they include everything needed to stitch these animals together, including a crochet hook.

Illustory Book Making Kit

The one thing I love about Dav Pilkey's collection of books (Captain Underpants and DogMan series) is that they encourage readers to write their own stories. With this gift, once your kid is done putting pen to paper, they can send in their masterpiece and will have a professionally printed hardcover book in a few weeks. 

Create Your Own Video Game Set

Kids can create and play their own 8-bit games on this Game Boy-like device. It works with the help of a web-based visual editor that will familiarize them with programming languages like JavaScript and Python. It also functions as a smartwatch and pedometer. 

Arts and Crafts Vault

If making friendship bracelets for the Taylor Swift tour whetted your child's appetite for making their own jewelry, this kit has over 1000 pieces to get their next project off the ground. It includes everything from pipe cleaners to googly eyes!

Diary of an Awesome Kid

Even the great authors kept a journal. Give your kid a head start with this one, which has the best title and can be used as a diary, planner, or even a canvas for their illustrations. It comes in a variety of colors.

KidiZoom Creator Cam

Is your kid a movie fiend? Help them evolve from consumer to creator with this HD video camera designed specifically for the younger set. Kids can run away from dinosaurs, visit space, or put on their own newscasts with the included green screen. A selfie stick and tripod are included. 

Buddha Board

This painting board is usually marketed toward adults, but it's also the perfect gift for your creative kid. You paint with water using a bamboo brush, but the masterpiece fades as it dries, returning to a blank slate. Adults see Zen; parents see a mess-free way for kids to express themselves. 

Kids Create Absurdity Card Game

This stocking stuffer has been described as Cards Against Humanity for the grade school set, and your entire family can have some fun together during winter break. 

Help your kid explore their creativity with one of these gifts:

• Learn to Mix & Spin DJ Pad ($47.95)

• Resources Building Blocks ($39.99)

• Art-chitect Home Building Kit ($67.92)

• Robot Building Toy ($63.19)

• The Woobles Easy Peasy Beginner Bundle Crochet Kit ($119.99)

• Illustory Book Making Kit ($29.95)

• Create Your Own Video Game Set ($85)

• Arts and Crafts Vault ($29.99) 

• Diary of an Awesome Kid ($6.87)

• KidiZoom Creator Cam ($38.99)

• Buddha Board ($37.95)

• Kids Create Absurdity Card Game ($13.99)

from LifeHacker https://ift.tt/XjgUCKq

How to Prevent Your Bank from Closing Your Accounts Without Notice

So you go to use your debit card to make a purchase or withdraw cash, or you try to pay a bill from your checking account, only to find out that your card has been declined, your transaction denied, and your access to your money cut off. The New York Times recently reported that banks are increasingly closing customer accounts without warning or authorization—and for no apparent reason. They're not even required to notify you if this happens, which means some people find out only when they can't use their cards or withdraw funds. While suspicious activity and fraud are considered one possible explanation, there's also no data source to confirm exactly how many accounts are being shut down and why.

How to protect your bank account from closure

The Times reporting suggests several possible scenarios that would raise red flags for a bank's fraud department. One is related to how much you deposit and withdraw, and in what pattern. Under federal law, customers have to fill out a form for any transaction of more than $10,000, and choosing to reduce the amount rather than complete said paperwork is likely to be suspicious. Similarly, large cash deposits at ATMs or a series of high-value deposits and withdrawals in a short period of time may also be tagged as fraudulent. While this may be innocuous—you work in an industry that has cash tips, for example—the bank doesn't see it that way.

Banks may also tag accounts for closure when there's no activity for a period of time, or when there are frequent negative balances or overdrafts. Using checks can also put you on a bank's radar due to the increase in check fraud in recent years, as can violating account terms and conditions (such as using a personal account for business purposes).

Given these possibilities, there are a few things you can do to head off account closure:

• Overcommunicate with your bank. If you are making uncharacteristic deposits or withdrawals, moving large sums of money around, or going through any major financial transition (such as a move, a home purchase or renovations, or extended travel), give your bank a heads-up.

• Check all bank messages. Don't toss notices without opening them, and look into all messages you receive. Note that you shouldn't respond uncritically to texts, calls, or emails, which may themselves be fraudulent. But if you are contacted by anyone claiming to be from your bank, call the number or send a secure message on the website or your client portal to make sure you don't miss anything important.

• Monitor your account activity. Set up transaction and low balance alerts, and check statements, deposits, and withdrawals regularly.

• Limit your check usage. If possible, stop sending checks in the mail to reduce the risk of washing, or at least take steps to protect your checks from fraud.

What to do if your account shuts down unexpectedly

If you take precautions and your bank closes your account anyway, contact them ASAP and ask what steps you need to take to get access to your money. If your bank has a local branch, it may be effective to go in person. Communicate calmly but firmly. In some cases, such as a dormant account, you may need to go to your state's unclaimed property office to obtain your funds.

Next, make sure you halt direct deposits and automatic withdrawals (such as bill pay) and switch these transactions to a different account that you can still access. If the bank will allow it, try to reopen the account or ask about other options, after which you can also consider switching to a different bank.

Finally, you can file a complaint with the federal Office of the Comptroller of the Currency if you believe your account has been closed without cause.

from LifeHacker https://ift.tt/uagUXIC

Upgrade Your Leftover-Turkey Sandwich With Thai Curry Paste

Sure, the leftover Thanksgiving turkey sandwich is a classic for a reason, but part of the joy of eating is refreshing the classics. When you’ve layered sandwich bread with turkey and mashed potatoes so many times it’s become a chore, it’s time to reach for a new flavor. Get excited again for that leftover poultry and make a turkey sandwich—but not the kind stacked with cranberry and stuffing. Instead, clear out your fridge and your sinuses with a fiery Thai curry turkey sandwich.

Since poultry has a reputation for drying out in the fridge and losing flavor, I wanted to add powerful ingredients and a bit of moisture. I reached for a can of massaman curry. Thai curry is something I keep stocked in my cabinets, and I find that the flavors pair up brilliantly with any protein. Thai curries use a varying combination of ingredients, like shallots, ginger, makrut lime leaf, garlic, and chilies, depending on the type you choose, but something you can count on is that it will be flavorful. Toss cold, shredded turkey with a tablespoon of curry paste and you’ll trigger a bright new outlook on all of your holiday leftovers. 

Thai curry paste can be pounded or processed at home, but my family has always used premade Maesri brand cans for cooking. You can find Maesri in Asian grocery stores, but big box grocery stores like Shoprite and Whole Foods carry different brands of Thai curry as well. The benefit of jarred curries is that you can use a spoonful and close up the lid again. (The cans can be a little annoying if you don’t use the whole thing.)

Credit: Allie Chanthorn Reinmann

A Thai turkey curry sandwich will be a bit spicy, of course, but you can control that with this recipe. Thai curry paste is powerful, even in small quantities, but not every curry packs the same amount of heat. Heat is a personal preference, but if I want mild spice I’ll use massaman, yellow, or red curry paste. For medium heat, I use pad prik king paste. To make myself sweat I’ll use green curry paste. Use any of these according to your preference, and then control the heat further. Use just a teaspoon or so of paste and mix it with two tablespoons of mayonnaise. The mayo will cut the spice level down further because of the fats involved. Taste it. If you’re spiced out, add more mayo. If the flavor is too weak, add more Thai curry paste. Toss a cup of shredded turkey with the mixture and load it onto a couple slices of bread.

This hack is especially helpful in this final day or so of turkey scraps, but you can ignite your taste buds with this recipe any time during the year using leftover chicken or pork. I like to make a quick, crunchy slaw with shredded cabbage tossed with lime juice and salt. These are some classic Thai ingredients and it rounds out the flavors of the sandwich beautifully. The massaman turkey filling is spicy and sweet, and the slaw is crunchy, salty, and tart. 

For even more of a flavor boost, add a couple leaves of torn basil (Thai basil if you can get it), and a chopped raw Thai chili pepper. Those last ingredients will really rock your sinuses, and make it the kind of sandwich that you can’t stop talking about (even while you’re actively eating the sandwich).

