Tag Archive for Facebook

RB | February 2, 2012
No comments

Never Check Email First Thing In The Morning

Business - Updated 03-18-12 - Science writer David Bradley on his blog ScienceText also recommends, “Avoid social networking and email first thing.” I know it works for me, I walk around and talk to staff before I get tangled up in the work everybody else wants me to do.

Sid Savara a widely regarded personal development trainer published 7 Reasons You Should Never Check Email First Thing In The Morning at his site sidsavara.com.

#1 – Ignorance Is Bliss..fully Productive – When it comes to email, ignorance is bliss. That’s why if you’ve got something important you want to make progress on, the author offers these four words for success:

Don’t check your email.

EmailsAs soon as you get in, work on something important for 30-45 minutes, and only then check email. If you can stand it, wait even longer. The article suggests that as long as you’re ignorant of everything else that’s going on outside, you can concentrate on what you want to work on.

Any new information you get can cause you to get distracted.

#2 – It’s Not Your Todo ListMr. Savara you know what is most important for you to work on the first thing in the morning you should go ahead and do it!

By checking email, you risk doing what someone else wants you to do. Or more bluntly, when you check your inbox, the emails you get are a todo list someone else makes for you.

Who is in charge of your time – you, or the person emailing you?

Changed priorities#3 – It’s An Excuse To Lack Direction – The author says that checking email is a low priority activity and that you may be checking email first thing in the morning because your todo list has gotten off track somewhere. He argues that when you don’t have a clear list of priorities, checking email becomes an urgent activity that you do at the expense of your important ones.

#4 – Reaction vs “Proaction” - When you check your email, you end up with more work to do – and because we’re in “check email” mode, we start replying to them at the expense of the task we were just working on. Rather than actively setting an agenda, email forces you to react to items as they come in – regardless of their true priority.

Mr. Savara says he prefer taking proactive actions. Work on the things that are important to you, regardless of whether they’re urgent or simply at the top of your inbox. Stop wasteful actions, and focus on productive actions instead.

Social networking sites#5 – Searching For Excuses Blindly checking email (or Twitter, or Facebook, or any number iTime wasters) is usually just searching for an excuse to not do the work that must be done according to the author.

Don’t fall into that trap. Don’t give yourself an out by checking your email for an excuse to fail. He urges, Don’t check your email  – acknowledge the task you need to get done, and do it.

Cross that bridge – it’s not going away.

#6 – There’s No Set Time Limit – Meetings get a bad rap for being a waste of time – but at least you usually know how long a meeting will last. But do you know how long you’re going to spend on email once you open your inbox, odds are you don’t know – or you’ll underestimate it.

The problem is, checking email only takes a minute but you can get sucked into follow-up activities that result from opening your email, and there’s no way of knowing how much time these will take.

You have a set time limit for how many productive hours you have in a day don’t let email suck you in and cause you to devote more time to it than you can afford.

#7 – It Builds Expectation – A lot of people says, “But I have to check my email! People expect a response from me in the morning!” The author believes that there are some requests that need immediate responses, but they’re much less frequent than you might think.

He argues that people expect a response from you in the morning because you’ve always responded first thing in the morning and you’ve built that expectation. The more often you check email, the more often people will expect you to check it. Just stop checking it first thing in the morning, and people won’t expect it anymore.

Mr Savara recommends the following email rules:

  • Only check if there is something specific you are looking for. Most important – don’t go fishing around. Check it with a specific plan, a specific email you’re looking for from a specific person.
  • Separate low value emails via filters (“rules” in outlook) or separate email addresses so you don’t even see them in your inbox when you check
  • Set a time limit. Commit to checking for 5 minutes, just to look for that one piece of information – and have your exit strategy ready. Before you open your inbox, decide what you’ll do if 1) the email is there 2) the email isn’t there 3) the email is incomplete. Don’t be reactionary – proactively decide what action you will take based on the outcomes you expect.
Related articles
Category: Business | Tags: , , , , , , , , , , , ,
RB | January 10, 2012
No comments

Are You on the Pwnedlist?

