Attacking Tor: how the NSA targets users' online anonymity

The online anonymity network Tor is a high-priority target for the National Security Agency. The work of attacking Tor is done by the NSA's application vulnerabilities branch, which is part of the systems intelligence directorate, or SID. The majority of NSA employees work in SID, which is tasked with collecting data from communications systems around the world.

According to a top-secret NSA presentation provided by the whistleblower Edward Snowden, one successful technique the NSA has developed involves exploiting the Tor browser bundle, a collection of programs designed to make it easy for people to install and use the software. The trick identified Tor users on the internet and then executes an attack against their Firefox web browser.

The NSA refers to these capabilities as CNE, or computer network exploitation.

The first step of this process is finding Tor users. To accomplish this, theNSA relies on its vast capability to monitor large parts of the internet. This is done via the agency's partnership with US telecoms firms under programs codenamed Stormbrew, Fairview, Oakstar and Blarney.

The NSA creates "fingerprints" that detect http requests from the Tor network to particular servers. These fingerprints are loaded into NSA database systems like XKeyscore, a bespoke collection and analysis tool which NSA boasts allows its analysts to see "almost everything" a target does on the internet.

Using powerful data analysis tools with codenames such as Turbulence, Turmoil and Tumult, the NSA automatically sifts through the enormous amount of internet traffic that it sees, looking for Tor connections.

Last month, Brazilian TV news show Fantastico showed screenshots of an NSA tool that had the ability to identify Tor users by monitoring internet traffic.

The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the internet, makes it easy to differentiate Tor users from other web users. On the other hand, the anonymity provided by Tor makes it impossible for the NSA to know who the user is, or whether or not the user is in the US.

After identifying an individual Tor user on the internet, the NSA uses its network of secret internet servers to redirect those users to another set of secret internet servers, with the codename FoxAcid, to infect the user's computer. FoxAcid is an NSA system designed to act as a matchmaker between potential targets and attacks developed by the NSA, giving the agency opportunity to launch prepared attacks against their systems.

Once the computer is successfully attacked, it secretly calls back to a FoxAcid server, which then performs additional attacks on the target computer to ensure that it remains compromised long-term, and continues to provide eavesdropping information back to the NSA.
Exploiting the Tor browser bundle

Tor is a well-designed and robust anonymity tool, and successfully attacking it is difficult. The NSA attacks we found individually target Tor users by exploiting vulnerabilities in their Firefox browsers, and not the Tor application directly.

This, too, is difficult. Tor users often turn off vulnerable services like scripts and Flash when using Tor, making it difficult to target those services. Even so, the NSA uses a series of native Firefox vulnerabilities to attack users of the Tor browser bundle.

According to the training presentation provided by Snowden, EgotisticalGiraffe exploits a type confusion vulnerability in E4X, which is an XML extension for Javascript. This vulnerability exists in Firefox 11.0 – 16.0.2, as well as Firefox 10.0 ESR – the Firefox version used until recently in the Tor browser bundle. According to another document, the vulnerability exploited by EgotisticalGiraffe was inadvertently fixed when Mozilla removed the E4X library with the vulnerability, and when Tor added that Firefox version into the Tor browser bundle, but NSA were confident that they would be able to find a replacement Firefox exploit that worked against version 17.0 ESR.
The Quantum system

To trick targets into visiting a FoxAcid server, the NSA relies on its secret partnerships with US telecoms companies. As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target's browser to visit a Foxacid server.

In the academic literature, these are called "man-in-the-middle" attacks, and have been known to the commercial and academic security communities. More specifically, they are examples of "man-on-the-side" attacks.

They are hard for any organization other than the NSA to reliably execute, because they require the attacker to have a privileged position on the internet backbone, and exploit a "race condition" between the NSA server and the legitimate website. This top-secret NSA diagram, made public last month, shows a Quantum server impersonating Google in this type of attack.

The NSA uses these fast Quantum servers to execute a packet injection attack, which surreptitiously redirects the target to the FoxAcid server. Anarticle in the German magazine Spiegel, based on additional top secret Snowden documents, mentions an NSA developed attack technology with the name of QuantumInsert that performs redirection attacks. Another top-secret Tor presentation provided by Snowden mentions QuantumCookie to force cookies onto target browsers, and another Quantum program to "degrade/deny/disrupt Tor access".

This same technique is used by the Chinese government to block its citizens from reading censored internet content, and has beenhypothesized as a probable NSA attack technique.
The FoxAcid system

According to various top-secret documents provided by Snowden, FoxAcid is the NSA codename for what the NSA calls an "exploit orchestrator," an internet-enabled system capable of attacking target computers in a variety of different ways. It is a Windows 2003 computer configured with custom software and a series of Perl scripts. These servers are run by the NSA's tailored access operations, or TAO, group. TAO is another subgroup of the systems intelligence directorate.

The servers are on the public internet. They have normal-looking domain names, and can be visited by any browser from anywhere; ownership of those domains cannot be traced back to the NSA.

