Tuesday, March 1, 2011
Posted by James Sheehan at 8:44 AM
Wednesday, December 29, 2010
Posted by James Sheehan at 7:49 PM
Friday, December 3, 2010
I am sure after a couple cups of Joe, the urge to kill someone early in the morning subsides.. Buy why not be prepared in case you have to open a can of whoopass on them. Give a whole new meaning to coffee that packs a punch.
Posted by James Sheehan at 7:47 AM
Tuesday, November 30, 2010
Monday, May 31, 2010
Posted by James Sheehan at 12:09 PM
Tuesday, December 22, 2009
12 Things Computer Users Should Fear in 2010 - Reprint from MSN
About once a year, computer security news leaps out of the technology section and onto the front page and the top of network news broadcasts. This year, the day was April Fools' Day, as the Conficker worm became the latest malicious program with the power to eat the Internet. Somehow, we soldiered on, most of us without ever having to kick on the emergency power generators or dig into that can of spam in the basement shelter.
But Conficker, while no dramatic outbreak, was also no laughing matter to the hundreds of thousands of Web users who were infected. The problem with the hype cycle in computer security news is that it can have an incremental "cry wolf" effect on computer users. The odds that the Internet will topple over in 2010 are, once again, quite low. But serious threats abound and bad guys are mostly still outpacing good guys in our virtual world, which will be slightly more dangerous than this year. Here are 12 reasons why:
1. E-mail attachments are back
The LoveBug and Melissa virus, which did bring the Web to its knees 10 years ago, both used the simplest of delivery mechanisms -- an e-mail attachment. Sure enough, that method stopped working after companies banned attachments and users wised up. Attachment viruses nearly dried up. Then, a new generation of users came online who hadn't learned the Melissa lesson and older users forgot. So this year, virus writers began dusting off their old methods and -- surprise! -- they worked again. Next year, be on guard for unexpected attachments, says Carl Leonard, head of the Websense threat lab.
"Sometimes you think this stuff has gone away and then it comes back," he said. "We're definitely seeing an uptick in Trojans that come through e-mail."
2. Anti-virus products less effective
Old-fashioned virus screening tools now catch only about three out of every four viruses through what's called "signature-based" detection, says Martin Lee of Symantec. Basic anti-virus tools scan all programs using a list of known malicious programs, looking for electronic "signatures." Virus writers now generate so much malicious software that the good guys just can't keep up. To make matters worse, virus writers are employing a technique known as "polymorphism," so the virus can electronically mutate and evade detection. That means about 25 percent of viruses can evade detection by scanners. New "heuristic" antivirus software detects malicious programs by watching what they do rather than inspecting what they are, but these products are far from perfect.
Making matters worse, viruses are now more stealthy after infections. Once upon a time, an infection was obvious, thanks to a dramatic slowdown in performance or some other obvious symptom. Not true today.
"It's become increasingly difficult for people to be aware they've become infected," Lee said. "Often, end users just will not realize something has happened."
With few guarantees for protection, it's more important than ever to keep the kids off music piracy sites and for you to avoid other unsavory Web places -- and you know the ones I mean.
3. Fake anti-virus software
Knowing that your antivirus product might not be doing the job, you might be tempted to look online for an alternative, or to try one that surprisingly pops up on your desktop. That’s a bad idea: It's probably a criminal trying to extort you for money. The art of selling rogue anti-virus software was perfected in 2009. Leonard says consumers shelled out $150 million for fake antivirus programs last year.
"People are selling malicious software and dressing it up as an antivirus product," he said. "It surprises me the volume that they are selling. You would think people have become used to seeing these things."
Obviously not. The Federal Trade Commission did shut down two rogue sellers last year, but not until they allegedly tricked nearly 1 million consumers into downloading their software.
The technique, which works like a charm, will expand next year.
4. Social networking
Facebook-based attacks grew dramatically in 2009, and will continue to increase in the coming year.
There are basically two flavors -- viruses that take advantage of the platform's liberal rules for information sharing among applications; and impersonation/identity theft, where a criminal hijacks an innocent user's account and tricks trusted friends and family. But other variations are certain to appear. Criminals can use publicly available information to personalize attacks ("Hey, check out these pictures from Paramus Catholic's Class of 1986!"). Facebook is easily farmed for password-generating information such as "What was your high school mascot?" And all those "click here" e-mails from Facebook are a Christmas present for would-be phishers, who can easily imitate them.
