How to get protected from Zero-day attacks

From WannaCry to NotPetya and other malware, the IT world, and the world itself has entered a period of vulnerability. However, if a majority of viruses, Trojan and other nasty piece of code can be easily stopped with up-to-date operating system and anti-malware, a special type of vulnerability leave systems open for attacks, and those are Zero-day attacks.

What is a zero-day attack?

A zero-day is a undisclosed software vulnerability that hackers can use to launch an attack on a computer, a network, data, apps or other computers. Basically, think of a zero-day as an unlocked back door that a thief can use to enter your premises. It’s called zero-day because it leaves no time for the coders to correct the software before a villain can exploit the breach and launch an attack.

Because patching a system, that is modifying the source code to close the back door, can take some time, this leaves a window of opportunity for any hacker to launch an attack. Of course you may ask why software vendors do not close doors as soon as they know they are open. Well, multiple reasons to this. First, it can take time to correct the piece of software since it can have an impact on multiple functionalities that require thorough testing. Then, once the patch is released, users may not apply it immediately, leaving a lot of systems unpatched and exploitable. Some vendors release patches fixed dates, leaving the door opens before the patch is applied. Finally, sometimes zero-day remains unknown from the vendor, as it can be seen as a real weapon for some governments.

Exploiting the zero-day vulnerability

Once a zero day is known, it can be exploited. This can take many forms, depending on the type of breach and on the type of software that has the zero-day. However, this generally translates by leaving a piece of code on the infected machine or by modifying the existing code so the hacker has access to the infected machine. In all cases, the idea of the hacker is to “take ownership” of the machine and its resources.

We are seeing more and more two main types of exploits: ransomware and spyware. Ransomware encrypts your data and ask for a ransom to give you access back. Spyware gets your data as you use your computer and can get your identities and passwords to access your bank accounts and any other of private information. In all cases, these malwares aim at getting something from you, from information to identity, from money to compute power.

How to get protected?

Of course, the first thing you may ask yourself is how to get protected from something you do not know about? Well, there are many ways since we are dealing with computer security. Although hackers are very clever and attacks are more sophisticated, a simple set of good practices will get you protected from most problems.

  1. Update your software on a regular basis. This sounds obvious and sometimes can lead to catastrophic failures as in the case of Petya which corrupted the software update mechanism of a given software, but this is the first step to generally increase protection. This is particularly important for operating systems (Windows, Mac OS, Chrome, Linux mostly on computers, Android, iOS for phones), browsers and apps that rely on internet connections.
  2. Use anti-malware that protects you against zero-day exploits and detect breaches. Modern antivirus and antimalware can detect most zero-day by strengthening security of the PC – for instance, requiring your normal identify does not have admin rights –, monitoring any unsolicited modification to executable files and preventing rogue links and attachment to be used. And always check links and attachments before clicking on them. A PDF file, with a .exe extension is not a PDF!
  3. React rapidly to any exploits. If your system has been compromised, follow the recommendation from your software provider. Sometimes, it’s just patching your system, sometimes it requires a complete reinstallation.
  4. Backup, backup, backup. The simple and effective procedure against data loss is to backup your data. A word of caution though with services like OneDrive, Dropbox or Google Drive. If those services are great to synchronize your local files with their cloud copies, a compromised system can sometimes replicates the rogue files to the cloud, infecting the copies. So a real backup whether local or remote, an a regular basis provides the best protection against potential data losses.

Zero-day exploits will become more and more frequent and getting protected is crucial. It’s not rocket science, as you can see above, but requires a good process and discipline. Start today, do not wait for the next attack to happen. If you are in a company, talk to your IT department to understand what processes and procedures are in place to prevent zero-day attacks. And finally, avoid to the maximum outdated software that are not supported by vendors, they are the best targets for exploits!

5 questions to answer to choose your first cloud workload

Here you are facing the Cornelian dilemma: cloud or not? However, it’s most probable that the choice has already been made. Cloud it is! Do. Or do not. There is no try. Thus spoke Yoda in the Empire Strikes Back. And Cloud it is. Do! The Cornelian dilemma is therefore not to decide to go, but what to send to the cloud. Which application, workload or virtual machine shall go first. To help you in that choice, let’s answer five simple questions.