However, if a browser tries to visit a FoxAcid server with a special URL, called a FoxAcid tag, the server attempts to infect that browser, and then the computer, in an effort to take control of it. The NSA can trick browsers into using that URL using a variety of methods, including the race-condition attack mentioned above and frame injection attacks.

FoxAcid tags are designed to look innocuous, so that anyone who sees them would not be suspicious. An example of one such tag [LINK REMOVED] is given in another top-secret training presentation provided by Snowden.

There is no currently registered domain name by that name; it is just an example for internal NSA training purposes.

The training material states that merely trying to visit the homepage of a real FoxAcid server will not result in any attack, and that a specialized URL is required. This URL would be created by TAO for a specific NSAoperation, and unique to that operation and target. This allows the FoxAcid server to know exactly who the target is when his computer contacts it.

According to Snowden, FoxAcid is a general CNE system, used for many types of attacks other than the Tor attacks described here. It is designed to be modular, with flexibility that allows TAO to swap and replace exploits if they are discovered, and only run certain exploits against certain types of targets.

The most valuable exploits are saved for the most important targets. Low-value exploits are run against technically sophisticated targets where the chance of detection is high. TAO maintains a library of exploits, each based on a different vulnerability in a system. Different exploits are authorized against different targets, depending on the value of the target, the target's technical sophistication, the value of the exploit, and other considerations.

In the case of Tor users, FoxAcid might use EgotisticalGiraffe against their Firefox browsers.

According to a top-secret operational management procedures manual provided by Snowden, once a target is successfully exploited it is infected with one of several payloads. Two basic payloads mentioned in the manual, are designed to collect configuration and location information from the target computer so an analyst can determine how to further infect the computer.

These decisions are made in part by the technical sophistication of the target and the security software installed on the target computer; called Personal Security Products or PSP, in the manual.

FoxAcid payloads are updated regularly by TAO. For example, the manual refers to version 8.2.1.1 of one of them.

FoxAcid servers also have sophisticated capabilities to avoid detection and to ensure successful infection of its targets. The operations manual states that a FoxAcid payload with the codename DireScallop can circumvent commercial products that prevent malicious software from making changes to a system that survive a reboot process.

The NSA also uses phishing attacks to induce users to click on FoxAcid tags.

TAO additionally uses FoxAcid to exploit callbacks – which is the general term for a computer infected by some automatic means – calling back to the NSA for more instructions and possibly to upload data from the target computer.

According to a top-secret operational management procedures manual, FoxAcid servers configured to receive callbacks are codenamed FrugalShot. After a callback, the FoxAcid server may run more exploits to ensure that the target computer remains compromised long term, as well as install "implants" designed to exfiltrate data.

By 2008, the NSA was getting so much FoxAcid callback data that they needed to build a special system to manage it all.

***********************************************

Courtesy : Bruce Schneier [http://www.theguardian.com]

U.S. Government Has Weaponized the Internet. Here’s How They Did It !!!!

The internet backbone — the infrastructure of networks upon which internet traffic travels — went from being a passive infrastructure for communication to an active weapon for attacks.

According to revelations about the QUANTUM program, the NSA can “shoot” (their words) an exploit at any target it desires as his or her traffic passes across the backbone. It appears that the NSA and GCHQ were the first to turn the internet backbone into a weapon; absent Snowdens of their own, other countries may do the same and then say, “It wasn’t us. And even if it was, you started it.”

If the NSA can hack Petrobras, the Russians can justify attacking Exxon/Mobil. If GCHQ can hack Belgacom to enable covert wiretaps, France can do the same to AT&T. If the Canadians target the Brazilian Ministry of Mines and Energy, the Chinese can target the U.S. Department of the Interior. We now live in a world where, if we are lucky, our attackers may be every country our traffic passes through except our own.

Which means the rest of us — and especially any company or individual whose operations are economically or politically significant — are now targets. All cleartext traffic is not just information being sent from sender to receiver, but is a possible attack vector.

Here’s how it works.

The QUANTUM codename is deliciously apt for a technique known as “packet injection,” which spoofs or forges packets to intercept them. The NSA’s wiretaps don’t even need to be silent; they just need to send a message that arrives at the target first. It works by examining requests and injecting a forged reply that appears to come from the real recipient so the victim acts on it.

In this case, packet injection is used for “man-on-the-side” attacks — which are more failure-tolerant than man-in-the-middle attacks because they allow one to observe and add (but not also subtract, as the man-in-the-middle attacks do). That’s why these are particularly popular in censorship systems. It can’t keep up? That’s okay. Better to miss a few than to not work at all.

The technology itself is actually pretty basic. And the same techniques that work on on a Wi-Fi network can work on a backbone wiretap. I personally coded up a packet-injector from scratch in a matter of hours five years ago, and it’s long been a staple of DefCon pranks.