Malware Pwnedlist.com lets you see if your email has compromised by checking it against a collection of nearly 5 million possibly compromised accounts. Brian Krebs at Krebs on Security reports that a user can enter a username or email address into Pwnedlist.com’s search box, and it will check to see if the information was found in any suspicious public data dumps.

PwnedlistPwnedlist.com was created by Alen Puzic and Jasiel Spelman, two security researchers from DVLabs, a division of HP/TippingPoint.Mr. Puzic said. “… I could create a site that would help the everyday user find if they were compromised.”

Pwnedlist.com currently allows users to search through nearly five million emails and usernames found online at sites like sites like Pastebin. The site also often receives large caches of account data that people directly submit to its database. Mr. Puzic told Krebs on Security it is growing at a rate of about 40,000 new compromised accounts each week.

EncryptionMr. Puzic said information contained in these data donations often make it simple to learn which organization lost the information. “Usually, somewhere in the dump files there’s a readme.txt file or there’s some type of header made by hacker who caused the breach, and there’s an advertisement about who did the hack and which company was compromised,” Mr. Puzic in the article. “Other times it’s really obvious because all of the emails come from the same domain.”

Mr. Puzic said in the article that Pwnedlist.com doesn’t store the username, email address and password data itself; instead, it records a cryptographic hash of the information and then discards the plaintext data. According to the blog. a “hit” on any searched email or username only produces a binary “yes” or “no” answer about whether any hashes matching that data were found. It won’t return the associated password, nor does it offer any clues about from where the data was leaked.

If Pwnedlist says you email or user ID is in their database, they offer the following advice:

Shocked woman

  1. “Don’t panic! Just because your email was found in an account dump we collected does not mean it has been compromised.
  2. Immediately change any passwords that might be associated with this email account.
  3. It is probably a wise idea to go through all your accounts and create new passwords for each of them, just in case. “Better safe than sorry.”

The two researchers plan to begin publishing regular updates to their Twitter account (@pwnedlist) when new data dumps are discovered. Longer term, Mr. Puzic told Krebs that he has multiple goals for the site, including a longitudinal study on password security.

rb-

I have several emails, professional and personal which thankfully Pwnedlist does not have in their databases. I follow password best practices and use an 8 character or longer password with a at least one letter, number and special character. I also change my passwords regularly.

End user password best practices:

  1. Passwords should be something you can remember but difficult for others to guess.  That means avoid information anyone can pick up from Facebook.
  2. Use at least 8 characters.  Some authentication systems will ask for more, but 8 well-chosen characters is usually enough.
  3. Mix letters, numbers, uppercase, lowercase, and even symbols when possible.  1GrdDC@82 is stronger than letter22
  4. Avoid dictionary words because many brute force attacks are designed to guess them. ”password” is not a good password.
  5. Use a unique password for each account.  Your password at work should be different from your Facebook password.
  6. Do not share your password.
Related articles
Category: Security | Tags: , , , , ,
RB | December 29, 2011
3 comments

40 Years of Malware – Part 4

2011 marks the 40th anniversary of the computer virus. Help Net Security notes that over the last four decades, malware instances have grown from 1,300 in 1990, to 50,000 in 2000, to over 200 million in 2010. Fortinet (FTNT) marks this dubious milestone with an article which counts down some of the malware evolution low-lights. The Sunnyvale,CA network security firm says that viruses evolved from an academic proof of concepts, to geek pranks which have evolved into cybercriminal tools. By 2005, the virus scene had been monetized, and almost all viruses developed for the sole purpose of making money via more or less complex business models. According to FortiGuard Labs, the most significant computer viruses over the last 40 years are:

- See Part 1 Here  - See Part 2 Here  – See Part 3 Here  – See Part 4 Here

Storm2007 – By 2007, Botnets have infected millions world-wide using Zombie systems send spam to generate Denial of Service (DoS) attacks, compromise passwords and data. By 2007 cybercriminals had developed a lucrative business models they were protecting. The attackers became more concerned about protecting their zombie computers. Until 2007, botnets lacked robustness, by neutralizing its unique Control Center (PDF), a botnet could be taken down, because Zombies didn’t have anyone to report to (and take commands from) anymore. The Storm botnet was the first to feature a peer-to-peer architecture (PDF) to decentralize its command and control functions. At the peak of the outbreak, the Storm Botnet was more powerful than many supercomputers and accounted for 8% of all malware running in the world according to FortiGuard.

