Tag Archive for Microsoft

| November 26, 2016
Comments Off on Reducing Your LinkedIn Risks

Reducing Your LinkedIn Risks

Reducing Your LinkedIn RisksMicrosoft’s recent purchase of LinkedIn has pushed the struggling ersatz professional networking site back into the limelight. There is plenty of speculation why Microsoft (MSFT) purchased the site for over $2.6 billion. Undoubtedly it has to do with LinkedIn’s (LNKD) cache of over 430 million online users. Whatever Redmond’s designs are, now is probably a good time to check LinkedIn security to reduce your LinkedIn risks.

LinkedIn logoAttackers have long used social networking as part of their reconnaissance activities. They cull personal information posted on the site to craft targeted attacks that have a higher chance of succeeding. The cyber-criminals rely on the fact that people tend to trust people within their personal network.Their targets are more likely to fall for a spear phishing email if it appeared to come from a fellow member. The victims would also be more likely to visit a website if a member of their network suggested it.

LinkedIn risks

The fake LinkedIn profiles “significantly increase” the likelihood that these social engineering attacks will work according to research by Dell SecureWorks. The SecureWorks article describes how attackers use fake LinkedIn profiles. Most of these fake accounts follow a specific pattern:

  1. LinkedIn RisksThey bill themselves as recruiters for fake firms or are supposedly self-employed. Under the guise of a recruiter, the attackers have an easy entry point into the networks of real business professionals. Real recruiters already use the service as a way to find potential candidates. LinkedIn users expect to be contacted by recruiters, so this ruse works out in the scammers’ favor.
  2. They primarily use photos of women pulled from stock image sites or of real professionals. Many of the fake LinkedIn accounts use unoriginal photographs. Their profile photos were found on stock image sites, other LinkedIn profiles, or other social networking sites.
  3. Attackers copy text from profiles of real professionals. They then paste it into their own. The text used in the Summary and Experience sections were usually lifted verbatim, from real professionals on LinkedIn.
  4. They keyword-stuff their profile for visibility in search results. Fake LinkedIn accounts stuff their profiles with keywords to gain visibility in to specific industries or firms.  Northrup Grumman and Airbus Group are popular.

The primary goal of these fake LinkedIn accounts is to map out the networks of business professionals. Using these fake LinkedIn accounts, scammers can establish a sense of credibility among professionals to start further connections. The fake network was created to help attackers target victims via social engineering.

disguise it as a résumé applicationIn addition to mapping connections, scammers can also scrape contact information from their connections. The attackers collect personal and professional email addresses as well as phone numbers. This information could be used to send spear-phishing emails.

LinkedIn cyber-thieves use TinyZbotmalware (a password stealer, keystroke logger, multifunctional Trojan) and disguise it as a résumé application. The Dell researchers advise organizations to educate their users of the specific and general LinkedIn risks in their report:

  • Avoid contact with known fake personas.
  • Only connect with people you know and trust.
  • Use caution when engaging with members of colleagues’ or friends’ networks that they have not verified outside of LinkedIn.
  • When evaluating employment offers, confirm the person is legitimate by directly contacting the purported employer.

Reduce your risks

There are a few ways users can identify fake LinkedIn accounts:

  • search engineDo a reverse-image search. Tineye.com offers a browser plugin or use Google’s Search by Image to confirm the in picture is legit.
  • Copy and paste profile information into a search engine to find real profiles.
  • If someone you know is already connected with one of these fake accounts, reach out to them and find out how they know them.
  • If you suspect that you’ve identified a fake LinkedIn account, you should report it.

LinkedIn told Panda Security:

We investigate suspected violations of our Terms of Service, including the creation of false profiles, and take immediate action when violations are uncovered. We have a number of measures in place to confirm authenticity of profiles and remove those that are fake. We urge members to use our Help Center to report inaccurate profiles and specific profile content to LinkedIn.

As always, it pays to be careful with information that you share online as it can save you many potential problems in the future.

Here are some tips to keep your LinkedIn experience as secure as possible. Update Privacy Settings to understand how you’re sharing information. Smart options include:

  • ApathyTurn your activity broadcasts on or off. If you don’t want your connections to see when you change your profile, follow companies or recommend connections, uncheck this option.
  • Select what others can see when you’ve viewed their profile. When you visit other profiles on LinkedIn, those people can then see your name, photo, and headline. If you want more privacy, display anonymous profile information or show up as an anonymous member.
  • Select who can see your connections. You can share your connections’ names with your other first-degree connections, or you can make your connections list visible only to you.
  • Change your profile photo and visibility. You can choose to have your photo displayed only to your first-degree connections, only to your network, or to everyone who views your profile.