Thai Curry Turkey Sandwich recipe

Ingredients:

• 1 cup shredded turkey

• ½ tablespoon to 2 tablespoons Thai curry (adjust according to taste)

• 2 tablespoons mayonnaise

• 1 Thai chili, chopped (optional)

• 2-4 leaves Thai basil,  (optional)

• ¼ cup shredded cabbage

• 2 teaspoons fresh lime juice

• ⅛ teaspoon salt

• 2 slices of sandwich bread, toasted

1. In a small bowl, toss the cabbage together with the lime juice and salt. Set aside on the countertop for 10 minutes, tossing periodically.

2. In a different bowl, mix curry paste with mayonnaise until combined. Taste the mixture and add more curry paste if desired. Mix the shredded turkey into the dressing. Mix in the chopped chili and basil, if using.

3. Mound the turkey mixture onto a slice of toasted bread. Add the cabbage slaw and top it with the other slice of bread. Give the sandwich a press with your hands, and enjoy.

from LifeHacker https://ift.tt/jYTEcR7

No, NameDrop on iPhone Won’t Automatically Share Your Contact Information

According to a report by The Washington Post, police departments and news sites are spreading misinformation about "NameDrop," a new feature in iOS 17. These outlets claim that simply bringing your iPhone close to another iPhone allows the other user to steal your contact information, without your consent or any action on your part. If that sounds scary, don't worry: It’s pure hogwash.

Yes, NameDrop is enabled by default on all iPhones running iOS 17.1 or higher, and Apple Watches running watchOS 10.1 and higher. But it can be only used intentionally, and only with your consent. That's what a lot of news outlets and law enforcement agencies are getting wrong. The City of Chester Police Department in Ohio says, “This feature allows the sharing of your contact info just by bringing your phones close together.” Of course it's going to seem dangerous.

How NameDrop actually works

First of all, both iPhones or Apple Watches have to be unlocked. Then, the two devices have to be very close to each other, almost touching. When they come in close contact, your iPhone will prompt you, asking if you want to share your contact information and your Contact Poster, with the other iPhone. From here, you get two options: Receive Only and Share. It's only when you tap Share that the two iPhones will do the dance of swapping contact details. If you choose Receive Only, the other person’s contact details will show up for you if they choose to share, but your contact details will remain private.

If your iPhone is locked, and there’s an unknown iPhone on top of it, this won’t work. Even if it’s unlocked, without your action, there's no risk of losing your personal information. Rest assured, your contact details are safe. Hypothetically, this could be a problem if your iPhone is both unlocked and in someone else's hands. But if that’s the case, you have a much bigger problem than losing your email address and phone number.

How to disable NameDrop on your iPhone

Still, if you want to disable the feature, it can be done from Settings > General > AirDrop > Bringing Devices Together > Off. But again, we wouldn’t recommend this, as it’s not worth losing the excellent AirDrop bump gesture.

from LifeHacker https://ift.tt/v3nPuwH

Make This Risotto With Your Thanksgiving Leftovers

If risotto has ever seemed intimidating to you, put down the "instant" rice and listen up: Unlike risotto's brother, regular rice, risotto is so forgiving that the only way to screw it up is to walk away from the stove. Post Thanksgiving is a great time to learn to make it, as this creamy, luxurious dish is perfect to tuck into on a cold fall day. As a vehicle for leftover turkey, risotto makes a strong argument. 

Risotto is a better, more aspirational version of rice

Risotto is made from a different rice than your standard white or brown: It’s called arborio, and it’s usually readily available in supermarkets in the aisle with the other rice. Arborio can take on an enormous amount of liquid, and it is a short grain variety. When cooked with enough liquid, it retains a little bite in the grain, but forms a creamy texture. Normally, you give it a little push with butter at the beginning and Parmesan cheese at the end.  

There are no rules for what goes into risotto, and it has the benefit of being cooked in liquid, so meat doesn’t tend to dry out. For leftover turkey, this is excellent, because right about now, you’re sick of the leftover turkey sandwich. Also, think of all the leftover veggies you have in the fridge, because they can also likely go into your risotto. Anything without much of a sauce is game: grilled mushrooms, baked asparagus, roasted squash. If there’s any left at this point, you can even toss in a little gravy. 

A solid coating of butter lays a good foundation

To start, you’re going to sauté your rice and shallot in butter in a large sauté pan over medium high heat. On a second burner, you want a stockpot with your broth or stock.  If you made stock with your carcass, this is a great use. If not, you can make some with Better Than Bouillon or just use any chicken stock you normally buy. (It doesn’t need to be turkey stock; even vegetable stock would be good.) Get your stock going to a nice simmer. 

Move the rice around in the pan with a wooden spoon: You want each kernel of rice coated, and it’s OK for it to get a little toasted. As soon as you detect a slightly nutty aroma from the butter, ladle in a cup of stock into the sauté pan and start stirring as you turn the temperature down to medium. You want to maintain a simmer at all times, and keep in mind the one key to a good risotto: lots of stirring.

Never stop stirring

As you stir, the liquid is going to evaporate as it is absorbed by the rice. As it does, add more liquid, and just keep stirring. While this may seem cumbersome, it is also the beauty of risotto: Unlike regular rice where you really get one shot to nail the ratio of liquid to rice, that's not true with risotto. Just keep adding stock until the rice is cooked. 

On this topic, there is also some debate, as some people prefer an al dente risotto, where the rice has more bite to it. Some chefs insist on a very loose risotto that falls onto a plate and spreads. As it is cooking, you’ll need to taste it and see where you fall. Generally, the process will take 20-25 minutes.  If the rice feels “done” before you’ve used all the liquid, that’s OK. If you run out of liquid, throw some more stock on the stove. What is critical is that the stock is hot when you add it to the rice, which is why we have it simmering away on another burner. 

As you approach “doneness,” it’s time to throw in any vegetables and meat you’d like to include. Shred any meat you want using your hands, toss it in, and stir. You don’t want the turkey in there the whole time, as it’ll overcook—you just want it in long enough to cook through. The same is true of the vegetables: Cut them into bite-sized pieces and add them while there is still liquid in the pan. Stir them in and let them heat through. If you have leftover gravy, add a tablespoon or two to make the taste even richer; just be sure to stir it in well. 

Only you know when the risotto is right

Once you find the risotto to have the right mouthfeel (a very personal decision), take it off the stove. At this point, you can add your Parmesan to the top and quickly stir it into the rice. Taste it and season to your liking with salt. Risotto really needs to be enjoyed right away: it’s at its peak right now. Use the ladle to spoon it into a bowl (or a plate with a good rim), and watch the risotto “relax” on the dish as it spreads out. 

While not the same, you can certainly store leftover risotto in the fridge and reheat it, although that is best done in the microwave, in a covered bowl, at thirty-second bursts, stirring in between. 

This is a simple risotto, but the flexibility of this dish, by definition, means it can accommodate an awful lot of play. Add more alliums like onion or garlic or even pancetta or bacon to the initial sauté, or use herbs like thyme in the broth. You can add white wine to the stock as well, and you don’t have to just use leftover vegetables. Use any sautéed vegetables you like, or swap out the protein (or don’t use any at all). Garnish with some chopped parsley at the end for a nice finish. Mostly, play around: This is a dish that will remove the intimidation from cooking. 

Leftover turkey risotto

 Ingredients:

• 1 shallot, finely chopped

• 2 tablespoons butter

• 1 cup of arborio rice

• 5 cups of stock or broth

• 1 cup of leftover turkey

• ½ cup of grated Parmesan cheese

• Salt to taste

• Leftover vegetables from Thanksgiving (optional)

• 1-2 tablespoons of gravy (optional)

Directions:

1. Tear turkey into bite-sized pieces and set aside. Chop vegetables into bite-sized pieces and set aside. 

2. Put the stock or broth onto the stovetop in a saucepan over medium heat, allow to boil, then lower it to a simmer.

3. Melt butter in a large sauté pan over medium high heat. Sauté the shallots and rice together, consistently moving them around for about 4 to 6 minutes. Once the butter starts to smell nutty or turn brown, move to the next step. 