So how have nations used packet injection, and what else can they do with it? These are some of the known uses.
Censorship

The most infamous use of packet injection prior to the Snowden leaks was censorship, where both internet service providers (ISPs) and the Great Firewall of China injected TCP reset packets (RST) to block undesired traffic. When a computer receives one of these injected RST packets, it closes the connection, believing that all communication is complete.

Although public disclosure forced ISPs to stop this behavior, China continues to censor with injected resets. It also injects the Domain Name System (DNS) — the system all computers use to turn names such as “www.facebook.com” into IP addresses — by inserting a fake reply whenever it sees a forbidden name. (It’s a process that has caused collateral damage by censoring non-Chinese internet traffic).
User Identification

User cookies, those inserted by both advertising networks and services, also serve as great identifiers for NSA targeting. Yet a web browser only reveals these cookies when communicating with such sites. A solution lies in the NSA’s QUANTUMCOOKIE attack, which they’ve utilized to de-anonymize Tor users.

A packet injector can reveal these cookies by replying to an unnoticed web fetch (such as a small image) with a HTTP 302 redirect pointing to the target site (such as Hotmail). The browser now thinks “hey, should really go visit Hotmail and ask it for this image”. In connecting to Hotmail, it reveals all non-secure cookies to the wiretap. This both identifies the user to the wiretap, and also allows the wiretap to use these cookies.

So for any webmail service that doesn’t require HTTPS encryption, QUANTUMCOOKIE also allows the wiretap to log in as the target and read the target’s mail. QUANTUMCOOKIE could also tag users, as the same redirection that extracts a cookie could also set or modify a cookie, enabling the NSA to actively track users of interest as they move across the network — although there is no indication yet that the NSA utilizes this technique.
User Attack

The NSA has a collection of FOXACID servers, designed to exploit visitors. Conceptually similar to Metasploit’s WebServer browser autopwn mode, these FOXACID servers probe any visiting browser for weaknesses to exploit.

All it takes is a single request from a victim passing a wiretap for exploitation to occur. Once the QUANTUM wiretap identifies the victim, it simply packet injects a 302 redirect to a FOXACID server. Now the victim’s browser starts talking to the FOXACID server, which quickly takes over the victim’s computer. The NSA calls this QUANTUMINSERT.

The NSA and GCHQ used this technique not only to target Tor users who read Inspire (reported to be an Al-Qaeda propaganda magazine in the English language) but also to gain a foothold within the Belgium telecommunication firm Belgacom, as a prelude to wiretapping Belgium phones.

One particular trick involved identifying the LinkedIn or Slashdot account of an intended target. Then when the QUANTUM system observed individuals visiting LinkedIn or Slashdot, it would examine the HTML returned to identify the user before shooting an exploit at the victim. Any page that identifies the users over HTTP would work equally well, as long as the NSA is willing to write a parser to extract user information from the contents of the page.

Other possible QUANTUM use cases include the following. These are speculative, as we have no evidence that the NSA, GCHQ, or others are utilizing these opportunities. Yet to security experts they are obvious extensions of the logic above.

HTTP cache poisoning. Web browsers often cache critical scripts, such as the ubiquitous Google Analytics script ‘ga.js’. The packet injector can see a request for one of these scripts and instead respond with a malicious version, which will now run on numerous web pages. Since such scripts rarely change, the victim will continue to use the attacker’s script until either the server changes the original script or the browser clears its cache.

Zero-Exploit Exploitation. The FinFly “remote monitoring” hacking tool sold to governments includes exploit-free exploitation, where it modifies software downloads and updates to contain a copy of the FinFisher Spyware. Although Gamma International’s tool operates as a full man-in-the-middle, packet injection can reproduce the effect. The injector simply waits for the victim to attempt a file download, and replies with a 302 redirect to a new server. This new server fetches the original file, modifies it, and passes it on to the victim. When the victim runs the executable, they are now exploited — without the need for any actual exploits.

Mobile Phone Applications. Numerous Android and iOS applications fetch data through simple HTTP. In particular, the “Vulna” Android advertisement library was an easy target, simply waiting for a request from the library and responding with an attack that can effectively completely control the victim’s phone. Although Google removed applications using this particular library, other advertisement libraries and applications can present similar vulnerabilities.

DNS-Derived Man-in-the-Middle. Some attacks, such as intercepting HTTPS traffic with a forged certificate, require a full man in the middle rather than a simple eavesdropper. Since every communication starts with a DNS request, and it is only a rare DNS resolver that cryptographically validates the reply with DNSSEC, a packet injector can simply see the DNS request and inject its own reply. This represents a capability upgrade, turning a man-on-the-side into a man-in-the-middle.

One possible use is to intercept HTTPS connections if the attacker has a certificate that the victim will accept, by simply redirecting the victim to the attacker’s server. Now the attacker’s server can complete the HTTPS connection. Another potential use involves intercepting and modifying email. The attacker simply packet-injects replies for the MX (Mailserver) entries corresponding to the target’s email. Now the target’s email will first pass through the attacker’s email server. This server could do more than just read the target’s incoming mail, it could also modify it to contain exploits.