1. Is the app accessed through a smartphone/tablet?

Look at how the application/workload/server is accessed. If some users are accessing it from a public internet connection, outside of the office, the cloud could be a serious option. It could deliver better service by freeing resources on your uplink while allowing you to decrease your risk exposures by leveraging security features of your cloud provider.

2. Does the app require scaling?

Scaling means different things for different people, but the idea is all around variable demand in compute powers. Think a payroll system. It’s used mostly at the end of month to process pay slips and then goes almost idle. This means most of the time you need very little power and then extra power. However, if you run your own infrastructure, you need to scale it for the peak. By moving this workload to cloud services, you pay the extra power only when you need it and not as an asset that sits idle in your date center most of the time.

3. Is an upgrade necessary?

You reach a point, you need more CPU, more storage, more memory, more network, or just brand new servers as the ones you are using are coming to end of life. Moving to cloud will allow you to choose exactly what you need and to upgrade at will, being a click away from any extra capacity you need.

4. Is a necessary feature only available in the cloud?

You want to implement a new feature, whether some AI or special security capabilities for instance, and after thorough research, the only viable way is cloud services. However, the application that will be leveraging this feature sits in your data center. By moving this application to cloud services, you shift the bandwidth usage potentially to the end user and not to the app itself.

More and more advanced workloads will be only available through cloud services for obvious elements of scale. Taping into global intelligence can help get the right information on time.

5. Does speed to market an intrinsic requirement?

Business is requiring faster time to market of new solutions. Whether it is to go faster than competition or just answering market needs. Setting up new services on premises requires hardware and software acquisition, development of the solution and setup in the existing infrastructure. By choosing a cloud infrastructure, you can:

  • develop and test at will, including scaling up and down to test various configurations;
  • go in production faster by choosing the right servers/containers;
  • upgrade on a constant basis without having to worry about fitting in the existing infrastructure.

When you look at your current IT landscape, and at each of your application/workload/server, the ones that have a yes at one of the previous questions are candidates to the journey to the cloud. The last point to consider among those apps is the dependencies. Some apps are autonomous, some are dependent to others. The best candidate as the first to go to cloud is the one that has the least dependencies. This sounds like common sense, however, this will considerably ease your task.

Top photo by Markus Spiske on Unsplash

Blockchain, are you ready?

You have heard about blockchain, haven’t you? The technology appeared with Bitcoin in 2008 and has since spread almost like a wild fire. You will find a lot written about blockchain, all major software companies have embraced the concept proposing blockchain services and blockchain has attracted millions of dollars of funding. But why does it matter, and why should you get interested in it?

Why blockchain matters?

In a nutshell, a blockchain is a distributed digital ledger. Three very important words that defines a blockchain:

  1. Distributed. A blockchain is not stored on a single server but replicated on multiple computers spread on the internet. Therefore, even if a copy was to be deleted or altered, the other nodes would detect it and correct the inaccuracies.
  2. Digital. It’s kind of obvious, a blockchain is stored and managed by computers.
  3. Ledger. Like an accountant ledger, once a data is written it cannot be changed. If it were changed, the chain of blocks will become invalid and would discard the invalid block.

Each block is formed by set of data and a computed key (also called a hash value) which is the link to the previous block. If the data of a block was altered, the link between the altered block and the rest of the chain would be inconsistent showing that something has happened, making the data stale. Therefore, ensuring each set of data a transaction with its four ACID criteria: Atomic, Consistent, Isolated, and Durable. So, we can therefore say that a blockchain could forms the fundamental for any transaction that needs to be guaranteed.

A transaction example

Let’s take a simple example. Let’s say you want to transfer money from one bank to the other in a foreign country. In most cases, you will have an intermediary that will guarantee that the money sent is well received. This intermediary guarantees the transaction between the two banks who may not know each other. Therefore the transaction that will happen will be:

  1. Bank A informs the intermediary that Mr or Ms X transfers Y amount to Bank B to Mr or Ms Z.
  2. The intermediary checks that Mr or Ms Z exists at Bank B and proceeds to the transfer.
  3. Bank B informs the intermediary that the transfer has been well received and credited to the account of Mr or Ms Z.
  4. The intermediary informs Bank A that the transfer is complete.