4. Add one ladle of stock to the pan, and stir continuously with your wooden spoon; turn the heat down to medium. Add more stock whenever the liquid in the pan evaporates. 

5. Around the twenty-minute mark, check the rice for texture. It is still raw inside, or chewy? Do you like the texture, or would you prefer it creamier? If you’re happy with it, proceed to the next step. If not, add more stock. If you run out of stock, make more or add wine or water, so long as they’re also hot.

6. Right after you add the last ladle of stock, add in your vegetables and meat. Season to taste, and continue stirring. Once the liquid has evaporated, toss the Parmesan in, and stir through. 

7. Remove from heat and serve immediately.

from LifeHacker https://ift.tt/9ujOcVB

The USDA Plant Hardiness Zone Map Just Changed

Heat domes, atmospheric rivers, bomb cyclones, and polar vortex—you’re not crazy, the weather is. And last week, the USDA confirmed it by releasing an updated climate zone map for 2023. And for many gardeners, that means a change in growing zones.

What are hardiness zones?

The map of the US is divided into zones, separated by ten degrees. It starts with 1a (Alaska) and goes all the way up to 13b (Puerto Rico), and the mainland U.S. tends to live between zones 5 and 10.  In between, every single part of the U.S. uses this zone classification system, which tells you roughly how long your growing season is: when it’s likely to start and finish, what kinds of conditions to expect, what your last frost date is, and more. When you shop for plants, you’ll see zones labeled on the plant tag. Knowing your zone helps you shop for seeds. To change your zone means everything you know has shifted a little bit (by ten degrees). 

Zones don’t change often—the map was last updated in 201—but when it does change, as it just did, it can upend what you know about your garden. 

How do I find my new hardiness zone?

It used to be easier to find your hardiness zone: You’d just drop your zip code into Google, and it would spit out the information. But Google hasn’t caught up with the new data yet, so for now, you'll need to visit the USDA map and input your zip code there. 

Of course, if you’ve been paying attention, you already knew the weather was changing, and your plants have been responding the way plants do: They become more resilient, or they die. So you move in new plants that are better acclimated to the current climate. 

But knowing the new hardiness zone will help you when shopping for new plants by telling you if a labeled plant will thrive in your area. It should also remind you that artificial measures to keep plants alive and thriving when they’re really not meant for one particular zone aren’t sustainable. The citrus you were trying to baby through the winters in 8b are even less likely to survive in 9a. As you shop for seeds this winter and begin growing your starts, consider seeds cultivated for your new zone. 

from LifeHacker https://ift.tt/cB2bRzl

Why it’s the perfect time to reflect on your software update policy

The threat landscape is evolving by the minute, with both malicious actors and well-intentioned researchers constantly on the hunt for new attack vectors that bypass security controls and gain control of systems and applications. In fact, thousands of new vulnerabilities are reported each month. In this dynamic threat landscape, an organization’s ability to deploy software updates in a timely fashion is not just a measure of its IT efficiency, but a critical facet of maintaining a good security posture.

Historically, software updates have been an opportunity for developers to strike a balance between introducing new features and addressing known vulnerabilities. However, in the face of an increasingly nimble attacker community and an overall jump in attack sophistication, this balance has tipped towards a more urgent need for rapid security responsiveness.

Apple’s recent refinement of their update process – separating critical security patches from general updates – is a clear signal to the broader market. It’s time for all organizations to examine and potentially recalibrate their software update policies. This article delves into the why and how of this necessary introspection, aiming to provide a comprehensive guide to developing a robust software update policy fit for the modern workplace.

The signal for change: Learning from Apple

Apple’s move to decouple their most time-sensitive security patches from full-scale updates via Rapid Security Response (RSR) mechanisms is a signal that traditional update cycles are no longer sufficient.

RSRs focus on security updates that address vulnerabilities currently being exploited by threat actors. These are patches for critical security flaws that hackers have discovered and are actively using to compromise systems.

The implementation of RSRs allows organizations to address critical vulnerabilities swiftly, minimizing the window of exposure to potential exploits. This expedited response is crucial, given that the risk of exploitation often outweighs the inconvenience of rolling out more frequent updates. This new approach from a leader in technology serves as a benchmark for other organizations to reevaluate their update timelines.

So, given this renewed urgency for prioritizing security updates, how fast should businesses aim to roll out these updates? The timescale for security updates is now a strategic decision rather than a routine IT task. Prioritization is key—with a focus on devices and applications that are mission-critical or most vulnerable to disruption.

Updates should be released to high-priority devices first, often within days of availability, to mitigate risks. For other updates that are not categorized as RSRs, a 30-day window is an efficient balance that allows for adequate testing and user adaptation, ensuring business continuity while maintaining security.

Adopting a similar mindset to Apple’s RSR model will not only enhance an organization’s defense against active threats but also demonstrate a proactive security culture. It can also demonstrate an organization’s responsiveness and commitment to user security, thus increasing its credibility.

Crafting a robust software update policy: A step-by-step guide

Pre-work phase

The foundation of a sound software update policy begins with thorough pre-work. This involves setting the groundwork for delivering successful updates, creating an inventory of devices, documenting baseline configurations, and understanding the applications that are critical to business operations.

Organizations must establish baseline configurations and communicate the requisite standards to users. A comprehensive inventory of all devices used for work, including BYOD and unmanaged devices, is essential. This also encompasses documenting the end of support for devices being phased out, noting the critical business applications in use, and understanding which devices and users depend on them.

Identifying devices that are no longer receiving security updates yet access critical applications should be a priority. Similarly, sufficient staff must be allocated to the help desks to cope with increased queries during update rollouts. Organizations should also prepare a diverse group of informed early adopters and testers from across the business spectrum to ensure that feedback is timely and representative. These groups should include employees who use critical applications and work in remote or hybrid settings.

Active monitoring for new OS updates and security patches is another critical pre-work task. This ensures that the organization can react promptly when updates are released.

RSR rollout

The rollout phase is where strategic planning meets execution. IT departments must assess new updates to prioritize based on their impact on the business. Enhanced security monitoring becomes crucial here, particularly if the exploit’s mechanism is understood, allowing teams to look for indicators of compromise. Security teams should also leverage phishing logs to monitor for any changes in routine patterns, as many threat actors tend to use social engineering as the initial attack vector.

Organizations should also take a ‘slow roll’ approach at this stage, deploying updates to a small group of early adopters and devices where software interruption risks are minimal or end users have demonstrated a willingness to collaborate with IT. Monitoring for performance issues and user feedback during this soak time allows IT security teams to assess the impact before wider deployment.

Once security teams are confident that the update will not impact business operations, they can start pushing the update to the remaining devices. Throughout this entire phase, the device inventory and required update time should be closely monitored. Businesses should set a target for the number of devices updated before transitioning to standard support; aim for 90-95% or whatever the business considers appropriate given the device population and end user expectations.

Post-rollout actions

Once updates are rolled out, the focus shifts to enforcement and monitoring. Implementing conditional access policies ensures that only updated devices can access sensitive resources. Security teams should also keep a vigilant eye on security logs that were recorded during the update period, searching for signs of any breaches on devices that may have been compromised during the pre-update exposure window.

Organizations can also develop a strategic threat hunting program, leveraging insights from RSR assessments to diminish potential risks. If any devices are believed to be compromised, remove them from active use and address the security threat prior to reintegrating them into your network.

In all these stages, the management strategy shouldn’t be an afterthought, but a forethought. Utilizing device management tools and integrating security event management systems can streamline the update process and enhance security postures. Device management is particularly useful for tracking update adoption and assisting in the threat-hunting process when coupled with data from network threat prevention products.

This comprehensive approach to policy development, when rigorously followed, creates a robust framework for managing the evolving landscape of software threats. It ensures that organizations are not just reactive but proactive in their defense against cybersecurity risks.

from Help Net Security https://ift.tt/CqxQ9kG

Vulnerability disclosure: Legal risks and ethical considerations for researchers

In this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in cybersecurity.

