In an April 28th memo announcing salary cuts and a reduced work week for the summer months, Penton Media CEO Sharon Rowlands advised employees that they may be eligible for unemployment benefits and told them to check with their local unemployment office. She also noted that “special rules may apply to employees in California and to non-exempt employees, and we will be reaching out to these employees and their managers with specific information and specific instructions.”Pay cuts and layoffs are hard enough on employee morale but publishers have another reason to tread lightly in this area: Violation of state or federal labor laws could end up costing the publisher significant money and hamper future cost-saving steps.FOLIO: spoke with law firm Morgan & Lewis, which specializes in labor law, on what areas should be of particular concern to publishers trying to cut back. Government Eye on Small Businesses Smaller publishers that have made due with either a part-time human resources staffer (or none at all) may want to reinvest in that position. While some publishers may be too small to be eligible under Federal law (typically 15 employees or more), state law may still apply. All it takes is one phone call from a disgruntled worker to put you on some agency’s radar. Be particularly mindful of the overtime demands made on low wage earners (most employees must take home at least $455 per week before deductions). The Federal Department of Labor has announced investigations on low wage earners in variety of industries. “The Obama administration says it will pour a lot more money into that,” says Morgan & Lewis partner David McManus. “While the government might decide to focus on a particular industry, smaller companies get on a government agency radar because a former or current employee makes a complaint. Often an employee leaves for another job where they do similar work but they’re classified differently. Now that they get overtime, they scratch their head and say, ‘What‘s up with that?’ and file a complaint against their old company.”While “overtime” is a seldom-heard term in the publishing industry, publishers do have to be aware of company hours in relation to reduced wages. “You have to be vigilant in making sure you have an off-the-clock policy and make sure managers aren’t applying pressure to employees to work overtime that’s not reported,” says McManus. “Employees generally are entitled to overtime under the Fair Labor Act with exceptions, so many that the exceptions almost become the rule.” Don’t try to sneak work in during a furlough week, even with the promise of future compensation. “If for a week you’re furloughing people who are exempt from the overtime laws, you have to make sure they’re not working at all,” says McManus. “If they’ve done work and they’re an exempt employee, they’re entitled to their weekly pay. You may even lose the exemption for a whole class of employees based on that one employee.”Heightened Litigation with ContractorsPublishers are increasingly outsourcing core duties such as production, edit and sales to contract workers. However, that’s also becoming a growing source of litigation. New York State is considering investigating the status of independent contractors and whether they’re classified correctly. “We’ve seen an increasing trend in private litigation and in state and federal regulatory agencies going after claims that individuals who were treated as contractors, so they didn’t get benefits or overtime, actually are employees,” says McManus.Sales reps are a particularly touchy area. If a rep is required to spend so many hours in meetings with the publisher, that rep could be classified as a full-time employee, and eligible for corresponding benefits.
In late April, PEOPLE’s 23rd annual “World’s Most Beautiful” special double issue will debut on newsstands. While the initial product is familiar, the magazine has added a new twist to the content to boost engagement: the “PEOPLE’s Search For Real Beauty at Every Age” campaign.The magazine will begin accepting nominees from real women ages 20-59, some of whom will grace the pages of PEOPLE magazine. This campaign is a fully integrated contest across tablets, online and through print promotions. Reader audiences can visit PEOPLE.com and nominate themselves or someone they know from March 5-18 to win the chance to be included among the celebrity winners in the “World’s Most Beautiful” print issue. This content strategy, editors say, is designed to increase engagement and drive purchases across platforms.“Now, for the first time, we’ve created a plan from the ground up for a fully integrated program from both the print and online sides—from editorial down, through advertising and publishing,” says Janice Morris, managing editor of PEOPLE Digital. “We brainstormed to create this ‘Real Beauty Program’ and, for the first time, we’re promoting across the tablet, print edition and the online edition to encourage real readers to submit to this program.”In an effort to integrate interactivity, the magazine will encourage PEOPLE readers to submit their own photos to PEOPLE.com. In addition to having its own landing page, the campaign will roll out photo galleries that will be hosted on the website. Individuals can “like” the photos of the real women, 40 of whom (one for each age) will be featured in the actual pages of the “World’s Most Beautiful” issue. To add another layer of incentive and engagement, 4 winners will be selected and flown to New York City for a photo-shoot, makeover and glamorous trip. “Users can upload their own photo from their desktop or Facebook,” says Morris. “Once they upload the image, they will see their photo on PEOPLE.com and have a chance to share it out. This campaign is integrated with Twitter, Facebook and Google+—we definitely wanted to hit all of those social platforms. We’re also running banner ads and we’ll have posts in our news section as well.”Morris adds that the goal of the campaign, in addition to highlighting beauty’s many forms, is to lock in a consumer’s committed financial interest. When a reader uploads a photo for this campaign, a banner advertisement comes up, promoting the “World’s Most Beautiful” issue and giving individuals an opportunity to subscribe. “We’ve got one audience on Twitter, one on Facebook and another starting on Google+, in addition to our regular readers coming to the website four or five times a day to check-in on the news,” says Morris. “We’re hoping to engage them and get them to think, ‘Wow—I could be in the print edition of PEOPLE.’ It’s almost like we’re the machine getting it rolling, and eventually they’ll get that final product. We want them to start thinking about our ‘World’s Most Beautiful’ issue now.”