Amplifying Reach. Large countries don’t need to worry about seeing an individual victim: odds are that a victim’s traffic will pass one wiretap in a short period of time. But smaller countries that wish to utilize the QUANTUMINSERT technique need to force victims traffic past their wiretaps. It’s simply a matter of buying the traffic: Simply ensure that local companies (such as the national airline) both advertise heavily and utilize in-country servers for hosting their ads. Then when a desired target views the advertisement, use packet injection to redirect them to the exploit server; just observe which IP a potential victim arrived from before deciding whether to attack. It’s like a watering hole attack where the attacker doesn’t need to corrupt the watering hole.

***

The only self defense from all of the above is universal encryption. Universal encryption is difficult and expensive, but unfortunately necessary.

Encryption doesn’t just keep our traffic safe from eavesdroppers, it protects us from attack. DNSSEC validation protects DNS from tampering, while SSL armors both email and web traffic.

There are many engineering and logistic difficulties involved in encrypting all traffic on the internet, but its one we must overcome if we are to defend ourselves from the entities that have weaponized the backbone.

***********************************************************

Courtesy : www.wired.com

Out in the Open: How to Get Google Maps Directions Without Google

One of the best things about Google Maps is that you can get directions from one place to another almost instantly.

But what if you want to build your own website or application that does much the same thing? Sure, Google Maps offers an API that lets developers integrate some of its tools into their applications, but if you do that, you’re beholden to Google. You don’t have complete control over your software. Or data gets shared with another company, and you can’t always modify your application in the way you want to.

That’s where Open Source Routing Machine — or OSRM — comes in. OSRM is a route planning system that runs on OpenStreetMap, a free crowdsourced mapping service. And, yes, it too is open source, meaning anyone can use and modify it for free.

Creator Dennis Luxen runs an OSRM/OpenStreetMap server where you can check it out. But anyone could host their own server — or incorporate it into another application. It’s not quite ready to replace Google Maps for consumer purposes, but it could provide an excellent alternative for developers and hackers.

Luxen started working with route planning as a PhD candidate at the Karlsruhe Institute of Technology in Germany. “The group where I worked had a strong emphasis on route planning and algorithms in general,” he says. The challenge is that you want accurate answers that feel as though they are delivered instantly.

Luxen started OSRM around 2010. “One day, I got this cold call from a guy named Frederik Ramm, who is a big contributor to Open Street Map Project,” Luxen says. “He was looking to get new ideas from outside the community. He’d been reading about route planning and was wondering if I could come talk at a meetup.”

The talk went well, so Luxen began thinking about how to put his research into action. The result is OSRM, which Luxen built with collaborators such as Emil Tin, who helped make the backend more usable; Dennis Schieferdecker, who did most of the front-end; and Christian Vetter, who helped with the basic infrastructure code.

OSRM is amazingly fast, but it does have a few limitations. For example, in Google Maps, you can you can use street address instead of coordinates to input your desired route. OSRM has trouble with that. Both services use a technique called “geocoding” to convert street addresses into coordinates, but Google Maps’ geocoding is much better than the geocoding system built into OpenStreetMap.

“It’s a matter of resources, I’d love to have a team of 2,000 people working on it,” he says. “I’m sure if we had 20 people working on OSRM that we could make it the most awesome thing when it comes to routing, but we’re not there yet.”

Will OSRM ever be a complete one-to-one replacement for Google Maps? “As much as I’d like to say yes, you want to be humble in your goals,” he says. “Google has invested so much money and ideas in routing, I’m not sure I want to say that I want to compete with them. What I want is a routing system on Open Street Map that gives you a similar experience.”

Courtesy : CobraPost

Flat Tummy In 7 Days !!!

Step one:

If you want to build muscle and burn fat at the same time, you have to perform circuit training, three days per week. How can you achieve this? Indulge in full body exercises like lunges, push-ups, and pull-ups, for one set of 15 repetitions. Don't forget to follow every exercise with one minute of jumping rope. You should be able to burn around 500 to 600 calories per workout.



Step two:

You have to work on your abdominal muscles three times in the week. Crunches and leg raises for three sets of 20 repetitions should be done. Also, do planks by holding your body in a push-up position on your elbows for 30 to 60 seconds for four sets.



Step three:

The kind of food you will eat in this period is vital in bringing about any change. Natural foods like fruits, vegetables, whole grain breads and pastas, chicken, beef, fish and low fat dairy should replace processed foods full of sugar.



Step four:

To minimize water retention, lower your sodium intake. This means you need to avoid salt. You can flavour your food with other herbs and spices instead.



Step five:

Stressing and anxiety can cause the over-production of a certain hormone called cortisol, which encourages weight gain about the belly area. So try to keep your cool!