Zhang explores the intricate balancing act that researchers must perform when navigating the interests of various stakeholders, including the public, private companies, and government agencies. He discusses the ethical, legal, and practical implications of different disclosure strategies, ranging from full public disclosure to more discreet, coordinated approaches.

The conversation also touches on the broader ethical considerations in cybersecurity and the impact of emerging technologies on vulnerability disclosure practices and offers advice for cybersecurity professionals grappling with these critical decisions.

Decisions around vulnerability disclosures should always be made considering local laws and potential legal ramifications.

How can researchers balance the interests of different stakeholders, such as the public, companies, and government agencies, when deciding on a disclosure strategy?

Finding this balance when deciding on a disclosure strategy relates to the researcher’s view on ‘what is ethical’ and risk tolerance. The interests of the public (concerned about their security/data) often conflict with the interests of companies (protective of their IP and reputation) in these scenarios.

Some might argue that in the interest of the public, public disclosure is the most ethical approach as it ensures the issue is closed as quick as possible. Others may see public disclosure as self-serving and attention seeking behaviour that works only in the interest of the researcher themselves.

Secondly on the topic of risk tolerance, opting for public disclosure may expose yourself to more risk as an individual if the organisation or in some cases government agencies decide to pursue you legally.

Could you elaborate on the legal considerations and potential ramifications of different disclosure approaches?

Seek local legal advice about your specific scenario.

A company will aim to avoid negative publicity. Opting for full public disclosure can apply pressure to the affected organisation to fix the issue, however this pressure can also manifest itself into a legal pursuit against you.

Security Research Threats is a good collection of legal threats made against researchers to see how some of these scenarios have played out. Legal threats range from intellectual property violations, cease and desists to threats of jail time.

Working together with the organisation through a coordinated or private disclosure and acting in good faith can lower the risk to you as individual but does not guarantee zero risk.

What are the ethical implications of choosing full disclosure over responsible disclosure?

Responsible disclosure is generally considered more ethical. The primary goal of disclosing vulnerabilities should be to protect people rather than seeking personal recognition. Working with the impacted party can give them time to fix things properly.

Conversely full public disclosure can result in harming more people if malicious actors exploit the issue in the window between public disclosure and application of a patch.

The counterargument against this often relates to remediation time frames that are excessively prolonged in a coordinated disclosure scenario. If there are concerns that malicious actors are already exploiting the vulnerability, you can apply pressure by setting a deadline for public disclosure. However, there is the risk that the company may see this as extortion.

What advice would you give cybersecurity professionals navigating the decisions involved in vulnerability disclosure?

1. Understand your local laws relating to vulnerability research and disclosure.

2. With this knowledge, perform your own risk assessment before going down this journey. Consider in the worst case, you may be risking your professional reputation and employment. What is the likelihood of that eventuating? Are you willing to accept that risk or is there anything you can do to mitigate it (e.g. by disclosing anonymously)? For a lot of people, the potential risk isn’t worth the benefit of being a good samaritan and thus they avoid disclosing vulnerabilities altogether.

3. Arguably, most importantly, be respectful and act in good faith. Ideally you want to act within the letter and the spirit of the law, however the letter of the law is often vague or outdated when dealing with topics like ethical hacking. In the absence of strict legal protections for ‘trying to do the right thing’ with a vulnerability disclosure, acting in good faith tends to reduce the likelihood of legal pursuits.

How does the decision to publicly disclose a vulnerability align with broader cybersecurity ethics?

This can be a bit of a rabbit hole. Who decides what is ethical? What are cybersecurity ethics? I don’t think I am the authority for these questions but broadly here’s some discussion points that I will leave with the you the reader to think about:

The impact of public disclosure on individuals at the company

• Companies are made up of people. Mistakes like bugs or security issues are bound to happen so long as a human is involved. Public disclosures place a lot of pressure on the workers at the front lines who have to fix the problem. Beyond the stress of the situation, there’s also a risk that key people at these organisations might get targeted or harassed by the public. Is it ethical to put these individuals at risk for the greater good?
• Equally companies who handle data need to be handle it responsibly and ensure that there are sufficient people, processes, and technologies to prevent these mistakes. Does a public disclosure drive the change to fix any of these things?

Public interest

• A common argument for public disclosure relates to ‘people needing to know’ that their data is being mishandled.
• Is it the role of vulnerability researchers to fulfil this need? Shouldn’t regulatory bodies ensure companies within their jurisdiction are handling data correctly?
• Cybersecurity can be a bit of an echo chamber. Does the general population even care?

Privacy of impacted individuals

• Is it ethical to expose data (if the vulnerability relates to leaking it) through public disclosure to protect against the hypothetical situation that malicious actors are already exploiting it?
• • Do you become the bad actor in this case if no one actively exploited the issue until you publicly disclosed it?

How might emerging technologies influence the practices of vulnerability disclosure?

Emerging technologies create new attack surfaces and new attacker techniques. I don’t believe emerging technologies will fundamentally change how we disclose vulnerabilities. However, I do think that it has never been more important for organisations to have strong programs for handling these disclosures.

Organisations should encourage the public to come forward to report vulnerabilities. The worst case scenario is a vulnerability, not disclosed due to fear of legal consequences, is later discovered and exploited by a malicious actor, resulting in a data breach.

Regulatory bodies/government agencies should also move to legislate protections for researchers acting in good faith.

from Help Net Security https://ift.tt/iOA64bD

Building cyber resilience for tomorrow’s threats

Cyber resilience is the capacity of an organization to maintain its core functions and swiftly adapt to, respond to, and recover from cyber threats. A cyber-resilient organization recognizes that cyber threats are inevitable and constantly evolves its strategies to address emerging risks. This involves a comprehensive approach, encompassing technology, processes, people, and communication.

Ultimately, a cyber-resilient organization not only defends against cyber threats but also ensures continuity of operations and safeguards its reputation, customer trust, and sensitive data.

In this Help Net Security round-up, we present segments from previously recorded videos in which security experts discuss implementing effective cyber resilience strategies.

Complete videos

• Robin Berthier, CEO at Network Perception, talks about strategy for cyber resilience.
• Grayson Milbourne, Security Intelligence Director at OpenText Security Solutions, discusses the innovation behind social engineering campaigns and illustrates how cyber resilience can help mitigate this evolving threat.
• Max Vetter, VP of Cyber at Immersive Labs, discusses the growing pressure on cybersecurity teams to prove their readiness for new and emerging threats.

from Help Net Security https://ift.tt/yoViwRe

Today's NYT Connections Hints (and Answer) for Monday, November 27, 2023

Today’s puzzle contains a pun—one of the worst, most groanworthy puns there is. If you haven’t found it yet, well, I’m here to help. (You’re welcome./Sorry.) If you’re looking for the Connections answer for Monday, November 27, 2023, read on—I’ll share some clues, tips, and strategies, and finally the solutions to all four categories. Along the way, I’ll explain the meanings of the trickier words and we’ll learn how everything fits together. Beware, there are spoilers below for November 27, NYT Connections #169! Read on if you want some hints (and then the answer) to today’s Connections game. 

If you want an easy way to come back to our Connections hints every day, bookmark this page. You can also find our past hints there as well, in case you want to know what you missed in a previous puzzle.

Below, I’ll give you some oblique hints at today’s Connections answers. And farther down the page, I’ll reveal the themes and the answers. Scroll slowly and take just the hints you need!

Credit: Connections/NYT

---

Does today’s Connections game require any special knowledge?

There’s a cocktail recipe hiding in here somewhere, but you don’t need to know the specific drink to pick it out. 

Hints for the themes in today’s Connections puzzle

Here are some spoiler-free hints for the groupings in today’s Connections:

• Yellow category - Make music.

• Green category - Tally everything up.

• Blue category - Make a drink.

• Purple category - Don’t get stuck!

Does today’s Connections game involve any wordplay?

Just one terrible, awful pun that applies to one word in the purple category.

Ready to hear the answers? Keep scrolling if you want a little more help.

---

BEWARE: Spoilers follow for today’s Connections puzzle!

We’re about to give away some of the answers. Scroll slowly if you don’t want the whole thing spoiled. (The full solution is a bit further down.)