In case Mr or Ms X, or Mr or Ms Z file a complaint, for instance that the money has not been transferred, then the intermediary will provide all the evidences. Now, if blockchain would have been used, the intermediary is useless. If the transactions were written into a blockchain, they would be guaranteed ACID and therefore bank A, B or the X and the Z could have checked it and prove its validity.

Why should you get interested in it?

Blockchain is providing the basis of undisputed transactions. Any business sells and buys goods or services, therefore perform transaction. They may require to prove those transactions are valid, either to a judge or simply to their customers. Let’s imagine you are selling fish and want to prove that your fish comes from reputable source. You could use a blockchain that tags the fish as soon as it is caught and gets updated at each step of the selling process until the end customer. A powerful way to ensure and guarantee the food chain.

If you take a look at your business, you will find many ways to include blockchain. It will not disrupt your business model, but will serve as a base to guarantee your goods and services. Blockchain is actually disrupting cloud technologies and the way providers sell their services. However, because each of the big cloud service providers has setup blockchain platforms, blockchain can be leverage fast at a minimal cost. This allows explosive growth with low investments.

Some Blockchain benefits

As many technologies along the last centuries, blockchain will have a profound effect on business operations. Among its various benefits on transactions we can find the following:

  • Speed. Because we cut the intermediary, a transaction will be executed faster. Like in any peer-to-peer network, information circulates faster.
  • Cost. Because we transact in direct, fees may lower. This, though may not prove entirely right at the beginning at least, due to the setup of the platform and the necessity to review internal processes.
  • Security. Blockchains are inherently secured. Yes, there are some flaws, however, large platforms like bitcoin or ethereum add a level of strength due to their size. It’s not the too-big-to-fail syndrome, it’s the thousands if not millions of members that make them stronger than smaller platforms.
  • Trust. Because a blockchain cannot be compromised and can be made public, a business that needs to provide proof of work will have a powerful way to do so.

Get on the bandwagon now!

Blockchain is not another big trend that will fall flat on its face. At almost 10, the technology is entering its maturity phase. There is not one day out of a big announcement of a company, a city or a state embracing blockchain technology. This could be your first cloud project as well, think about it! The questions for you are where to apply this, what benefits would it provide to your operations and how to start. The first step could be to use a consulting firm to help you answering those questions fast, at least before competition announces that they are blockchain ready and start stealing your business. Are you ready?

Why not going cloud is suicidal

Out of the 500 top companies in 1955, 87% have today disappeared! Why? They just did not embrace change fast enough. This is what is going to happen to your company if it has not yet embraced cloud technologies. Cloud is pervasive. From paying your taxes to liking your friend’s pictures. From booking your plane tickets to finding the next dinner’s recipe. From storing your emails to hosting your banking applications. Cloud is everywhere.

Now, if you happen to work in a company, ask your IT guy where are the servers, the data and the applications? In the company’s data center (or server room) or somewhere in the cloud? Whatever the answer, ask the same guy if you can access all the company applications anywhere, anytime on any device, and listen carefully to the answer. If it’s a no, your company is living in the 20th century and may disappear in the near future, outpaced by a faster and leaner competitor. If it’s a “no but pretty soon yes”, then you are the right path.

What is the cloud?

Ask 10 different person the above question, and they’ll come with 10 different answers. I like the “official answer” from the National Institute of Standards and Technology: “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” Okay, not the simplest answer that exists, but the most complete and precise. Take a moment to read the definition slowly. Done? Ready for my definition?

The cloud is all about accessing data, applications and services from internet, without having to manage the necessary infrastructure. You need mail? Subscribe to a mail provider. You need payroll? Subscribe to a payroll provider. You need payment mechanism? Subscribe to a third party payment provider, and so on, and on, and on. Basically, when you need an app or a service, you do not purchase servers, storage, network and software, you subscribe to the necessary service through a service provider. In the end, you do not own any IT but some desktops and internet bandwidth.

Why going to cloud?