Courtsey :

purvaja.sawant@timesgroup.com

10 Quotes That Changed My Life

By Robin Sharma

1. “Until one is committed, there is hesitancy, the chance to draw back– Concerning all acts of initiative (and creation), there is one elementary truth that ignorance of which kills countless ideas and splendid plans: that the moment one definitely commits oneself, then Providence moves too. All sorts of things occur to help one that would never otherwise have occurred. A whole stream of events issues from the decision, raising in one’s favor all manner of unforeseen incidents and meetings and material assistance, which no man could have dreamed would have come his way. Whatever you can do, or dream you can do, begin it. Boldness has genius, power, and magic in it. Begin it now.”

—Johann Wolfgang von Goethe

2. “I learned this, at least, by my experiment: that if one advances confidently in the direction of his dreams, and endeavors to live the life which he has imagined, he will meet with a success unexpected in common hours.”

—Henry David Thoreau, Walden: Or, Life in the Woods

3. “Why do they always teach us that it’s easy and evil to do what we want and that we need discipline to restrain ourselves? It’s the hardest thing in the world–to do what we want. And it takes the greatest kind of courage. I mean, what we really want.”

—Ayn Rand

4. “Be yourself; everyone else is already taken.”

—Oscar Wilde

5. “The only people for me are the mad ones, the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow roman candles exploding like spiders across the stars.”

—Jack Kerouac, On the Road

6. “It is not the critic who counts; not the man who points out how the strong man stumbles, or where the doer of deeds could have done them better. The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood; who strives valiantly; who errs, who comes short again and again, because there is no effort without error and shortcoming; but who does actually strive to do the deeds; who knows great enthusiasms, the great devotions; who spends himself in a worthy cause; who at the best knows in the end the triumph of high achievement, and who at the worst, if he fails, at least fails while daring greatly, so that his place shall never be with those cold and timid souls who neither know victory nor defeat.”

—Theodore Roosevelt

7. “Our deepest fear is not that we are inadequate. Our deepest fear is that we are powerful beyond measure. It is our light, not our darkness that most frightens us. We ask ourselves, ‘Who am I to be brilliant, gorgeous, talented, fabulous?’ Actually, who are you not to be? You are a child of God. Your playing small does not serve the world. There is nothing enlightened about shrinking so that other people won’t feel insecure around you. We are all meant to shine, as children do. We were born to make manifest the glory of God that is within us. It’s not just in some of us; it’s in everyone. And as we let our own light shine, we unconsciously give other people permission to do the same. As we are liberated from our own fear, our presence automatically liberates others.”

—Marianne Williamson

8. “To laugh often and love much; to win the respect of intelligent persons and the affection of children; to earn the approbation of honest citizens and endure the betrayal of false friends; to appreciate beauty; to find the best in others; to give of one’s self; to leave the world a bit better, whether by a healthy child, a garden patch or a redeemed social condition; to have played and laughed with enthusiasm and sung with exultation; to know even one life has breathed easier because you have lived—this is to have succeeded.”

—Bessie Anderson Stanley (frequently misattributed to Ralph Waldo Emerson)

9. “Never doubt that a small group of thoughtful, committed, citizens can change the world. Indeed, it is the only thing that ever has.”

—Margaret Mead

10. “Be the change that you wish to see in the world.”

—Mahatma Gandhi

It’s a Trap! 10 Interview Questions Designed To Trick You

---by PHILLIP TAYLOR-PARKER

Hiring managers are tasked with the impossible job of learning a candidate inside and out after just a few interactions. That’s why they’re always coming up with new tactics to extract every last drop of information from a candidate. It’s important to keep your guard up! You can almost be sure some of the questions asked will be “interview traps” – interview questions designed to get you to reveal some critical bit of information about yourself that you might have preferred to remain covered. They come in many forms, but all have the common goal of getting you to expose some character flaw that will bump you down a few rungs in the rankings.

Hold it together! Here are 10 of the most popular “interview traps” and tips on how to use them to your advantage.


The setup: Why is there a gap in your work history?
The trap: Does all this time off work mean you’re lazy?

It’s not necessarily a problem to have a gap on your resume. If you pursued personal projects, took care of a sick relative, volunteered for charity or otherwise used your time off in a productive manner, let them know. They don’t care that you haven’t spent any recent time in an office – only that you haven’t spent it all on the couch.


The setup: What would the person who likes you least in the world say about you?
The trap: Are you aware of your own weaknesses – and how to work around them?

A cousin to “what’s your biggest weakness?,” this question also requires framing your dominant personality traits in a positive light. Perhaps your enemy would say you’re neurotic and controlling, when in fact you just have a completionist’s eye for detail, which will ensure no project is finished until all loose ends are tied and re-tied for peace of mind.


The setup: Describe when you were part of a team that could not get along.
The trap: Do you work well with people you don’t like?

No matter whose fault it actually was, the interviewer will assume you can’t work well with others if you complain about a dysfunctional team buried in your work history. What matters to them is how you handled the situation – did you allow room for discussions and ideas you may not have agreed with? Did you learn any lessons about give-and-take from clashing with a coworker?