What are the ambiguous words in today’s Connections?

• SCAT can mean animal droppings, or be a command to skedaddle. But the word is perhaps best known as a form of improvised jazz singing. 

• SUM, RUM, HUM, and GUM are in four different categories today, so don’t let the rhyme distract you.

• GROSS isn’t an adjective here; it’s in the sense of a TOTAL amount. 

What are the categories in today’s Connections?

• Yellow: CARRY A TUNE

• Green: WHOLE AMOUNT

• Blue: MOJITO INGREDIENTS

• Purple: THINGS THAT ARE “STICKY”

DOUBLE BEWARE: THE SOLUTION IS BELOW

Ready to learn the answers to today’s Connections puzzle? I give them all away below.

What are the yellow words in today’s Connections?

The yellow grouping is considered to be the most straightforward. The theme for today’s yellow group is CARRY A TUNE and the words are: HUM, SING, SCAT, WHISTLE.

What are the green words in today’s Connections?

The green grouping is supposed to be the second-easiest. The theme for today’s green category is WHOLE AMOUNT and the words are: COUNT, GROSS, SUM, TOTAL.

What are the blue words in today’s Connections?

The blue grouping is the second-hardest. The theme for today’s blue category is MOJITO INGREDIENTS and the words are: LIME, MINT, RUM, SODA.

What are the purple words in today’s Connections?

The purple grouping is considered to be the hardest. The theme for today’s purple category is THINGS THAT ARE “STICKY” and the words are: GLUE, GUM, TAPE, STICK. (As in the old joke: “What’s brown and sticky? A stick.”) 

How I solved today’s Connections

I notice SCAT first; it clearly goes with SING, HUM, and WHISTLE. (Lucky guess, maybe.) 🟨

Next I consider TOTAL. It can be a COUNT, a SUM, a GROSS (in the business sense). 🟩

What about GUM, GLUE, and TAPE? They’re all sticky, but I don’t have a fourth for them to go with. Unless….? No. It can’t be. No way. I refuse to believe it. 

What else do we have? RUM, LIME, MINT, and SODA. That’s a drink recipe. 🟦 And then, finally, GUM, GLUE, TAPE, and a STICK. Things that are sticky. Groan. 🟪

Connections 
Puzzle #169
🟨🟨🟨🟨
🟩🟩🟩🟩
🟦🟦🟦🟦
🟪🟪🟪🟪

How to play Connections

I have a full guide to playing Connections, but here’s a refresher on the rules:

First, find the Connections game either on the New York Times website or in their Crossword app. You’ll see a game board with 16 tiles, each with one word or phrase. Your job is to select a group of four tiles that have something in common. Often they are all the same type of thing (for example: RAIN, SLEET, HAIL, and SNOW are all types of wet weather) but sometimes there is wordplay involved (for example, BUCKET, GUEST, TOP TEN, and WISH are all types of lists: bucket list, guest list, and so on).

Select four items and hit the Submit button. If you guessed correctly, the category and color will be revealed. (Yellow is easiest, followed by green, then blue, then purple.) If your guess was incorrect, you’ll get a chance to try again.

You win when you’ve correctly identified all four groups. But if you make four mistakes before you finish, the game ends and the answers are revealed.

How to win Connections

The most important thing to know to win Connections is that the groupings are designed to be tricky. Expect to see overlapping groups. For example, one puzzle seemed to include six breakfast foods: BACON, EGG, PANCAKE, OMELET, WAFFLE, and CEREAL. But BACON turned out to be part of a group of painters along with CLOSE, MUNCH, and WHISTLER, and EGG was in a group of things that come by the dozen (along with JUROR, ROSE, and MONTH). So don’t hit “submit” until you’ve confirmed that your group of four contains only those four things.

If you’re stuck, another strategy is to look at the words that seem to have no connection to the others. If all that comes to mind when you see WHISTLER is the painting nicknamed “Whistler’s Mother,” you might be on to something. When I solved that one, I ended up googling whether there was a painter named Close, because Close didn’t fit any of the obvious themes, either.

Another way to win when you’re stuck is, obviously, to read a few helpful hints–which is why we share these pointers every day. Check back tomorrow for the next puzzle!

from LifeHacker https://ift.tt/GegMmwZ

How to Get a Sale Price on an Item You've Already Bought

So, you bought an item on your wishlist. Maybe you even got it on sale. But shortly thereafter, the exact same product at the exact same retailer is cheaper than when you bought it. If only you had known.

Luckily, that pain you feel in your wallet doesn't have to be the end of the road. With a little research (and some cleverness, when necessary) you can probably get that money back.

Check the store's price protection policies

A handful of retailers offer price adjustment—also referred to as price protection or a price guarantee—which will refund you the difference between what you paid at the time of purchase and the sale price. This policy will apply only within a limited timeframe after a purchase, typically anywhere from 14 to 30 days.

Keep in mind that price adjustment is different from price matching. The latter refers to a policy in which a retailer will match a lower price offered by a competitor on an identical item. This is usually only available before you make a purchase, though you can still use this to your advantage to shop around for the best deal.

Note that the list of retailers that offer these benefits is short and does not include Amazon. Best Buy, Bed Bath & Beyond, Target, and Costco are a few of the major retailers that have some kind of pricing policy.

However, price protection and price matching are likely to come with significant restrictions and exclusions. For example, price matching may be limited to a few select competitors, and some retailers may not offer it at all during major sale seasons like Black Friday, Cyber Week, and Memorial Day. As Wirecutter notes, even finding the fine print can be difficult, much less taking advantage of it.

While credit card issuers used to offer price protection—allowing you to submit a claim for a partial refund without going through the retailer—that benefit is practically extinct unless you hold one of a few select cards.

Bargain with customer service

If a retailer doesn't have a published price protection policy (or if they do, and it doesn't seem to apply to you), it doesn't hurt to reach out to customer service and ask if they can help. Consumer Reports found that even Amazon may budge when contacted directly. But this may work with smaller retailers in addition to big-box stores as long as you're within the return window. Note that you may have to settle for store credit, which only makes sense if you plan to shop with the retailer in the future.

Return and repurchase

If none of the above gets you the savings you want, consider returning the item for a refund and buying it again at a lower price (again, this is probably the best option for Amazon purchases).

A few things to consider to maximize your refund:

• Are you within the return window?

• Do you still have the receipt or confirmation?

• Does the item meet return criteria for being unworn, unused, unwashed, in its original packaging, etc.?

• Does the retailer offer refunds to the original payment method or store credit only?

• Does the retailer offer free returns, or will you pay for shipping?

• Is there a nearby brick-and-mortar location where you can bring the returns?

Obviously, you must be within the return window to get a refund (unless you used a credit card that has extended return benefits that apply even if the retailer's window has passed). Some retailers will accept returns for longer during the holiday season, and it's good practice to check return policies before you buy anyway.

If you have your receipt and can get back every dollar you paid (ideally without having to pay anything for return shipping or restocking), then it may make sense to return your original item and buy it again on sale. But if there are limitations, such as getting store credit, being refunded at the current sale price, or paying a premium to send the item back, consider whether you'll really save anything in the end.

from LifeHacker https://ift.tt/rvRDZj5

Refresh Your Kitchen for Cheap with Vinyl Wrapping

The kitchen sets the tone for your entire home. If you have tired old builder-grade cabinets, the kitchen is going to look cheap and uninspiring—but fixing the issue isn’t easy. If you own your home, you can always tear out the kitchen and replace it, assuming you have bags of cash just lying around the place—if not, you can always paint the cabinetry. If you’re renting your home, however, you have fewer options; your landlord likely won’t renovate for you, and you’ll want to avoid permanent changes like paint unless you get specific approval.

There’s a surprising solution to this problem, however: Vinyl wrap. Yes, the same stuff that gets put on cars to give them a whole new glossy look can be applied to your kitchen cabinets. The results can be very dramatic, the vinyl wears surprisingly well, it’s extremely cheap (especially if you DIY it), and best of all it’s relatively easy to remove and leaves no residue, so your security deposit is safe. Here’s everything you need to know about vinyl wrapping your kitchen.