"People are getting comfortable in social networking situations and I think that they should really re-examine their level of trust and interaction," said Mary Landesman, senior security researcher at ScanSafe.
And remember, even if Facebook old-timers are too smart for all these tricks, the service is teeming with older newbies. If you've been friended by mom (or grandma) you know what I mean. They'll have to endure the Facebook privacy learning curve, too. Be generous. Spend a few minutes with older relatives this holiday getting them to tighten up their privacy settings.
The bane of the Internet for the past five years -- botnets, or armies of compromised home computers -- will remain a problem this year. And they it may be even worse: botnets have become much more resilient. Once upon a time, botnets could be disrupted by "cutting off their head," or disabling their command and control computers. But now, criminals are "building disaster recovery" into the networks, Symantec's Lee said. That makes them even more difficult to knock off line.
"You must have grudging respect for them and their techniques," Lee said.
Spammers took a body blow during 2009 when the notorious McColo Internet Service Provider was kicked off-line. The volume of spam plummeted from around 80 percent of all e-mail to 20 percent. Temporarily. By year's end, nine out of 10 e-mails were spam, and the number keeps climbing.
"Can it get to 95 percent?," Lee asked, rhetorically. "It never ceases to amaze me how much we put up with this."
7. Finally, Apple gets respect - from cybercriminals
For years, the worst-kept secret in the computer security world was the safety of using Macintosh computers. It seemed that criminals didn't bother trying to attack Macs. This was no political statement, however. It was merely pragmatism: Apple products were a small target. But with the uptick in Mac market share, the increasingly popularity of Apple's Safari Web browser and the ubiquity of the iPhone, expect criminals to target Steve Jobs’ products, says Leonard. Already, he says, there have been a handful of iPhone attacks.
"Malware authors know where people are going," he said. "It's more worthwhile for them to go after these platforms."
8. Cell phones
Speaking of iPhones, 2010 might be the year that we see a significant attack against cell phone or smart phone users. Such an attack has been predicted for years, and has not yet materialized. But each year, cell phones become more powerful, contain more personal information and are used for more financial transactions. In other words, they become "juicier targets" for criminals, says Lee. An obvious attack -- like something that wipes out phone books -- might not be the breakthrough cell phone virus. Lee says consumers should be on the lookout for a simple automated way to use mobile phones to steal cash. One possibility: some TV shows urge consumers to send text messages at $1 apiece. What happens when a criminal figures out how to redirect such messages, or initiate them?
9. SEO poisoning
You have probably noticed that companies can "game" Google and other search engines, puffing up their search engine results using a series of tricks such as creating fake pages that link heavily to each other. Annoying, but relatively harmless. Unfortunately, bad guys have perfected this method and use it to mercilessly attack information seekers every time a large news event occurs. Perhaps hundreds of thousands of users were infected after the death of Michael Jackson through this technique -- getting a booby-trapped Web page to rank 5th or 6th on a Google "Michael Jackson" search, even for just a few minutes, is probably the most effective malicious program attack used today.
"We see this sort of attack daily and especially when a signature event occurs, like Michael Jackson's death," said Leonard. Expect much more next year. When the next big news hits -- however self-serving this may sound -- stick with news Web sites you trust.
10. WINDOWS 7
Naturally, as the year progresses, criminals will set their sights on the increasing install base of Windows 7. Microsoft has continued to improve security and delivery of updates to its flagship operating system. But there will be problems, no doubt. And then there's this troubling notion: Eight out of 10 existing Windows viruses will run on Windows 7, says Leonard. Impressive forward-compatibility from the bad guys. For consumers, it means there's no time to be complacent.
11. URL shorteners
Services like bit.ly make sending links through Twitter and e-mail infinitely easier. Unfortunately, it also means criminals can turn obvious troublesome URLs, like https://RomanianDarkLords.Ro/$$$eBay.com into friendly-sounding links like http://bit.ly/5uuWwo.
That makes life easier for criminals, and harder for you, as it takes away one possible hint that a link is trouble.