Opt into Two-Step Verification to prevent other people from accessing your account. LinkedIn lets members turn on two-step verification for their accounts. This will require an account password and a numeric code sent to your phone when you attempt to sign in from a device your account doesn’t recognize.

Opt into Secure Browsing for extra protection against unauthorized access to your Internet activity and to make sure you’re connected to the real LinkedIn website. While LinkedIn automatically secures a connection when you’re on certain pages that require sensitive information, you also have the option to turn on this protected connection when viewing any page.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| November 18, 2016
Comments Off on Stop Having These Meetings

Stop Having These Meetings

Stop Having These MeetingsFollowers of the Bach Seat know that passwords suck. As a Project Manager, something that also sucks are bad meetings. Meetings that don’t have an agenda or a goal or a purpose will suck the motivation out of people coming to the meeting. In the interest of having fewer sucky meetings here are some meetings, your team will thank you for eliminating or fixing.

The Monday morning staff meeting

Monday Morning Staff MeetingsThe problem with this meeting is that no one is ever ready for it. After all, it’s 8:00 a.m. on Monday morning. Nothing has happened yet and whatever happened last week is mostly ancient history. A second problem with this meeting is that for anyone to be ready, they have to work Sunday night. That is fine on occasion but guaranteed to earn you some serious votes for “jerk of the year” from employees and the family members of employees. For a while, I worked for an insomniac boss who would fire off emails off at 2:00 AM on Sunday. She would expect answers at 8:00 AM meetings. It was a happy day when she moved on.

The third problem with this meeting is that stuff happens on the weekends. And stuff needs to be addressed, especially in IT. Did you change your tapes? Check your logs? Walk your data center? Are there warning lights? How many tickets are there? Who has time for a meeting? The solution: if you must run a team meeting on Monday, push it to later in the morning or early in the afternoon. Better yet, push it to Tuesday morning.

The Round-the-Table status meeting

Round-the-Table Status MeetingWe have all been there. It’s the meeting where focus moves around the room and everybody shares their latest updates, sagas, fantasies, and dreams. Sit in the wrong place and you end up as the 19th person to offer an update. By that time nobody cares because their bladders are over-strained and brains numb from the politically oriented updates emanating from the mouths of colleagues in far-away functions.

The solution: meet if you must, but set some rules on the updates. Ask people to focus on important news that impacts everyone or on challenges that need help from across functions. Do anything to limit the painful march of gratuitous and self-serving status updates that undisciplined round-the-table meetings generate.

Recurring meetings with no purpose

Recurring Meetings that Have Lost Their PurposeAny recurring meeting where no one can remember why this meeting still takes place is a candidate for immediate elimination. The laws of physics transfer to meetings. A meeting on the schedule tends to stay on the schedule long after it has used up its usefulness in the workplace.

The solution: review all the recurring meetings that you subject your team to or that you are a participant in. Drop them from your life and the lives of your team members. If you are not the host of the meeting, tell the host of your intention and of your perspective on the utility of the meeting. If you are the host/sponsor, poll team members and give them a voice and a vote. A bit of draconian slicing of recurring meetings opens up valuable time for other more important activities.

Group wordsmithing

ThGroup Wordsmithing Meetingsis is any meeting where you pull together a group of people to work on the wording for something. Be it a vision, a mission, a strategy statement, a scope statement in project management. The output of these sessions is typically a series of awkwardly constructed sentences reflecting compromises on the part of the HPPiO. Everyone nods their heads, yes but no one agrees with the final product. The wording moves beyond ridiculous to just awful in trying to make the pain go away.

The solution: never relegate rough wording of anything to a committee. Take a stab at the item in question yourself. Then bounce it off a few colleagues. When you approach something that is beginning to work for you, very carefully ask for comments from a group. Ask clarifying questions, take great notes and then disappear and redraft the statement(s). Repeat the process as necessary.