The setup: If you could change one thing about your last job, what would it be?
The trap: Are you holding on to any lingering issues you couldn’t resolve at your last job?

Can you vocalize your problems in a professional manner and come to a diplomatic understanding with your coworkers / bosses? This question tests whether you let problems stew and boil over, or whether you can address them rationally with the benefit of a positive work environment in mind.


The setup: Explain ________ (your industry) to your nephew / grandmother / totally oblivious client.
The trap: Sure, you know your line of work – but can you communicate your responsibilities to others?

Are you a good communicator? As a developer, can you explain how the newest product feature operates in a way that the marketing team can process, so they can in turn pitch it to customers? If you can’t explain your job duties in plain English, you probably aren’t well-versed enough in the field to effectively communicate your needs to the coworkers you will interact with on a daily basis.


The setup: Tell me about yourself.
The trap: Are you lying on your resume? Are you confident you’re qualified for this job?

Don’t meander. This also tests your communication skills – whether you know how to pitch, and whether you know when to stop talking. Succinctly list education history, skills gained from previous jobs, and perhaps a personal project or two which enhances your skill set and demonstrates motivation outside of the workplace. Then, stop talking. Rambling indicates a lack of confidence, suggesting you’re not sure whether what you’ve listed is “enough” to qualify you for the job.


The setup: Why should we hire you?
The trap: Are you a good fit for this specific role and company?

If you can’t answer this question, you probably didn’t research the company you’re trying to work for. Make sure you know the specific functions your future role will entail, and the short- and long-term goals of the organization itself. Then, frame your skills in a context which aligns with the job description and the company’s direction.

It also doesn’t hurt to research the hiring board to find out what makes them tick, so you can carry the conversation if they mention a project from their background.


The setup: What’s your ideal job?
The trap: …Is it something other than this one?

It’s okay to have career aspirations, so long as the things you want to do overlap with the things you’ll be doing here. Avoid mentioning a title – it may not carry the clout in this company’s role structure that you think it does. Instead, discuss the problems you’d like to solve, platforms you want to work with, and other active engagements that encompass both your dream work and the work in front of you.


The setup: What annoys you about coworkers / bosses?
The trap: Are you easy to work with, or are you a Negative Nancy?

It’s never a good idea to badmouth a coworker, whether peer or superior. It’s best to say you’ve been fortunate to navigate amicable work relationships. If pressed, mention an attribute that highlights dedication to the company cause, and say that you will expect and encourage that same dedication from your peers.


The setup: If you won the lottery, would you still work?
The trap: Are you motivated to succeed?

Most people know this question aims to trap candidates for whom work is merely a means to an end, rather than a passion to which they will be dedicated. But it’s also facetious to say you’d stay in your current position if you were to be blessed with such fortunes. It’s perfectly acceptable to say you’d start your own company, charity or project to further your personal development. This question really gets at whether you’re naturally inclined to work, so make sure those imaginary piles of cash would enable some form of future productivity.

How to Make Your Own Cloud

How to Make Your Own Cloud

Cloud services, offering storage that’s always accessible via the Web, can give you anywhere, anytime access to your digital stuff. There’s a ton of free services that offer about 5GB of free cloud storage, includingDropbox, iCloud, Skydrive, and Google Drive.

But if you’re a true digariti, 5 GB is chump change. You need much more storage – but to get it, you’ll have to pay a monthly fee.

Or you could create your own cloud-like service.  Here are two simple ways to do it using your home’s wireless router:

1. Connect a USB storage drive to your router

First, check to see if you if your router has USB ports. If so, you can connect a USB external storage drive to it. Then, map to the drive to your home computers. 

Cisco/Linksys’s Web site has a good explanation of how to do this on both Mac and Windows systems. It takes a little bit of technical know-how, but it’s not too tough if you have your router’s manual handy.

Keep in mind that this is not a true cloud solution.  Your files are stored on a drive that can only be accessed via your home’s Wi-Fi network, not on the Internet. But it does allow you to easily view files on all your devices at home.

2. Set up a network attached storage drive for “anywhere” access

If you have an external storage drive with an Ethernet port, you can connect it to your router and access files from anywhere. This kind of set-up is called “network-attached storage” (NAS).

Most NAS drive makers, including Western Digital, have utility software for setting up your drive for remote access. Once you complete the setup process, you’ll be able to access files via an FTP server, Web browser or even a mobile app (for iOS, Android or Windows phones). Many also have advanced user management features, such as creating separate accounts with privilege levels (such as limiting which folders can be viewed).

________________
Courtesy :  Qualcomm Spark

My Unusual Obsessions For Extreme Achievement

By Robin Sharma

One of the best ideas I’ve learned in a long time is this one:


WE GET THE BRAINS WE’VE EARNED

I know that’s an unusual line. Maybe it irritates you a little (good–I’m here to disrupt your normal beliefs and behaviors so you make the changes that will change your world). Perhaps it scares you (even better–our greatest fears deliver our finest growth). Or maybe you totally get what I mean.