Websense recently partnered with Bit.ly to help make the process safer. But you should stick with the old rule: Never click on a link you didn't expect, and always manually type URLs into your browser's address bar.
Last but not least, Landesman says the most troublesome development of 2009 could be the breakout security problem of 2010. The so-called Gumblar worm used an advanced technique to build a new kind of botnet. Rather than target thousands of home computers, Gumblar attacked Web hosts (Web sites) and turned them into "carriers." The program managed to download a Web site’s code, inject a hidden malicious program, then reload the now booby-trapped site.
Because Web sites act as a kind of hub online, they have the potential to spread a serious attack much more quickly. And 10,000 compromised Web sites are much harder to shut down than 10,000 compromised home computers, Landesman said.
Worse yet, a seriously successful Gumblar-style attack could undermine Web users' trust in the Internet. Sites that are one day safe and trustworthy may the next day be dangerous. That would severely hamper security systems that are based on "trusted" sites.
"When you have compromised sites acting as the host itself, the notion of good vs. bad is completely gone," Landesman said. "Users will find that fewer and fewer sites that they can trust whatever trust they do have could be very fleeting."
Already, Gumblar-infected sites have transmitted code to visiting PCs that redirected all Google searches to pay-per-click Web sites, netting a tidy sum for creators.
Gumblar was declared a bigger problem than Conficker in May by Scansafe, and even though its network of compromised Web sites was eventually tamed during the year, Landesman is convinced that the technique will see many copycats.
"It's one of the attacks we are assured of seeing in large quantities in 2010," she said.
Posted by James Sheehan at 2:12 PM
Saturday, September 12, 2009
Computerworld - I can sum up every article, book and column written by notable management experts about managing IT in two sentences: "Geeks are smart and creative, but they are also egocentric, antisocial, managerially and business-challenged, victim-prone, bullheaded and credit-whoring. To overcome these intractable behavioral deficits you must do X, Y and Z."
X, Y and Z are variable and usually contradictory between one expert and the next, but the patronizing stereotypes remain constant. I'm not entirely sure that is helpful. So, using the familiar brush, allow me to paint a different picture of those IT pros buried somewhere in your organization.
Jeff ElloMy career has been stippled with a good bit of disaster recovery consulting, which has led me to deal with dozens of organizations on their worst day, when opinions were pretty raw. I've heard all of the above-mentioned stereotypes and far worse, as well as good bit of rage. The worse shape an organization is in, the more you hear the stereotypes thrown around. But my personal experiences working within IT groups have always been quite good, working with IT pros for whom the negative stereotypes just don't seem to apply. I tended to chalk up IT group failures to some bad luck in hiring and the delicate balance of those geek stereotypes.
Recently, though, I have come to realize that perfectly healthy groups with solid, well-adjusted IT pros can and will devolve, slowly and quietly, into the behaviors that give rise to the stereotypes, given the right set of conditions. It turns out that it is the conditions that are stereotypical, and the IT pros tend to react to those conditions in logical ways. To say it a different way, organizations actively elicit these stereotypical negative behaviors.
Understanding why IT pros appear to act the way they do makes working with, among and as one of them the easiest job in the world.
It's all about respect
Few people notice this, but for IT groups respect is the currency of the realm. IT pros do not squander this currency. Those whom they do not believe are worthy of their respect might instead be treated to professional courtesy, a friendly demeanor or the acceptance of authority. Gaining respect is not a matter of being the boss and has nothing to do with being likeable or sociable; whether you talk, eat or smell right; or any measure that isn't directly related to the work. The amount of respect an IT pro pays someone is a measure of how tolerable that person is when it comes to getting things done, including the elegance and practicality of his solutions and suggestions. IT pros always and without fail, quietly self-organize around those who make the work easier, while shunning those who make the work harder, independent of the organizational chart.
This self-ordering behavior occurs naturally in the IT world because it is populated by people skilled in creative analysis and ordered reasoning. Doctors are a close parallel. The stakes may be higher in medicine, but the work in both fields requires a technical expertise that can't be faked and a proficiency that can only be measured by qualified peers. I think every good IT pro on the planet idolizes Dr. House (minus the addictions).