Again, ask 10 different persons the above question and you’ll get 10 different answers. I’d rather provide an answer around the 5 main characteristics of the cloud as defined again by the National Institute of Standards and Technology:

  1. On demand. Cloud services are on demand, pay per use… More and more people do not own cars anymore but use Uber or other similar services. Much less costly and much more flexible in the end!
  2. Universal access. All you need is an internet connection and voilà! No need to create VPN, to setup dedicated line, and to manage those lines. All you need is an internet access, secured of course!
  3. Resource pooling. The resources (servers, storage, network, apps, etc.) are shared by all users and are allocated based on usage and needs. Therefore, you may have instantaneous access to a very vast array of resources without having to purchase them.
  4. Elasticity. Because cloud offers on demand resource pooling, you can access a lot of compute power for a short period and release it when you do not need it. Think about the sales spike at Christmas for a retailer for instance.
  5. Measured service. Everything you do is measured and billed. Therefore, you know exactly how much your IT cost, almost per user or per department. This allows precise ROI calculation and internal billing mechanisms.

All this without having to use your hard-earned money on purchasing and maintaining an IT infrastructure. As a parallel, think about electricity. Do you have your own electric plant? Probably not (except if you are in Nigeria, but this is another story)! Same for IT. Cloud provides cost efficiency, flexibility and offers services that would be very difficult and costly to deliver on premises.

Why not going now is committing corporate suicide?

Still not convinced that the cloud is the way to go? Scared by horrible stories about the NSA, WikiLeaks or Edward Snowden? Let me tell you something very simple: as soon as you connect any piece of equipment to internet, one way or another, it risks to be breached.

Using cloud technologies is generally the best way to heavily secure any data, app or service in a much better way than you can do on premises. I will cover security in a following post, since it has become a very hot topic. Now, what if you are still not convinced? Think about why you are committing corporate suicide if you are not going to the cloud right now:

  1. Your competitors are going to the cloud and are getting leaner. They will be able to lower their price or provide more services, making you irrelevant. This is already happening in every industry.
  2. Your employees are watching what’s happening elsewhere and will leave. Whether millennials, X or Y generations, everybody realizes how fast you can do things if you have the right online tools. Not having them in the corporate environment if a big no-no!
  3. Your customers will look for more service, faster, better, cheaper. And delivering those services is only possible with a good return on investment with pervasive technologies.
  4. Your capacity to innovate will slow down. Thyssen Krupp does not sell elevator anymore, they provide lift services. How different is it? They are using cloud technologies and Internet of Things to increase security, lower breakdown and provide a better uptime.

Employees, customers, operations, innovation are the four pillars of any company, private or public. If you cannot increase employee and customer satisfaction, decrease operations costs while enhancing operations effectiveness, and deliver faster and better innovation, you are on the past of becoming obsolete!

And now?

It’s not too late! Even if you are still scratching your head about what to do, you can embrace cloud technologies and rip all their benefits. How? Pick up your phone. Yes, your nice smartphone, the one you are posting pictures on Facebook with! Pick it up and have a look at all the apps that are running on this phone. All of them are powered by the cloud. You trust them. You use them daily. Which of them is the equivalent of an app you are using for your corporate work? Mail, file sharing, travel booking? Pick one, just one and ask you what would be necessary to move this corporate application to cloud services.

Consider the additional benefits you will get, the cost reduction you will enjoy (take all the costs in consideration) and the management simplification from the back-end perspective, then commit to a date! Cloud may not be the solution for everything but is becoming slowly. Banks are moving their core banking to cloud services. Insurance companies are calculating actuaries with cloud compute power. Large and small companies are throwing their datacenters away. Don’t be a dinosaur. Remember birds are the evolution of some dinosaurs. Do you want to become a soaring eagle or a decaying triceratops? The choice is yours!

Before leaving, download a simple checklist to help decide if any given app has to be moved to the cloud. Click the button below!


The Office Productivity Blog is back online!

The site did not enjoy 2017 and decided to shut off on January 12. Well, actually, it did not shut off itself but it was forced to shut off because its owner (myself) forgot to renew its domain name (and did not switch on the auto-renew button… yes I know). Apologies for this!

The good thing is as I was thinking of changing the look and feel, and the content orientation, of the site, it has been a wake up call. So stay tuned, some new things are coming up any time soon!

In the meantime, keep increasing your personal and group productivity by leveraging the best hybrid technologies (the world is hybrid, let’s go hybrid)!