Death by PowerPoint

Death by PowerPointDeath by PowerPoint is a phenomenon that can make any meeting suck. The poor use of presentation software causes Death by PowerPoint (DBPP) according to TargetTech. Key contributors to DBPP include confusing graphics, slides with too much text, and presenters whose idea of a good presentation is to read 40 slides out loud.

Audiences that are emotionally disconnected from the presentation are the fault of the presenter. There is a good chance that the speaker has not spent enough time and effort thinking about which key points he wants the audience to take away. Or she has spent entirely too much time and effort setting up the presentation in PowerPoint.

DBPP can be avoided if the speaker uses the technology as a visual aid to enhance what is being said. Do not rely on the technology to serve as the focus of the presentation. Don McMillan demonstrates what not to do with PowerPoint in his video “Life after Death by PowerPoint.”

How to be better at meetings

Meetings are opportunities ripe for overuse and even abuse. Strive to be the manager that respects the power and importance of meetings. Use these forums to focus on key issues and solicit ideas. To keep your meetings constructive you need to start with respect.

Respect the time that everyone puts into the sessions. Start your meetings on time. If your meeting starts on time there are fewer chances to derail others’ productivity throughout the day. Starting on time also helps you to end on time. This is crucial because once the time slot for the meeting is over, employees will start to mentally check out whether you’ve made it through the agenda.

rb-

Bad meetings suck so much that the Project Management Institute (PMI) added a section to the Project Management Book of Knowledge (PMBOK) on meetings. that right – In version 5 of the PMBOK Integration Knowledge Area, there are four processes that have “Meetings” as a Tool & Techniques.

  • 4.3 Direct and Manage Project Work
  • 4.4 Monitor and Control Project Work
  • 4.5 Perform Integrated Change Control
  • 4.6 Close Project or Phase
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Project Management | Tags: , , , , , , , , , , ,
| October 25, 2016
Comments Off on Linux Turns 25

Linux Turns 25

Linux Turns 25Linus Torvalds released the first Linux operating system kernel on Oct. 5, 1991. On Oct. 6, 1991, Torvalds began arguing with volunteer developers who would go on to make Linux an open-source powerhouse and eventually a household name. Today the Linux community is upwards of 86 million users strong.

Linux Turns 25As part of celebrations to mark Linux’s 25th birthday the Linux Foundation has published its annual Linux Kernel Development Report (PDF reg required). According to the Register, the report concludes that Linux is in great shape, “There may be no other examples of such a large, common resource being supported by such a large group of independent actors in such a collaborative way.”

The independent actors have a lot to collaborate on. The report notes that the first versions of the Linux kernel comprised about 10,000 lines of code. Now it’s nearing 22 million and growing at a rate of 4,600 lines a day.

Wall StreetWhile Linux may have started out as a hobby OS, that changed in the early 2000s. At the turn of the century, Wall Street banks demanded Linux support for their enterprise application servers says Tech News World.

“That was a moment that broke down resistance to Linux in the big IT vendors like BEA, IBM, and Oracle (ORCL). That hole in the dam was the start of a flood,” said Cloud Foundry CEO Sam Ramji. “Today Linux is the home of operating system innovation.

Linux user and open source advocateAporeto Virtualization Expert Stefano Stabellini, who has been a Linux user and open source advocate since the 1990s explained the transition. “… back when I started with Linux in the ’90s … [companies] did not understand it. They thought that open source was unsustainable, and Linux was niche and hobbyist.” He says that now everything has changed. Every company has an open source strategy now. “Microsoft (MSFT) was the biggest foe and now is a strong ally. Linux is the most widely adopted operating system of all times.

Dice points out that the most active contributors to the growth of Linux have included (in descending order) Intel (INTC), Red Hat, Linaro, Samsung (005930), SUSE, IBM (IBM), and various corporate consultants. Google (GOOG), AMD (AMD), and Texas Instruments (TXN) also ranked in the top 15.

rb-

So my first pass at Linux was Red Hat Linux 5.0. when Novell bought into Linux. Yeap I was a Novell CNE 5 way back in the day.

