Monthly Archives: July 2010

Faceoff. Lessons from the Facebook Data Harvest


Facebook is hitting the news again in quite a few places for it’s supposed ‘hack’.   In case you haven’t heard, security consultant and long time programmer Ron Bowes effectively trolled Facebook, then cataloged and published the data of over keyboard 100 million Facebook users.  The data included names, addresses, and phone numbers.  While some are calling this a hack, it really is not.  Mr. Bowes merely gathered data that the users had already made public.  It was out there, he just gathered it, cataloged it, and distributed it.  We can debate about how ethical this was, but it really amounts to redistributing the white pages that are sitting in your desk drawer, only in this case the white pages weren’t for a small geographic region, it was Facebook users worldwide.  Only users that had allowed their addresses and phone numbers to be seen publicly were listed.   Names of course are essential to finding people on Facebook, so that’s kind of a given.  The point of this article is to make clear that you really have to consider everything you publish on the Internet to be public domain.  If you wouldn’t want to put it on a billboard on a busy interstate, then don’t put it on the Internet.  Sure, you can go into Facebook’s privacy settings and limit who gets your address or phone number, but you are only one mis-configured server away from having all of that information collected in a real hack.  The same goes for those very personal emails you thought were secure.  A poorly configured server, a server that was not properly patched, or an employee with an axe to grind can expose it all.  This is not an indictment of Facebook.  This goes for anywhere you store your data.  This includes your credit card numbers that are still stored by some online merchants, this includes your social security number that some websites require.  This includes everything.

No problem.  You’ll just go and delete those potentially embarrassing posts right?  Wrong.  Search engines cache pages.  That means they make a copy of that data that Facebook for instance, publishes and they keep a copy of it on their servers.   You may well delete the post from Facebook, but Google keeps it’s own copy, and you don’t own it.  In addition, you don’t know how many backups of that post Facebook has made or where they are kept.  The things a 16 year old says on Facebook now could well come back to haunt them down the road.  It’s all out there, and it’s all out there forever.  You need to be careful.

Photo by orangeacid/Flickr

Advertisements

A Temporary Solution. Uses for a Rescue CD.


hard drive photo

Courtesy Chris Sharp / FreeDigitalPhotos.net

Keyloggers, trojans, and public computers.  All of these can be bad news for you. Really bad news.

Say what?  Keyloggers are applications that hide on your computer and send out every keystroke you make to a remote computer somewhere on the planet.  On the other end, bad guys troll your keystrokes for things like login names, passwords, and credit card information that they can use.  Trojans are a category of malware (software that does bad things) that people install thinking they are getting something helpful or fun, but while the victim is busy being entertained, it does something undesirable in the background like turning your computer into a spamming machine, stealing your personal information,  or installing more bad software.  Sometimes it takes the form of a popup alert that says you have XXXX infections on your computer and that installing this little ‘scanner’ will clean it up.  Of course, that little scanner is a piece of malware you’ve just installed and it’s now doing bad things.  But, you think you are safe because you have an antivirus program installed right?   Not always.  Whenever someone brings me a computer that is giving them trouble, one of the first things I do is check the virus definitions to see if they are up to date.  Unfortunately, many of them are hopelessly out of date.  I’ve seen some that haven’t been updated in over a year!  Antivirus software works by looking for ‘definitions’ that are generated by the antivirus software vendor after first seeing the virus in action.  So, if you aren’t updating your scanner, it doesn’t know about all of the newest threats.  Also, because of the reliance on definitions, if you happen to ‘catch’ a brand new virus before a new definition file has been released, you are vulnerable even if your scanner is ‘up to date’.  Although the chances of catching a virus before your vendor pushes out a new definition file are very small, it’s still something that must be considered.  So, how are public computers bad?  A report from AWPG shows that over 48% of the over 22 million computers they scanned worldwide were infected with malware.  That means you’ve got a nearly 50/50 chance of sitting down at a public computer that is infected.  It is true that many of these computers are supported by professional IT staffs, but like anything else, the competency of IT staffs varies. Are you ready to chance it with your bank account information?  If you are logging onto anything with a public computer, you are at risk of someone stealing that information.

If that’s the bad news, then what is the good news?  You can beat the dangers listed above.  The better news?  It’s really easy.  With the constant refining of alternative operating systems such as Linux, you are able to boot an entire operating system from a CD without it using anything from or writing anything to your hard drive.  Since the bootable CD is not writable by the malware, it can’t install itself onto your system.  If you think that your computer may be infected, you simply insert your bootable disc into your computer and boot up from CD ROM.  When the operating system loads, you can browse the web, check email, prepare documents, etc. without the concern that malware on your computer is stealing your information and sending it away without your consent.  Likewise, if you are traveling without a computer, you can take your bootable CD with you and boot up a clean operating system in a matter of minutes if you have access to the CD ROM drive.  When you remove the CD and reboot the computer, everything you did is gone.  To add to this delightful news, several antivirus vendors have released bootable CDs with their virus scanners pre-installed.  This is good news, because if you have a piece of malware that has snuck in, it can render your antivirus software useless.  I’ve even seen malware that won’t allow you to go to the websites of antivirus companies in an effort to prevent you from installing antivirus software and removing the infection.  For that type of heinous infection, you’ll need either a boot CD or to remove the hard drive and have another computer scan it.