Vinyl FTW

For this project, you can use vehicle vinyl wrap or vinyl wrap marketed specifically for furniture and cabinets, like this one, which costs around $50 for a 3-meter roll (a little under 10 feet), or these wraps from 3M that cost about $30 for a 5-foot roll.

One of the great things about vinyl wrapping your kitchen is the selection of colors and finishes. Vinyl wraps come in a very wide range of both: you can get faux wood, high-gloss, patterned, textured, and even metallic and glitter finishes. This gives you a lot of design flexibility. And vinyl wrap, if properly applied, can be surprisingly durable; after all, it’s used on vehicles that are subjected to outdoor conditions. With proper care it will hold up for years; the 3M wraps mentioned above are rated for at least 7 years of use.

DIY or pro?

The process of DIY wrapping your kitchen cabinets is pretty straightforward, and doesn’t require a lot of money or many tools. It does, however, require patience and a bit of skill—you’ll need to be very careful how you measure, cut, and apply the wrap.

You don’t need many tools to get this done:

• Enough wrap to cover your cabinets

• Squeegee to smooth out the wrap

• Pin to discretely pop air bubbles

• Utility blade or razor blade to cut the vinyl

• Heat gun or hair dryer

On TikTok, Paige Sechrist wrapped her kitchen and showed the process she followed, and you can see the process in a bit more detail here. The results depend a lot on how careful you are measuring everything out and how diligent you are ensuring that air bubbles are dealt with. According to Sechrist, the whole cost of DIY wrapping her kitchen was about $100, and it took her less than two days to do the job. She updated the project a year later, showing that the vinyl had worn well, and removed very easily.

If you’re someone like me who wraps gifts like a wild animal and hasn’t cut a straight line once in their entire life, this might seem like a disaster waiting to happen. The good news is that there are professional companies who will perform this service for you. The cost will vary with the size and complexity of your kitchen, but will generally be a few thousand bucks (for example, this company usually charges $5,000 for wrapping a “standard” kitchen). While that’s a lot more than the DIY cost, it’s also a lot less than a full renovation.

Cons of wrapping

Vinyl wrapping your kitchen cabinets can be a cheap, low-risk way to transform a kitchen you don’t own or can’t afford to renovate. But there are some potential downsides to consider:

• Only unpainted. If your cabinets are painted or veneered (meaning they have a thin layer of laminate or wood over a cheaper material), the paint or veneer might come off when you try to remove the vinyl wrap. If you’re not sure what you’re dealing with, test on a small, inconspicuous area first.

• Affected by heat. Part of the installation process for vinyl wrap is to use a heat gun or hair dryer to adhere the wrap to the cabinets, because vinyl wrap reacts to heat. That’s not always ideal in kitchens. Wrapped cabinets near ovens or dishwashers might not wear as well due to heat exposure over time.

• Complexity is an issue. Vinyl wrapping works best on flat cabinet doors. The more paneling and design on your cabinets, the harder it’s going to be to apply a wrap smoothly. Some pro installers won’t even go near cabinets with raised panels or beading for this reason.

• Peeling. If your installation skills aren’t great, if the wrap is consistently exposed to heat, or if it rubs in places as you open doors and pull drawers, you may experience peeling. This will be difficult to repair without re-doing the entire door or drawer.

Still, if you have an ugly kitchen that is killing your soul but you lack the funds or ownership for a permanent change, vinyl wrapping your kitchen might be the perfect solution. For a relatively small amount of money and/or some sweat equity, you can have a new-seeming kitchen in just a day that can be 100% reverted to its original state when it’s time to move.

from LifeHacker https://ift.tt/piC0hv8

How to Try Copilot, Microsoft's New AI Assistant, In Windows 10

Microsoft is now allowing Windows 10 users to try out Copilot, the company’s newest AI assistant. The service was previously only slated to be released as part of Windows 11, but is now part of Windows 10’s final big update. If you’re interested in trying the Copilot feature for yourself but don’t feel like upgrading to Windows 11 just yet, then you can use these instructions to download and try the latest version of Windows 10 today.

How to try Windows 10 Copilot

To start using Copilot in Windows 10, you need to join the Windows Insiders program, which allows you to see new features before they're delivered to the mainstream channels. Currently, Copilot is only available as part of the Windows 10 Release Preview Channel, though it’s likely only a matter of days or weeks before it's pushed to Windows 10 users in the general public.

If you don’t feel like waiting, though, you can pull up the Start menu, search for “Insider” in the bar, and then click “Advanced Windows Update options.” Click the option that says “Get Insider builds,” which will allow you to check out Copilot early in Windows 10. You’ll need to apply the updates by restarting your PC. 

When choosing your preview channel, you’ll have the option of choosing between a few different options. To get access to Copilot in Windows 10 right now, simply select the Review Preview channel, which will give you what is essentially a beta of the update. This means that it'll have less bugs than the developer channel, allowing you to keep using your machine without as many hiccups.

How is Copilot different on Windows 10?

Ultimately, Copilot in Windows 10 will be fundamentally the same as the system found in Windows 11, but there are some differences to be aware of. You’ll still be able to do the brunt of the work that Copilot in Windows 11 offers while using it in Windows 10, though there will be some slight differences in features since some just don’t exist in Windows 10—and never will, as this isn’t going to change Microsoft’s planned retirement date for the operating system.

Still, being able to test out Copilot in Windows 10 is nice because you don’t have to upgrade to the latest operating system to take advantage of what might be one of the company’s coolest features. Copilot builds off of Microsoft’s previous work with OpenAI’s GPT system, allowing you to generate text, answer queries, and more, all without leaving your desktop’s side bar.

from LifeHacker https://ift.tt/uWYlj5t

The Best Apps to Track Progress on Your New Year's Goals

With 2024 fast approaching, it’s about that time to set some New Year’s resolutions, which you’ll then spend the next 12 months trying to stick to. Writing down your goals is a key part of achieving them, so start there, but the “writing” part is a little broader than you might think. A pen and paper are great, but so is an app—as long as it works well for you and can function for the long-term goal setting a new year demands. Choosing the right app can be a little tricky, since there are so many out there for setting and tracking goals, so here are some of the best ones and what they do. 

If you use SMART goals: Strides 

SMART (or rather, specific, measurable, achievable, relevant, and time-bound) goals are popular for individual workers and students, as well as groups and teams of collaborators because they make goals and results easy to describe. Strides is an app that makes them just as easy to track. It tracks your progress on SMART goals while using streaks to motivate you and reminders to help you build habits. The plain version is free, but if you want unlimited trackers and the ability to see progress reports, you’ll pay $4.99 per month. 

If you need to break down complex goals: Todoist

Arguably one of the most famous apps on the list, Todoist is popular for a reason: It helps you break down complex projects into smaller ones, collaborate with teammates, and track progress easily, whether you’re working collaboratively or on your own. There’s a Kanban board built in so you can track your goals from the early stages through completion, too. For free, you can load in five personal projects and view one week of activity history, but if you want more long-term tracking and up to 300 projects, you’ll need to pay $4 per month. 

If you’re extra busy: TickTick

TickTick is designed for people who have a lot going on. You can set “annoying alerts” to remind you of urgent or high-priority responsibilities multiple times a day and can use a voice-to-text feature to dictate your to-do lists, because who has time to type all that out? You can also set pop-up reminders that are location-based, so when you go to work, anything you need to do there will come up. When you complete your tasks, you earn points toward an achievement score—and when you don’t, your score goes down. Your score helps you level up (or, again, down) which gamifies it a little, helping you keep track of progress. It’s free, but there is a premium version for $35.99 per year that allows you to set tasks as high, medium, or low priority and import your third-party calendars. The premium offering also allows you to track progress more, giving you access to historical statistics that allow you to see how far you’ve come in completing your goals.