The project was developed by Xcel Energy in conjunction with Abengoa Solar, which developed the solar parabolic trough technology that concentrates solar energy to produce heat. The demonstration project is expected to cut the use of coal at the power plant by around two or three percent, and could be scaled up to cut it by 10 percent.The system works through a series of parabolic trough solar collectors made of glass mirrors. On sunny days the mirrors concentrate the solar radiation onto a line of receiver tubes filled with a heat transfer fluid (mineral oil). The solar energy heats the circulating oil to about 300°C (575°F). The heated oil is then fed to a heat exchanger where the heat is transferred to water to heat it to around 200°C (407°F) before it enters the boiler. Having hotter water entering the boiler means less coal is needed to heat it and produce the steam that turns the turbine to generate electricity.Vice president of Xcel Energy, and chief supply officer, Kent Larson, said in a press release that if the project meets expectations it may help “move the use of solar energy one step closer to being a potential technology for improving the environmental performance of coal-fired power plants.”CEO of Abengoa Solar, Santiage Seage, said the company believed the solar-coal combination would provide a cost-effective way of delivering solar energy. Xcel Energy’s ICT Program is aimed at developing, commercializing and deploying new technologies for electricity generation, energy storage, and so on, to support the company’s clean energy strategy. Xcel Energy is a major utility company in the US, servicing 3.3 million electricity customers and 1.8 million natural gas customers.Other companies are also developing or evaluating hybrid power generation plants to see if the combination can provide environmental benefits at a commercially viable cost. For example a group or companies have joined with the Electric Power Research Institute to study the feasibility of hybrid coal-solar plants in North Carolina and New Mexico, while in Florida NextEra Energy is developing a hybrid solar-natural gas plant. Colorado Integrated Solar Project Citation: First ever hybrid solar-coal power plant operating (2010, July 12) retrieved 18 August 2019 from https://phys.org/news/2010-07-hybrid-solar-coal-power.html More information: Colorado Integrated Solar Project Abu Dhabi to build ‘world’s largest’ solar plant Explore further (PhysOrg.com) — The first ever hybrid solar-coal power plant is now operating at Unit 2 of the Cameo Generating Station near Palisade in Colorado. The demonstration project was built by Xcel Energy as part of its new Innovative Clean Technology (ICT) Program, and is designed to decrease the use of coal, increase the plant’s efficiency, lower carbon dioxide emissions, and test the commercial viability of combining the two technologies. © 2010 PhysOrg.com This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
The 21st International Conference of Black Hat USA 2018, has just concluded. It took place from August 4, 2018 – August 9, 2018 in Las Vegas, Nevada. It is one of the most anticipated conferences of the year for security practitioners, executives, business developers and anyone who is a cybersecurity fanatic and wants to expand their horizon into the world of security. Black Hat USA 2018 opened with four days of technical training followed by the two-day main conference featuring Briefings, Arsenal, Business Hall, and more. The conference covered exclusive training modules that provided a hands-on offensive and defensive skill set building opportunity for security professionals. The Briefings covered the nitty-gritties of all the latest trends in information security. The Business Hall included a network of more than 17,000 InfoSec professionals who evaluated a range of security products offered by Black Hat sponsors. Best cybersecurity Trainings in the conference: For more than 20 years, Black Hat has been providing its attendees with trainings that stand the test of time and prove to be an asset in penetration testing. The training modules designed exclusively for Black Hat attendees are taken by industry and subject matter experts from all over the world with the goal of shaping the information security landscape. Here’s a look at a few from this year’s conference. #1 Applied Hardware attacks: Embedded and IOT systems This hands-on training was headed by Josh Datko, and Joe Fitzpatrick that: Introduced students to the common interfaces on embedded MIPS and ARM systems Taught them how to exploit physical access to grant themselves software privilege. Focussed on UART, JTAG, and SPI interfaces. Students were given a brief architectural overview. 70% hands-on labs- identifying, observing, interacting, and eventually exploiting each interface. Basic analysis and manipulation of firmware images were also covered. This two-day course was geared toward pen testers, red teamers, exploit developers, and product developers who wished to learn how to take advantage of physical access to systems to assist and enable other attacks. This course also aimed to show security researchers and enthusiasts- who are unwilling to ‘just trust the hardware’- to gain deeper insight into how hardware works and can be undermined. #2 Information Operations: Influence, exploit, and counter This fast-moving class included hands-on exercises to apply and reinforce the skills learned during the course of the training. It also included a best IO campaign contest which was conducted live during the class. Trainers David Raymond and Gregory Conti covered information operations theory and practice in depth. Some of the main topics covered were IO Strategies and Tactics, Countering Information Operations and Operations Security and Counter Intelligence. Users learned about Online Personas and explored the use of bots and AI to scale attacks and defenses. Other topics included understanding performance and assessment metrics, how to respond to an IO incident, exploring the concepts of Deception and counter-deception, and Cyber-enabled