While everyone would like to work for a nice person who is always right, IT pros will prefer a jerk who is always right over a nice person who is always wrong. Wrong creates unnecessary work, impossible situations and major failures. Wrong is evil, and it must be defeated. Capacity for technical reasoning trumps all other professional factors, period.
Foundational (bottom-up) respect is not only the largest single determining factor in the success of an IT team, but the most ignored. I believe you can predict success or failure of an IT group simply by assessing the amount of mutual respect within it.
The elements of the stereotypes
Ego -- Similar to what good doctors do, IT pros figure out that the proper projection of ego engenders trust and reduces apprehension. Because IT pros' education does not emphasize how to deal with people, there are always rough edges. Ego, as it plays out in IT, is an essential confidence combined with a not-so-subtle cynicism. It's not about being right for the sake of being right but being right for the sake of saving a lot of time, effort, money and credibility. IT is a team sport, so being right or wrong impacts other members of the group in non-trivial ways. Unlike in many industries, in IT, colleagues can significantly influence the careers of the entire team. Correctness yields respect, respect builds good teams, and good teams build trust and maintain credibility through a healthy projection of ego. Strong IT groups view correctness as a virtue, and certitude as a delivery method. Meek IT groups, beaten down by inconsistent policies and a lack of structural support, are simply ineffective at driving change and creating efficiencies, getting mowed over by the clients, the management or both at every turn.
The victim mentality -- IT pros are sensitive to logic -- that's what you pay them for. When things don't add up, they are prone to express their opinions on the matter, and the level of response will be proportional to the absurdity of the event. The more things that occur that make no sense, the more cynical IT pros will become. Standard organizational politics often run afoul of this, so IT pros can come to be seen as whiny or as having a victim mentality. Presuming this is a trait that must be disciplined out of them is a huge management mistake. IT pros complain primarily about logic, and primarily to people they respect. If you are dismissive of complaints, fail to recognize an illogical event or behave in deceptive ways, IT pros will likely stop complaining to you. You might mistake this as a behavioral improvement, when it's actually a show of disrespect. It means you are no longer worth talking to, which leads to insubordination.
Insubordination -- This is a tricky one. Good IT pros are not anti-bureaucracy, as many observers think. They are anti-stupidity. The difference is both subjective and subtle. Good IT pros, whether they are expected to or not, have to operate and make decisions with little supervision. So when the rules are loose and logical and supervision is results-oriented, supportive and helpful to the process, IT pros are loyal, open, engaged and downright sociable. Arbitrary or micro-management, illogical decisions, inconsistent policies, the creation of unnecessary work and exclusionary practices will elicit a quiet, subversive, almost vicious attitude from otherwise excellent IT staff. Interestingly, IT groups don't fall apart in this mode. From the outside, nothing looks to be wrong and the work still gets done. But internally, the IT group, or portions of it, may cut themselves off almost entirely from the intended management structure. They may work on big projects or steer the group entirely from the shadows while diverting the attention of supervisors to lesser topics. They believe they are protecting the organization, as well as their own credibility -- and they are often correct.
Credit whoring -- IT pros would prefer to make a good decision than to get credit for it. What will make them seek credit is the danger that a member of the group or management who is dangerous to the process might receive the credit for the work instead. That is insulting. If you've got a lot of credit whores in your IT group, there are bigger problems causing it.
Antisocial behavior -- It's fair to say that there is a large contingent of IT pros who are socially unskilled. However, this doesn't mean those IT pros are antisocial. On the whole, they have plenty to say. If you want to get your IT pros more involved, you should deal with the problems laid out above and then train your other staff how to deal with IT. Users need to be reminded a few things, including:
IT wants to help me.
I should keep an open mind.
IT is not my personal tech adviser, nor is my work computer my personal computer.
IT people have lives and other interests.
Like anyone else, IT people tend to socialize with people who respect them. They'll stop going to the company picnic if it becomes an occasion for everyone to list all the computer problems they never bothered to mention before.
How we elicit the stereotypes
What executives often fail to recognize is that every decision made that impacts IT is a technical decision. Not just some of the decisions, and not just the details of the decision, but every decision, bar none.
With IT, you cannot separate the technical aspects from the business aspects. They are one and the same, each constrained by the other and both constrained by creativity. Creativity is the most valuable asset of an IT group, and failing to promote it can cost an organization literally millions of dollars.