Koobface2008Koobface (an anagram for Facebook) spreads by pretending to be the infected user on social networks, prompting friends to download an update to their Flash player to view a video. The update is a copy of the virus. Once infected, users would serve as both vectors of infection for other social network contacts and as human robots to solve CAPTCHA challenges for cyber-criminals, among other things. Koobface is also the first botnet to recruit its Zombie computers across multiple social networks (Facebook, MySpace, hi5, Bebo, Friendster, etc). FortiGuard estimates that over 500,000 Koobface zombies are online at the same time.

Conficker2009Conficker (aka Downadup) is a particularly sophisticated and long-lived virus, as it’s both a worm, much like Sasser, and an ultra-resilient botnet, which download destructive code from a random Internet servers. (We still see it pop-up from time to time at work). Conficker targeted the Microsoft Windows OS and used Windows flaws and Dictionary attacks on admin passwords to crack machines and link them to a computer under the control of the attacker. Conficker’s weakness is its propagation algorithm is poorly calibrated, causing it to be discovered more often according to Fortinet. In 2009 some networks were so saturated by Conficker, that it caused planes to be grounded, hospitals and military bases were impacted. Conficker infected bout 7 million systems worldwide.

Advanced Persistent ThreatAdvanced Persistent Threat (aka APT, Operation Aurora) was a cyber attack which began in mid-2009 and continued through December 2009. The attack was first publicly disclosed by Google (GOOG) on January 12, 2010, in a blog post. In the blog post, Google said the attack originated in China and were both sophisticated and well resourced and consistent with an advanced persistent threat attack. According to Wikipedia the attack also included Adobe (ADBE), Dow Chemical (DOW), Juniper Networks (JNPR),Morgan Stanley (MS), Northrop Grumman,(NOC), Rackspace (RAX), Symantec (SYMC) and Yahoo (YHOO).  There is speculation that the primary goal of the attack was to gain access to and potentially change source code repositories at these high-tech, security and defense contractor companies.

The definition of an Advanced Persistent Threat depends on who you ask, Greg Hoglund, CEO at HBGary told Network World an Advanced Persistent Threat is a nice way for the Air Force and DoD to not have to keep saying “Chinese state-sponsored threat.” He says,” APT is “the Chinese government’s state-sponsored espionage that’s been going on for 20 years,” Mr. Hoglund told Network World.

Stuxnet USB2010 - Stuxnet‘s discovery in September 2010 ushered in the era of cyber war. According to most threat researchers today, only governments have the necessary resources to design and implement a virus of such complexity.Stuxnet is the first piece of malware specifically designed to sabotage nuclear power plants. It can be regarded as the first advanced tool of cyber-warfare. Stuxnet was almost certainly a joint U.S. / Israeli creation for damaging the Iranian nuclear weapons program, which it did, by destroying a thousand centrifuges used for uranium enrichment.

To spread, Stuxnet exploited several critical vulnerabilities in Microsoft (MSFT) Windows, which, until then, were unknown, including one guaranteeing its execution when inserting an infected USB key into the target system, even if a systems autorun capabilities were disabled. From the infected system, Stuxnet was then able to spread into an internal network, until it reached its target: a Siemens industrial software system that run Iran’s Bushehr nuclear reactor and most likely intended to destroy or neutralize the industrial system.

Duqu2011Duqu is the current star in the world of malware but, as history shows, that fame will be short-lived. Just like fashion models, modern malware has a lifespan in the media eye of a couple of weeks to a couple of months, tops. They then fade into the shadow of more dangerous and sophisticated tools, according to Help Net Security.

Gary Warner, director of Research in Computer Forensics in the UAB College of Arts and Sciences blogged that Duqu is a data stealing program that shares several blocks of code with Stuxnet. In fact, one of the two pieces of malware we’ve seen that is described as being Duqu is also detected as Stuxnet by some AV vendors.