If you’re serious about keeping a schedule: Clockify

Clockify, which offers almost all of its best individual features for free, is best known as a timesheet app. But it’s also stellar for goal tracking, since it’s so schedule-based. You can track exactly how much time you spend on all of your tasks, which is helpful if you’re trying to figure out how much to allocate to certain responsibilities when timeboxing or using another productivity scheduling method. Your dashboard will show you your personal stats and trends as they relate to your working time and goals, so you can start organizing your day around what takes the most time and when you’re most productive. You can view reports on your progress—at varying levels of granularity—and it even has a built-in Pomodoro timer. The best core features are free; you'll only be charged $3.99 if you need to be the administrator of someone else’s work.

If you want to gamify your goals: Habitica

Habitica encourages you to “gamify your life” in your quest to achieve your goals. You get a little avatar that grows and is rewarded when you complete your real-life tasks, but is punished when you don’t, so you can track progress just by looking at how well your little avatar is thriving. You’ll earn in-game currency that you can redeem for rewards and there’s even a social component through which your avatar can join forces with others’ to play games. 

If you crave simplicity: Joe’s Goals

Joe’s Goals is arrestingly easy to use—and that’s because it’s really old and looks really old. It’s a vestige of a bygone internet era, but that simplicity is almost comforting. Where other apps have a seemingly endless stream of widgets and notifications, this webpage simply encourages you to enter your goals in, track them, and monitor your daily “score.” Your goals appear on a grid along with the seven days of the week and when you complete one on a given day, you just put a little checkmark in the box. If visual tracking and simplicity appeal to you, this is the one. 

from LifeHacker https://ift.tt/DoI0t57

These Are the Best Apple AirTag Sales for Black Friday

Apple's AirTags—the best Bluetooth tracker on the market—are going at a 20% discount for Black Friday at multiple online retailers, meaning you can get an AirTag for $23.99 instead of the usual $29.99 at Target or Walmart. You can also get a four-pack for $80 from Target (also available at Walmart) from the usual price of $100.

Apple's AirTags don't go on sale very often, so if you've been eyeing one for a while, this is a great time to get it. The four-pack brings the cost of AirTags down to $20 a pop; and if you only need one or two, you could always ask friends if anyone wants to do a group buy and split the lower cost.

AirTags are incredibly useful: People use them to keep track of everything from their luggage to pets to bikes to cars. There are plenty of creative ways to use a Bluetooth tracker, and I'm sure you'll find great uses for one. With iOS 17, you can even share an AirTag with other members of your family, allowing multiple people to track a pet, remotes, or other items that you keep losing track of.

Also, if you're an AirTag user concerned about your privacy, you should check out how to tell if you're being tracked by Apple's AirTags. This feature also works if you have an Android device.

from LifeHacker https://ift.tt/Y8pbGSg

How to Contact Amazon Customer Service on Black Friday

Black Friday has always been chaotic and its migration from an in-store stampede to online event hasn’t done much to change that. You’re in a rush to snap up good deals and can easily make mistakes along the way, especially when Amazon makes it so easy to buy items with a single click of a button. If you need to contact Amazon customer service or a seller on Black Friday, here’s what you do. 

Contacting Amazon customer service chat on Black Friday

The first thing you should do when trying to get Amazon assistance on Black Friday is check the Customer Service Help Page, which can be found in the menu on the top right of your computer screen or by clicking the link here. There, you’ll find answers to common questions about how to fix or do a number of things, from altering details on an order to reporting something suspicious. 

The fastest way to get real-time help is through Amazon’s live customer service chat. From that Customer Service Help Page, select the option for “Something else,” which will open a page showing even more options. Click the last one, “I need more help.” When the chat box opens, type “Talk to associate” into the text entry box and it will prompt you to choose help by chat or by call. 

Contacting Amazon customer service by email or phone

You can also try sending an email to the customer service center at cs-reply@amazon.com, though this may not be your best bet if you’re in a rush, as it can take a while to get a response. For the best service, make sure to include every relevant detail you can think of, like your order number and delivery address. 

For faster service, call 1-888-280-43331. You’ll first deal with a bot, but eventually get transferred to a real person. Try to use the phone number linked to your Amazon account, as verification codes related to the call will be sent to that device. 

from LifeHacker https://ift.tt/IloEZ1F

Network security tops infrastructure investments

Network security is both the top challenge and the top investment priority for enterprise IT leaders, according to ISG.

Network security challenges

60% of respondents to the ISG survey on network modernization ranked network security among their top five challenges, with 21% ranking it highest. At the same time, 75% identified network security as a top-five infrastructure investment priority for 2024, including a leading 26% who identified it as their top priority.

Of the network security challenges, protection from cyberattacks was the top concern for 23% of respondents and one of the top five concerns for 69%, followed by phishing and social engineering (the top concern for 12%), data privacy and compliance legislation (8%), identity and access management (7%), and the security implications of remote work (6%).

Underscoring the focus on network security, the study also found that CISOs have the greatest impact on evaluating network services and solutions and determining the organization’s network strategy. This finding indicates networks are now widely considered a cybersecurity domain.

“With CISOs leading network decisions, security is now integrated into core technology and transformation decisions,” said Alex Bakker, ISG Distinguished Analyst and co-author of the study. “The practice of involving the CISO early in the technology buying process can result in faster decisions and closer alignment between business, technology and security objectives.”

Enterprises less optimistic about legacy infrastructure management

Most enterprises gave high marks to their network security and their network performance in support of a remote workforce. 61% of respondents say their network security is better than peer companies, and 54% say their network’s ability to support a remote workforce is better than others.

Enterprises are less positive about their management of legacy infrastructure, with only 32% rating their network’s performance as better than others. Similarly, only 35% of respondents feel they are achieving more value for money than peer companies from their network technology investments, and only 31% say their provider ecosystem is performing better than competitors’.

“Businesses are currently achieving meaningful network savings of around 9% from network modernization, but to maintain those levels, they are looking to network providers to be more proactive in finding future savings and more transparent about what those savings will look like,” said Michael Dornan, principal analyst and study co-author.

“14% of our survey respondents said cost reduction and efficiency is the most important key performance indicator in network services contracts and 62% rated it a top-five KPI,” added Dornan.

from Help Net Security https://ift.tt/xIvcusq

AI and contextual threat intelligence reshape defense strategies

AI continues to evolve to improve both cyber defense and cyber criminal activities, while regulatory pressures, continued consolidation, and geopolitical concerns will drive more proactive cybersecurity efforts with contextual threat intelligence, according to Cybersixgill.

As organizations increasingly adopt Threat Exposure Management (TEM) – a proactive approach to cybersecurity – Cybersixgill believes that cyber threat intelligence (CTI) will emerge as a foundational component of TEM and play a central role as leaders across organizations make critical, strategic business decisions.

“Over the past year, we’ve witnessed significant developments in cybersecurity, including the emergence of generative AI and its ability to enhance organizations’ threat intelligence efforts, and the rise of Threat Exposure Management, a program of consolidation to identify and mitigate risk and strengthen cyber defense proactively,” said Sharon Wagner, CEO of Cybersixgill.

“With these advancements, curated threat intelligence is gaining prominence and accessibility, delivering relevant, contextual data based on a company’s attack surface and the effectiveness of its security stack. As security teams home their strategies against malicious actors, these trends will play an even bigger role in the coming year and beyond,” added Wagner.

The growth of AI

AI’s value is rooted in the breadth and reliability of data, which Cybersixgill predicts will significantly improve in 2024 as AI vendors advance the richness and fidelity of results.

AI will become broadly accessible to practitioners, regardless of their skillset or maturity level. As concerns for data privacy with AI grow, companies will form their own policies while waiting for government entities to enact regulatory legislation. The U.S. and other countries may establish some regulations in 2024, although clear policies may not take shape until 2025 or later.

Cybersixgill believes that in 2024, threat actors will use AI to increase the frequency and accuracy of their activities by automating large-scale cyberattacks, creating duplicitous phishing email campaigns, and developing malicious content targeting companies, employees, and customers.

Malicious attacks like data poisoning and vulnerability exploitation in AI models will also gain momentum, which cause organizations to provide sensitive information to untrustworthy parties unwittingly. Similarly, AI models can be trained to identify and exploit vulnerabilities in computer networks without detection.