Most IT pros support an organization that is not involved with IT. The primary task of any IT group is to teach people how to work. That's may sound authoritarian, but it's not. IT's job at the most fundamental level is to build, maintain and improve frameworks within which to accomplish tasks. You may not view a Web server as a framework to accomplish tasks, but it does automate the processes of advertising, sales, informing and entertaining, all of which would otherwise be done in other ways. IT groups literally teach and reteach the world how to work. That's the job.
When you understand the mission of IT, it isn't hard to see why co-workers and supervisors are judged severely according to their abilities to contribute to that process. If someone has to constantly be taught Computers 101 every time a new problem presents itself, he can't contribute in the most fundamental way. It is one thing to deal with that from a co-worker, but quite another if the people who represent IT to the organization at large aren't cognizant of how the technology works, can't communicate it in the manner the IT group needs it communicated, can't maintain consistency, take credit for the work of the group members, etc. This creates a huge morale problem for the group. Executives expect expert advice from the top IT person, but they have no way of knowing when they aren't getting it. Therein lies the problem.
IT pros know when this is happening, and they find that it is impossible to draw attention to it. Once their work is impeded by the problem, they will adopt strategies and behaviors that help circumvent the issue. That is not a sustainable state, but how long it takes to deteriorate can be days, months or even years.
How to fix it
So, if you want to have a really happy, healthy and valuable IT group, I recommend one thing: Take an interest. IT pros work their butts off for people they respect, so you need to give them every reason to afford you some.
You can start with the hiring process. When hiring an IT pro, imagine you're recruiting a doctor. And if you're hiring a CIO, think of employing a chief of medicine. The chief of medicine should have many qualifications, but first and foremost, he should be a practicing doctor. Who decides if a doctor is a doctor? Other doctors! So, if your IT group isn't at the table for the hiring process of their bosses and peers, this already does a disservice to the process.
Favor technical competence and leadership skills. Standard managerial processes are nearly useless in an IT group. As I mentioned, if you've managed to hire well in the lower ranks of your IT group, the staff already know how to manage things. Unlike in many industries, the fight in most IT groups is in how to get things done, not how to avoid work. IT pros will self-organize, disrupt and subvert in the name of accomplishing work. An over-structured, micro-managing, technically deficient runt, no matter how polished, who's thrown into the mix for the sake of management will get a response from the professional IT group that's similar to anyone's response to a five-year-old tugging his pants leg.
What IT pros want in a manager is a technical sounding board and a source of general direction. Leadership and technical competence are qualities to look for in every member of the team. If you need someone to keep track of where projects are, file paperwork, produce reports and do customer relations, hire some assistants for a lot less money.
When it comes to performance checks, yearly reviews are worthless without a 360-degree assessment. Those things take more time than a simple top-down review, but it is time well spent. If you've been paying attention to what I've been telling you about how IT groups behave and organize, then you will see your IT group in a whole different light when you read the group's 360s.
And make sure all your managers are practicing and learning. It is very easy to slip behind the curve in those positions, but just as with doctors, the only way to be relevant is to practice and maintain an expertise. In IT, six months to a year is all that stands between respect and irrelevance.
Finally, executives should have multiple in-points to the IT team. If the IT team is singing out of tune, it is worth investigating the reasons. But you'll never even know if that's the case if the only information you receive is from the CIO. Periodically, bring a few key IT brains to the boardroom to observe the problems of the organization at large, even about things outside of the IT world, if only to make use of their exquisitely refined BS detectors. A good IT pro is trained in how to accomplish work; their skills are not necessarily limited to computing. In fact, the best business decision-makers I know are IT people who aren't even managers.
As I said at the very beginning, it's all about respect. If you can identify and cultivate those individuals and processes that earn genuine respect from IT pros, you'll have a great IT team. Taking an honest interest in helping your IT group help you is probably the smartest business move an organization can make. It also makes for happy, completely non-geek-like geeks.
Jeff Ello is a hybrid veteran of the IT and CG industries, currently managing IT for the Krannert School of Management at Purdue University. He can be contacted at firstname.lastname@example.org.
Posted by James Sheehan at 10:27 AM