IO. #3 Practical Vulnerability discovery with fuzzing: Abdul Aziz Hariri and Brian Gorenc trained students on techniques to quickly identify common patterns in specifications that produce vulnerable conditions in the network. The course covered the following- Learning the process to build a successful fuzzer, and highlight public fuzzing frameworks that produce quality results. “Real world” case studies that demonstrated the fundamentals being introduced. Leverage existing fuzzing frameworks, develop their own test harnesses, integrate publicly available data generation engines and automate the analysis of crashing test cases. This class was aimed at individuals wanting to learn the fundamentals of the fuzzing process, develop advanced fuzzing frameworks, and/or improve their bug finding capabilities. #4 Active Directory Attacks for Red and Blue teams: Nikhil Mittal’s main aim to conduct the training was to change how you test an Active Directory Environment. To secure Active Directory, it is important to understand different techniques and attacks used by adversaries against it. The AD environments lack the ability to tackle latest threats. Hence, this training was aimed towards attacking modern AD Environment using built-in tools like PowerShell and other trusted OS resources. The training was based on real-world penetration tests and Red Team engagements for highly secured environments. Some of the techniques used in the course were- Extensive AD Enumeration Active Directory trust mapping and abuse. Privilege Escalation (User Hunting, Delegation issues and more) Kerberos Attacks and Defense (Golden, Silver ticket, Kerberoast and more) Abusing cross-forest trust (Lateral movement across forest, PrivEsc and more) Attacking Azure integration and components Abusing SQL Server trust in AD (Command Execution, trust abuse, lateral movement) Credentials Replay Attacks (Over-PTH, Token Replay etc.) Persistence (WMI, GPO, ACLs and more) Defenses (JEA, PAW, LAPS, Deception, App Whitelisting, Advanced Threat Analytics etc.) Bypassing defenses Attendees also acquired a free one month access to an Active Directory environment. This comprised of multiple domains and forests, during and after the training. #5 Hands-on Power Analysis and Glitching with ChipWhisperer This course was suited for anyone dealing with embedded systems who needed to understand the threats that can be used to break even a “perfectly secure” system. Side-Channel Power Analysis can be used to read out an AES-128 key in less than 60 seconds from a standard implementation on a small microcontroller. Colin O’Flynn helped the students understand whether their systems were vulnerable to such an attack or not. The course was loaded with hands-on examples to teach them about attacks and theories. The course included a ChipWhisperer-Lite, that students could walk away with the hardware provided during the lab sessions. During the two-day course, topics covered included : Theory behind side-channel power analysis, Measuring power in existing systems, Setting up the ChipWhisperer hardware & software, Several demonstrated attacks, Understanding and demonstration glitch attacks, and Analyzing your own hardware #6 Threat Hunting with attacker TTPs A proper Threat Hunting program focused on maximizing the effectiveness of scarce network defense resources to protect against a potentially limitless threat was the main aim of this class. Threat Hunting takes a different perspective on performing network defense, relying on skilled operators to investigate and find the presence of malicious activity. This training used standard network defense and incident response (which target flagging known malware). It focussed on abnormal behaviors and the use of attacker Tactics, Techniques, and Procedures (TTPs). Trainers Jared Atkinson, Robby Winchester and Roberto Rodriquez taught students on how to create threat hunting hypotheses based on attacker TTPs to perform threat hunting operations and detect attacker activity. In addition, they used free and open source data collection and analysis tools (Sysmon, ELK and Automated Collection and Enrichment Platform) to gather and analyze large amounts of host information to detect malicious activity. They used these techniques and toolsets to create threat hunting hypotheses and perform threat hunting in a simulated enterprise network undergoing active compromise from various types of threat actors. The class was intended for defenders wanting to learn how to effectively hunt threats in enterprise networks. #7 Hands-on Hardware Hacking Training: The class, taught by Joe Grand, took the students through the process of reverse engineering and defeating the security of electronic devices. The comprehensive training covered Product teardown Component identification Circuit board reverse engineering Soldering and desoldering Signal monitoring and analysis, and memory extraction, using a variety of tools including a logic analyzer, multimeter, and device programmer. It concluded with a final challenge where users identify, reverse engineer, and defeat the security mechanism of a custom embedded system. Users interested in hardware hacking, including security researchers, digital forensic investigators, design engineers, and executive management benefitted from this class. And that’s not all! Some other trainings include– Software defined radio, a guide to threat hunting utilizing the elk stack and machine learning, AWS and Azure exploitation: making the cloud rain shells and much more. This is just a brief overview of the BlackHat USA 2018 conference, where we have handpicked a select few trainings. You can see the full schedule along with the list of selected research papers at the BlackHat Website. And if you missed out this one, fret not. There is another conference happening soon from 3rd December to 6th December 2018. Check out the official website for details. Read Next Top 5 cybersecurity trends you should be aware of in 2018 Top 5 cybersecurity myths debunked A new WPA/WPA2 security attack in town: Wi-fi routers watch out!