Cybersixgill also predicts the rise of shadow generative AI, where employees use AI tools without organizational approval or oversight. Shadow generative AI can lead to data leaks, compromised accounts, and widening vulnerability gaps in a company’s attack surface.

Companies adopt proactive approach to cybersecurity

In 2024, as attack surfaces widen and the frequency and scale of attacks grow, regulatory mandates will hold business leaders more accountable for their organization’s cyber hygiene. The C-suite and other executives will need a clearer understanding of their organization’s cybersecurity policies, processes, and tools. Cybersixgill believes companies will increasingly appoint cybersecurity experts on the Board to fulfill progressively stringent reporting requirements and conduct good cyber governance.

Changes to the PCI DSS v. 4.0 will pressure retail, healthcare, and finance companies to follow the new reporting requirement by March 2024. These requirements will drive a more vital need for proactive threat intelligence to help mitigate risk, continuously identify gaps, and strengthen cyber hygiene.

Cybersixgill predicts that in 2024, more companies will adopt TEM, a holistic, proactive approach to cybersecurity, of which CTI is a foundational component. As a result, they will need robust CTI solutions delivering focused insights to mitigate business and operational risk significantly.

They also predict that the consolidation of CTI will gain prominence as it combines with other capabilities, including attack surface management, digital risk protection, and AI. CTI will be viewed as a strategic enabler as organizations assess incumbent vendors’ benefits.

Geopolitical issues will broaden attackers’ motivations beyond financial gain

In 2024, 40 national elections will occur worldwide. As threat actors’ motivations stretch beyond financial gain, Cybersixgill predicts an uptick in attacks targeting entities without profit centers, such as schools, hospitals, public utilities, and other essential services, as bad actors aim to gain power and influence and cause general disorder.

Cybercriminals will increasingly offer their skills and expertise for hire through ransomware-as-a-service, malware-as-a-service, and DDoS-as-a-service offerings.

Affiliate programs will continue to grow as powerful cybercriminal gangs franchise their ransomware technology, scaling operations to a network of lesser-skilled individuals for distribution, making the extortion business accessible and profitable to a larger pool of threat actors.

from Help Net Security https://ift.tt/EyV4h50

Today's NYT Connections Hints (and Answer) for Friday, November 24, 2023

Today’s puzzle is a little tricky, but I really can’t KNOCK it too much. If you’re looking for the Connections answer for Friday, November 24, 2023, read on—I’ll share some clues, tips, and strategies, and finally the solutions to all four categories. Along the way, I’ll explain the meanings of the trickier words and we’ll learn how everything fits together. Beware, there are spoilers below for November 24, NYT Connections #166! Read on if you want some hints (and then the answer) to today’s Connections game. 

If you want an easy way to come back to our Connections hints every day, bookmark this page. You can also find our past hints there as well, in case you want to know what you missed in a previous puzzle.

Below, I’ll give you some oblique hints at today’s Connections answers. And farther down the page, I’ll reveal the themes and the answers. Scroll slowly and take just the hints you need!

Credit: Connections/NYT

---

Does today’s Connections game require any special knowledge?

There are brand names and TV show titles on the board today. Use them wisely.

Hints for the themes in today’s Connections puzzle

Here are some spoiler-free hints for the groupings in today’s Connections:

• Yellow category - Didn’t like it.

• Green category - Trash TV.

• Blue category - Driving around.

• Purple category - Other additions to this category could have been “i” and “note”

Does today’s Connections game involve any wordplay?

There’s a fill-in-the-blank category. 

Ready to hear the answers? Keep scrolling if you want a little more help.

---

BEWARE: Spoilers follow for today’s Connections puzzle!

We’re about to give away some of the answers. Scroll slowly if you don’t want the whole thing spoiled. (The full solution is a bit further down.)

What are the ambiguous words in today’s Connections?

• A KNOCK and a SLAM can both be loud noises, but they are also both words describing what a reviewer does when they say they don’t like something.

• CATFISH are freshwater, bottom-feeding, aquatic wildlife. The word can also describe a deceptive dating technique, or a reality TV show based on it.

• A FIAT is a decree (as in “rule by FIAT”) but it’s also an Italian car company.

• MAXI is the opposite of MINI; both can describe lengths of skirt. But probably half of you instantly thought of MAXI pads when you saw the word; that’s the direction to go today.

What are the categories in today’s Connections?

• Yellow: CRITICIZE

• Green: REALITY SHOWS

• Blue: CAR BRANDS

• Purple: ____ PAD

DOUBLE BEWARE: THE SOLUTION IS BELOW

Ready to learn the answers to today’s Connections puzzle? I give them all away below.

What are the yellow words in today’s Connections?

The yellow grouping is considered to be the most straightforward. The theme for today’s yellow group is CRITICIZE and the words are: KNOCK, PAN, ROAST, SLAM.

What are the green words in today’s Connections?

The green grouping is supposed to be the second-easiest. The theme for today’s green category is REALITY SHOWS and the words are: ALONE, CATFISH, CHOPPED, SURVIVOR.

What are the blue words in today’s Connections?

The blue grouping is the second-hardest. The theme for today’s blue category is CAR BRANDS and the words are: FIAT, JAGUAR, MINI, RAM.

What are the purple words in today’s Connections?

The purple grouping is considered to be the hardest. The theme for today’s purple category is ____ PAD and the words are: BACHELOR, LILY, MAXI, MOUSE.

How I solved today’s Connections

I see the reality shows first: CHOPPED, SURVIVOR, BACHELOR, CATFISH. But I’m one away! So let’s try cars. RAM is a truck brand (formerly the Dodge RAM) and it can go with JAGUAR, FIAT, and MINI. 🟦

KNOCK and SLAM go together as forceful noises, but then I realize they can also be insults or critiques. You can PAN something when you review it, or you can ROAST a person. 🟨

Finally I see what I’m missing: we’re not looking at a MAXI skirt, but a MAXI pad. And we can also have a LILY pad, a BACHELOR pad, and a MOUSE pad. 🟪 Then we’re left with ALONE as a reality show, alongside CHOPPED, SURVIVOR, and CATFISH. 🟩

Connections 
Puzzle #166
🟪🟩🟩🟩
🟦🟦🟦🟦
🟨🟨🟨🟨
🟪🟪🟪🟪
🟩🟩🟩🟩

How to play Connections

I have a full guide to playing Connections, but here’s a refresher on the rules:

First, find the Connections game either on the New York Times website or in their Crossword app. You’ll see a game board with 16 tiles, each with one word or phrase. Your job is to select a group of four tiles that have something in common. Often they are all the same type of thing (for example: RAIN, SLEET, HAIL, and SNOW are all types of wet weather) but sometimes there is wordplay involved (for example, BUCKET, GUEST, TOP TEN, and WISH are all types of lists: bucket list, guest list, and so on).

Select four items and hit the Submit button. If you guessed correctly, the category and color will be revealed. (Yellow is easiest, followed by green, then blue, then purple.) If your guess was incorrect, you’ll get a chance to try again.

You win when you’ve correctly identified all four groups. But if you make four mistakes before you finish, the game ends and the answers are revealed.

How to win Connections

The most important thing to know to win Connections is that the groupings are designed to be tricky. Expect to see overlapping groups. For example, one puzzle seemed to include six breakfast foods: BACON, EGG, PANCAKE, OMELET, WAFFLE, and CEREAL. But BACON turned out to be part of a group of painters along with CLOSE, MUNCH, and WHISTLER, and EGG was in a group of things that come by the dozen (along with JUROR, ROSE, and MONTH). So don’t hit “submit” until you’ve confirmed that your group of four contains only those four things.

If you’re stuck, another strategy is to look at the words that seem to have no connection to the others. If all that comes to mind when you see WHISTLER is the painting nicknamed “Whistler’s Mother,” you might be on to something. When I solved that one, I ended up googling whether there was a painter named Close, because Close didn’t fit any of the obvious themes, either.

Another way to win when you’re stuck is, obviously, to read a few helpful hints–which is why we share these pointers every day. Check back tomorrow for the next puzzle!

from LifeHacker https://ift.tt/KRvVEH5