What I’m suggesting to you–with that line–(and with the awesome respect I have for you as a reader of my blog) is that the brains we currently have are far less the result of genetics and luck and FAR more the result of our daily habits and the routine influences we expose our minds to.

Brain scientists have been making large leaps in their understanding of the concept of neuroplasticity. They’ve realized that–contrary to common belief–the brains we’re born with are not the brains we’re stuck with for life. No. Our brains are plastic. They can be shaped, grown and sculpted into things of beauty (that serve our excellence brilliantly). By the way we use them.

Which brings me to Darwin. And Picasso. And Michelangelo.

Not one of these people was born into genius. The whole idea of natural born talent is mostly a lie we sell ourselves so we don’t have to rise up and feel the fear of doing something great in our work and with our lives. In truth, you can walk with the giants and play amongst the gifted–if you start making the different choices that will yield different results.

These people were pure ordinary-ness (ok–so I made up a word). But here’s what they did to make themselves "special". They followed their "inclinations". In other words, they pursued the work that made their hearts sing rather than doing the things others wanted them to do. And they had the audacity to become the people they wanted to be versus the people others wished they’d become.

BONUS TIP: one of the biggest ways we limit our potential and deny our genius is following The Herd and modeling The Crowd. If you want to win in 2013 and transform the way you work + live, you absolutely MUST break free of The Cult of Mediocrity. You absolutely must stop listening to the chattering voices of the cynics around you. You absolutely must trust yourself–and your instincts.

And that’s what EVERY Master does. They trust their gut. They follow their "inclinations"–those things that when they do them, their work doesn’t feel like work. Instead, it’s joy. Bliss. And LOVE.

And because it feels so good when you have the guts to pursue these activities, you do them a lot. You "work" really really hard at your "work". You no longer see your job as a job but as your craft and your calling and your devotion.

And because of this, your devotion eventually becomes your BEAUTIFUL OBSESSION.

You practice it daily. Constantly. Consistently.

You have no time for TV and Call of Duty video games and Twitter or gossip. You need and hunger to do that thing that fills you. That inspires you. That gives you precious glimpses of your greatest self.

And as you do this, you stop living society’s life. You step into YOUR life. The life meant for you. The days of your destiny. This is how genius unfolds. No magic. Just trusting your passion. And putting in the work.

I so hope I’m not boring you. These words just poured out of me. As the waves cascade. As the sea air moves. As this fireplace flickers.

So please allow me to finish this post with A STATEMENT OF MY 6 UNUSUAL OBSESSIONS. These are the unusual commitments that govern my life. They are not so popular in this world we live in but they mean a lot to me. And my guess is they mean a lot to you.

MY 6 UNUSUAL OBSESSIONS

#1. THE MASTERY OBSESSION.
Commit–TODAY–to becoming a master. Ask yourself what are you best at? What things do you do that when you do them you feel happy + at peace–and sense your creativity and gifts pouring out of you. We get the life we’ve settled for. We get the brains we’ve earned. Start looking for those things in your work (and life) that you can become a Picasso at. Life shifts once you do.

#2. THE PROGRESS OBSESSION.
Yes, I’m obsessed with progress. With making every day better than yesterday. With making this year 1000X better than last year. Drives my team crazy. Sometimes irritates the people around me. But I fiercely believe we are built for growth (not stagnation). For expansion (not contraction). Good enough just isn’t very good as far as I can tell. The whole nature of the game is to see how far we can go–and to express our potential so we create the lives of our dreams. And elevate the world in the process. (Failing to realize your gifts makes the world less of a great place to be, no?).

#3. THE EXCELLENCE OBSESSION.
My friend and colleague Tom Peters made this word even more famous in the circles we work in. But here’s my take on it: leave everything you touch better than you find it. Surround yourself with excellent people. Use excellent words. Drink excellent coffee. Read excellent books. Wear excellent shoes. Create excellent projects. Be an excellent parent. Think excellent thoughts. You deserve no less.

#4. THE HAPPINESS OBSESSION.
Yes, I’m obsessed with being happy. No, I’m not happy all the time (I’m human after all). Sometimes people tell me "you don’t live in the real world". My reply: "Who wants to live in the real world?" A world with negativity and wars and greed and chaos. I want to create a world of my own making–while living in this very real world. I want to do work that matters and live with the people I love and pursue my highest ideals and live the life I have envisioned. I want to be happy–and so I block out the noise. So I can do so.

#5. THE CREATIVITY OBSESSION.
We are designed to create. We are all Artists. Each of us is a Creative (not just the people in advertising and design). Accountants and firefighters, math teachers and breakfast servers. We are all meant to innovate + ideate and use our brains to birth our best ideas into the world. I write and record ideas everywhere. On flight sickness bags on airplanes. On paper napkins in restaurants. In my journal that follows me much of where I go. Yes, I’m obsessed with creativity. And that’s my encouragement for you too.