Symantec disclosed in their report that one of the infections they were analyzing had been infected via a Word Document that exploited the system using a previously unknown 0-day attack.

On November 3, 2011, Microsoft released a Microsoft Security Advisory (2639658) Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege. The advisory starts with an executive summary which says, in part:

Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware.

rb-

Every couple of years a new malware is crowned the most innovative or dangerous cyber threat in the wild. The anti-malware industry is built on a game of chicken between malware creators and the anti-malware creators, with end users stuck squarely in the middle. As this series of article as shown this game has been going on for 40 years since computers were bigger than many houses and were as user friendly as the DMV.

 

Related articles
Category: Malware, Security | Tags: , , , , , , , , , ,
RB | December 19, 2011
One comment

McAfee’s 12 Scams of Christmas

Christmas elfBefore logging on from a PC, Mac, or mobile device, for the last minute holiday online shopping madness, consumers should look out for the 12 Scams of Christmas by McAfee:

1. Mobile Malware – A National Retail Federation (NRF) survey found that 52.6% of U.S. consumers who own a smartphone will be using their device for holiday-shopping. Malware targeted at mobile devices is on the rise, and Google’s (GOOG) Android smartphones are most at risk. McAfee cites a 76% increase in  Android malware in the second quarter of 2011, making it the most targeted smartphone platform.

New malware has recently been found that targets QR codes, a digital barcode that consumers might scan with their smartphone to find good deals or just to learn about products they want to buy.

Malicious Mobile Applications2. Malicious Mobile Applications – These are mobile apps designed to steal information from smartphones, or send out expensive text messages without a user’s consent. Dangerous apps are usually offered for free, and masquerade as fun applications, such as games. Last year, 4.6 million Android smartphone users downloaded a wallpaper app that collected and transmitted user data to a site in China.

Facebook3. Phony Facebook Promotions and Contests – Who doesn’t want free stuff? Unfortunately, cyberscammers know that “free” things are attractive lures and they have sprinkled Facebook with phony promotions and contests aimed at gathering personal information. A recent scam advertised two free airline tickets, but required participants to fill out multiple surveys requesting personal information.

Scareware4. Scareware, or Fake Antivirus software - Scareware is the fake antivirus software that tricks someone into believing that their computer is at risk or already infected so they agree to download and pay for phony software. This is one of the most common and dangerous Internet threats today, victimizing one million victims each day. In 2010, McAfee reported that scareware represented 23% of all dangerous Internet links, and it has been resurgent in recent months.

5. Holiday Screensavers – Bringing holiday cheer to your home or work PC sounds like a fun idea to get into the holiday spirit, but be careful. A recent search for a Santa screensaver that promises to let you “fly with Santa in 3D” is malicious. Holiday-themed ringtones and e-cards have been known to be malicious too.

Mac Malware6. Mac Malware – Until recently, Mac users felt pretty insulated from online security threats, since most were targeted at PCs. But with the growing popularity of Apple (AAPL) products, cybercriminals have designed a new wave of malware directed squarely at Mac users. According to McAfee Labs, as of late 2010, there were 5,000 pieces of malware targeting Macs, and this number is increasing by 10 percent each month.

Phishing7. Holiday Phishing Scams - Phishing is the act of tricking consumers into revealing information or performing actions they wouldn’t normally do online using phony email or social media posts. Cyberscammers know that most people are busy around the holidays so they tailor their emails and social messages with holiday themes in the hopes of tricking recipients into revealing personal information.

  • Phony notice from UPS (UPS) saying you have a package and need to complete an attached form which asks for personal or financial details to complete the delivery. The form sends the that will go straight into the hands of the cyberscammer.
  • Banking phishing scams continue to be popular and the holiday season means consumers will be spending more money and checking bank balances more often. From July to September of this year, McAfee Labs identified approximately 2,700 phishing URLs per day.
  • Smishing –SMS phishing remains a concern. Scammers send their fake messages via a text alert to a phone, notifying an unsuspecting consumer that his bank account has been compromised. The cybercriminals then direct the consumer to call a phone number to get it re-activated—and collects the user’s personal information including Social Security number, address, and account details.