Enhancing OneNote with Add-ins

In the last post, we looked at Clipper to quickly and simply grab information from the web, right into OneNote. In this post, I’ll show you how to continue to customize OneNote with add-ins. It’s probably the best kept secret as finding OneNote add-ins is not the easiest task. For sure, you won’t find any if you are not explicitely look for them (tip: Microsoft should put a link to the add-ins page  on the first page of the site).

It’s a developer’s game

Not really for us mere mortals, but it’s true that add-ins are the realm of developers. Thanks to the OneNote API (Application Programming Interface), available at


Think beyond the PC if you’re a developer as you probably know by now that OneNote exists on almost all platforms. This allows apps to use OneNote as a destination or a source of information to automate any relevant tasks.

It’s a user’s game

I’ve left the developer’s world a while back, but I’m an avid user of OneNote and add-ins are a great way to use OneNote for various additional tasks. So, if you scroll down the developer page, you will find the link to go to the featured apps (alternatively, you can click here).


You can browse through all the available add-ins on this page, here are my preferred ones. Those I’m using almost on a daily basis.

  • OneNote Clipper. I wrote about it, just loving it to save web pages right into OneNote.
  • IFTTT. This add-in connects almost anything to OneNote, from Twitter to email, from Slack to you Tesla…
  • Office Lens. Take a picture, enhance it and integrate automatically right into OneNote. A great way to save flipchart notse.
  • Email to OneNote. Forward emails or send documents right into OneNote at Just to easy!
  • OneNote Class Notebooks. For educators, a simple and powerful way to create a course, share it with your students for immediate collaboration.

There are tons of other add-ins, those are just the ones I’m using. However, the cool thing about add-ins are to see OneNote considered more and more as the most powerful tool for note taking. Enjoy and let us know any specific add-ins you are using!

Copy web pages to #OneNote in one click with OneNote Clipper

If you are a OneNote user, you will, someday, definitely need to copy and paste information from a web page. Although the good old Ctrl+c – Ctrl+v (copy and paste) works, there’s a better way to clip a piece of a web page to OneNote: Clipper!

What is OneNote Clipper?

OneNote Clipper is an add-on to your web browser that allows you to copy and paste a web page or a piece of it right into OneNote. It exists for most browsers, including Safari, meaning, yes, it works on a Mac! (Sad though it does not work on Opera).

For Windows 10 users: if you are using Microsoft Edge, you will need to update to Windows 10 Anniversary Update to have the Edge version that allows extensions!


With one or two clicks, select what you want to copy – in the example above, the article – and where you want to copy it – which section in which notebook, then clip it! You now have this article in OneNote as shown below.

OneNote online showing clipped article

Setting up Clipper

How do you get Clipper? Nothing simpler! Go to and click the button Get OneNote Clipper.


The setup procedure depends on your browser, but should be fairly easy to follow. Seconds later Clipper is setup in your browser.


The last step is to get identified so that Clipper gets access to your OneNote notebooks. Click on the Clipper button or link (for IE), then choose to sign in with a Microsoft account or an Office 365 one (provided by your work or school).


One signed in, you’re good to go!

Using Clipper

Once setup, Clipper is accessible through an add-on (in most browser) or a link in the Favorites bar in Internet Explorer. Below is the Clipper add-on icon in Firefox.


Once you are on a page you want to paste in OneNote, follow those four simple steps:

  1. Click the Clipper icon or link
  2. Choose between Full page (the exact web page), a region (a rectangle that will be pasted as an image), the article (the text of the web page with basic formatting) or the bookmark (the link to the page) – You will see a preview so you have a fairly good idea of what your OneNote clipping will look like
  3. Choose the Notebook and the sectionsnip_20161012192638
  4. Click Clip


You can immediately view the result in OneNote by clicking the View in OneNote button. This will open a new tab in your browser and fire OneNote Online.


After a couple of seconds, or minutes depending on the speed of your connection, the page will appear on your local OneNote.


If you have this OneNote notebook on other devices, they will all synchronize and you’ll be able to read your article offline at any moment on any of your devices.

To conclude, the OneNote Clipper is a simple tool that allows to quickly paste articles or web pages directly to one of your OneNote notebooks. Since it exists for almost all browsers and platforms, it would be a pity not to take benefit of it if you are a OneNote user, which I deeply encourage you to become!