What are the limitations?  First, whenever you do anything on the Internet, you are interacting with computers on the other end.  If those computers are infected with malware, your data could be stolen.  Of course, since the problem is on their end, it won’t matter what you use on your end.  Likewise, another computer on the network you are using could be infected and capturing information that you are sending and receiving.  That is also beyond your control.  If the information is that sensitive, don’t trust a public network unless you are using a VPN connection to a known server.  VPN (Virtual Private Network) is a specialized connection that many businesses and agencies setup to ensure a secure connection between themselves and remote computers.  Speed is another limitation since every time you open a program, it has to be accessed from the CD, which is much slower than a hard drive.  In addition, many of the larger operating systems have to compress the files to get them to fit on the CD.  Uncompressing takes additional time to process. This can result in some time spent waiting.  Depending on the speed of your system, you may need some entertainment on the side while you wait for things to load.  This is particularly true if you are trying out a full blown operating system as opposed to the smaller, specialized virus scanning discs.

Where do I find these CDs?  If you are looking to try out something that is different that Windows, or want to carry around a full operating system on a disc, Ubuntu Linux or Mint Linux are two very friendly versions.  Ubuntu is a full featured operating system, and I am using it to write this post.  Mint is based off of Ubuntu and takes user friendliness a step further.  These would be ideal if you were heading on vacation and staying with Uncle Lou who spends his days on one of the twenty or so gaming sites he frequents and doesn’t even know what a virus is, while Cousin Bobby who is still sponging off his parents and is addicted to Lime Wire, uses the same computer to download bootleg software, music, and movies.  Consider this machine compromised.  Slip in your boot disc, reboot, check your transactions and stocks, then remove the disc, reboot, and enjoy your vacation.  Ubuntu can be found here.  Mint Linux’ home page can be found here.

For malware removal, I’ll list a few options.  I’ve used some of these scanners before, but I have NO experience with these  system discs.  All of the offerings are from reputable vendors, but I do not know how easy they are to use since I haven’t tried them yet.  Also, before you scan with any of these, make sure you have backed up your data!   If you followed my advice in Back It Up, I’ll Take It!, this won’t be a problem.   While the Ubuntu Live CD won’t write to your disc unless you tell it to do so, by definition, malware removal tools will have to write to your hard drive to carry out their duty.  Occasionally, removing malware will make your computer non-bootable.  So, while you’re at it,  take the time to read that documentation that came with computer that said ‘URGENT: READ BEFORE USING YOUR NEW COMPUTER’ in BIG bold letters at the top of the page.  You know, that one you immediately threw to the side to get to your new pc, only to come back later and file it because it was in your way.  All of course, without ever reading it.  It’s the one about how to make a system restore disc.  Yes.  This is a lot of work.  But, a number of things besides malware can make your system non-bootable .  Since you should already have a system restore disc, why not prepare and do that now instead of having a problem with your computer not booting the night before that really, really important report is due and it’s too late.  A system restore disc and a working backup strategy can keep you from shelling out money unnecessarily and being without your computer while you get it serviced.

With the disclaimers taken care of, here are some options: Avira, Kaspersky, BitDefender.

There are other options.  Some are free, and some are not.  This article is more of a primer than a comprehensive how to.  A starting point if you will.  You are going to need to know how to burn a bootable CD.  These discs are downloaded as one big file (image), which your CD burning software (such as Nero) breaks down into many files and burns them onto your CD.  Since there are quite a few options for burning, I’m going to leave it to you to discover how to use your particular software.  Newer versions of Windows already have that functionality built in.

As for new operating systems to try, well that’s a wide open field.  You can have a look  at distrowatch.org.  That will get you started with over 100 different versions of Linux and Unix.  Where you go from there is up to you.

Edit: As 0f 8/8/2010, I have used the BitDefender rescue CD and it worked very well for scanning viruses.

Just Say No! HP Snubs Microsoft.


Microsoft’s biggest customer, HP has announced that they will not be using Windows Phone 7 or Android in their smartphones.  While bypassing Android is no surprise given HP’s purchase of Palm, the Windows 7 snubbing will be sure to raise some eyebrows.  HP Executive VP Todd Bradley reported during an interview on CNBC. That while they will not be using Microsoft’s operating system in their smart phones, they will be using both Windows 7 and WebOS (from the purchase of Palm) in future tablets.  I’m not quite sure how long that arrangement is going to last considering how badly HP wants WebOS to compete in the smartphone and tablet arena, but it’s going to happen at least temporarily.