The last couple of projects I have been involved with have used Linux and not Windows, CMS, IVR, PAFW’s, and storage.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , ,
| September 24, 2016
Comments Off on FIDO

FIDO

FIDOSince 2013 there have been nearly 5 billion data records lost or stolen according to the Breach Level Index. The UN says there are 6.8 billion mobile phone accounts which mean globally 96% of humans have a cell phone. It would seem that these factoids could interact to cut the pace of lost or stolen data records. An effort is underway to use mobile devices to better secure data called FIDO.

https://fidoalliance.org/FIDO (Fast ID Online) is an open standard for a secure and easy-to-use universal authentication interface. FIDO plans to address the lack of interoperability among strong authentication devices. TargetTech says FIDO is developed by the FIDO Alliance, a non-profit organization formed in 2012. FIDO members include AgnitioAlibaba, ARM (ARMH), Blackberry (BBRY), Google (GOOG), Infineon Technologies, Lenovo (LNVGY), Master Card, Microsoft (MSFT), Netflix, Nok Nok Labs, PayPal, RSA, Samsung, Synaptics, Validity Sensors and Visa.

The FIDO specifications define a common interface for user authentication on the client. The article explains the goal of FIDO authentication is to promote data privacy and stronger authentication for online services without hard-to-adopt measures. FIDO’s standard supports multifactor authentication and strong features like biometrics. It stores supporting data in a smartphone to eliminate the need for multiple passwords.

encrypted virtual containerThe author writes that FIDO is much like an encrypted virtual container of strong authentication elements. The elements include: biometrics, USB security tokens, Near Field Communication (NFC), Trusted Platform Modules (TPM), embedded secure elements, smart cards, and Bluetooth. Data from authentication sources are used for the local key, while the requesting service gets a separate login to keep user data private.

FIDO is based on public-key cryptography that works through two different protocols for two different user experiences. According to TargetTech the Universal Authentication Framework (UAF) protocol allows the user to register an enabled device with a FIDO-ready server or website. Users authenticate on their devices with fingerprints or PINs, for example, and log in to the server using a secure public key.

authenticate users with a strong second factorThe Universal Second Factor (U2F), originally developed by Google, is an effort to get the Web ecosystem (browsers, online service providers, operating systems) to authenticate users with a strong second factor, such as a USB touchscreen key or NFC on a mobile device.

FIDO’s local storage of biometrics and other personal identification is intended to ease user concerns about personal data stored on an external server or in the cloud. By abstracting the protocol implementation, FIDO also reduces the work required for developers to create secure logins.

Samsung and PayPal have announced a FIDO authentication partnership. Beginning with the Samsung Galaxy S5 users can authorize transactions to their PayPal accounts using their fingerprints, which authenticates users by sending unique encrypted keys to their online PayPal wallets without storing biometric information on the company’s servers.

Samsung and PayPal FIDO authentication partnershipFIDO promises to clean up the strong authentication marketplace, making it easier for one-fob-fits-all products. The open standards shift some of the burdens for protecting personally identifiable information to software on devices or biometric features, and away from stored credentials and passwords. ComputerWeekly described FIDO’s potential this way:

The FIDO method is more secure than current methods because no password of identifying information is sent out; instead, it is processed by software on the end user’s device that calculates cryptographic strings to be sent to a login server.

In the past, multiple-factor authentication methods were based on either a hardware fob or a tokenless product. These products use custom software, proprietary programming interfaces, and much work to integrate the method into your existing on-premises and Web-based applications.

same authentication device can be used in multiple ways for signing into a variety of providersComputerWeekly says FIDO will divorce second-factor methods from the actual applications that will depend on them. That means the same authentication device can be used in multiple ways for signing into a variety of providers, without one being aware of the others or the need for extensive programming for stronger authentication.

Integrating FIDO-compliant built-in technology with digital wallets and e-commerce can not only help protect consumers but reduce the risk, liability, and fraud for financial institutions and digital marketplaces.

The big leap that FIDO is taking is to use biometric data – voiceprint, fingerprint, facial recognition, etc. and digitize and protect that information with solid cryptographic techniques. But unlike the traditional second-factor authentication key fobs or even the tokenless phone call-back scenarios, this information remains on your smartphone or laptop and isn’t shared with any application provider. FIDO can even use a simple four-digit PIN code, and everything will stay on the originating device. With this approach, ComputerWeekly says FIDO avoids the potential for a Target-like point-of-sale exploit that could release millions of logins to the world, a big selling point for many IT shops and providers.

Target-like point-of-sale exploitIt can eliminate having to carry a separate dongle as just about everyone has a mobile phone these days this is a mobile world we live in, and we need mobile-compatible solutions; otherwise, you’re behind the curve right out of the gate.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,
| September 1, 2016
Comments Off on What is Bitcoin?