Office Lens, the ideal companion to #OneNote

We are all confronted to situations where we need to scan a document, keep notes taken on a white board or just include a picture in our notes. It’s very easy to use the camera of our phone to do this. However, a picture has many disadvantages, like its format, its size or just the fact it’s in your picture folder and not integrated with the notes you’ve just taken in OneNote. Office Lens is the solution to those disadvantages.

What is Office Lens?

In a nutshell, Office Lens is a tool that transforms your mobile camera in a powerful scanner that integrates seamlessly and effortlessly with Office. This means you can scan a document, a whiteboard or a business card, or just take a picture and include it directly into Word, PowerPoint or OneNote for instance. Of course you may wonder why needing an app where the camera of your phone and laptop can do the same! Well the app has a twist: it straightens the image of the documents.

First, the app detects automatically the document: it draws a white rectangle around the document to scan.

Second, it straightens and cleans it, to enhance its quality. It’s ready to save it as a PDF or include it into OneNote

Installing Office Lens

The good news is Office Lens exists on almost all platforms: Windows Phone, Android, iPhone, iPad and Windows PC. You just have to go to the store of your platform and look for Office Lens. Below is the app in the Apple Store on an iPhone.

Office Lens and OneNote

Although you can save your scanned documents to PDF, as a picture or send it by email, you can insert them into Word, PowerPoint and OneNote.

The OneNote option is the most important to me when I come to a document that I want to keep along with my notes. Once you chose OneNote, you can give the document a name, the app will then create a new page and insert the picture you’ve just taken.

Office Lens is a simple and powerful application that can transform your business cards, documents or whiteboard into a clean picture that can be inserted in your OneNote or other apps. Much more convenient that the normal camera app!

Using smart attachments in Outlook

If you are used to send documents through email, this new Outlook feature will save you a considerable amount of time. This requires either the latest version of Office (Office 2016) or an Office 365 Subscription.

Available attachments

Let’s say that you are working on a word document and you want to send this to one of your contact. You save that document and are ready to share it via email. You go to Outlook to compose a new email by clicking on the New Email button.

In the new email window, go to Insert, then click the Attach File button.


The drop-down list contains the last 12 documents you opened recently. If your file does not appear in the list, you can always browse the PC. If you’ve just closed or save the file, there are good chances it’s there.

Web attachments

A second new feature concerning smart attachement is the use of the cloud. Note that the first Word file in the list above comes from OneDrive. If you select this file, below shows the way it’s going to be attached.


The file icon has a small cloud and next to it you see the text Anyone can edit. What Outlook is doing is sending a link to your recipient(s) and sharing the document by applying edit rights. You are able to change permissions if you want only view rights: Click on the arrow, choose Change Permissions and select the right permission.


Those two new features are great additions to Outlook to help you getting more productive and to avoid the multiplication of the same document by back and forth emails.

Taking handwritten notes in OneNote

OneNote works with a keyboard and with digital ink and pen too. Although you may, like me, love paper, handwritten note taking is a great way to get ideas on a virtual sheet of paper automatically saved to the cloud. The below screenshot has been taken on my Surface Book in tablet mode.

Automatically adapted to tablets

OneNote adapts itself automatically to tablet mode. If you move from landscape to portrait, as in the screenshot above, you will notice that the menu is not there anymore. The same with pages or sections. The space is entirely freed to allow note taking. Of course, you can always have the menu appear by tapping on the top of the window. Then, move from section to section through the drop-down at the top right of the page.

In the Advanced Options window, notice the details of pen usage like Use pen pressure sensitivity. This option allows to press harder to get the thicker line, like you would do on normal paper.

Using different pens for your handwritten notes

The Draw menu allows you to change pen, color, thickness, etc. If you happen to have a Microsoft Surface (may work on other tablets too), note that the eraser is at the back of the pen, so useless to go to the Eraser option, just use your virtual pen eraser!

Discover in the pen dropdown that there are far more pens that the favorite ones presented in the menu bar.

And finally, adapt the Pen mode to what you need, by clicking the option at the bottom of the dropdown. You can chose to draw only, write, do both, or even just use the pen as a pointer if you are presenting your OneNote.

Drop the keyboard, move to digital pen!