With HP’s deep, deep pockets, look for them to invest a considerable amount of capital into trying to make the smartphone market a three horse race with Apple and Google and themselves as the major players.  While Microsoft has confirmed that some large hardware makers such as LG and Samsung will be producing phones with their operating system on it, they haven’t seemed to generate much excitement in their software.

MobileCrunch also carries a link to the video.

Better, Stronger, Faster. Speed Testing Four Models of the iPhone.


Thinking about entering the iPhone market or upgrading from an early version? Here is an interesting side by side by side by side comparo of the iPhone 2G, 3G, 3GS, and 4.  While very unscientific, you can get the point pretty easily.  There is no indication as to what version of the os each phone is running, but if you were considering spending the cash for the 4 or saving a few dollars (or avoiding that whole antenna thing) by getting the 3GS, this video will give you a decent real time comparison of the speed you’ll be giving up by saving the cash.  You’ll need to decide which you want to give up, speed or cash.

Thanks to Gizmodo for the article.

Pitching Lessons. Leadership Lessons from the Pitcher Plant.


Photo Courtesy of Sarracenia Northwest

The pitcher plant is a fascinating and unusual plant to say the least.  It grows in very poor soil, but that doesn’t stop it.  It’s been created to gather its nutrition in other places.  It eats things.  Mostly bugs, but pretty much anything that moves and falls into its trap is food.  The leaves are rolled into cones (pitchers) to hold the prey.  Special hairs point inward to to keep the poor creatures from coming out once they’ve fallen in.  At the base of the pitcher awaits a pool of enzymes to slowly digest the victims.  From there, the leaves absorb the soup that’s created by the dissolving dinner, and that is how it makes up for the poor nutrition of the soil it is anchored into.  You would think that this bizarre plant would be found in remote jungles.  Well, it is.  But the species pictured here is quite comfortable growing in the Southeast United States.  Many varieties call the Southeast U.S. home, and at least one variety will grow as far North as Canada.

So, what does this have to do with anything related to technology or leadership?  Well, part of the purpose of this particular post is show you that life lessons can be pulled from almost anywhere.  The lowly pitcher plant can teach us things.  Today I am going to offer up three lessons we can take from this unique plant.

1. The pitcher plant is resourceful. It grows in soil that is so nutritionally poor, most other plants simply cannot grow there.  It thrives in very soggy soil, also a condition that most plants find unacceptable.  It found a niche that other plants wouldn’t fill and it filled it.  Likewise, if we can find an area that others find uncomfortable, we can seize that opportunity.   We may need to adapt ourselves to this new arena, but if others won’t go there, we’ve just eliminated most of the competition.
2. The pitcher plant is patient.  Under the hood that covers the pitcher it secrets a sweet smelling nectar that lures insects to it. This nectar has a paralyzing effect on its prey.  It essentially drugs the hapless victim and it winds up falling from the hood into the deathtrap below.  The pitcher plant isn’t flashy.  It doesn’t scream “Look at me!” in a puffed up self promotion campaign.  It simply sets out the bait and waits.  It knows it has something that its food simply cannot resist.  The strategy works.  Many of the pitchers on the plant become so full that it can’t support the weight any longer and they lie on the ground, full of bugs.
3. The pitcher plant is relentless.  It never quits.  The pitchers are always open for business.  It doesn’t get discouraged when it has been releasing nectar for a while and has no ‘customers’ at the door.  It stays the course and doesn’t give up.  When you know you are on to something that is right, stay with it.

So you see, life lessons are everywhere.  Always be ready to learn from them.  If you stop learning, you stop living and you can never progress further than where you are at the point you stop learning.

To Have or Not To Have. What Ownership of the iPad, or Lack Thereof Says About You.


I was reading an article on Wired Magazine’s website today and just couldn’t pass this one up.  This will officially become my first post dropped into the rant category.

According to a study by consumer research group My Type, iPad owners are ‘selfish elites’, while iPad haters are ‘independent geeks’.  Since I am neither an owner or a hater right now, I guess I’m neither of those.

Check out the full story here, then let me know what you think.

Get Out of Jail Free! Jailbreaking Your iPhone is Legal!


TechCrunch has just reported that the U.S. Copyright Office has handed down new rules regarding the iPhone among other things.  It would seem that it is now legal to jailbreak your iPhone in order to use legally obtained software (i.e. apps that are not provided in the app store) and it is now legal to jailbreak your iPhone in order to put it on a different network (i.e. T-Mobile).  We’ll see how long it takes Apple to work around this.

There are also new rules regarding circumvention of encryption of video games, DVDs, and computer software for very specific reasons.  This is very interesting and I’m sure I’ll be talking more about it as things shake out.

As always, read the new rules for yourself and consult legal counsel where necessary.