What is Bitcoin?

Bitcoin is the name of probably the best-What is bitcoin?known cryptocurrency or digital currency or digital gold or virtual money. A cryptocurrency is a medium of exchange, such as the US dollar, but is digital and uses encryption techniques to control the creation of monetary units and to verify the transfer of funds. Blockchain is the technology that enables the existence of cryptocurrency.

Occupy Wall StreetThe cryptocurrency has populist roots. It made its debut in relative obscurity at the start of 2009, when the great recession  financial crisis was still raging. A person or group of people known as Satoshi Nakamoto purportedly created the bitcoin protocol and reference software. The populist ideology behind Bitcoin is to take power out of the hands of the central bankers and governments who usually control the flow of currency.

Bitcoin is both a digital currency and a payment system. The basic idea behind Bitcoin is that you can use it to pay for things without a third-party broker, like a bank or government. The value of a bitcoin depends on the bitcoin market at the time. One bitcoin = 100,000,000 Satoshi like 1 dollar = 100 cents. There are no transaction fees and no need to give your real name. Merchants have to pay transaction fees on each credit card sale of 2.5% to 3.5% to the likes of Visa, MasterCard, or Discover.

Accounting ledgerThink of Bitcoin like one big ledger shared by all the users: When you pay for something with bitcoin or get paid, then your transaction is recorded on the ledger to ensure there is no double spending of the currency.

Members of the network collectively contribute processing power from their computers to maintain Bitcoin’s integrity. And every time a transaction is made, a record of it is sent out to be recorded in a public ledger where the transactions are effectively set in stone. Anyone can download and install the Bitcoin software for free so these records are distributed permanently across the entire network. This publicly distributed ledger is called the blockchain.

Peer to peerIn order to get more Bitcoins, computers running bitcoin software compete to confirm the transaction by solving a complex cryptographic equation, and the winner is rewarded with more bitcoins. Currently, a winner is rewarded with 25 bitcoins roughly every 10 minutes. The process is known as “mining”. Don’t get too wrapped up in Bitcoin mining because only the computer powerhouses get their bitcoins this way.

The Consumerist explains that Bitcoin mining math is complicated and hard to forge, so the blockchain stays accurate. Because anyone can download and install the Bitcoin software for free, the payment processing and record-keeping for Bitcoin is done in a widely distributed way, and not on one particular server.

Bitcoin miningWhen blockchains are created, so are new bitcoins — but there’s a hard limit to how many will ever exist. The system was designed to create more bitcoins at first, then to dwindle exponentially over time. The first set of blockchains each created 50 bitcoins. The next set each created 25 bitcoins, and so on. New blockchains are created roughly every 10 minutes no matter what; when more computers are actively mining, the program they’re running gets harder (and therefore slower) to compensate. The Bitcoin FAQ estimates that the last bitcoin will be mined in the year 2140, bringing the permanent circulation to just under 21 million. (Currently, there are roughly 15.8 million bitcoins in the world.)

In order to use Bitcoin, you’ll have to install a “bitcoin wallet” app on your phone or computer, and then buy them from a bitcoin exchange. A bitcoin digital wallet is a kind of virtual bank account that allows users to send or receive bitcoins, pay for goods or save their money via an exchange of public and private security keys. Bitcoin wallets can exist either in the cloud or on a user’s computer. The wallets have all the risks of any other app on your device or in the cloud. Unlike bank accounts, the FDIC does not insure bitcoin wallets. CNN Money points out some of the risks in using bitcoin.

Bitcoin miningIn order to buy bitcoins, you have to use a marketplace called “bitcoin exchanges” which allow people to buy or sell bitcoins using different currencies. These exchanges have a dubious history.

Bitcoin exchanges are vulnerable to hacking, collapse or a ”run on the bank.” A run on a bank occurs where customers are scared and demand to withdraw their deposits so fast that the bank makes payments and shutdowns. If something like that happens, good luck getting your money back: This isn’t like an FDIC-insured bank account.

Bitcoin can be used in a few places; Marketwatch says there doesn’t seem to be much rhyme or reason to where you can use Bitcoin:

rb-

The use of bitcoins in Michigan has not really taken off. Last summer, according to the FreeP, there were only a handful of businesses in metro Detroit that took bitcoin included:

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
« Older Entries   Recent Entries »