Online Coupon Scams8. Online Coupon Scams - An estimated 63 percent of shoppers search for online coupons when they purchase something on the Internet, and October 2011  NRF data shows that 17.3 percent of smartphone users and 21.5 percent of tablets consumers are using their mobiles devices to redeem those coupons. But watch out, because the scammers know that by offering an irresistible online coupon, they can get people to hand over some of their personal information.

9. Mystery Shopper Scams - Mystery shoppers are people who are hired to shop in a store and report back on the customer service. Scammers are using this fun job to try to lure people into revealing personal and financial information. There have been reports of scammers sending text messages to victims, offering to pay them $50 an hour to be a mystery shopper, and instructing them to call a number if they are interested. Once the victim calls, they are asked for their personal information, including credit card and bank account numbers.

10. Hotel “Wrong Transaction” Malware Emails - Many people travel over the holidays, so it is no surprise that scammers have designed travel-related scams to get users to click on dangerous emails. In one example, a scammer sent out emails that appeared to be from a hotel, claiming that a “wrong transaction” had been discovered on the recipient’s credit card. It then asked them to fill out an attached refund form. Once opened, the attachment downloads malware onto their machine.

11. “It” Gift Scams - Every year there are hot holiday gifts that sell out early in the season. Not only do sellers mark up the price of the must have toy, but scammers will also start advertising them on rogue websites and social networks, even if they don’t have them. So, consumers could wind up paying for an item and giving away credit card details only to receive nothing in return. Once the scammers have the personal financial details, there is little recourse.

12. “I’m away from home” Scammers - Posting information about a vacation on social networking sites could actually be dangerous. If someone is connected with people they don’t know on Facebook or other social networking sites, they could see their post and decide that it may be a good time to rob them. Furthermore, a quick online search can easily turn up their home address.

How to Protect Yourself

  • Only download mobile apps from official app stores, such as iTunes and the Android Market, and read user reviews before downloading them.
  • Be extra vigilant when reviewing and responding to emails.
  • Watch out for too-good-to-be-true offers on social networks. Never agree to reveal your personal information just to participate in a promotion.
  • Don’t accept requests on social networks from people you don’t know in real life. Wait to post pictures and comments about your vacation until you’ve already returned home.
Related articles

Mobile Threats Top Holiday Scam List (pcworld.com)
Five Tips to Avoid Malware in Mobile Apps (pcworld.com)

Enhanced by Zemanta
Category: Business, Security | Tags: , , , , , , , , , , , ,
RB | October 27, 2011
One comment

Cisco CEO Talks Cash at Tech Dinner

GreedSometimes my view from the Bach Seat is just so right. The BusinessInsider reports that former Apple (AAPL) CEO Steve Jobs told his biographer Walter Isaacson what really went on when the tech titans supped with Barack Obama earlier this year.

Money bagsWhile the tech titans were slated to discuss America’s economy and what could be done to create more jobs in the U.S. according to Mr. Isaacson, Google’s (GOOG) Eric Schmidt, then Yahoo (YHOO) chief Carol Bartz, and Oracle’s (ORCL) Larry Ellison and Cisco‘s (CSCO) John Chambers annoyed Obama. The business leaders seemed more concerned with boosting his own company instead of America’s economy as a whole. Mr.Isaacson focuses on Cisco’s Chambers as an example:

Cisco Systems“Chambers, for example, pushed a proposal for a repatriation tax holiday that would allow major corporations to avoid tax payments on overseas profits if they brought them back to the United States for investment during a certain period. The President was annoyed, and so was Facebooks’s Mark Zuckerberg, who turned to Valerie Jarrett, sitting to his right, and whispered, “We should be talking about what’s important to the country. Why is he just talking about what’s good for him?”

rb-

I noted John Chambers’ editorial in the WSJ calling for a tax holiday last year.

Related articles
Category: Business, Politics | Tags: , , , , , , , , , , , , ,
« Older Entries   Recent Entries »

Switch to our mobile site