#6. THE CONTRIBUTION OBSESSION.
This one’s my oxygen. I’m revealing it to you here. My Dad instilled this value in me. Deeply. As I grew up, he spoke of Gandhi. And Mandela. And Martin Luther King Jr. And Mother Teresa. And other Saints of Humanity who on my best days I acutely remember. My father told me that the real purpose of life is to serve. To be of use. To uplift those around us. To be helpful. And for this ideal–I owe my Dad the greatest debt of gratitude. Yes, I run a business. Yes I want to win. But above all else, I want to serve. It’s my obsession. And I make zero apologies for it. Ever.

I really hope this post has moved something within you. To stop playing small with your gifts, talents and Dreams. Think about what I’ve shared. Talk about this post with your team + family. Share it with your friends. And then go out and change the world.

62 Fast Tips to Get UnStuck

62 Fast Tips to Get UnStuck

By Robin Sharma

Believe in your vision and gifts when no one else believes in your vision and gifts.

Start your day with 20 minutes of exercise.

Make excellence your way of being (versus a once in a while event).

Be on time (bonus points: be early).

Be a celebrator of other’s talents versus a critic.

Stop watching TV. (Bonus points: sell your tv and invest the cash in learning and self-education).

Finish what you start.

Remember that your diet affects your moods so eat like an athlete.

Spend an hour a day without stimulation (no phone+no FaceBook+no noise).

Release the energy vampires from your life. They are destroying your performance.

Write in a journal every morning. And record gratitude every night.

Do work that scares you (if you’re not uncomfortable often, you’re not growing very much).

Make the choice to let go of your past. It’s dusty history. And polluting your future.

Commit to being “Mozart-Level Good” at your work.

Smile more (and tell your face).

Do a collage filled with images of your ideal life. Look at it once a day for focus and inspiration.

Plan your week on a schedule (clarity is the DNA of mastery).

Stop gossiping (average people love gossip; exceptional people adore ideas).

Read “As You Think”.

Read “The Go-Getter”.

Don’t just parent your kids–develop them.

Remember that victims are frightened by change. And leaders grow inspired by it.

Start taking daily supplements to stay in peak health.

Clean out any form of “victimspeak” in your vocabulary and start running the language of leadership and possibility.

Do a nature walk at least once a week. It’ll renew you (you can’t inspire others if you’re depleted yourself).

Take on projects no one else will take on. Set goals no one else will do.

Do something that makes you feel uncomfortable at least once every 7 days.

Say “sorry” when you know you should say “sorry”.

Say “please” and “thank you” a lot.

Remember that to double your income, triple your investment in learning, coaching and self-education.

Dream big but start now.

Achieve 5 little goals each day (“The Daily 5 Concept” I shared in “The Leader Who Had No Title” that has transformed the lives of so many). In 12 months this habit will produce 1850 little goals–which will amount to a massive transformation.

Write handwritten thank you notes to your customers, teammates and family members.

Be slow to criticize and fast to praise.

Read Walter Isaacson’s amazing biography on Steve Jobs.

Give your customers 10X the value they pay for (“The 10X Value Obsession”).

Use the first 90 minutes of your work day only on value-creating activities (versus checking email or surfing the Net).

Breathe.

Keep your promises.

Remember that ordinary people talk about their goals. Leaders get them done. With speed.

Watch the inspirational documentary “Jiro Dreams of Sushi”.

Know that a problem only becomes a problem when you choose to see it as a problem.

Brain tattoo the fact that all work is a chance to change the world.

Watch the amazing movie “The Intouchables”.

Remember that every person you meet has a story to tell, a lesson to teach and a dream to do.

Risk being rejected. All of the great ones do.

Spend more time in art galleries. Art inspires, stimulates creativity and pushes boundaries.

Read a book a week, invest in a course every month and attend a workshop every quarter.

Remember that you empower what you complain about.

Get to know yourself. The main reason we procrastinate on our goals is not because of external conditions; we procrastinate due to our internal beliefs. And the thing is they are stuck so deep that we don’t even know they exist. But once you do, everything changes.

Read “Jonathan Livingston Seagull”.

Know your values. And then have the guts to live them–no matter what the crowd thinks and how the herd lives.

Become the fittest person you know.

Become the strongest person you know.

Become the kindest person you know.

Know your “Big 5″–the 5 goals you absolutely must achieve by December 31 to make this year your best yet (I teach my entire goal-achieving process, my advanced techniques on unleashing confidence and how to go from being stuck to living a life you adore in my online program “Your Absolute Best Year Yet”).

Know that potential unexpressed turns to pain.

Build a strong family foundation while you grow your ideal career.

Stop being selfish.

Give your life to a project bigger than yourself.

Be thankful for your talents.

Stand for iconic. Go for legendary. And make history.

This is YOUR time. Now’s YOUR moment. Let’s do this! :)

Complete Speech By Swami Vivekanand From Chicago USA in 1893

Bum Bholenaath